d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to BIND version 9.8.1. Release notes at:

Browse Source 
https://deepthought.isc.org/article/AA-00446/81/
or
/usr/src/contrib/bind9/

Approved by:	re (kib)
This commit is contained in:
dougb 2011-09-03 07:13:45 +00:00
commit f18a6196d7
215 changed files with 12385 additions and 8704 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

354
contrib/bind9/CHANGES
View File

@ -1,28 +1,60 @@
--- 9.8.0-P4 released ---
--- 9.8.1 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.1rc1 released ---
--- 9.8.0-P3 released (withdrawn) ---
3141. [bug] Silence spurious "zone serial (0) unchanged" messages
associated with empty zones. [RT #25079]
3138. [bug] Address memory leaks and out-of-order operations when
shutting named down. [RT #25210]
3136. [func] Add RFC 1918 reverse zones to the list of built-in
empty zones switched on by the 'empty-zones-enable'
option. [RT #24990]
Note: empty-zones-enable must be "yes;" or a empty
zone needs to be disabled in named.conf for RFC 1