d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to version 9.6.2. This version includes all previously released

Browse Source 
security patches to the 9.6.1 version, as well as many other bug fixes.

This version also incorporates a different fix for the problem we had
patched in contrib/bind9/bin/dig/dighost.c, so that file is now back
to being the same as the vendor version.

Due to the fact that the DNSSEC algorithm that will be used to sign the
root zone is only included in this version and in 9.7.x those who wish
to do validation MUST upgrade to one of these prior to July 2010.
This commit is contained in:
dougb 2010-03-03 05:45:24 +00:00
parent e901048f7a
commit c52afe031a
180 changed files with 11390 additions and 8928 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

418
contrib/bind9/CHANGES
View File

@ -1,4 +1,27 @@
--- 9.6.1-P3 released ---
--- 9.6.2 released ---
2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]
2849. [bug] Don't treat errors from the xml2 library as fatal.
[RT #20945]
2846. [bug] EOF on unix domain sockets was not being handled
correctly. [RT #20731]
2844. [doc] notify-delay default in ARM was wrong. It should have
been five (5) seconds.
--- 9.6.2rc1 released ---
2838. [func] Backport support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512, from BIND 9.7. (This
incorporates changes 2726 and 2738 from that
release branch.) [RT #20871]
2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812]
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
@ -10,21 +33,286 @@
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
--- 9.6.1-P2 released ---
2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
was in the process of being created was not properly
recorded in the zone. [RT #20786]
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define
[RT #20771]
2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]
2815. [bug] Exclusively lock the task when freezing a zone.
[RT #19838]
2814. [func] Provide a definitive error message when a master
zone is not loaded. [RT #20757]
--- 9.6.2b1 released ---
2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2786. [bug] Additional could be promoted to answer. [RT #20663]
2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less. [RT #20654]
2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]
2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
--- 9.6.1-P1 released ---
2765. [bug] Skip masters for which the TSIG key cannot be found.
[RT #20595]
2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
2759. [doc] Add information about .jbk/.jnw files to
the ARM. [RT #20303]
2758. [bug] win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]
2757. [bug] dig: assertion failure could occur in connect
timeout. [RT #20599]
2755. [doc] Clarify documentation of keyset- files in
dnssec-signzone man page. [RT #19810]
2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
2750. [bug] dig: assertion failure could occur when a server
didn't have an address. [RT #20579]
2749. [bug] ixfr-from-differences generated a non-minimal ixfr
for NSEC3 signed zones. [RT #20452]
2747. [bug] Journal roll forwards failed to set the re-signing
time of RRSIGs correctly. [RT #20541]
2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
for a insecure delegation.
2729. [func] When constructing a CNAME from a DNAME use the DNAME
TTL. [RT #20451]
2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
isc_base64_totext(), didn't always mark regions of
memory as fully consumed after conversion. [RT #20445]
2722. [bug] Ensure that the memory associated with the name of
a node in a rbt tree is not altered during the life
of the node. [RT #20431]
2721. [port] Have dst__entropy_status() prime the random number
generator. [RT #20369]
2718. [bug] The space calculations in opensslrsa_todns() were
incorrect. [RT #20394]
2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
2715. [bug] Require OpenSSL support to be explicitly disabled.
[RT #20288]
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
flags.
2713. [bug] powerpc: atomic operations missing asm("ics") /
__isync() calls.
2706. [bug] Loading a zone with a very large NSEC3 salt could
trigger an assert. [RT #20368]
2705. [bug] Reconcile the XML stats version number with a later
BIND9 release, by adding a "name" attribute to
"cache" elements and increasing the version number
to 2.2. (This is a minor version change, but may
affect XML parsers if they assume the cache element
doesn't take an attribute.)
2704. [bug] Serial of dynamic and stub zones could be inconsistent
with their SOA serial. [RT #19387]
2701. [doc] Correction to ARM: hmac-md5 is no longer the only
supported TSIG key algorithm. [RT #18046]
2700. [doc] The match-mapped-addresses option is discouraged.
[RT #12252]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including <isc/stat.h>.
[RT #20309]
2696. [bug] named failed to successfully process some valid
acl constructs. [RT #20308]
2692. [port] win32: 32/64 bit cleanups. [RT #20335]
2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]
2689. [bug] Correctly handle snprintf result. [RT #20306]
2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]
2686. [bug] dnssec-signzone should clean the old NSEC chain when
signing with NSEC3 and vice versa. [RT #20301]
2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
the NSEC3 parameters used to sign the zone change.
[RT #20246]
2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
decoded. [RT #20269]
2678. [func] Treat DS queries as if "minimal-response yes;"
was set. [RT #20258]
2672. [bug] Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]
2670. [bug] Unexpected connect failures failed to log enough
information to be useful. [RT #20205]
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
returned a misleading error code when lwresd was
down. [RT #20028]
2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
creating lwres context. [RT #20029]
2659. [doc] Clarify dnssec-keygen doc: key name must match zone
name for DNSSEC keys. [RT #19938]
2656. [func] win32: add a "tools only" check box to the installer
which causes it to only install dig, host, nslookup,
nsupdate and relevant DLLs. [RT #19998]
2655. [doc] Document that key-directory does not affect
rndc.key. [RT #20155]
2653. [bug] Treat ENGINE_load_private_key() failures as key
not found rather than out of memory. [RT #18033]
2649. [bug] Set the domain for forward only zones. [RT #19944]
2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2647. [bug] Remove unnecessary SOA updates when a new KSK is
added. [RT #19913]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
which default to 64 bits. [RT #19927]
2643. [bug] Stub zones interacted badly with NSEC3 support.
[RT #19777]
2642. [bug] nsupdate could dump core on solaris when reading
improperly formatted key files. [RT #20015]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
[RT #19959]
2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
[RT #19716]
2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2632. [func] util/kit.sh: warn if documentation appears to be out of
date. [RT #19922]
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
2621. [doc] Made copyright boilterplate consistent. [RT #19833]
2920. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2618. [bug] The sdb and sdlz db_interator_seek() methods could
loop infinitely. [RT #19847]
2617. [bug] ifconfig.sh failed to emit an error message when
run from the wrong location. [RT #19375]
2616. [bug] 'host' used the nameservers from resolv.conf even
when a explicit nameserver was specified. [RT #19852]
2615. [bug] "__attribute__((unused))" was in the wrong place
for ia64 gcc builds. [RT #19854]
2614. [port] win32: 'named -v' should automatically be executed
in the foreground. [RT #19844]
2613. [bug] Option argument validation was missing for
dnssec-dsfromkey. [RT #19828]
2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2608. [func] Perform post signing verification checks in
dnssec-signzone. These can be disabled with -P.
The post sign verification test ensures that for each
algorithm in use there is at least one non revoked
self signed KSK key. That all revoked KSK keys are
self signed. That all records in the zone are signed
by the algorithm. [RT #19653]
2601. [doc] Mention file creation mode mask in the
named manual page.
2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
[RT #19626]
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
Requires MySQL 5.0.19 or later. [RT #19084]
2580. [bug] UpdateRej statistics counter could be incremented twice
for one rejection. [RT #19476]
2533. [doc] ARM: document @ (at-sign). [RT #17144]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
function. [RT #18582]
--- 9.6.1 released ---
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
@ -78,7 +366,7 @@
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
remove non-existent journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
@ -136,7 +424,7 @@
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
@ -185,7 +473,7 @@
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
@ -198,8 +486,8 @@
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
@ -222,7 +510,7 @@
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
nameserver address of the excluded address type.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
@ -235,7 +523,7 @@
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
@ -258,7 +546,7 @@
2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
[RT #19063]
2513 [bug] Fix windows cli build. [RT #19062]
2513. [bug] Fix windows cli build. [RT #19062]
2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
[RT #19033]
@ -343,7 +631,7 @@
2478. [bug] 'addresses' could be used uninitialized in
configure_forward(). [RT #18800]
2477. [bug] dig: the global option to print the command line is
+cmd not print_cmd. Update the output to reflect
this. [RT #17008]
@ -359,7 +647,7 @@
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
specified in named.conf doesn't seem to work with
specified in named.conf doesn't seem to work with
threads as expected. [RT #18784]
2472. [port] linux: check the number of available cpu's before
@ -388,7 +676,7 @@
2464. [port] linux: check that a capability is present before
trying to set it. [RT #18135]
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
two halves (Basic and Advanced) of the IPv6 Socket API
@ -418,7 +706,7 @@
2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
address, regardless of family. They now correctly
distinguish IPv4 from IPv6. [RT #18559]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
[RT #18639]
@ -458,7 +746,7 @@
2442. [bug] A lock could be destroyed twice. [RT# 18626]
2441. [bug] isc_radix_insert() could copy radix tree nodes
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
2440. [bug] named-checkconf used an incorrect test to determine
@ -515,7 +803,7 @@
implementation. Allow the use of kqueue,
epoll and /dev/poll to be selected at compile
time. [RT #18277]
2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
@ -583,9 +871,9 @@
2406. [placeholder]
2405. [cleanup] The default value for dnssec-validation was changed to
"yes" in 9.5.0-P1 and all subsequent releases; this
was inadvertently omitted from CHANGES at the time.
2405. [cleanup] The default value for dnssec-validation was changed to
"yes" in 9.5.0-P1 and all subsequent releases; this
was inadvertently omitted from CHANGES at the time.
2404. [port] hpux: files unlimited support.
@ -661,7 +949,7 @@
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]
the server was authoritative for. [RT #18112]
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
@ -709,7 +997,7 @@
2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]
2362. [cleanup] Make "rrset-order fixed" a compile-time option.
2362. [cleanup] Make "rrset-order fixed" a compile-time option.
settable by "./configure --enable-fixed-rrset".
Disabled by default. [RT #17977]
@ -792,12 +1080,12 @@
interfaces if there are not listen-on-v6 clauses in
named.conf. [RT #17581]
2335. [port] sunos: libbind and *printf() support for long long.
2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
@ -842,7 +1130,7 @@
2320. [func] Make statistics counters thread-safe for platforms
that support certain atomic operations. [RT #17466]
2319. [bug] Silence Coverity warnings in
2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
@ -894,7 +1182,7 @@
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
2300. [bug] Fixed failure to close open file in
2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
@ -1017,7 +1305,7 @@
2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]
value. [RT #17236]
2259. [placeholder]
@ -1039,10 +1327,10 @@
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
2253. [func] "max-cache-size" defaults to 32M.
2253. [func] "max-cache-size" defaults to 32M.
"max-acache-size" defaults to 16M.
2252. [bug] Fixed errors in sortlist code [RT #17216]
2252. [bug] Fixed errors in sortlist code [RT #17216]
2251. [placeholder]
@ -1050,11 +1338,11 @@
memory statistics file should be written or not.
Additionally named's -m option will cause the
statistics file to be written. [RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2247. [doc] Sort doc/misc/options. [RT #17067]
@ -1095,11 +1383,11 @@
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by Kevin
Brintnall. [RT #16288]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by Kevin
Brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
@ -1120,7 +1408,7 @@
2226. [placeholder]
2225. [bug] More support for systems with no IPv4 addresses.
[RT #17111]
[RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
@ -1128,7 +1416,7 @@
2223. [bug] Make a new journal when compacting. [RT #17119]
2222. [func] named-checkconf now checks server key references.
[RT #17097]
[RT #17097]
2221. [bug] Set the event result code to reflect the actual
record turned to caller when a cache update is
@ -1137,7 +1425,7 @@
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
@ -1147,7 +1435,7 @@
2217. [func] Adjust update log levels. [RT #17092]
2216. [cleanup] Fix a number of errors reported by Coverity.
[RT #17094]
[RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
@ -1193,7 +1481,7 @@
localhost;) is used.
[RT #16987]
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2204. [bug] "rndc flushanme name unknown-view" caused named
@ -1332,7 +1620,7 @@
allow-query-on, allow-recursion-on and
allow-query-cache-on. [RT #16291]
2164. [bug] The code to determine how named-checkzone /
2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
@ -1539,14 +1827,14 @@
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
listed. [RT #15877]
listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
@ -1950,7 +2238,7 @@
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1963. [port] Tru64 4.0E doesn't support send() and recv().
1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
@ -1993,7 +2281,7 @@
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
@ -2015,7 +2303,7 @@
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
@ -2127,7 +2415,7 @@
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
treated as read-only. The prototype for
treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
@ -2259,10 +2547,10 @@
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
named-checkzone has extended checking of NS, MX and
named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
New zone options: check-mx and integrity-check.
New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
@ -2305,9 +2593,9 @@
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
dns_rbtdb_create()/dns_rbtdb64_create().
dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
@ -2599,7 +2887,7 @@
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
@ -2617,7 +2905,7 @@
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
@ -2628,7 +2916,7 @@
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
@ -2643,7 +2931,7 @@
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
@ -2820,7 +3108,7 @@
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
@ -2894,7 +3182,7 @@
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
implemented).
implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
@ -2924,7 +3212,7 @@
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
@ -3018,21 +3306,21 @@
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
1606. [bug] DLV insecurity proof was failing.
1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
1601. [bug] Silence spurious warning 'both "recursion no;" and
1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]

4
contrib/bind9/COPYRIGHT
View File

@ -1,4 +1,4 @@
Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.14.176.1 2009/01/05 23:47:22 tbox Exp $
$Id: COPYRIGHT,v 1.14.176.2 2010/01/07 23:47:36 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.

18
contrib/bind9/FAQ
View File

@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
@ -784,6 +784,22 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
See these man-pages for more information : selinux(8), named_selinux
(8), chcon(1), setsebool(8)
Q: I'm running BIND on Ubuntu -
Why can't named update slave zone database files?
Why can't named create DDNS journal files or update the master zones
from journals?
Why can't named create custom log files?
A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
addition to normal file system permissions to protect the system.
Adjust the paths to use those specified in /etc/apparmor.d/
usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
to write at the location specified in named.conf.
Q: Listening on individual IPv6 interfaces does not work.
A: This is usually due to "/proc/net/if_inet6" not being available in the

35
contrib/bind9/FAQ.xml
View File

@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: FAQ.xml,v 1.46.56.4.12.1 2009/12/31 23:17:56 tbox Exp $ -->
<!-- $Id: FAQ.xml,v 1.46.56.9 2010/01/20 23:47:43 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@ -29,6 +29,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -1382,6 +1383,36 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
I'm running BIND on Ubuntu -
</para>
<para>
Why can't named update slave zone database files?
</para>
<para>
Why can't named create DDNS journal files or update
the master zones from journals?
</para>
<para>
Why can't named create custom log files?
</para>
</question>
<answer>
<para>
Ubuntu uses AppArmor <ulink url="http://en.wikipedia.org/wiki/AppArmor">
&lt;http://en.wikipedia.org/wiki/AppArmor&gt;</ulink> in
addition to normal file system permissions to protect the system.
</para>
<para>
Adjust the paths to use those specified in /etc/apparmor.d/usr.sbin.named
or adjust /etc/apparmor.d/usr.sbin.named to allow named to write at the
location specified in named.conf.
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>

4
contrib/bind9/NSEC3-NOTES
View File

@ -35,7 +35,7 @@ will not be completely signed until named has had time to walk the
zone and generate the NSEC and RRSIG records. Initially the NSEC
record at the zone apex will have the OPT bit set. When the NSEC
chain is complete the OPT bit will be cleared. Additionally when
the zone is fully signed the private type (default TYPE65535) records
the zone is fully signed the private type (default TYPE65534) records
will have a non zero value for the final octet.
The private type record has 5 octets.
@ -45,7 +45,7 @@ The private type record has 5 octets.
complete flag (octet 5)
If you wish to go straight to a secure zone using NSEC3 you should
also add a NSECPARAM record to the update request with the flags
also add a NSEC3PARAM record to the update request with the flags
field set to indicate whether the NSEC3 chain will have the OPTOUT
bit set or not.

23
contrib/bind9/README
View File

@ -42,6 +42,29 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
BIND 9.6.2
BIND 9.6.2 is a maintenance release, fixing bugs in 9.6.1.
It also introduces support for the SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512.
Known issues in this release:
- A validating resolver that has been incorrectly configured with
an invalid trust anchor will be unable to resolve names covered
by that trust anchor. In all current versions of BIND 9, such a
resolver will also generate significant unnecessary DNS traffic
while trying to validate. The latter problem will be addressed
in future BIND 9 releases. In the meantime, to avoid these
problems, exercise caution when configuring "trusted-keys":
make sure all keys are correct and current when you add them,
and update your configuration in a timely manner when keys
roll over.
BIND 9.6.1
BIND 9.6.1 is a maintenance release, fixing bugs in 9.6.0.
BIND 9.6.0
BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier

4
contrib/bind9/bin/check/named-checkconf.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkconf.8,v 1.30 2007/06/20 02:27:32 marka Exp $
.\" $Id: named-checkconf.8,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/check/named-checkconf.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkconf.html,v 1.30 2007/06/20 02:27:32 marka Exp $ -->
<!-- $Id: named-checkconf.html,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

8
contrib/bind9/bin/check/named-checkzone.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkzone.8,v 1.42.334.1 2009/01/23 01:53:33 tbox Exp $
.\" $Id: named-checkzone.8,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $
.\"
.hy 0
.ad l
@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR

8
contrib/bind9/bin/check/named-checkzone.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.51.34.3 2009/05/29 02:17:43 marka Exp $ */
/* $Id: named-checkzone.c,v 1.51.34.4 2009/11/10 20:01:41 each Exp $ */
/*! \file */
@ -73,14 +73,16 @@ static enum { progmode_check, progmode_compile } progmode;
static void
usage(void) {
fprintf(stderr,
"usage: %s [-djqvD] [-c class] [-o output] "
"usage: %s [-djqvD] [-c class] "
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
"[-i (full|full-sibling|local|local-sibling|none)] "
"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
"[-W (ignore|warn)] "
"zonename filename\n", prog_name);
"%s zonename filename\n",
prog_name,
progmode == progmode_check ? "[-o filename]" : "{-o filename}");
exit(1);
}

4
contrib/bind9/bin/check/named-checkzone.docbook
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.34.334.2 2009/01/22 23:47:04 tbox Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.34.334.3 2009/11/10 20:01:41 each Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
@ -69,7 +69,6 @@
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@ -99,6 +98,7 @@
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
<arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg choice="req">zonename</arg>
<arg choice="req">filename</arg>
</cmdsynopsis>

18
contrib/bind9/bin/check/named-checkzone.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.html,v 1.42.334.1 2009/01/23 01:53:33 tbox Exp $ -->
<!-- $Id: named-checkzone.html,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543672"></a><h2>DESCRIPTION</h2>
<a name="id2543674"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543707"></a><h2>OPTIONS</h2>
<a name="id2543709"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -239,14 +239,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544328"></a><h2>RETURN VALUES</h2>
<a name="id2544330"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544340"></a><h2>SEE ALSO</h2>
<a name="id2544342"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -254,7 +254,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544373"></a><h2>AUTHOR</h2>
<a name="id2544375"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
contrib/bind9/bin/dig/dig.1
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dig.1,v 1.50.44.2 2009/02/03 01:52:10 tbox Exp $
.\" $Id: dig.1,v 1.50.44.3 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/dig/dig.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.html,v 1.45.44.2 2009/02/03 01:52:10 tbox Exp $ -->
<!-- $Id: dig.html,v 1.45.44.3 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

24
contrib/bind9/bin/dig/dighost.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.311.70.8 2009/02/25 02:39:21 marka Exp $ */
/* $Id: dighost.c,v 1.311.70.11 2009/11/10 17:27:13 each Exp $ */
/*! \file
* \note
@ -1048,7 +1048,9 @@ setup_system(void) {
debug("ndots is %d.", ndots);
}
copy_server_list(lwconf, &server_list);
/* If user doesn't specify server use nameservers from resolv.conf. */
if (ISC_LIST_EMPTY(server_list))
copy_server_list(lwconf, &server_list);
/* If we don't find a nameserver fall back to localhost */
if (ISC_LIST_EMPTY(server_list)) {
@ -2397,11 +2399,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
if (!l->tcp_mode)
send_udp(ISC_LIST_NEXT(cq, link));
else {
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
isc_socket_detach(&query->sock);
sockcount--;
debug("sockcount=%d", sockcount);
if (query->sock != NULL)
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
send_tcp_connect(ISC_LIST_NEXT(cq, link));
}
UNLOCK_LOOKUP;
@ -2604,12 +2604,10 @@ connect_done(isc_task_t *task, isc_event_t *event) {
if (sevent->result == ISC_R_CANCELED) {
debug("in cancel handler");
if (query->sock != NULL) {
isc_socket_detach(&query->sock);
sockcount--;
INSIST(sockcount >= 0);
debug("sockcount=%d", sockcount);
}
isc_socket_detach(&query->sock);
INSIST(sockcount > 0);
sockcount--;
debug("sockcount=%d", sockcount);
query->waiting_connect = ISC_FALSE;
isc_event_free(&event);
l = query->lookup;

4
contrib/bind9/bin/dig/host.1
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: host.1,v 1.29.114.1 2009/01/23 01:53:33 tbox Exp $
.\" $Id: host.1,v 1.29.114.2 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l

5
contrib/bind9/bin/dig/host.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.116.216.2 2009/05/06 23:47:18 tbox Exp $ */
/* $Id: host.c,v 1.116.216.3 2009/09/08 23:28:20 marka Exp $ */
/*! \file */
@ -839,11 +839,10 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
} else {
strncpy(lookup->textname, hostname, sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
usesearch = ISC_TRUE;
}
lookup->new_search = ISC_TRUE;
ISC_LIST_APPEND(lookup_list, lookup, link);
usesearch = ISC_TRUE;
}
int

4
contrib/bind9/bin/dig/host.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: host.html,v 1.28.114.1 2009/01/23 01:53:33 tbox Exp $ -->
<!-- $Id: host.html,v 1.28.114.2 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

4
contrib/bind9/bin/dig/nslookup.1
View File

@ -1,6 +1,6 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nslookup.1,v 1.14 2007/05/16 06:12:01 marka Exp $
.\" $Id: nslookup.1,v 1.14.354.1 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l

3
contrib/bind9/bin/dig/nslookup.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nslookup.c,v 1.117.334.4 2009/05/06 11:41:57 fdupont Exp $ */
/* $Id: nslookup.c,v 1.117.334.5 2009/10/20 01:11:22 marka Exp $ */
#include <config.h>
@ -373,6 +373,7 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
printrdata(&rdata);
}
dns_rdata_reset(&rdata);
printf("\tttl = %u\n", rdataset->ttl);
loopresult = dns_rdataset_next(rdataset);
}
}

4
contrib/bind9/bin/dig/nslookup.html
View File

@ -1,7 +1,7 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nslookup.html,v 1.21 2007/05/16 06:12:01 marka Exp $ -->
<!-- $Id: nslookup.html,v 1.21.354.1 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

18
contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.2.14.3 2009/03/02 02:54:15 marka Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.2.14.6 2010/01/11 23:47:22 tbox Exp $ */
/*! \file */
@ -78,10 +78,18 @@ loadkeys(char *dirname, char *setname)
isc_buffer_init(&buf, filename, sizeof(filename));
if (dirname != NULL) {
if (isc_buffer_availablelength(&buf) < strlen(dirname))
fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, dirname);
if (dirname[strlen(dirname) - 1] != '/')
if (dirname[strlen(dirname) - 1] != '/') {
if (isc_buffer_availablelength(&buf) < 1)
fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, "/");
}
}
if (isc_buffer_availablelength(&buf) < strlen("keyset-"))
fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, "keyset-");
result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
check_result(result, "dns_name_tofilenametext()");
@ -210,12 +218,12 @@ emitds(unsigned int dtype, dns_rdata_t *rdata)
putchar(' ');
isc_buffer_usedregion(&classb, &r);
fwrite(r.base, 1, r.length, stdout);
isc_util_fwrite(r.base, 1, r.length, stdout);
printf(" DS ");
isc_buffer_usedregion(&textb, &r);
fwrite(r.base, 1, r.length, stdout);
isc_util_fwrite(r.base, 1, r.length, stdout);
putchar('\n');
}

20
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
View File

@ -1,6 +1,6 @@
.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keyfromlabel.8,v 1.6 2008/11/08 01:11:47 tbox Exp $
.\" $Id: dnssec-keyfromlabel.8,v 1.6.14.3 2010/01/16 01:55:32 tbox Exp $
.\"
.hy 0
.ad l
@ -43,7 +43,13 @@ gets keys with the given label from a crypto hardware and builds key files for D
.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman). These values are case insensitive.
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or DH (Diffie Hellman). These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
option is specified, in which case NSEC3RSASHA1 will be used instead. (If
\fB\-3\fR
is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
.sp
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
.sp
@ -138,12 +144,10 @@ file contains algorithm specific fields. For obvious security reasons, this file
\fBdnssec\-keygen\fR(8),
\fBdnssec\-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
RFC 2845,
RFC 4033.
RFC 4034.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
.br

7
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.4 2008/09/24 02:46:21 marka Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.4.50.2 2010/01/15 23:47:31 tbox Exp $ */
/*! \file */
@ -48,7 +48,8 @@ const char *program = "dnssec-keyfromlabel";
int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
" NSEC3DSA | NSEC3RSASHA1";
" NSEC3DSA | NSEC3RSASHA1 |"
" RSASHA256 | RSASHA512";
static void
usage(void) {

21
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6.14.2 2010/01/15 23:47:31 tbox Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
@ -37,6 +37,7 @@
<docinfo>
<copyright>
<year>2008</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@ -75,10 +76,18 @@
<listitem>
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5 (RSA)
or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
<option>algorithm</option> must be one of RSAMD5,
RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
RSASHA512 or DH (Diffie Hellman).
These values are case insensitive.
</para>
<para>
If no algorithm is specified, then RSASHA1 will be used by
default, unless the <option>-3</option> option is specified,
in which case NSEC3RSASHA1 will be used instead. (If
<option>-3</option> is used and an algorithm is specified,
that algorithm will be checked for compatibility with NSEC3.)
</para>
<para>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
algorithm, and DSA is recommended.
@ -246,9 +255,7 @@
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2539</citetitle>,
<citetitle>RFC 2845</citetitle>,
<citetitle>RFC 4033</citetitle>.
<citetitle>RFC 4034</citetitle>.
</para>
</refsect1>

32
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
View File

@ -1,7 +1,7 @@
<!--
- Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.html,v 1.5 2008/10/15 01:11:35 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010/01/16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543413"></a><h2>DESCRIPTION</h2>
<a name="id2543416"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -39,16 +39,24 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543425"></a><h2>OPTIONS</h2>
<a name="id2543428"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5 (RSA)
or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
<code class="option">algorithm</code> must be one of RSAMD5,
RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
RSASHA512 or DH (Diffie Hellman).
These values are case insensitive.
</p>
<p>
If no algorithm is specified, then RSASHA1 will be used by
default, unless the <code class="option">-3</code> option is specified,
in which case NSEC3RSASHA1 will be used instead. (If
<code class="option">-3</code> is used and an algorithm is specified,
that algorithm will be checked for compatibility with NSEC3.)
</p>
<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
algorithm, and DSA is recommended.
@ -112,7 +120,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543619"></a><h2>GENERATED KEY FILES</h2>
<a name="id2543632"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -153,17 +161,15 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543691"></a><h2>SEE ALSO</h2>
<a name="id2543704"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 4033</em>.
<em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543731"></a><h2>AUTHOR</h2>
<a name="id2543737"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

20
contrib/bind9/bin/dnssec/dnssec-keygen.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keygen.8,v 1.40 2008/10/15 01:11:35 tbox Exp $
.\" $Id: dnssec-keygen.8,v 1.40.44.4 2010/01/16 01:55:32 tbox Exp $
.\"
.hy 0
.ad l
@ -38,13 +38,17 @@ dnssec\-keygen \- DNSSEC key generation tool
.PP
\fBdnssec\-keygen\fR
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.PP
The
\fBname\fR
of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
Selects the cryptographic algorithm. The value of
Selects the cryptographic algorithm. For DNSSEC keys, the value of
\fBalgorithm\fR
must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
.sp
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
.sp
@ -53,7 +57,7 @@ Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
.PP
\-b \fIkeysize\fR
.RS 4
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
.RE
.PP
\-n \fInametype\fR
@ -189,12 +193,12 @@ and
BIND 9 Administrator Reference Manual,
RFC 2539,
RFC 2845,
RFC 4033.
RFC 4034.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

22
contrib/bind9/bin/dnssec/dnssec-keygen.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.81 2008/09/25 04:02:38 tbox Exp $ */
/* $Id: dnssec-keygen.c,v 1.81.48.2 2010/01/15 23:47:31 tbox Exp $ */
/*! \file */
@ -62,8 +62,8 @@
const char *program = "dnssec-keygen";
int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | NSEC3DSA |"
" NSEC3RSASHA1 | HMAC-MD5 |"
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | RSASHA256 |"
" RSASHA512 | NSEC3DSA | NSEC3RSASHA1 | HMAC-MD5 |"
" HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |"
" HMAC-SHA384 | HMAC-SHA512";
@ -84,6 +84,8 @@ usage(void) {
fprintf(stderr, " RSAMD5:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA1:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " NSEC3RSASHA1:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n");
fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
fprintf(stderr, " NSEC3DSA:\t\t[512..1024] and divisible by 64\n");
@ -307,9 +309,14 @@ main(int argc, char **argv) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
if (size != 0 && (size < 512 || size > MAX_RSA))
fatal("RSA key size %d out of range", size);
break;
case DNS_KEYALG_RSASHA512:
if (size != 0 && (size < 1024 || size > MAX_RSA))
fatal("RSA key size %d out of range", size);
break;
case DNS_KEYALG_DH:
if (size != 0 && (size < 128 || size > 4096))
fatal("DH key size %d out of range", size);
@ -376,7 +383,8 @@ main(int argc, char **argv) {
}
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
alg == DNS_KEYALG_NSEC3RSASHA1) && rsa_exp != 0)
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
alg == DNS_KEYALG_RSASHA512) && rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
if (alg != DNS_KEYALG_DH && generator != 0)
@ -440,12 +448,16 @@ main(int argc, char **argv) {
switch(alg) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
case DNS_KEYALG_RSASHA512:
param = rsa_exp;
break;
case DNS_KEYALG_DH:
param = generator;
break;
case DNS_KEYALG_DSA:
case DNS_KEYALG_NSEC3DSA:
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:

31
contrib/bind9/bin/dnssec/dnssec-keygen.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.22 2008/10/14 14:32:50 jreed Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.22.44.4 2010/01/15 23:47:33 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@ -41,6 +41,8 @@
<year>2005</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -80,6 +82,11 @@
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</para>
<para>
The <option>name</option> of the key is specified on the command
line. For DNSSEC keys, this must match the name of the zone for
which the key is being generated.
</para>
</refsect1>
<refsect1>
@ -90,10 +97,13 @@
<term>-a <replaceable class="parameter">algorithm</replaceable></term>
<listitem>
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
These values are case insensitive.
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
case insensitive.
</para>
<para>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
@ -111,11 +121,10 @@
<listitem>
<para>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
between
512 and 2048 bits. Diffie Hellman keys must be between
size depends on the algorithm used. RSA keys must be
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
</para>
</listitem>
@ -343,7 +352,7 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2539</citetitle>,
<citetitle>RFC 2845</citetitle>,
<citetitle>RFC 4033</citetitle>.
<citetitle>RFC 4034</citetitle>.
</para>
</refsect1>

43
contrib/bind9/bin/dnssec/dnssec-keygen.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.html,v 1.32 2008/10/15 01:11:35 tbox Exp $ -->
<!-- $Id: dnssec-keygen.html,v 1.32.44.4 2010/01/16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,23 +32,31 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543477"></a><h2>DESCRIPTION</h2>
<a name="id2543483"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</p>
<p>
The <code class="option">name</code> of the key is specified on the command
line. For DNSSEC keys, this must match the name of the zone for
which the key is being generated.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543489"></a><h2>OPTIONS</h2>
<a name="id2543501"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
These values are case insensitive.
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
case insensitive.
</p>
<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
@ -62,11 +70,10 @@
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd><p>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
between
512 and 2048 bits. Diffie Hellman keys must be between
size depends on the algorithm used. RSA keys must be
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
@ -148,7 +155,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543824"></a><h2>GENERATED KEYS</h2>
<a name="id2543836"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -194,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543906"></a><h2>EXAMPLE</h2>
<a name="id2543918"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -215,16 +222,16 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543949"></a><h2>SEE ALSO</h2>
<a name="id2544030"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 4033</em>.
<em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544049"></a><h2>AUTHOR</h2>
<a name="id2544061"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

25
contrib/bind9/bin/dnssec/dnssec-signzone.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.47.44.4.8.1 2009/12/31 23:17:46 tbox Exp $
.\" $Id: dnssec-signzone.8,v 1.47.44.8 2009/11/07 01:56:11 tbox Exp $
.\"
.hy 0
.ad l
@ -33,13 +33,15 @@
dnssec\-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
.HP 16
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
\fIkeyset\fR
file for each child zone.
signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. It also generates a
\fIkeyset\-\fR
file containing the key\-signing keys for the zone, and if signing a zone which contains delegations, it can optionally generate DS records for the child zones from their
\fIkeyset\-\fR
files.
.SH "OPTIONS"
.PP
\-a
@ -73,7 +75,9 @@ as the directory
.PP
\-g
.RS 4
Generate DS records for child zones from keyset files. Existing DS records will be removed.
If the zone contains any delegations, and there are
\fIkeyset\-\fR
files for any of the child zones, then DS records for the child zones will be generated from the keys in those files. Existing DS records will be removed.
.RE
.PP
\-s \fIstart\-time\fR
@ -186,6 +190,13 @@ The format of the output file containing the signed zone. Possible formats are
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
.RE
.PP
\-P
.RS 4
Disable post sign verification tests.
.sp
The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
.RE
.PP
\-r \fIrandomdev\fR
.RS 4
Specifies the source of randomness. If the operating system does not provide a

917
contrib/bind9/bin/dnssec/dnssec-signzone.c
View File

File diff suppressed because it is too large Load Diff

33
contrib/bind9/bin/dnssec/dnssec-signzone.docbook
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.31.44.6 2009/06/09 01:47:19 each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009/11/06 21:36:22 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 08, 2009</date>
@ -73,6 +73,7 @@
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg><option>-p</option></arg>
<arg><option>-P</option></arg>
<arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
<arg><option>-t</option></arg>
@ -91,10 +92,10 @@
<para><command>dnssec-signzone</command>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
(that is, whether the child zones are secure or not) is
determined by the presence or absence of a
<filename>keyset</filename> file for each child zone.
zone. It also generates a <filename>keyset-</filename> file containing
the key-signing keys for the zone, and if signing a zone which
contains delegations, it can optionally generate DS records for
the child zones from their <filename>keyset-</filename> files.
</para>
</refsect1>
@ -154,8 +155,10 @@
<term>-g</term>
<listitem>
<para>
Generate DS records for child zones from keyset files.
Existing DS records will be removed.
If the zone contains any delegations, and there are
<filename>keyset-</filename> files for any of the child zones,
then DS records for the child zones will be generated from the
keys in those files. Existing DS records will be removed.
</para>
</listitem>
</varlistentry>
@ -359,6 +362,22 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-P</term>
<listitem>
<para>
Disable post sign verification tests.
</para>
<para>
The post sign verification test ensures that for each algorithm
in use there is at least one non revoked self signed KSK key,
that all revoked KSK keys are self signed, and that all records
in the zone are signed by the algorithm.
This option skips these tests.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>

45
contrib/bind9/bin/dnssec/dnssec-signzone.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.html,v 1.33.44.4.8.1 2009/12/31 23:17:46 tbox Exp $ -->
<!-- $Id: dnssec-signzone.html,v 1.33.44.8 2009/11/07 01:56:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -29,21 +29,21 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543554"></a><h2>DESCRIPTION</h2>
<a name="id2543558"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
(that is, whether the child zones are secure or not) is
determined by the presence or absence of a
<code class="filename">keyset</code> file for each child zone.
zone. It also generates a <code class="filename">keyset-</code> file containing
the key-signing keys for the zone, and if signing a zone which
contains delegations, it can optionally generate DS records for
the child zones from their <code class="filename">keyset-</code> files.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543569"></a><h2>OPTIONS</h2>
<a name="id2543576"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -70,8 +70,10 @@
</p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
Generate DS records for child zones from keyset files.
Existing DS records will be removed.
If the zone contains any delegations, and there are
<code class="filename">keyset-</code> files for any of the child zones,
then DS records for the child zones will be generated from the
keys in those files. Existing DS records will be removed.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
<dd><p>
@ -202,6 +204,19 @@
may be useful when signing large zones or when the entropy
source is limited.
</p></dd>
<dt><span class="term">-P</span></dt>
<dd>
<p>
Disable post sign verification tests.
</p>
<p>
The post sign verification test ensures that for each algorithm
in use there is at least one non revoked self signed KSK key,
that all revoked KSK keys are self signed, and that all records
in the zone are signed by the algorithm.
This option skips these tests.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd><p>
Specifies the source of randomness. If the operating
@ -258,7 +273,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544407"></a><h2>EXAMPLE</h2>
<a name="id2544503"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -287,7 +302,7 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2544458"></a><h2>KNOWN BUGS</h2>
<a name="id2544554"></a><h2>KNOWN BUGS</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
sign a zone partially, using only a subset of the DNSSEC keys
@ -312,14 +327,14 @@ db.example.com.signed
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544484"></a><h2>SEE ALSO</h2>
<a name="id2544716"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544645"></a><h2>AUTHOR</h2>
<a name="id2544741"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
contrib/bind9/bin/dnssec/dnssectool.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.c,v 1.45.334.4 2009/06/08 23:47:00 tbox Exp $ */
/* $Id: dnssectool.c,v 1.45.334.5 2009/06/22 05:05:00 marka Exp $ */
/*! \file */
@ -65,7 +65,7 @@ void
fatal(const char *format, ...) {
va_list args;
fprintf(stderr, "%s: ", program);
fprintf(stderr, "%s: fatal: ", program);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);

6
contrib/bind9/bin/dnssec/dnssectool.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.h,v 1.22 2008/09/25 04:02:38 tbox Exp $ */
/* $Id: dnssectool.h,v 1.22.48.2 2009/09/04 23:46:58 tbox Exp $ */
#ifndef DNSSECTOOL_H
#define DNSSECTOOL_H 1
@ -45,7 +45,7 @@ type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
void
alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
#define ALG_FORMATSIZE 10
#define ALG_FORMATSIZE 20
void
sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);

12
contrib/bind9/bin/named/control.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.33 2007/09/13 04:45:18 each Exp $ */
/* $Id: control.c,v 1.33.266.2 2009/07/11 23:47:17 tbox Exp $ */
/*! \file */
@ -56,7 +56,7 @@ command_compare(const char *text, const char *command) {
/*%
* This function is called to process the incoming command
* when a control channel message is received.
* when a control channel message is received.
*/
isc_result_t
ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
@ -170,10 +170,12 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
result = ns_server_tsigdelete(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_FREEZE)) {
result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
result = ns_server_freeze(ns_g_server, ISC_TRUE, command,
text);
} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
command_compare(command, NS_COMMAND_THAW)) {
result = ns_server_freeze(ns_g_server, ISC_FALSE, command);
result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
text);
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
result = ns_server_dumprecursing(ns_g_server);
} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {

5
contrib/bind9/bin/named/include/named/server.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.93.120.2 2009/01/29 23:47:44 tbox Exp $ */
/* $Id: server.h,v 1.93.120.3 2009/07/11 04:23:53 marka Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
@ -276,7 +276,8 @@ ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
* Enable or disable updates for a zone.
*/
isc_result_t
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args);
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_buffer_t *text);
/*%
* Dump the current recursive queries.

4
contrib/bind9/bin/named/lwresd.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: lwresd.8,v 1.29.14.1 2009/01/23 01:53:33 tbox Exp $
.\" $Id: lwresd.8,v 1.29.14.2 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/named/lwresd.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: lwresd.html,v 1.25.14.1 2009/01/23 01:53:33 tbox Exp $ -->
<!-- $Id: lwresd.html,v 1.25.14.2 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

22
contrib/bind9/bin/named/named.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,18 +13,18 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named.8,v 1.38 2008/11/07 01:11:19 tbox Exp $
.\" $Id: named.8,v 1.38.14.2 2009/12/03 05:06:38 tbox Exp $
.\"
.hy 0
.ad l
.\" Title: named
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Date: May 21, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
.TH "NAMED" "8" "May 21, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@ -224,6 +224,16 @@ The
\fBnamed\fR
configuration file is too complex to describe in detail here. A complete description is provided in the
BIND 9 Administrator Reference Manual.
.PP
\fBnamed\fR
inherits the
\fBumask\fR
(file creation mode mask) from the parent process. If files created by
\fBnamed\fR, such as journal files, need to have custom permissions, the
\fBumask\fR
should be set explicitly in the script used to start the
\fBnamed\fR
process.
.SH "FILES"
.PP
\fI/etc/named.conf\fR
@ -250,7 +260,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br

4
contrib/bind9/bin/named/named.conf.5
View File

@ -1,6 +1,6 @@
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named.conf.5,v 1.36 2008/09/25 04:45:04 tbox Exp $
.\" $Id: named.conf.5,v 1.36.48.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/named/named.conf.html
View File

@ -1,7 +1,7 @@
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.html,v 1.45 2008/09/25 04:45:04 tbox Exp $ -->
<!-- $Id: named.conf.html,v 1.45.48.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

17
contrib/bind9/bin/named/named.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,10 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.docbook,v 1.23 2008/11/06 05:30:24 marka Exp $ -->
<!-- $Id: named.docbook,v 1.23.14.2 2009/12/03 04:49:32 tbox Exp $ -->
<refentry id="man.named">
<refentryinfo>
<date>June 30, 2000</date>
<date>May 21, 2009</date>
</refentryinfo>
<refmeta>
@ -42,6 +42,7 @@
<year>2006</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -374,6 +375,16 @@
in the
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
<para>
<command>named</command> inherits the <function>umask</function>
(file creation mode mask) from the parent process. If files
created by <command>named</command>, such as journal files,
need to have custom permissions, the <function>umask</function>
should be set explicitly in the script used to start the
<command>named</command> process.
</para>
</refsect1>
<refsect1>

28
contrib/bind9/bin/named/named.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.html,v 1.30 2008/11/07 01:11:19 tbox Exp $ -->
<!-- $Id: named.html,v 1.30.14.2 2009/12/03 05:06:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543468"></a><h2>DESCRIPTION</h2>
<a name="id2543472"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543493"></a><h2>OPTIONS</h2>
<a name="id2543496"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -220,7 +220,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543928"></a><h2>SIGNALS</h2>
<a name="id2543931"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -241,16 +241,24 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543976"></a><h2>CONFIGURATION</h2>
<a name="id2543979"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
<p>
<span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
(file creation mode mask) from the parent process. If files
created by <span><strong class="command">named</strong></span>, such as journal files,
need to have custom permissions, the <code class="function">umask</code>
should be set explicitly in the script used to start the
<span><strong class="command">named</strong></span> process.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543993"></a><h2>FILES</h2>
<a name="id2544016"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -263,7 +271,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544033"></a><h2>SEE ALSO</h2>
<a name="id2544123"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -276,7 +284,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544171"></a><h2>AUTHOR</h2>
<a name="id2544194"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

53
contrib/bind9/bin/named/query.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.313.20.7.12.4 2009/12/31 22:53:03 each Exp $ */
/* $Id: query.c,v 1.313.20.16 2009/12/30 08:34:29 jinmei Exp $ */
/*! \file */
@ -2244,7 +2244,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
static inline isc_result_t
query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
dns_trust_t trust, dns_name_t **anamep, dns_rdatatype_t type)
dns_rdataset_t *dname, dns_name_t **anamep,
dns_rdatatype_t type)
{
dns_rdataset_t *rdataset;
dns_rdatalist_t *rdatalist;
@ -2280,7 +2281,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
rdatalist->type = type;
rdatalist->covers = 0;
rdatalist->rdclass = client->message->rdclass;
rdatalist->ttl = 0;
rdatalist->ttl = dname->ttl;
dns_name_toregion(tname, &r);
rdata->data = r.base;
@ -2292,7 +2293,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
== ISC_R_SUCCESS);
rdataset->trust = trust;
rdataset->trust = dname->trust;
query_addrrset(client, anamep, &rdataset, NULL, NULL,
DNS_SECTION_ANSWER);
@ -2735,7 +2736,7 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
return;
addnsec3:
if (dns_db_iscache(db))
if (!dns_db_iszone(db))
goto cleanup;
/*
* Add the NSEC3 which proves the DS does not exist.
@ -3317,6 +3318,14 @@ do { \
line = __LINE__; \
} while (0)
#define RECURSE_ERROR(r) \
do { \
if ((r) == DNS_R_DUPLICATE || (r) == DNS_R_DROP) \
QUERY_ERROR(r); \
else \
QUERY_ERROR(DNS_R_SERVFAIL); \
} while (0)
/*
* Extract a network address from the RDATA of an A or AAAA
* record.
@ -3604,7 +3613,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_name_t *found)
{
unsigned char salt[256];
size_t salt_length = sizeof(salt);
size_t salt_length;
isc_uint16_t iterations;
isc_result_t result;
unsigned int dboptions;
@ -3999,14 +4008,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
else if (result == DNS_R_DUPLICATE ||
result == DNS_R_DROP) {
/* Duplicate query. */
QUERY_ERROR(result);
} else {
/* Unable to recurse. */
QUERY_ERROR(DNS_R_SERVFAIL);
}
else
RECURSE_ERROR(result);
goto cleanup;
} else {
/* Unable to give root server referral. */
@ -4185,11 +4188,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
else if (result == DNS_R_DUPLICATE ||
result == DNS_R_DROP)
QUERY_ERROR(result);
else
QUERY_ERROR(DNS_R_SERVFAIL);
RECURSE_ERROR(result);
} else {
dns_fixedname_t fixed;
@ -4603,7 +4603,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
dns_name_init(tname, NULL);
(void)query_addcnamelike(client, client->query.qname, fname,
trdataset->trust, &tname,
trdataset, &tname,
dns_rdatatype_cname);
if (tname != NULL)
dns_message_puttempname(client->message, &tname);
@ -4729,7 +4729,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
else
QUERY_ERROR(DNS_R_SERVFAIL); }
RECURSE_ERROR(result);
}
goto addauth;
}
/*
@ -5123,9 +5124,17 @@ ns_query_start(ns_client_t *client) {
}
/*
* Turn on minimal response for DNSKEY queries.
* Turn on minimal response for DNSKEY and DS queries.
*/
if (qtype == dns_rdatatype_dnskey)
if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds)
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
NS_QUERYATTR_NOADDITIONAL);
/*
* Turn on minimal responses for EDNS/UDP bufsize 512 queries.
*/
if (client->opt != NULL && client->udpsize <= 512U &&
(client->attributes & NS_CLIENTATTR_TCP) == 0)
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
NS_QUERYATTR_NOADDITIONAL);

50
contrib/bind9/bin/named/server.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.520.12.7 2009/01/30 03:53:38 marka Exp $ */
/* $Id: server.c,v 1.520.12.11 2009/12/24 00:17:47 each Exp $ */
/*! \file */
@ -2826,7 +2826,7 @@ set_limit(const cfg_obj_t **maps, const char *configname,
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
"set maximum %s to %" ISC_PRINT_QUADFORMAT "u: %s",
description, value, isc_result_totext(result));
}
@ -4337,6 +4337,8 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
/* Partial match? */
if (result != ISC_R_SUCCESS && *zonep != NULL)
dns_zone_detach(zonep);
if (result == DNS_R_PARTIALMATCH)
result = ISC_R_NOTFOUND;
fail1:
return (result);
}
@ -5401,7 +5403,9 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
* Act on a "freeze" or "thaw" command from the command channel.
*/
isc_result_t
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_buffer_t *text)
{
isc_result_t result, tresult;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
@ -5411,6 +5415,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
const char *msg = NULL;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
@ -5441,27 +5446,52 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
return (ISC_R_NOTFOUND);
}
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
frozen = dns_zone_getupdatedisabled(zone);
if (freeze) {
if (frozen)
if (frozen) {
msg = "WARNING: The zone was already frozen.\n"
"Someone else may be editing it or "
"it may still be re-loading.";
result = DNS_R_FROZEN;
if (result == ISC_R_SUCCESS)
}
if (result == ISC_R_SUCCESS) {
result = dns_zone_flush(zone);
if (result != ISC_R_SUCCESS)
msg = "Flushing the zone updates to "
"disk failed.";
}
if (result == ISC_R_SUCCESS) {
journal = dns_zone_getjournal(zone);
if (journal != NULL)
(void)isc_file_remove(journal);
}
if (result == ISC_R_SUCCESS)
dns_zone_setupdatedisabled(zone, freeze);
} else {
if (frozen) {
result = dns_zone_load(zone);
if (result == DNS_R_CONTINUE ||
result == DNS_R_UPTODATE)
result = dns_zone_loadandthaw(zone);
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_UPTODATE:
msg = "The zone reload and thaw was "
"successful.";
result = ISC_R_SUCCESS;
break;
case DNS_R_CONTINUE:
msg = "A zone reload and thaw was started.\n"
"Check the logs to see the result.";
result = ISC_R_SUCCESS;
break;
}
}
}
if (result == ISC_R_SUCCESS)
dns_zone_setupdatedisabled(zone, freeze);
isc_task_endexclusive(server->task);
if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
view = dns_zone_getview(zone);
if (strcmp(view->name, "_bind") == 0 ||

396
contrib/bind9/bin/named/statschannel.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: statschannel.c,v 1.14.64.6 2009/02/17 03:43:07 marka Exp $ */
/* $Id: statschannel.c,v 1.14.64.11 2010/02/04 23:47:46 tbox Exp $ */
/*! \file */
@ -70,6 +70,7 @@ stats_dumparg {
int ncounters; /* used for general statistics */
int *counterindices; /* used for general statistics */
isc_uint64_t *countervalues; /* used for general statistics */
isc_result_t result;
} stats_dumparg_t;
static isc_once_t once = ISC_ONCE_INIT;
@ -95,6 +96,8 @@ static const char *sockstats_xmldesc[isc_sockstatscounter_max];
#define sockstats_xmldesc NULL
#endif /* HAVE_LIBXML2 */
#define TRY0(a) do { xmlrc = (a); if (xmlrc < 0) goto error; } while(0)
/*%
* Mapping arrays to represent statistics counters in the order of our
* preference, regardless of the order of counter indices. For example,
@ -129,11 +132,11 @@ init_desc(void) {
int i;
/* Initialize name server statistics */
memset((void *)nsstats_desc, 0,
dns_nsstatscounter_max * sizeof(nsstats_desc[0]));
for (i = 0; i < dns_nsstatscounter_max; i++)
nsstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
memset((void *)nsstats_xmldesc, 0,
dns_nsstatscounter_max * sizeof(nsstats_xmldesc[0]));
for (i = 0; i < dns_nsstatscounter_max; i++)
nsstats_xmldesc[i] = NULL;
#endif
#define SET_NSSTATDESC(counterid, desc, xmldesc) \
@ -197,11 +200,11 @@ init_desc(void) {
INSIST(i == dns_nsstatscounter_max);
/* Initialize resolver statistics */
memset((void *)resstats_desc, 0,
dns_resstatscounter_max * sizeof(resstats_desc[0]));
for (i = 0; i < dns_resstatscounter_max; i++)
resstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
memset((void *)resstats_xmldesc, 0,
dns_resstatscounter_max * sizeof(resstats_xmldesc[0]));
for (i = 0; i < dns_resstatscounter_max; i++)
resstats_xmldesc[i] = NULL;
#endif
#define SET_RESSTATDESC(counterid, desc, xmldesc) \
@ -267,11 +270,11 @@ init_desc(void) {
INSIST(i == dns_resstatscounter_max);
/* Initialize zone statistics */
memset((void *)zonestats_desc, 0,
dns_zonestatscounter_max * sizeof(zonestats_desc[0]));
for (i = 0; i < dns_zonestatscounter_max; i++)
zonestats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
memset((void *)zonestats_xmldesc, 0,
dns_zonestatscounter_max * sizeof(zonestats_xmldesc[0]));
for (i = 0; i < dns_zonestatscounter_max; i++)
zonestats_xmldesc[i] = NULL;
#endif
#define SET_ZONESTATDESC(counterid, desc, xmldesc) \
@ -299,11 +302,11 @@ init_desc(void) {
INSIST(i == dns_zonestatscounter_max);
/* Initialize socket statistics */
memset((void *)sockstats_desc, 0,
isc_sockstatscounter_max * sizeof(sockstats_desc[0]));
for (i = 0; i < isc_sockstatscounter_max; i++)
sockstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
memset((void *)sockstats_xmldesc, 0,
isc_sockstatscounter_max * sizeof(sockstats_xmldesc[0]));
for (i = 0; i < isc_sockstatscounter_max; i++)
sockstats_xmldesc[i] = NULL;
#endif
#define SET_SOCKSTATDESC(counterid, desc, xmldesc) \
@ -437,7 +440,7 @@ generalstat_dump(isc_statscounter_t counter, isc_uint64_t val, void *arg) {
dumparg->countervalues[counter] = val;
}
static void
static isc_result_t
dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
const char *category, const char **desc, int ncounters,
int *indices, isc_uint64_t *values, int options)
@ -448,6 +451,7 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
#ifndef HAVE_LIBXML2
@ -480,31 +484,41 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
writer = arg;
if (category != NULL) {
xmlTextWriterStartElement(writer,
ISC_XMLCHAR
category);
xmlTextWriterStartElement(writer,
ISC_XMLCHAR "name");
xmlTextWriterWriteString(writer, ISC_XMLCHAR
desc[index]);
xmlTextWriterEndElement(writer); /* name */
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
category));
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
"name"));
TRY0(xmlTextWriterWriteString(writer,
ISC_XMLCHAR
desc[index]));
TRY0(xmlTextWriterEndElement(writer)); /* name */
xmlTextWriterStartElement(writer, ISC_XMLCHAR
"counter");
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
"counter"));
} else {
xmlTextWriterStartElement(writer, ISC_XMLCHAR
desc[index]);
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
desc[index]));
}
xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT
"u", value);
xmlTextWriterEndElement(writer); /* counter */
TRY0(xmlTextWriterWriteFormatString(writer,
"%"
ISC_PRINT_QUADFORMAT
"u", value));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
if (category != NULL)
xmlTextWriterEndElement(writer); /* category */
TRY0(xmlTextWriterEndElement(writer)); /* category */
#endif
break;
}
}
return (ISC_R_SUCCESS);
#ifdef HAVE_LIBXML2
error:
return (ISC_R_FAILURE);
#endif
}
static void
@ -515,6 +529,7 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
@ -534,22 +549,28 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype");
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype"));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr);
xmlTextWriterEndElement(writer); /* name */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr));
TRY0(xmlTextWriterEndElement(writer)); /* name */
xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
xmlTextWriterWriteFormatString(writer,
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val);
xmlTextWriterEndElement(writer); /* counter */
val));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
xmlTextWriterEndElement(writer); /* rdtype */
TRY0(xmlTextWriterEndElement(writer)); /* rdtype */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
dumparg->result = ISC_R_FAILURE;
return;
#endif
}
static void
@ -561,6 +582,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
isc_boolean_t nxrrset = ISC_FALSE;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN)
@ -589,22 +611,28 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset");
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteFormatString(writer, "%s%s",
nxrrset ? "!" : "", typestr);
xmlTextWriterEndElement(writer); /* name */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset"));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteFormatString(writer, "%s%s",
nxrrset ? "!" : "", typestr));
TRY0(xmlTextWriterEndElement(writer)); /* name */
xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
xmlTextWriterWriteFormatString(writer,
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val);
xmlTextWriterEndElement(writer); /* counter */
val));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
xmlTextWriterEndElement(writer); /* rrset */
TRY0(xmlTextWriterEndElement(writer)); /* rrset */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
dumparg->result = ISC_R_FAILURE;
#endif
}
static void
@ -615,6 +643,7 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
stats_dumparg_t *dumparg = arg;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1);
@ -630,30 +659,35 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode");
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode"));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf);
xmlTextWriterEndElement(writer); /* name */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf));
TRY0(xmlTextWriterEndElement(writer)); /* name */
xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
xmlTextWriterWriteFormatString(writer,
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val);
xmlTextWriterEndElement(writer); /* counter */
val));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
xmlTextWriterEndElement(writer); /* opcode */
TRY0(xmlTextWriterEndElement(writer)); /* opcode */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
dumparg->result = ISC_R_FAILURE;
return;
#endif
}
#ifdef HAVE_LIBXML2
/* XXXMLG below here sucks. */
#define TRY(a) do { result = (a); INSIST(result == ISC_R_SUCCESS); } while(0);
#define TRY0(a) do { xmlrc = (a); INSIST(xmlrc >= 0); } while(0);
static isc_result_t
zone_xmlrender(dns_zone_t *zone, void *arg) {
@ -663,47 +697,55 @@ zone_xmlrender(dns_zone_t *zone, void *arg) {
xmlTextWriterPtr writer = arg;
isc_stats_t *zonestats;
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
int xmlrc;
isc_result_t result;
xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone");
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone"));
dns_zone_name(zone, buf, sizeof(buf));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR buf));
TRY0(xmlTextWriterEndElement(writer));
rdclass = dns_zone_getclass(zone);
dns_rdataclass_format(rdclass, buf, sizeof(buf));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass");
xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR buf));
TRY0(xmlTextWriterEndElement(writer));
serial = dns_zone_getserial(zone);
xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial");
xmlTextWriterWriteFormatString(writer, "%u", serial);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial"));
if (dns_zone_getserial2(zone, &serial) == ISC_R_SUCCESS)
TRY0(xmlTextWriterWriteFormatString(writer, "%u", serial));
else
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR "-"));
TRY0(xmlTextWriterEndElement(writer));
zonestats = dns_zone_getrequeststats(zone);
if (zonestats != NULL) {
xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters");
dump_counters(zonestats, statsformat_xml, writer, NULL,
nsstats_xmldesc, dns_nsstatscounter_max,
nsstats_index, nsstat_values,
ISC_STATSDUMP_VERBOSE);
xmlTextWriterEndElement(writer); /* counters */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
result = dump_counters(zonestats, statsformat_xml, writer, NULL,
nsstats_xmldesc, dns_nsstatscounter_max,
nsstats_index, nsstat_values,
ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters */
}
xmlTextWriterEndElement(writer); /* zone */
TRY0(xmlTextWriterEndElement(writer)); /* zone */
return (ISC_R_SUCCESS);
error:
return (ISC_R_FAILURE);
}
static void
static isc_result_t
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"];
isc_time_t now;
xmlTextWriterPtr writer;
xmlDocPtr doc;
xmlTextWriterPtr writer = NULL;
xmlDocPtr doc = NULL;
int xmlrc;
dns_view_t *view;
stats_dumparg_t dumparg;
@ -712,12 +754,15 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
isc_uint64_t resstat_values[dns_resstatscounter_max];
isc_uint64_t zonestat_values[dns_zonestatscounter_max];
isc_uint64_t sockstat_values[isc_sockstatscounter_max];
isc_result_t result;
isc_time_now(&now);
isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime);
isc_time_formatISO8601(&now, nowstr, sizeof nowstr);
writer = xmlNewTextWriterDoc(&doc, 0);
if (writer == NULL)
goto error;
TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL));
TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet",
ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.xsl\""));
@ -728,7 +773,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "bind"));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
ISC_XMLCHAR "2.0"));
ISC_XMLCHAR "2.2"));
/* Set common fields for statistics dump */
dumparg.type = statsformat_xml;
@ -741,39 +786,55 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
view = ISC_LIST_HEAD(server->viewlist);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views"));
while (view != NULL) {
xmlTextWriterStartElement(writer, ISC_XMLCHAR "view");
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "view"));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name));
TRY0(xmlTextWriterEndElement(writer));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones");
dns_zt_apply(view->zonetable, ISC_FALSE, zone_xmlrender,
writer);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones"));
result = dns_zt_apply(view->zonetable, ISC_TRUE, zone_xmlrender,
writer);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer));
if (view->resquerystats != NULL) {
dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(view->resquerystats,
rdtypestat_dump, &dumparg, 0);
if (dumparg.result != ISC_R_SUCCESS)
goto error;
}
if (view->resstats != NULL) {
dump_counters(view->resstats, statsformat_xml, writer,
"resstat", resstats_xmldesc,
dns_resstatscounter_max, resstats_index,
resstat_values, ISC_STATSDUMP_VERBOSE);
result = dump_counters(view->resstats, statsformat_xml,
writer, "resstat",
resstats_xmldesc,
dns_resstatscounter_max,
resstats_index, resstat_values,
ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
}
cachestats = dns_db_getrrsetstats(view->cachedb);
if (cachestats != NULL) {
xmlTextWriterStartElement(writer,
ISC_XMLCHAR "cache");
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR "cache"));
TRY0(xmlTextWriterWriteAttribute(writer,
ISC_XMLCHAR "name",
ISC_XMLCHAR
view->name));
dumparg.result = ISC_R_SUCCESS;
dns_rdatasetstats_dump(cachestats, rdatasetstats_dump,
&dumparg, 0);
xmlTextWriterEndElement(writer); /* cache */
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* cache */
}
xmlTextWriterEndElement(writer); /* view */
TRY0(xmlTextWriterEndElement(writer)); /* view */
view = ISC_LIST_NEXT(view, link);
}
@ -788,44 +849,63 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time");
xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime);
xmlTextWriterEndElement(writer);
xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time");
xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr);
xmlTextWriterEndElement(writer);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime));
TRY0(xmlTextWriterEndElement(writer));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr));
TRY0(xmlTextWriterEndElement(writer));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "requests"));
dumparg.result = ISC_R_SUCCESS;
dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg,
0);
xmlTextWriterEndElement(writer); /* requests */
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* requests */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "queries-in"));
dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
&dumparg, 0);
xmlTextWriterEndElement(writer); /* queries-in */
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* queries-in */
dump_counters(server->nsstats, statsformat_xml, writer,
"nsstat", nsstats_xmldesc, dns_nsstatscounter_max,
nsstats_index, nsstat_values, ISC_STATSDUMP_VERBOSE);
result = dump_counters(server->nsstats, statsformat_xml, writer,
"nsstat", nsstats_xmldesc,
dns_nsstatscounter_max,
nsstats_index, nsstat_values,
ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
dump_counters(server->zonestats, statsformat_xml, writer, "zonestat",
zonestats_xmldesc, dns_zonestatscounter_max,
zonestats_index, zonestat_values, ISC_STATSDUMP_VERBOSE);
result = dump_counters(server->zonestats, statsformat_xml, writer,
"zonestat", zonestats_xmldesc,
dns_zonestatscounter_max, zonestats_index,
zonestat_values, ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
/*
* Most of the common resolver statistics entries are 0, so we don't
* use the verbose dump here.
*/
dump_counters(server->resolverstats, statsformat_xml, writer, "resstat",
resstats_xmldesc, dns_resstatscounter_max, resstats_index,
resstat_values, 0);
result = dump_counters(server->resolverstats, statsformat_xml, writer,
"resstat", resstats_xmldesc,
dns_resstatscounter_max, resstats_index,
resstat_values, 0);
if (result != ISC_R_SUCCESS)
goto error;
dump_counters(server->sockstats, statsformat_xml, writer, "sockstat",
sockstats_xmldesc, isc_sockstatscounter_max,
sockstats_index, sockstat_values, ISC_STATSDUMP_VERBOSE);
result = dump_counters(server->sockstats, statsformat_xml, writer,
"sockstat", sockstats_xmldesc,
isc_sockstatscounter_max, sockstats_index,
sockstat_values, ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
xmlTextWriterEndElement(writer); /* server */
TRY0(xmlTextWriterEndElement(writer)); /* server */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
isc_mem_renderxml(writer);
@ -841,6 +921,14 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1);
xmlFreeDoc(doc);
return (ISC_R_SUCCESS);
error:
if (writer != NULL)
xmlFreeTextWriter(writer);
if (doc != NULL)
xmlFreeDoc(doc);
return (ISC_R_FAILURE);
}
static void
@ -859,21 +947,24 @@ render_index(const char *url, const char *querystring, void *arg,
unsigned char *msg;
int msglen;
ns_server_t *server = arg;
isc_result_t result;
UNUSED(url);
UNUSED(querystring);
generatexml(server, &msglen, &msg);
result = generatexml(server, &msglen, &msg);
*retcode = 200;
*retmsg = "OK";
*mimetype = "text/xml";
isc_buffer_reinit(b, msg, msglen);
isc_buffer_add(b, msglen);
*freecb = wrap_xmlfree;
*freecb_args = NULL;
if (result == ISC_R_SUCCESS) {
*retcode = 200;
*retmsg = "OK";
*mimetype = "text/xml";
isc_buffer_reinit(b, msg, msglen);
isc_buffer_add(b, msglen);
*freecb = wrap_xmlfree;
*freecb_args = NULL;
}
return (ISC_R_SUCCESS);
return (result);
}
#endif /* HAVE_LIBXML2 */
@ -1274,20 +1365,20 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
}
fprintf(fp, "++ Name Server Statistics ++\n");
dump_counters(server->nsstats, statsformat_file, fp, NULL,
nsstats_desc, dns_nsstatscounter_max, nsstats_index,
nsstat_values, 0);
(void) dump_counters(server->nsstats, statsformat_file, fp, NULL,
nsstats_desc, dns_nsstatscounter_max,
nsstats_index, nsstat_values, 0);
fprintf(fp, "++ Zone Maintenance Statistics ++\n");
dump_counters(server->zonestats, statsformat_file, fp, NULL,
zonestats_desc, dns_zonestatscounter_max,
zonestats_index, zonestat_values, 0);
(void) dump_counters(server->zonestats, statsformat_file, fp, NULL,
zonestats_desc, dns_zonestatscounter_max,
zonestats_index, zonestat_values, 0);
fprintf(fp, "++ Resolver Statistics ++\n");
fprintf(fp, "[Common]\n");
dump_counters(server->resolverstats, statsformat_file, fp, NULL,
resstats_desc, dns_resstatscounter_max, resstats_index,
resstat_values, 0);
(void) dump_counters(server->resolverstats, statsformat_file, fp, NULL,
resstats_desc, dns_resstatscounter_max,
resstats_index, resstat_values, 0);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
@ -1297,9 +1388,9 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
fprintf(fp, "[View: default]\n");
else
fprintf(fp, "[View: %s]\n", view->name);
dump_counters(view->resstats, statsformat_file, fp, NULL,
resstats_desc, dns_resstatscounter_max,
resstats_index, resstat_values, 0);
(void) dump_counters(view->resstats, statsformat_file, fp, NULL,
resstats_desc, dns_resstatscounter_max,
resstats_index, resstat_values, 0);
}
fprintf(fp, "++ Cache DB RRsets ++\n");
@ -1320,9 +1411,9 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
}
fprintf(fp, "++ Socket I/O Statistics ++\n");
dump_counters(server->sockstats, statsformat_file, fp, NULL,
sockstats_desc, isc_sockstatscounter_max, sockstats_index,
sockstat_values, 0);
(void) dump_counters(server->sockstats, statsformat_file, fp, NULL,
sockstats_desc, isc_sockstatscounter_max,
sockstats_index, sockstat_values, 0);
fprintf(fp, "++ Per Zone Query Statistics ++\n");
zone = NULL;
@ -1343,9 +1434,10 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
fprintf(fp, " (view: %s)", view->name);
fprintf(fp, "]\n");
dump_counters(zonestats, statsformat_file, fp, NULL,
nsstats_desc, dns_nsstatscounter_max,
nsstats_index, nsstat_values, 0);
(void) dump_counters(zonestats, statsformat_file, fp,
NULL, nsstats_desc,
dns_nsstatscounter_max,
nsstats_index, nsstat_values, 0);
}
}

25
contrib/bind9/bin/named/update.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */
/* $Id: update.c,v 1.151.12.9 2009/12/30 04:02:56 marka Exp $ */
#include <config.h>
@ -3031,7 +3031,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
} else {
CHECK(get_iterations(db, ver, &iterations));
CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max));
if (iterations > max) {
if (max != 0 && iterations > max) {
flag = ISC_TRUE;
update_log(client, zone, ISC_LOG_WARNING,
"too many NSEC3 iterations (%u) for "
@ -3157,6 +3157,24 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
&newtuple));
CHECK(do_one_tuple(&newtuple, db, ver, diff));
}
/*
* Remove any existing CREATE request to add an
* otherwise indentical chain with a reversed
* OPTOUT state.
*/
buf[1] ^= DNS_NSEC3FLAG_OPTOUT;
CHECK(rr_exists(db, ver, name, &rdata, &flag));
if (flag) {
CHECK(dns_difftuple_create(diff->mctx,
DNS_DIFFOP_DEL,
name, tuple->ttl,
&rdata,
&newtuple));
CHECK(do_one_tuple(&newtuple, db, ver, diff));
}
/*
* Remove the temporary add record.
*/
@ -4140,9 +4158,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
goto common;
failure:
if (result == DNS_R_REFUSED)
inc_stats(zone, dns_nsstatscounter_updaterej);
/*
* The reason for failure should have been logged at this point.
*/

4
contrib/bind9/bin/nsupdate/nsupdate.1
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nsupdate.1,v 1.3.48.2 2009/03/10 01:54:11 tbox Exp $
.\" $Id: nsupdate.1,v 1.3.48.3 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/nsupdate/nsupdate.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.html,v 1.40.48.2 2009/03/10 01:54:11 tbox Exp $ -->
<!-- $Id: nsupdate.html,v 1.40.48.3 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

4
contrib/bind9/bin/rndc/rndc-confgen.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc-confgen.8,v 1.20 2007/01/30 00:24:59 marka Exp $
.\" $Id: rndc-confgen.8,v 1.20.418.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/rndc/rndc-confgen.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc-confgen.html,v 1.25 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: rndc-confgen.html,v 1.25.418.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

4
contrib/bind9/bin/rndc/rndc.8
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc.8,v 1.42 2007/12/14 22:37:22 marka Exp $
.\" $Id: rndc.8,v 1.42.214.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/rndc/rndc.conf.5
View File

@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc.conf.5,v 1.38 2007/05/09 13:35:57 marka Exp $
.\" $Id: rndc.conf.5,v 1.38.366.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l

4
contrib/bind9/bin/rndc/rndc.conf.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc.conf.html,v 1.29 2007/05/09 13:35:57 marka Exp $ -->
<!-- $Id: rndc.conf.html,v 1.29.366.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

4
contrib/bind9/bin/rndc/rndc.html
View File

@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc.html,v 1.31 2007/12/14 22:37:22 marka Exp $ -->
<!-- $Id: rndc.html,v 1.31.214.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

28
contrib/bind9/config.h.in
View File

@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h.in,v 1.106.40.6 2009/03/13 05:35:43 marka Exp $ */
/* $Id: config.h.in,v 1.106.40.11 2010/01/15 19:38:52 each Exp $ */
/*! \file */
@ -144,6 +144,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define if recvmsg() does not meet all of the BSD socket API specifications.
*/
#undef BROKEN_RECVMSG
@ -163,6 +166,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
/* Define to 1 if you have the `EVP_sha512' function. */
#undef HAVE_EVP_SHA512
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
@ -293,6 +302,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@ -314,11 +326,15 @@ int sigwait(const unsigned int *set, int *sig);
#undef WITH_IDN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel and VAX). */
#if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
#elif ! defined __LITTLE_ENDIAN__
# undef WORDS_BIGENDIAN
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define to empty if `const' does not conform to ANSI C. */

134
contrib/bind9/configure.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.457.26.9 $)
AC_REVISION($Revision: 1.457.26.16 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@ -28,6 +28,18 @@ AC_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
AC_PROG_MAKE_SET
#
# GNU libtool support
#
case $build_os in
sunos*)
# Just set the maximum command line length for sunos as it otherwise
# takes a exceptionally long time to work it out. Required for libtool.
lt_cv_sys_max_cmd_len=4096;
;;
esac
AC_PROG_LIBTOOL
AC_PROG_INSTALL
AC_PROG_LN_S
@ -466,7 +478,7 @@ AC_C_BIGENDIAN
OPENSSL_WARNING=
AC_MSG_CHECKING(for OpenSSL library)
AC_ARG_WITH(openssl,
[ --with-openssl[=PATH] Build with OpenSSL [yes|no|path].
[ --with-openssl[=PATH] Build with OpenSSL [yes|no|path].
(Required for DNSSEC)],
use_openssl="$withval", use_openssl="auto")
@ -491,7 +503,9 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
USE_OPENSSL=""
AC_MSG_RESULT(not found)
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl])
;;
*)
if test "$use_openssl" = "yes"
@ -630,8 +644,10 @@ esac
else
AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha512)
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
;;
esac
@ -652,7 +668,7 @@ DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
AC_MSG_CHECKING(for PKCS11 support)
AC_ARG_WITH(pkcs11,
[ --with-pkcs11 Build with PKCS11 support],
[ --with-pkcs11 Build with PKCS11 support],
use_pkcs11="yes", use_pkcs11="no")
case "$use_pkcs11" in
@ -670,7 +686,7 @@ AC_SUBST(USE_PKCS11)
AC_MSG_CHECKING(for GSSAPI library)
AC_ARG_WITH(gssapi,
[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
use_gssapi="$withval", use_gssapi="no")
gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
@ -824,7 +840,7 @@ AC_SUBST(DNS_CRYPTO_LIBS)
#
AC_MSG_CHECKING(for random device)
AC_ARG_WITH(randomdev,
[ --with-randomdev=PATH Specify path for random device],
[ --with-randomdev=PATH Specify path for random device],
use_randomdev="$withval", use_randomdev="unspec")
case "$use_randomdev" in
@ -997,7 +1013,7 @@ AC_SUBST(ISC_THREAD_DIR)
#
AC_MSG_CHECKING(for libxml2 library)
AC_ARG_WITH(libxml2,
[ --with-libxml2[=PATH] Build with libxml2 library [yes|no|path]],
[ --with-libxml2[=PATH] Build with libxml2 library [yes|no|path]],
use_libxml2="$withval", use_libxml2="auto")
case "$use_libxml2" in
@ -1191,7 +1207,7 @@ esac
#
AC_MSG_CHECKING(whether to use purify)
AC_ARG_WITH(purify,
[ --with-purify[=PATH] use Rational purify],
[ --with-purify[=PATH] use Rational purify],
use_purify="$withval", use_purify="no")
case "$use_purify" in
@ -1228,19 +1244,9 @@ esac
AC_SUBST(PURIFY)
#
# GNU libtool support
#
case $build_os in
sunos*)
# Just set the maximum command line length for sunos as it otherwise
# takes a exceptionally long time to work it out. Required for libtool.
lt_cv_sys_max_cmd_len=4096;
;;
esac
AC_ARG_WITH(libtool,
[ --with-libtool use GNU libtool (following indented options supported)],
[ --with-libtool use GNU libtool],
use_libtool="$withval", use_libtool="no")
case $use_libtool in
@ -1299,7 +1305,7 @@ AC_SUBST(LIBTOOL_IN_MAIN)
# IPv6
#
AC_ARG_ENABLE(ipv6,
[ --enable-ipv6 use IPv6 [default=autodetect]])
[ --enable-ipv6 use IPv6 [default=autodetect]])
case "$enable_ipv6" in
yes|''|autodetect)
@ -1330,7 +1336,7 @@ AC_TRY_COMPILE([
#
AC_MSG_CHECKING(for Kame IPv6 support)
AC_ARG_WITH(kame,
[ --with-kame[=PATH] use Kame IPv6 [default path /usr/local/v6]],
[ --with-kame[=PATH] use Kame IPv6 [default path /usr/local/v6]],
use_kame="$withval", use_kame="no")
case "$use_kame" in
@ -1780,7 +1786,7 @@ AC_SUBST(ISC_LWRES_GETADDRINFOPROTO)
AC_SUBST(ISC_LWRES_GETNAMEINFOPROTO)
AC_ARG_ENABLE(getifaddrs,
[ --enable-getifaddrs Enable the use of getifaddrs() [[yes|no]].],
[ --enable-getifaddrs Enable the use of getifaddrs() [[yes|no]].],
want_getifaddrs="$enableval", want_getifaddrs="yes")
#
@ -1902,7 +1908,7 @@ AC_SUBST(ISC_EXTRA_SRCS)
# Use our own SPNEGO implementation?
#
AC_ARG_ENABLE(isc-spnego,
[ --disable-isc-spnego use SPNEGO from GSSAPI library])
[ --disable-isc-spnego use SPNEGO from GSSAPI library])
if test -n "$USE_GSSAPI"
then
@ -1967,7 +1973,7 @@ AC_SUBST(LWRES_PLATFORM_QUADFORMAT)
# Note it is very recommended to *not* disable chroot(),
# this is only because chroot() was made obsolete by Posix.
AC_ARG_ENABLE(chroot,
[ --disable-chroot disable chroot])
[ --disable-chroot disable chroot])
case "$enable_chroot" in
yes|'')
AC_CHECK_FUNCS(chroot)
@ -1976,7 +1982,7 @@ case "$enable_chroot" in
;;
esac
AC_ARG_ENABLE(linux-caps,
[ --disable-linux-caps disable linux capabilities])
[ --disable-linux-caps disable linux capabilities])
case "$enable_linux_caps" in
yes|'')
AC_CHECK_HEADERS(linux/capability.h sys/capability.h)
@ -2215,13 +2221,43 @@ AC_CHECK_FUNCS(nanosleep)
# Machine architecture dependent features
#
AC_ARG_ENABLE(atomic,
[ --enable-atomic enable machine specific atomic operations
[[default=autodetect]]],
[ --enable-atomic enable machine specific atomic operations
[[default=autodetect]]],
enable_atomic="$enableval",
enable_atomic="autodetect")
case "$enable_atomic" in
yes|''|autodetect)
use_atomic=yes
case "$host" in
powerpc-ibm-aix*)
if test "X$GCC" = "Xyes"; then
AC_MSG_CHECKING([if asm("isc"); works])
AC_TRY_COMPILE(,[
main() { asm("ics"); exit(0); }
],
[AC_MSG_RESULT(yes)
use_atomic=yes],
[
saved_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wa,-many"
AC_TRY_RUN([
main() { asm("ics"); exit(0); }
],
[AC_MSG_RESULT([yes, required -Wa,-many])
use_atomic=yes],
[AC_MSG_RESULT([no, use_atomic disabled])
CFLAGS="$saved_cflags"
use_atomic=no],
[AC_MSG_RESULT([cross compile, assume yes])
CFLAGS="$saved_cflags"
use_atomic=yes])
]
)
fi
;;
*)
use_atomic=yes
;;
esac
;;
no)
use_atomic=no
@ -2248,8 +2284,16 @@ main() {
[arch=x86_32])
;;
x86_64-*|amd64-*)
have_xaddq=yes
arch=x86_64
AC_TRY_RUN([
main() {
exit((sizeof(void *) == 8) ? 0 : 1);
}
],
[arch=x86_64
have_xaddq=yes],
[arch=x86_32],
[arch=x86_64
have_xaddq=yes])
;;
alpha*-*)
arch=alpha
@ -2354,9 +2398,9 @@ else
fi
if test "$have_xaddq" = "yes"; then
ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1"
ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1"
else
ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
fi
AC_SUBST(ISC_PLATFORM_HAVEXADD)
@ -2376,14 +2420,14 @@ AC_SUBST(ISC_ARCH_DIR)
# Activate "rrset-order fixed" or not?
#
AC_ARG_ENABLE(fixed-rrset,
[ --enable-fixed-rrset enable fixed rrset ordering
[[default=no]]],
[ --enable-fixed-rrset enable fixed rrset ordering
[[default=no]]],
enable_fixed="$enableval",
enable_fixed="no")
case "$enable_fixed" in
yes)
AC_DEFINE(DNS_RDATASET_FIXED, 1,
[Define to enable "rrset-order fixed" syntax.])
[Define to enable "rrset-order fixed" syntax.])
;;
no)
;;
@ -2503,7 +2547,7 @@ AC_SUBST($1)
#
AC_MSG_CHECKING(for Docbook-XSL path)
AC_ARG_WITH(docbook-xsl,
[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
docbook_path="$withval", docbook_path="auto")
case "$docbook_path" in
auto)
@ -2571,7 +2615,7 @@ AC_SUBST(XSLT_DB2LATEX_ADMONITIONS)
# IDN support
#
AC_ARG_WITH(idn,
[ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]],
[ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]],
use_idn="$withval", use_idn="no")
case "$use_idn" in
yes)
@ -2591,7 +2635,7 @@ esac
iconvinc=
iconvlib=
AC_ARG_WITH(libiconv,
[ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]],
[ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]],
use_libiconv="$withval", use_libiconv="no")
case "$use_libiconv" in
yes)
@ -2610,7 +2654,7 @@ no)
esac
AC_ARG_WITH(iconv,
[ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]],
[ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]],
iconvlib="$withval")
case "$iconvlib" in
no)
@ -2622,7 +2666,7 @@ yes)
esac
AC_ARG_WITH(idnlib,
[ --with-idnlib=ARG specify libidnkit],
[ --with-idnlib=ARG specify libidnkit],
idnlib="$withval", idnlib="no")
if test "$idnlib" = yes; then
AC_MSG_ERROR([You must specify ARG for --with-idnlib.])
@ -2678,7 +2722,7 @@ AC_SUBST_FILE(BIND9_MAKE_RULES)
BIND9_MAKE_RULES=$BIND9_TOP_BUILDDIR/make/rules
. $srcdir/version
BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}"
AC_SUBST(BIND9_VERSION)
if test -z "$ac_configure_args"; then
@ -2964,6 +3008,12 @@ AC_CONFIG_FILES([
AC_OUTPUT
if test "X$USE_OPENSSL" = "X"; then
cat << \EOF
BIND is being built without OpenSSL. This means it will not have DNSSEC support.
EOF
fi
if test "X$OPENSSL_WARNING" != "X"; then
cat << \EOF
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

137
contrib/bind9/doc/arm/Bv9ARM-book.xml
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.15 2009/06/02 05:56:27 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.24 2010/01/23 23:47:52 tbox Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@ -30,6 +30,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -1679,6 +1680,11 @@ controls {
each dynamic update, because that would be too slow when a large
zone is updated frequently. Instead, the dump is delayed by
up to 15 minutes, allowing additional updates to take place.
During the dump process, transient files will be created
with the extensions <filename>.jnw</filename> and
<filename>.jbk</filename>; under ordinary circumstances, these
will be removed when the dump is complete, and can be safely
ignored.
</para>
<para>
@ -2053,17 +2059,16 @@ nameserver 172.16.72.4
<sect3>
<title>Automatic Generation</title>
<para>
The following command will generate a 128-bit (16 byte) HMAC-MD5
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
are easier to read. Note that the maximum key length is 512 bits;
keys longer than that will be digested with MD5 to produce a
128-bit key.
are easier to read. Note that the maximum key length is the digest
length, here 256 bits.
</para>
<para>
<userinput>dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.</userinput>
<userinput>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</userinput>
</para>
<para>
The key is in the file <filename>Khost1-host2.+157+00000.private</filename>.
The key is in the file <filename>Khost1-host2.+163+00000.private</filename>.
Nothing directly uses this file, but the base-64 encoded string
following "<literal>Key:</literal>"
can be extracted from the file and used as a shared secret:
@ -2105,18 +2110,16 @@ nameserver 172.16.72.4
<programlisting>
key host1-host2. {
algorithm hmac-md5;
algorithm hmac-sha256;
secret "La/E5CjG9O+os1jq0a2jdA==";
};
</programlisting>
<para>
The algorithm, <literal>hmac-md5</literal>, is the only one supported by <acronym>BIND</acronym>.
The secret is the one generated above. Since this is a secret, it
is recommended that either <filename>named.conf</filename> be non-world
readable, or the key directive be added to a non-world readable
file that is included by
<filename>named.conf</filename>.
is recommended that either <filename>named.conf</filename> be
non-world readable, or the key directive be added to a non-world
readable file that is included by <filename>named.conf</filename>.
</para>
<para>
At this point, the key is recognized. This means that if the
@ -2445,14 +2448,17 @@ allow-update { key host1-host2. ;};
To enable <command>named</command> to respond appropriately
to DNS requests from DNSSEC aware clients,
<command>dnssec-enable</command> must be set to yes.
(This is the default setting.)
</para>
<para>
To enable <command>named</command> to validate answers from
other servers both <command>dnssec-enable</command> and
<command>dnssec-validation</command> must be set and some
<command>trusted-keys</command> must be configured
into <filename>named.conf</filename>.
other servers, the <command>dnssec-enable</command> and
<command>dnssec-validation</command> options must both be
set to yes (the default setting in <acronym>BIND</acronym> 9.5
and later), and at least one trust anchor must be configured
with a <command>trusted-keys</command> statement in
<filename>named.conf</filename>.
</para>
<para>
@ -2531,6 +2537,41 @@ options {
the root key is not valid.
</note>
<para>
When DNSSEC validation is enabled and properly configured,
the resolver will reject any answers from signed, secure zones
which fail to validate, and will return SERVFAIL to the client.
</para>
<para>
Responses may fail to validate for any of several reasons,
including missing, expired, or invalid signatures, a key which
does not match the DS RRset in the parent zone, or an insecure
response from a zone which, according to its parent, should have
been secure.
</para>
<note>
<para>
When the validator receives a response from an unsigned zone
that has a signed parent, it must confirm with the parent
that the zone was intentionally left unsigned. It does
this by verifying, via signed and validated NSEC/NSEC3 records,
that the parent zone contains no DS records for the child.
</para>
<para>
If the validator <emphasis>can</emphasis> prove that the zone
is insecure, then the response is accepted. However, if it
cannot, then it must assume an insecure response to be a
forgery; it rejects the response and logs an error.
</para>
<para>
The logged error reads "insecurity proof failed" and
"got insecure response; parent indicates it should be secure".
(Prior to BIND 9.7, the logged error was "not insecure".
This referred to the zone, not the response.)
</para>
</note>
</sect2>
</sect1>
@ -2539,10 +2580,9 @@ options {
<para>
<acronym>BIND</acronym> 9 fully supports all currently
defined forms of IPv6
name to address and address to name lookups. It will also use
IPv6 addresses to make queries when running on an IPv6 capable
system.
defined forms of IPv6 name to address and address to name
lookups. It will also use IPv6 addresses to make queries when
running on an IPv6 capable system.
</para>
<para>
@ -4324,8 +4364,7 @@ category notify { null; };
<para>
Lame servers. These are misconfigurations
in remote servers, discovered by BIND 9 when trying to
query
those servers during resolution.
query those servers during resolution.
</para>
</entry>
</row>
@ -4785,7 +4824,7 @@ category notify { null; };
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-interval <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
<optional> max-transfer-time-in <replaceable>number</replaceable>; </optional>
<optional> max-transfer-time-out <replaceable>number</replaceable>; </optional>
<optional> max-transfer-idle-in <replaceable>number</replaceable>; </optional>
@ -4826,7 +4865,7 @@ category notify { null; };
<optional> lame-ttl <replaceable>number</replaceable>; </optional>
<optional> max-ncache-ttl <replaceable>number</replaceable>; </optional>
<optional> max-cache-ttl <replaceable>number</replaceable>; </optional>
<optional> sig-validity-interval <replaceable>number</replaceable> ; </optional>
<optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-type <replaceable>number</replaceable> ; </optional>
@ -4909,11 +4948,12 @@ category notify { null; };
<listitem>
<para>
When performing dynamic update of secure zones, the
directory where the public and private key files should be
found,
if different than the current working directory. The
directory specified
must be an absolute path.
directory where the public and private DNSSEC key files
should be found, if different than the current working
directory. The directory specified must be an absolute
path. (Note that this option has no effect on the paths
for files containing non-DNSSEC keys such as the
<filename>rndc.key</filename>.
</para>
</listitem>
</varlistentry>
@ -5874,13 +5914,15 @@ options {
If <userinput>yes</userinput>, then an
IPv4-mapped IPv6 address will match any address match
list entries that match the corresponding IPv4 address.
Enabling this option is sometimes useful on IPv6-enabled
Linux
systems, to work around a kernel quirk that causes IPv4
TCP connections such as zone transfers to be accepted
on an IPv6 socket using mapped addresses, causing
address match lists designed for IPv4 to fail to match.
The use of this option for any other purpose is discouraged.
</para>
<para>
This option was introduced to work around a kernel quirk
in some operating systems that causes IPv4 TCP
connections, such as zone transfers, to be accepted on an
IPv6 socket using mapped addresses. This caused address
match lists designed for IPv4 to fail to match. However,
<command>named</command> now solves this problem
internally. The use of this option is discouraged.
</para>
</listitem>
</varlistentry>
@ -7919,7 +7961,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem>
<para>
The delay, in seconds, between sending sets of notify
messages for a zone. The default is zero.
messages for a zone. The default is five (5) seconds.
</para>
</listitem>
</varlistentry>
@ -8271,7 +8313,7 @@ XXX: end of RFC1918 addresses #defined out -->
<optional> query-source-v6 <optional> address ( <replaceable>ip_addr</replaceable> | <replaceable>*</replaceable> ) </optional> <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-interval <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
};
</programlisting>
@ -8751,7 +8793,7 @@ view "external" {
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
<optional> sig-validity-interval <replaceable>number</replaceable> ; </optional>
<optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-type <replaceable>number</replaceable> ; </optional>
@ -11205,6 +11247,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
Master File Directives include <command>$ORIGIN</command>, <command>$INCLUDE</command>,
and <command>$TTL.</command>
</para>
<sect3>
<title>The <command>@</command> (at-sign)</title>
<para>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
At the start of the zone file, it is the
&lt;<varname>zone_name</varname>&gt; (followed by
trailing dot).
</para>
</sect3>
<sect3>
<title>The <command>$ORIGIN</command> Directive</title>
<para>
@ -11216,7 +11268,8 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
sets the domain name that will be appended to any
unqualified records. When a zone is first read in there
is an implicit <command>$ORIGIN</command>
&lt;<varname>zone-name</varname>&gt;<command>.</command>
&lt;<varname>zone_name</varname>&gt;<command>.</command>
(followed by trailing dot).
The current <command>$ORIGIN</command> is appended to
the domain specified in the <command>$ORIGIN</command>
argument if it is not absolute.

54
contrib/bind9/doc/arm/Bv9ARM.ch01.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch01.html,v 1.43.48.2 2009/04/03 01:52:22 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch01.html,v 1.43.48.4 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563412">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564391">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564531">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564712">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564733">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567173">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567250">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567422">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567553">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2563409"></a>Scope of Document</h2></div></div></div>
<a name="id2563412"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564388"></a>Organization of This Document</h2></div></div></div>
<a name="id2564391"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564528"></a>Conventions Used in This Document</h2></div></div></div>
<a name="id2564531"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564641"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<a name="id2564712"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564662"></a>DNS Fundamentals</h3></div></div></div>
<a name="id2564733"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@ -275,7 +275,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564696"></a>Domains and Domain Names</h3></div></div></div>
<a name="id2564768"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@ -321,7 +321,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567170"></a>Zones</h3></div></div></div>
<a name="id2567173"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@ -374,7 +374,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567246"></a>Authoritative Name Servers</h3></div></div></div>
<a name="id2567250"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@ -391,7 +391,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567270"></a>The Primary Master</h4></div></div></div>
<a name="id2567273"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@ -411,7 +411,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567300"></a>Slave Servers</h4></div></div></div>
<a name="id2567303"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@ -427,7 +427,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567389"></a>Stealth Servers</h4></div></div></div>
<a name="id2567393"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@ -462,7 +462,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567419"></a>Caching Name Servers</h3></div></div></div>
<a name="id2567422"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@ -489,7 +489,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567523"></a>Forwarding</h4></div></div></div>
<a name="id2567526"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@ -516,7 +516,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567549"></a>Name Servers in Multiple Roles</h3></div></div></div>
<a name="id2567553"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as

26
contrib/bind9/doc/arm/Bv9ARM.ch02.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch02.html,v 1.38.56.1 2009/01/08 01:50:59 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch02.html,v 1.38.56.3 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567584">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567610">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567623">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567854">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567865">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567587">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567613">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567626">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567721">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567584"></a>Hardware requirements</h2></div></div></div>
<a name="id2567587"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567610"></a>CPU Requirements</h2></div></div></div>
<a name="id2567613"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567623"></a>Memory Requirements</h2></div></div></div>
<a name="id2567626"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567854"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<a name="id2567721"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@ -124,7 +124,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567865"></a>Supported Operating Systems</h2></div></div></div>
<a name="id2567732"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number

30
contrib/bind9/doc/arm/Bv9ARM.ch03.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch03.html,v 1.71.48.2 2009/04/03 01:52:21 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch03.html,v 1.71.48.4 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567897">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567913">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568004">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568358">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568363">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570071">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570006">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567897"></a>A Caching-only Name Server</h3></div></div></div>
<a name="id2567764"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567913"></a>An Authoritative-only Name Server</h3></div></div></div>
<a name="id2567780"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@ -137,7 +137,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568004"></a>Load Balancing</h2></div></div></div>
<a name="id2568007"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@ -280,10 +280,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568358"></a>Name Server Operations</h2></div></div></div>
<a name="id2568361"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568363"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<a name="id2568366"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@ -749,7 +749,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570071"></a>Signals</h3></div></div></div>
<a name="id2570006"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can

152
contrib/bind9/doc/arm/Bv9ARM.ch04.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch04.html,v 1.87.48.2 2009/04/03 01:52:21 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch04.html,v 1.87.48.6 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -49,29 +49,29 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570492">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570510">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571214">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571225">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571268">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571325">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571510">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571082">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571156">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571166">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571203">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571260">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571445">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571524">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571709">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571459">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571576">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571925">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572006">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571644">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571792">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571873">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572220">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572110">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572282">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572172">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572194">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@ -149,6 +149,11 @@
each dynamic update, because that would be too slow when a large
zone is updated frequently. Instead, the dump is delayed by
up to 15 minutes, allowing additional updates to take place.
During the dump process, transient files will be created
with the extensions <code class="filename">.jnw</code> and
<code class="filename">.jbk</code>; under ordinary circumstances, these
will be removed when the dump is complete, and can be safely
ignored.
</p>
<p>
When a server is restarted after a shutdown or crash, it will replay
@ -210,7 +215,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564066"></a>Split DNS</h2></div></div></div>
<a name="id2570492"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@ -240,7 +245,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564084"></a>Example split DNS setup</h3></div></div></div>
<a name="id2570510"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@ -486,7 +491,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571141"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<a name="id2571082"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@ -494,19 +499,18 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571158"></a>Automatic Generation</h4></div></div></div>
<a name="id2571099"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-MD5
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
are easier to read. Note that the maximum key length is 512 bits;
keys longer than that will be digested with MD5 to produce a
128-bit key.
are easier to read. Note that the maximum key length is the digest
length, here 256 bits.
</p>
<p>
<strong class="userinput"><code>dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.</code></strong>
<strong class="userinput"><code>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</code></strong>
</p>
<p>
The key is in the file <code class="filename">Khost1-host2.+157+00000.private</code>.
The key is in the file <code class="filename">Khost1-host2.+163+00000.private</code>.
Nothing directly uses this file, but the base-64 encoded string
following "<code class="literal">Key:</code>"
can be extracted from the file and used as a shared secret:
@ -519,7 +523,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571196"></a>Manual Generation</h4></div></div></div>
<a name="id2571138"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@ -534,7 +538,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571214"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<a name="id2571156"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@ -542,7 +546,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571225"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<a name="id2571166"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@ -550,17 +554,15 @@ nameserver 172.16.72.4
</p>
<pre class="programlisting">
key host1-host2. {
algorithm hmac-md5;
algorithm hmac-sha256;
secret "La/E5CjG9O+os1jq0a2jdA==";
};
</pre>
<p>
The algorithm, <code class="literal">hmac-md5</code>, is the only one supported by <acronym class="acronym">BIND</acronym>.
The secret is the one generated above. Since this is a secret, it
is recommended that either <code class="filename">named.conf</code> be non-world
readable, or the key directive be added to a non-world readable
file that is included by
<code class="filename">named.conf</code>.
is recommended that either <code class="filename">named.conf</code> be
non-world readable, or the key directive be added to a non-world
readable file that is included by <code class="filename">named.conf</code>.
</p>
<p>
At this point, the key is recognized. This means that if the
@ -571,7 +573,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571268"></a>Instructing the Server to Use the Key</h3></div></div></div>
<a name="id2571203"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@ -603,7 +605,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571325"></a>TSIG Key Based Access Control</h3></div></div></div>
<a name="id2571260"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@ -631,7 +633,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571510"></a>Errors</h3></div></div></div>
<a name="id2571445"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@ -657,7 +659,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571524"></a>TKEY</h2></div></div></div>
<a name="id2571459"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@ -693,7 +695,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571709"></a>SIG(0)</h2></div></div></div>
<a name="id2571576"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@ -754,7 +756,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571778"></a>Generating Keys</h3></div></div></div>
<a name="id2571644"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@ -810,7 +812,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571925"></a>Signing the Zone</h3></div></div></div>
<a name="id2571792"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@ -852,18 +854,21 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572006"></a>Configuring Servers</h3></div></div></div>
<a name="id2571873"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
<span><strong class="command">dnssec-enable</strong></span> must be set to yes.
(This is the default setting.)
</p>
<p>
To enable <span><strong class="command">named</strong></span> to validate answers from
other servers both <span><strong class="command">dnssec-enable</strong></span> and
<span><strong class="command">dnssec-validation</strong></span> must be set and some
<span><strong class="command">trusted-keys</strong></span> must be configured
into <code class="filename">named.conf</code>.
other servers, the <span><strong class="command">dnssec-enable</strong></span> and
<span><strong class="command">dnssec-validation</strong></span> options must both be
set to yes (the default setting in <acronym class="acronym">BIND</acronym> 9.5
and later), and at least one trust anchor must be configured
with a <span><strong class="command">trusted-keys</strong></span> statement in
<code class="filename">named.conf</code>.
</p>
<p>
<span><strong class="command">trusted-keys</strong></span> are copies of DNSKEY RRs
@ -936,17 +941,50 @@ options {
None of the keys listed in this example are valid. In particular,
the root key is not valid.
</div>
<p>
When DNSSEC validation is enabled and properly configured,
the resolver will reject any answers from signed, secure zones
which fail to validate, and will return SERVFAIL to the client.
</p>
<p>
Responses may fail to validate for any of several reasons,
including missing, expired, or invalid signatures, a key which
does not match the DS RRset in the parent zone, or an insecure
response from a zone which, according to its parent, should have
been secure.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
When the validator receives a response from an unsigned zone
that has a signed parent, it must confirm with the parent
that the zone was intentionally left unsigned. It does
this by verifying, via signed and validated NSEC/NSEC3 records,
that the parent zone contains no DS records for the child.
</p>
<p>
If the validator <span class="emphasis"><em>can</em></span> prove that the zone
is insecure, then the response is accepted. However, if it
cannot, then it must assume an insecure response to be a
forgery; it rejects the response and logs an error.
</p>
<p>
The logged error reads "insecurity proof failed" and
"got insecure response; parent indicates it should be secure".
(Prior to BIND 9.7, the logged error was "not insecure".
This referred to the zone, not the response.)
</p>
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572220"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<a name="id2572110"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6
name to address and address to name lookups. It will also use
IPv6 addresses to make queries when running on an IPv6 capable
system.
defined forms of IPv6 name to address and address to name
lookups. It will also use IPv6 addresses to make queries when
running on an IPv6 capable system.
</p>
<p>
For forward lookups, <acronym class="acronym">BIND</acronym> 9 supports
@ -979,7 +1017,7 @@ options {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572282"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id2572172"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@ -998,7 +1036,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572304"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id2572194"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and

10
contrib/bind9/doc/arm/Bv9ARM.ch05.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch05.html,v 1.71.48.2 2009/04/03 01:52:21 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch05.html,v 1.71.48.6 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572337">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572227">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572337"></a>The Lightweight Resolver Library</h2></div></div></div>
<a name="id2572227"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name

212
contrib/bind9/doc/arm/Bv9ARM.ch06.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.9 2009/06/03 01:54:40 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.18 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,55 +48,55 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573716">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573606">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574346"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574305"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574536"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574494"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574965"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574982"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574923"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574940"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575005"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575029"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575120"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575245"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574964"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574987"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575078"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575204"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577306"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577448"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577512"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577556"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577401"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577475"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577582"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577571"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577597"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586902"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586874"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586988"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587040"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586961"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587122"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587162"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588659"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588567"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591138">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591182">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593300">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593413">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593915">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594042">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594368"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593960">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594155">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594565"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -461,7 +461,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573414"></a>Syntax</h4></div></div></div>
<a name="id2573372"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@ -470,7 +470,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573442"></a>Definition and Usage</h4></div></div></div>
<a name="id2573468"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@ -554,7 +554,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2573716"></a>Comment Syntax</h3></div></div></div>
<a name="id2573606"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@ -564,7 +564,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573731"></a>Syntax</h4></div></div></div>
<a name="id2573621"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@ -579,7 +579,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573761"></a>Definition and Usage</h4></div></div></div>
<a name="id2573651"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@ -820,7 +820,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574346"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574305"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@ -902,7 +902,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574536"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574494"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@ -1024,12 +1024,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574965"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574923"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574982"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2574940"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@ -1044,7 +1044,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575005"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574964"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@ -1053,7 +1053,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575029"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2574987"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@ -1100,7 +1100,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575120"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575078"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@ -1124,7 +1124,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575245"></a><span><strong class="command">logging</strong></span> Statement Definition and
<a name="id2575204"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@ -1158,7 +1158,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2575298"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<a name="id2575256"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@ -1666,8 +1666,7 @@ category notify { null; };
<p>
Lame servers. These are misconfigurations
in remote servers, discovered by BIND 9 when trying to
query
those servers during resolution.
query those servers during resolution.
</p>
</td>
</tr>
@ -1724,7 +1723,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2576793"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<a name="id2576820"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@ -1944,7 +1943,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577306"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577401"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -1959,7 +1958,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577448"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2577475"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@ -2010,14 +2009,14 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577512"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577539"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577556"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2577582"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@ -2026,7 +2025,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577571"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577597"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -2115,7 +2114,7 @@ category notify { null; };
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
@ -2156,7 +2155,7 @@ category notify { null; };
[<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
@ -2228,11 +2227,12 @@ category notify { null; };
<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
<dd><p>
When performing dynamic update of secure zones, the
directory where the public and private key files should be
found,
if different than the current working directory. The
directory specified
must be an absolute path.
directory where the public and private DNSSEC key files
should be found, if different than the current working
directory. The directory specified must be an absolute
path. (Note that this option has no effect on the paths
for files containing non-DNSSEC keys such as the
<code class="filename">rndc.key</code>.
</p></dd>
<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
<dd><p>
@ -2990,18 +2990,22 @@ options {
</p>
</dd>
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
<dd><p>
<dd>
<p>
If <strong class="userinput"><code>yes</code></strong>, then an
IPv4-mapped IPv6 address will match any address match
list entries that match the corresponding IPv4 address.
Enabling this option is sometimes useful on IPv6-enabled
Linux
systems, to work around a kernel quirk that causes IPv4
TCP connections such as zone transfers to be accepted
on an IPv6 socket using mapped addresses, causing
address match lists designed for IPv4 to fail to match.
The use of this option for any other purpose is discouraged.
</p></dd>
</p>
<p>
This option was introduced to work around a kernel quirk
in some operating systems that causes IPv4 TCP
connections, such as zone transfers, to be accepted on an
IPv6 socket using mapped addresses. This caused address
match lists designed for IPv4 to fail to match. However,
<span><strong class="command">named</strong></span> now solves this problem
internally. The use of this option is discouraged.
</p>
</dd>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<dd>
<p>
@ -3181,7 +3185,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581747"></a>Forwarding</h4></div></div></div>
<a name="id2581856"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@ -3225,7 +3229,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581874"></a>Dual-stack Servers</h4></div></div></div>
<a name="id2581914"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@ -3422,7 +3426,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2582379"></a>Interfaces</h4></div></div></div>
<a name="id2582420"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@ -3874,7 +3878,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2583582"></a>UDP Port Lists</h4></div></div></div>
<a name="id2583691"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@ -3916,7 +3920,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2583642"></a>Operating System Resource Limits</h4></div></div></div>
<a name="id2583751"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@ -4078,7 +4082,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2584065"></a>Periodic Task Intervals</h4></div></div></div>
<a name="id2584173"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@ -4602,7 +4606,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
<dd><p>
The delay, in seconds, between sending sets of notify
messages for a zone. The default is zero.
messages for a zone. The default is five (5) seconds.
</p></dd>
</dl></div>
</div>
@ -4872,7 +4876,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
};
</pre>
</div>
@ -5056,7 +5060,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586902"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<a name="id2586874"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@ -5107,7 +5111,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586988"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2586961"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@ -5116,7 +5120,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2587040"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2587080"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@ -5162,7 +5166,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2587122"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2587162"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@ -5315,7 +5319,7 @@ view "external" {
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
@ -5428,10 +5432,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2588659"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2588567"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2588666"></a>Zone Types</h4></div></div></div>
<a name="id2588574"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -5642,7 +5646,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2589094"></a>Class</h4></div></div></div>
<a name="id2589070"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@ -5664,7 +5668,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2589127"></a>Zone Options</h4></div></div></div>
<a name="id2589172"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@ -6243,7 +6247,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2591138"></a>Zone File</h2></div></div></div>
<a name="id2591182"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@ -6256,7 +6260,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591156"></a>Resource Records</h4></div></div></div>
<a name="id2591201"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@ -6993,7 +6997,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592779"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2592824"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@ -7196,7 +7200,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593300"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2593413"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@ -7452,7 +7456,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593915"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2593960"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@ -7513,7 +7517,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2594042"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2594155"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@ -7528,7 +7532,18 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594201"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2594178"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
At the start of the zone file, it is the
&lt;<code class="varname">zone_name</code>&gt; (followed by
trailing dot).
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594194"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@ -7538,7 +7553,8 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
sets the domain name that will be appended to any
unqualified records. When a zone is first read in there
is an implicit <span><strong class="command">$ORIGIN</strong></span>
&lt;<code class="varname">zone-name</code>&gt;<span><strong class="command">.</strong></span>
&lt;<code class="varname">zone_name</code>&gt;<span><strong class="command">.</strong></span>
(followed by trailing dot).
The current <span><strong class="command">$ORIGIN</strong></span> is appended to
the domain specified in the <span><strong class="command">$ORIGIN</strong></span>
argument if it is not absolute.
@ -7556,7 +7572,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594262"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2594391"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@ -7592,7 +7608,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594331"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2594460"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@ -7611,7 +7627,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2594368"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2594565"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@ -8002,7 +8018,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2595364"></a>Name Server Statistics Counters</h4></div></div></div>
<a name="id2595493"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -8559,7 +8575,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596905"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<a name="id2596966"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -8713,7 +8729,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597288"></a>Resolver Statistics Counters</h4></div></div></div>
<a name="id2597349"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -9089,7 +9105,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2598307"></a>Socket I/O Statistics Counters</h4></div></div></div>
<a name="id2598368"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@ -9244,7 +9260,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2598817"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<a name="id2598877"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in

18
contrib/bind9/doc/arm/Bv9ARM.ch07.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.6 2009/06/03 01:54:39 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.13 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2598990"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599120"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599072">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599201">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599329">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@ -119,7 +119,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2598990"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
<a name="id2599120"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@ -145,7 +145,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599072"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2599201"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@ -173,7 +173,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599268"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2599329"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

22
contrib/bind9/doc/arm/Bv9ARM.ch08.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.6 2009/06/03 01:54:39 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.13 2010/01/24 01:55:24 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599348">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599353">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599365">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599382">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599409">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599414">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599426">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599443">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599348"></a>Common Problems</h2></div></div></div>
<a name="id2599409"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599353"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2599414"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599365"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2599426"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599382"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2599443"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

184
contrib/bind9/doc/arm/Bv9ARM.ch09.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.6 2009/06/03 01:54:39 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.14 2010/01/24 01:55:24 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599444">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599573">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599684">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599813">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2602896">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603025">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599444"></a>Acknowledgments</h2></div></div></div>
<a name="id2599573"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@ -162,7 +162,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599684"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<a name="id2599813"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@ -250,17 +250,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2599872"></a>Bibliography</h4></div></div></div>
<a name="id2599932"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2599882"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2599943"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2599906"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2599966"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2599929"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2599990"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@ -268,42 +268,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2599965"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2600026"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2599992"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2600053"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2600018"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600078"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600042"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600103"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600066"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2600126"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600121"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2600182"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600148"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2600209"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2600174"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2600235"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600236"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2600297"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600266"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2600327"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600296"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2600357"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600323"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2600384"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@ -312,19 +312,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2600405"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2600466"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2600432"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2600492"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2600468"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2600529"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2600533"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2600594"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2600598"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2600659"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@ -332,146 +332,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2600672"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2600732"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2600697"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2600758"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2600765"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600826"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600801"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2600861"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2600846"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2600907"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2600904"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2600965"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2600941"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2601002"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600977"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2601037"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601031"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2601092"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601069"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2601130"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2601095"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2601156"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2601121"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601181"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601147"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601208"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601174"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601235"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601213"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601274"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601243"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601304"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601273"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2601334"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601316"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2601377"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601349"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2601410"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2601376"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2601436"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2601399"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2601460"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2601457"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2601586"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2601489"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2601618"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2601582"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2601643"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2601605"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2601666"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2601628"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2601689"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2601674"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2601735"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601698"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2601758"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2601755"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2601816"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2601779"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2601840"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2601805"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2601866"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601832"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2601893"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601868"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2601929"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2601914"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2601975"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601946"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2602007"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2601992"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2602121"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602027"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2602156"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@ -487,47 +487,47 @@
</p>
</div>
<div class="biblioentry">
<a name="id2602072"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2602201"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2602094"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2602224"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2602120"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2602249"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2602146"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2602275"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602169"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2602298"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2602215"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2602344"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2602238"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2602368"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2602265"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2602394"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2602291"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2602420"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2602334"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2602464"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2602392"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2602521"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2602419"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2602548"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@ -541,39 +541,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2602467"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2602596"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602506"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2602704"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602533"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2602730"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2602563"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2602760"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2602588"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2602786"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2602683"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2602812"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2602720"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2602849"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602756"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2602885"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602782"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2602912"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2602809"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2602938"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2602854"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2602983"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@ -594,14 +594,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2602896"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2603025"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2602905"></a>Bibliography</h4></div></div></div>
<a name="id2603034"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2602907"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2603036"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>

6
contrib/bind9/doc/arm/Bv9ARM.ch10.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch10.html,v 1.11.14.1 2009/01/08 01:51:00 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch10.html,v 1.11.14.3 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

152
contrib/bind9/doc/arm/Bv9ARM.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.html,v 1.193.14.6 2009/06/03 01:54:40 tbox Exp $ -->
<!-- $Id: Bv9ARM.html,v 1.193.14.14 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -41,7 +41,7 @@
<div>
<div><h1 class="title">
<a name="id2563174"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="copyright">Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@ -51,39 +51,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563412">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564391">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564531">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564712">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564733">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567173">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567250">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567422">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567553">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567584">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567610">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567623">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567854">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567865">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567587">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567613">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567626">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567721">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567897">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567913">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568004">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568358">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568363">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570071">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570006">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@ -92,34 +92,34 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570492">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570510">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571214">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571225">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571268">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571325">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571510">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571082">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571156">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571166">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571203">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571260">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571445">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571524">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571709">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571459">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571576">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571925">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572006">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571644">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571792">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571873">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572220">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572110">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572282">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572172">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572194">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572337">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572227">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@ -127,55 +127,55 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573716">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573606">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574346"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574305"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574536"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574494"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574965"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574982"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574923"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574940"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575005"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575029"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575120"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575245"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574964"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574987"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575078"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575204"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577306"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577448"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577512"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577556"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577401"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577475"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577582"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577571"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577597"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586902"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586874"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586988"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587040"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586961"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587122"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587162"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588659"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588567"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591138">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591182">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593300">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593413">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593915">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594042">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594368"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593960">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594155">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594565"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -184,31 +184,31 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2598990"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599120"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599072">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599201">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599329">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599348">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599353">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599365">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599382">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599409">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599414">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599426">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599443">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599444">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599573">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599684">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599813">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2602896">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603025">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>

14239
contrib/bind9/doc/arm/Bv9ARM.pdf
View File

File diff suppressed because one or more lines are too long

24
contrib/bind9/doc/arm/man.dig.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dig.html,v 1.93.14.8 2009/06/03 01:54:40 tbox Exp $ -->
<!-- $Id: man.dig.html,v 1.93.14.15 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2563899"></a><h2>DESCRIPTION</h2>
<a name="id2575907"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -98,7 +98,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2570411"></a><h2>SIMPLE USAGE</h2>
<a name="id2576002"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2570522"></a><h2>OPTIONS</h2>
<a name="id2629838"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -248,7 +248,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2630188"></a><h2>QUERY OPTIONS</h2>
<a name="id2630181"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -573,7 +573,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631257"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2631181"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631342"></a><h2>IDN SUPPORT</h2>
<a name="id2631335"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631371"></a><h2>FILES</h2>
<a name="id2631432"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631393"></a><h2>SEE ALSO</h2>
<a name="id2631453"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631430"></a><h2>BUGS</h2>
<a name="id2631491"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

20
contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.7 2009/06/03 01:54:41 tbox Exp $ -->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.14 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,14 +51,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603928"></a><h2>DESCRIPTION</h2>
<a name="id2604057"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603942"></a><h2>OPTIONS</h2>
<a name="id2604071"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -99,7 +99,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604072"></a><h2>EXAMPLE</h2>
<a name="id2604201"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -114,7 +114,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604108"></a><h2>FILES</h2>
<a name="id2604237"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -128,13 +128,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604150"></a><h2>CAVEAT</h2>
<a name="id2604279"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604160"></a><h2>SEE ALSO</h2>
<a name="id2604289"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -143,7 +143,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604196"></a><h2>AUTHOR</h2>
<a name="id2604325"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

32
contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.7 2009/06/03 01:54:41 tbox Exp $ -->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.17 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604515"></a><h2>DESCRIPTION</h2>
<a name="id2604585"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -58,16 +58,24 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604529"></a><h2>OPTIONS</h2>
<a name="id2604599"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5 (RSA)
or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
<code class="option">algorithm</code> must be one of RSAMD5,
RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
RSASHA512 or DH (Diffie Hellman).
These values are case insensitive.
</p>
<p>
If no algorithm is specified, then RSASHA1 will be used by
default, unless the <code class="option">-3</code> option is specified,
in which case NSEC3RSASHA1 will be used instead. (If
<code class="option">-3</code> is used and an algorithm is specified,
that algorithm will be checked for compatibility with NSEC3.)
</p>
<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
algorithm, and DSA is recommended.
@ -131,7 +139,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604930"></a><h2>GENERATED KEY FILES</h2>
<a name="id2604873"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -172,17 +180,15 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605024"></a><h2>SEE ALSO</h2>
<a name="id2604967"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 4033</em>.
<em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605063"></a><h2>AUTHOR</h2>
<a name="id2605000"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

43
contrib/bind9/doc/arm/man.dnssec-keygen.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keygen.html,v 1.97.14.7 2009/06/03 01:54:40 tbox Exp $ -->
<!-- $Id: man.dnssec-keygen.html,v 1.97.14.17 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,23 +50,31 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2605709"></a><h2>DESCRIPTION</h2>
<a name="id2605796"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</p>
<p>
The <code class="option">name</code> of the key is specified on the command
line. For DNSSEC keys, this must match the name of the zone for
which the key is being generated.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605723"></a><h2>OPTIONS</h2>
<a name="id2605816"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
These values are case insensitive.
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
case insensitive.
</p>
<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
@ -80,11 +88,10 @@
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd><p>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
between
512 and 2048 bits. Diffie Hellman keys must be between
size depends on the algorithm used. RSA keys must be
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
@ -166,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2606408"></a><h2>GENERATED KEYS</h2>
<a name="id2606433"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -212,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608564"></a><h2>EXAMPLE</h2>
<a name="id2608588"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -233,16 +240,16 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608893"></a><h2>SEE ALSO</h2>
<a name="id2608645"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 4033</em>.
<em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608924"></a><h2>AUTHOR</h2>
<a name="id2608812"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

47
contrib/bind9/doc/arm/man.dnssec-signzone.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-signzone.html,v 1.94.14.11.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.dnssec-signzone.html,v 1.94.14.23 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,21 +47,21 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2607752"></a><h2>DESCRIPTION</h2>
<a name="id2607536"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
(that is, whether the child zones are secure or not) is
determined by the presence or absence of a
<code class="filename">keyset</code> file for each child zone.
zone. It also generates a <code class="filename">keyset-</code> file containing
the key-signing keys for the zone, and if signing a zone which
contains delegations, it can optionally generate DS records for
the child zones from their <code class="filename">keyset-</code> files.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2607771"></a><h2>OPTIONS</h2>
<a name="id2607560"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -88,8 +88,10 @@
</p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
Generate DS records for child zones from keyset files.
Existing DS records will be removed.
If the zone contains any delegations, and there are
<code class="filename">keyset-</code> files for any of the child zones,
then DS records for the child zones will be generated from the
keys in those files. Existing DS records will be removed.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
<dd><p>
@ -220,6 +222,19 @@
may be useful when signing large zones or when the entropy
source is limited.
</p></dd>
<dt><span class="term">-P</span></dt>
<dd>
<p>
Disable post sign verification tests.
</p>
<p>
The post sign verification test ensures that for each algorithm
in use there is at least one non revoked self signed KSK key,
that all revoked KSK keys are self signed, and that all records
in the zone are signed by the algorithm.
This option skips these tests.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd><p>
Specifies the source of randomness. If the operating
@ -276,7 +291,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2659163"></a><h2>EXAMPLE</h2>
<a name="id2659930"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -305,7 +320,7 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2659304"></a><h2>KNOWN BUGS</h2>
<a name="id2660003"></a><h2>KNOWN BUGS</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
sign a zone partially, using only a subset of the DNSSEC keys
@ -330,14 +345,14 @@ db.example.com.signed
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659404"></a><h2>SEE ALSO</h2>
<a name="id2660035"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659429"></a><h2>AUTHOR</h2>
<a name="id2660059"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
contrib/bind9/doc/arm/man.host.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.host.html,v 1.93.14.7 2009/06/03 01:54:40 tbox Exp $ -->
<!-- $Id: man.host.html,v 1.93.14.15 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603221"></a><h2>DESCRIPTION</h2>
<a name="id2603350"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -202,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603735"></a><h2>IDN SUPPORT</h2>
<a name="id2603864"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -216,12 +216,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603764"></a><h2>FILES</h2>
<a name="id2603893"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603778"></a><h2>SEE ALSO</h2>
<a name="id2603907"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

16
contrib/bind9/doc/arm/man.named-checkconf.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkconf.html,v 1.92.14.8.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.named-checkconf.html,v 1.92.14.20 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,14 +50,14 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2608660"></a><h2>DESCRIPTION</h2>
<a name="id2608162"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a named
configuration file.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608674"></a><h2>OPTIONS</h2>
<a name="id2608176"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -92,21 +92,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2608790"></a><h2>RETURN VALUES</h2>
<a name="id2608292"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608804"></a><h2>SEE ALSO</h2>
<a name="id2608306"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608834"></a><h2>AUTHOR</h2>
<a name="id2608882"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

20
contrib/bind9/doc/arm/man.named-checkzone.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkzone.html,v 1.98.14.8.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.named-checkzone.html,v 1.98.14.20 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,11 +47,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2609649"></a><h2>DESCRIPTION</h2>
<a name="id2610311"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659465"></a><h2>OPTIONS</h2>
<a name="id2610361"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -257,14 +257,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2660272"></a><h2>RETURN VALUES</h2>
<a name="id2664074"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660285"></a><h2>SEE ALSO</h2>
<a name="id2664088"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -272,7 +272,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660318"></a><h2>AUTHOR</h2>
<a name="id2664189"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

28
contrib/bind9/doc/arm/man.named.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named.html,v 1.99.14.8.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.named.html,v 1.99.14.20 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2610097"></a><h2>DESCRIPTION</h2>
<a name="id2610590"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610128"></a><h2>OPTIONS</h2>
<a name="id2610621"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -238,7 +238,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2612161"></a><h2>SIGNALS</h2>
<a name="id2652727"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -259,16 +259,24 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612211"></a><h2>CONFIGURATION</h2>
<a name="id2652777"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
<p>
<span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
(file creation mode mask) from the parent process. If files
created by <span><strong class="command">named</strong></span>, such as journal files,
need to have custom permissions, the <code class="function">umask</code>
should be set explicitly in the script used to start the
<span><strong class="command">named</strong></span> process.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612298"></a><h2>FILES</h2>
<a name="id2652826"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -281,7 +289,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2612342"></a><h2>SEE ALSO</h2>
<a name="id2664544"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -294,7 +302,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612412"></a><h2>AUTHOR</h2>
<a name="id2664614"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

18
contrib/bind9/doc/arm/man.nsupdate.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.nsupdate.html,v 1.22.14.9.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.nsupdate.html,v 1.22.14.21 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2610846"></a><h2>DESCRIPTION</h2>
<a name="id2611269"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
@ -187,7 +187,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611241"></a><h2>INPUT FORMAT</h2>
<a name="id2611595"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -451,7 +451,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667228"></a><h2>EXAMPLES</h2>
<a name="id2666627"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -505,7 +505,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667278"></a><h2>FILES</h2>
<a name="id2666677"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -524,7 +524,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2667348"></a><h2>SEE ALSO</h2>
<a name="id2666746"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@ -537,7 +537,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667418"></a><h2>BUGS</h2>
<a name="id2666817"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

16
contrib/bind9/doc/arm/man.rndc-confgen.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc-confgen.html,v 1.102.14.9.8.1 2009/12/31 23:17:56 tbox Exp $ -->
<!-- $Id: man.rndc-confgen.html,v 1.102.14.21 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613358"></a><h2>DESCRIPTION</h2>
<a name="id2632964"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613425"></a><h2>OPTIONS</h2>
<a name="id2633030"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -171,7 +171,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2633130"></a><h2>EXAMPLES</h2>
<a name="id2633621"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -188,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2633187"></a><h2>SEE ALSO</h2>
<a name="id2634974"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -196,7 +196,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2633225"></a><h2>AUTHOR</h2>
<a name="id2635013"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/arm/man.rndc.conf.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.conf.html,v 1.103.14.9.8.1 2009/12/31 23:17:56 tbox Exp $ -->
<!-- $Id: man.rndc.conf.html,v 1.103.14.21 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2607278"></a><h2>DESCRIPTION</h2>
<a name="id2607086"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612843"></a><h2>EXAMPLE</h2>
<a name="id2615587"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612965"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2621648"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612990"></a><h2>SEE ALSO</h2>
<a name="id2621673"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613029"></a><h2>AUTHOR</h2>
<a name="id2621712"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/arm/man.rndc.html
View File

@ -1,8 +1,8 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.101.14.9.8.1 2009/12/31 23:17:55 tbox Exp $ -->
<!-- $Id: man.rndc.html,v 1.101.14.21 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2611413"></a><h2>DESCRIPTION</h2>
<a name="id2612654"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611463"></a><h2>OPTIONS</h2>
<a name="id2612705"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611961"></a><h2>LIMITATIONS</h2>
<a name="id2613339"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611992"></a><h2>SEE ALSO</h2>
<a name="id2613370"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -175,7 +175,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612048"></a><h2>AUTHOR</h2>
<a name="id2615132"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/misc/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.7 2007/09/24 04:21:59 marka Exp $
# $Id: Makefile.in,v 1.7.252.2 2009/07/11 23:47:17 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -38,11 +38,13 @@ docclean manclean maintainer-clean::
CFG_TEST = ../../bin/tests/cfg_test
options: FORCE
if test -x ${CFG_TEST} && \
${CFG_TEST} --named --grammar | \
${PERL} ${srcdir}/sort-options.pl | \
${PERL} ${srcdir}/format-options.pl >$@.new ; then \
if test -x ${CFG_TEST} ; \
then \
${CFG_TEST} --named --grammar > $@.raw ; \
${PERL} ${srcdir}/sort-options.pl < $@.raw > $@.sorted ; \
${PERL} ${srcdir}/format-options.pl < $@.sorted > $@.new ; \
mv -f $@.new $@ ; \
rm -f $@.raw $@.sorted ; \
else \
rm -f $@.new ; \
rm -f $@.new $@.raw $@.sorted ; \
fi

4
contrib/bind9/lib/dns/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 53
LIBREVISION = 0
LIBINTERFACE = 55
LIBREVISION = 1
LIBAGE = 0

6
contrib/bind9/lib/dns/db.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: db.c,v 1.88 2008/09/24 02:46:22 marka Exp $ */
/* $Id: db.c,v 1.88.50.2 2009/06/23 00:19:34 tbox Exp $ */
/*! \file */
@ -854,12 +854,14 @@ dns_db_unregister(dns_dbimplementation_t **dbimp) {
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
imp = *dbimp;
*dbimp = NULL;
RWLOCK(&implock, isc_rwlocktype_write);
ISC_LIST_UNLINK(implementations, imp, link);
mctx = imp->mctx;
isc_mem_put(mctx, imp, sizeof(dns_dbimplementation_t));
isc_mem_detach(&mctx);
RWUNLOCK(&implock, isc_rwlocktype_write);
ENSURE(*dbimp == NULL);
}
isc_result_t

28
contrib/bind9/lib/dns/dispatch.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dispatch.c,v 1.155.12.7 2009/04/28 21:39:45 jinmei Exp $ */
/* $Id: dispatch.c,v 1.155.12.11 2009/12/02 23:26:28 marka Exp $ */
/*! \file */
@ -746,13 +746,19 @@ new_portentry(dns_dispatch_t *disp, in_port_t port) {
return (portentry);
}
/*%
* The caller must not hold the qid->lock.
*/
static void
deref_portentry(dns_dispatch_t *disp, dispportentry_t **portentryp) {
dispportentry_t *portentry = *portentryp;
dns_qid_t *qid;
REQUIRE(disp->port_table != NULL);
REQUIRE(portentry != NULL && portentry->refs > 0);
qid = DNS_QID(disp);
LOCK(&qid->lock);
portentry->refs--;
if (portentry->refs == 0) {
ISC_LIST_UNLINK(disp->port_table[portentry->port %
@ -762,6 +768,7 @@ deref_portentry(dns_dispatch_t *disp, dispportentry_t **portentryp) {
}
*portentryp = NULL;
UNLOCK(&qid->lock);
}
/*%
@ -779,8 +786,9 @@ socket_search(dns_qid_t *qid, isc_sockaddr_t *dest, in_port_t port,
dispsock = ISC_LIST_HEAD(qid->sock_table[bucket]);
while (dispsock != NULL) {
if (isc_sockaddr_equal(dest, &dispsock->host) &&
dispsock->portentry->port == port)
if (dispsock->portentry != NULL &&
dispsock->portentry->port == port &&
isc_sockaddr_equal(dest, &dispsock->host))
return (dispsock);
dispsock = ISC_LIST_NEXT(dispsock, blink);
}
@ -2048,8 +2056,18 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
/* Create or adjust buffer pool */
if (mgr->bpool != NULL) {
isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
mgr->maxbuffers = maxbuffers;
/*
* We only increase the maxbuffers to avoid accidental buffer
* shortage. Ideally we'd separate the manager-wide maximum
* from per-dispatch limits and respect the latter within the
* global limit. But at this moment that's deemed to be
* overkilling and isn't worth additional implementation
* complexity.
*/
if (maxbuffers > mgr->maxbuffers) {
isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
mgr->maxbuffers = maxbuffers;
}
} else {
result = isc_mempool_create(mgr->mctx, buffersize, &mgr->bpool);
if (result != ISC_R_SUCCESS) {

69
contrib/bind9/lib/dns/dnssec.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.93.12.4 2009/06/08 23:47:00 tbox Exp $
* $Id: dnssec.c,v 1.93.12.6 2009/06/22 23:47:18 tbox Exp $
*/
/*! \file */
@ -93,6 +93,7 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
isc_result_t ret;
int i = 0, n;
dns_rdata_t *data;
dns_rdataset_t rdataset;
n = dns_rdataset_count(set);
@ -100,8 +101,11 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
if (data == NULL)
return (ISC_R_NOMEMORY);
ret = dns_rdataset_first(set);
dns_rdataset_init(&rdataset);
dns_rdataset_clone(set, &rdataset);
ret = dns_rdataset_first(&rdataset);
if (ret != ISC_R_SUCCESS) {
dns_rdataset_disassociate(&rdataset);
isc_mem_put(mctx, data, n * sizeof(dns_rdata_t));
return (ret);
}
@ -111,8 +115,8 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
*/
do {
dns_rdata_init(&data[i]);
dns_rdataset_current(set, &data[i++]);
} while (dns_rdataset_next(set) == ISC_R_SUCCESS);
dns_rdataset_current(&rdataset, &data[i++]);
} while (dns_rdataset_next(&rdataset) == ISC_R_SUCCESS);
/*
* Sort the array.
@ -120,6 +124,7 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper);
*rdata = data;
*nrdata = n;
dns_rdataset_disassociate(&rdataset);
return (ISC_R_SUCCESS);
}
@ -890,3 +895,59 @@ failure:
return (result);
}
/*%
* Does this key ('rdata') self sign the rrset ('rdataset')?
*/
isc_boolean_t
dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx)
{
dst_key_t *dstkey = NULL;
dns_keytag_t keytag;
dns_rdata_dnskey_t key;
dns_rdata_rrsig_t sig;
dns_rdata_t sigrdata = DNS_RDATA_INIT;
isc_result_t result;
INSIST(rdataset->type == dns_rdatatype_key ||
rdataset->type == dns_rdatatype_dnskey);
if (rdataset->type == dns_rdatatype_key) {
INSIST(sigrdataset->type == dns_rdatatype_sig);
INSIST(sigrdataset->covers == dns_rdatatype_key);
} else {
INSIST(sigrdataset->type == dns_rdatatype_rrsig);
INSIST(sigrdataset->covers == dns_rdatatype_dnskey);
}
result = dns_dnssec_keyfromrdata(name, rdata, mctx, &dstkey);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
result = dns_rdata_tostruct(rdata, &key, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
keytag = dst_key_id(dstkey);
for (result = dns_rdataset_first(sigrdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(sigrdataset))
{
dns_rdata_reset(&sigrdata);
dns_rdataset_current(sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &sig, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (sig.algorithm == key.algorithm &&
sig.keyid == keytag) {
result = dns_dnssec_verify2(name, rdataset, dstkey,
ignoretime, mctx,
&sigrdata, NULL);
if (result == ISC_R_SUCCESS) {
dst_key_free(&dstkey);
return (ISC_TRUE);
}
}
}
dst_key_free(&dstkey);
return (ISC_FALSE);
}

53
contrib/bind9/lib/dns/dst_api.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.16.12.3 2009/03/02 02:00:34 marka Exp $
* $Id: dst_api.c,v 1.16.12.10 2010/01/15 19:38:53 each Exp $
*/
/*! \file */
@ -183,9 +183,16 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
#ifdef OPENSSL
RETERR(dst__openssl_init());
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5],
DST_ALG_RSAMD5));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
DST_ALG_NSEC3RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
DST_ALG_RSASHA256));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
DST_ALG_RSASHA512));
#ifdef HAVE_OPENSSL_DSA
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
@ -848,6 +855,8 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
*n = (key->key_size + 7) / 8;
break;
case DST_ALG_DSA:
@ -1017,6 +1026,9 @@ dst_key_read_public(const char *filename, int type,
/* Read the next word: either TTL, class, or 'KEY' */
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string)
BADTOKEN();
/* If it's a TTL, read the next one */
result = dns_ttl_fromtext(&token.value.as_textregion, &ttl);
if (result == ISC_R_SUCCESS)
@ -1072,6 +1084,8 @@ issymmetric(const dst_key_t *key) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
case DST_ALG_DSA:
case DST_ALG_NSEC3DSA:
case DST_ALG_DH:
@ -1152,7 +1166,7 @@ write_public_key(const dst_key_t *key, int type, const char *directory) {
fprintf(fp, " ");
isc_buffer_usedregion(&classb, &r);
fwrite(r.base, 1, r.length, fp);
isc_util_fwrite(r.base, 1, r.length, fp);
if ((type & DST_TYPE_KEY) != 0)
fprintf(fp, " KEY ");
@ -1160,7 +1174,7 @@ write_public_key(const dst_key_t *key, int type, const char *directory) {
fprintf(fp, " DNSKEY ");
isc_buffer_usedregion(&textb, &r);
fwrite(r.base, 1, r.length, fp);
isc_util_fwrite(r.base, 1, r.length, fp);
fputc('\n', fp);
fflush(fp);
@ -1275,7 +1289,8 @@ algorithm_status(unsigned int alg) {
if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
alg == DST_ALG_DSA || alg == DST_ALG_DH ||
alg == DST_ALG_HMACMD5 || alg == DST_ALG_NSEC3DSA ||
alg == DST_ALG_NSEC3RSASHA1)
alg == DST_ALG_NSEC3RSASHA1 ||
alg == DST_ALG_RSASHA256 || alg == DST_ALG_RSASHA512)
return (DST_R_NOCRYPTO);
#endif
return (DST_R_UNSUPPORTEDALG);
@ -1297,6 +1312,8 @@ addsuffix(char *filename, unsigned int len, const char *ofilename,
n = snprintf(filename, len, "%.*s%s", olen, ofilename, suffix);
if (n < 0)
return (ISC_R_FAILURE);
if ((unsigned int)n >= len)
return (ISC_R_NOSPACE);
return (ISC_R_SUCCESS);
}
@ -1304,6 +1321,9 @@ addsuffix(char *filename, unsigned int len, const char *ofilename,
isc_result_t
dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
unsigned int flags = dst_entropy_flags;
if (len == 0)
return (ISC_R_SUCCESS);
if (pseudo)
flags &= ~ISC_ENTROPY_GOODONLY;
return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, flags));
@ -1311,5 +1331,22 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
unsigned int
dst__entropy_status(void) {
#ifdef GSSAPI
unsigned int flags = dst_entropy_flags;
isc_result_t ret;
unsigned char buf[32];
static isc_boolean_t first = ISC_TRUE;
if (first) {
/* Someone believes RAND_status() initializes the PRNG */
flags &= ~ISC_ENTROPY_GOODONLY;
ret = isc_entropy_getdata(dst_entropy_pool, buf,
sizeof(buf), NULL, flags);
INSIST(ret == ISC_R_SUCCESS);
isc_entropy_putdata(dst_entropy_pool, buf,
sizeof(buf), 2 * sizeof(buf));
first = ISC_FALSE;
}
#endif
return (isc_entropy_status(dst_entropy_pool));
}

12
contrib/bind9/lib/dns/dst_internal.h
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_internal.h,v 1.11 2008/04/01 23:47:10 tbox Exp $ */
/* $Id: dst_internal.h,v 1.11.120.2 2010/01/15 23:47:33 tbox Exp $ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
@ -42,6 +42,7 @@
#include <isc/types.h>
#include <isc/md5.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
@ -97,7 +98,7 @@ struct dst_key {
void *generic;
gss_ctx_id_t gssctx;
#ifdef OPENSSL
#if USE_EVP_RSA
#if !defined(USE_EVP) || !USE_EVP
RSA *rsa;
#endif
DSA *dsa;
@ -124,6 +125,8 @@ struct dst_context {
dst_gssapi_signverifyctx_t *gssctx;
isc_md5_t *md5ctx;
isc_sha1_t *sha1ctx;
isc_sha256_t *sha256ctx;
isc_sha512_t *sha512ctx;
isc_hmacmd5_t *hmacmd5ctx;
isc_hmacsha1_t *hmacsha1ctx;
isc_hmacsha224_t *hmacsha224ctx;
@ -183,7 +186,8 @@ isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
isc_result_t dst__opensslrsa_init(struct dst_func **funcp);
isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
unsigned char algorithm);
isc_result_t dst__openssldsa_init(struct dst_func **funcp);
isc_result_t dst__openssldh_init(struct dst_func **funcp);
isc_result_t dst__gssapi_init(struct dst_func **funcp);

18
contrib/bind9/lib/dns/dst_parse.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -31,7 +31,7 @@
/*%
* Principal Author: Brian Wellington
* $Id: dst_parse.c,v 1.14.120.2 2009/03/02 23:47:11 tbox Exp $
* $Id: dst_parse.c,v 1.14.120.6 2010/01/15 19:38:53 each Exp $
*/
#include <config.h>
@ -480,6 +480,18 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
case DST_ALG_RSASHA1:
fprintf(fp, "(RSASHA1)\n");
break;
case DST_ALG_NSEC3DSA:
fprintf(fp, "(NSEC3DSA)\n");
break;
case DST_ALG_NSEC3RSASHA1:
fprintf(fp, "(NSEC3RSASHA1)\n");
break;
case DST_ALG_RSASHA256:
fprintf(fp, "(RSASHA256)\n");
break;
case DST_ALG_RSASHA512:
fprintf(fp, "(RSASHA512)\n");
break;
case DST_ALG_HMACMD5:
fprintf(fp, "(HMAC_MD5)\n");
break;
@ -521,7 +533,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
isc_buffer_usedregion(&b, &r);
fprintf(fp, "%s ", s);
fwrite(r.base, 1, r.length, fp);
isc_util_fwrite(r.base, 1, r.length, fp);
fprintf(fp, "\n");
}

6
contrib/bind9/lib/dns/include/dns/db.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: db.h,v 1.93.50.3.12.1 2009/12/31 21:44:37 each Exp $ */
/* $Id: db.h,v 1.93.50.5 2009/11/25 23:48:42 tbox Exp $ */
#ifndef DNS_DB_H
#define DNS_DB_H 1
@ -695,6 +695,10 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
* For cache databases, glue is any rdataset with a trust of
* dns_trust_glue.
*
* \li If 'options' does not have #DNS_DBFIND_ADDITIONALOK set, then no
* additional records will be returned. Only caches can have
* rdataset with trust dns_trust_additional.
*
* \li If 'options' does not have #DNS_DBFIND_PENDINGOK set, then no
* pending data will be returned. This option is only meaningful for
* cache databases.

8
contrib/bind9/lib/dns/include/dns/dnssec.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec.h,v 1.32.332.4 2009/06/08 23:47:00 tbox Exp $ */
/* $Id: dnssec.h,v 1.32.332.6 2009/06/22 23:47:18 tbox Exp $ */
#ifndef DNS_DNSSEC_H
#define DNS_DNSSEC_H 1
@ -178,6 +178,12 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*\li DST_R_*
*/
isc_boolean_t
dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx);
ISC_LANG_ENDDECLS
#endif /* DNS_DNSSEC_H */

11
contrib/bind9/lib/dns/include/dns/journal.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: journal.h,v 1.33.120.2 2009/01/18 23:47:41 tbox Exp $ */
/* $Id: journal.h,v 1.33.120.4 2009/11/04 23:47:25 tbox Exp $ */
#ifndef DNS_JOURNAL_H
#define DNS_JOURNAL_H 1
@ -232,12 +232,19 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl,
isc_result_t
dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
const char *filename);
isc_result_t
dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
isc_uint32_t resign, const char *filename);
/*%<
* Roll forward (play back) the journal file "filename" into the
* database "db". This should be called when the server starts
* after a shutdown or crash.
* after a shutdown or crash. 'resign' is how many seconds before
* a RRSIG is due to expire it should be scheduled to be regenerated.
*
* Requires:
*\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN
* is not set.
*\li 'mctx' is a valid memory context.
*\li 'db' is a valid database which does not have a version
* open for writing.

6
contrib/bind9/lib/dns/include/dns/keyvalues.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: keyvalues.h,v 1.23.48.2 2009/06/04 02:56:14 tbox Exp $ */
/* $Id: keyvalues.h,v 1.23.48.4 2010/01/15 23:47:33 tbox Exp $ */
#ifndef DNS_KEYVALUES_H
#define DNS_KEYVALUES_H 1
@ -69,6 +69,8 @@
#define DNS_KEYALG_ECC 4
#define DNS_KEYALG_RSASHA1 5
#define DNS_KEYALG_NSEC3RSASHA1 7
#define DNS_KEYALG_RSASHA256 8
#define DNS_KEYALG_RSASHA512 10
#define DNS_KEYALG_INDIRECT 252
#define DNS_KEYALG_PRIVATEDNS 253
#define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */

8
contrib/bind9/lib/dns/include/dns/name.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: name.h,v 1.126.332.2 2009/01/18 23:47:41 tbox Exp $ */
/* $Id: name.h,v 1.126.332.3 2009/12/24 00:34:59 each Exp $ */
#ifndef DNS_NAME_H
#define DNS_NAME_H 1
@ -98,12 +98,6 @@ ISC_LANG_BEGINDECLS
***** as they are in the actual DNS wire protocol.
*****/
/***
*** Compression pointer chaining limit
***/
#define DNS_POINTER_MAXHOPS 16
/***
*** Types
***/

4
contrib/bind9/lib/dns/include/dns/ncache.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ncache.h,v 1.25.142.1 2009/12/31 20:29:21 each Exp $ */
/* $Id: ncache.h,v 1.25.48.2 2009/12/30 23:47:31 tbox Exp $ */
#ifndef DNS_NCACHE_H
#define DNS_NCACHE_H 1

4
contrib/bind9/lib/dns/include/dns/nsec3.h
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsec3.h,v 1.5.48.2 2009/01/18 23:47:41 tbox Exp $ */
/* $Id: nsec3.h,v 1.5.48.3 2009/10/06 21:20:18 each Exp $ */
#ifndef DNS_NSEC3_H
#define DNS_NSEC3_H 1
@ -28,6 +28,8 @@
#include <dns/rdatastruct.h>
#include <dns/types.h>
#define DNS_NSEC3_SALTSIZE 255
/*
* hash = 1, flags =1, iterations = 2, salt length = 1, salt = 255 (max)
* hash length = 1, hash = 255 (max), bitmap = 8192 + 512 (max)

Some files were not shown because too many files have changed in this diff Show More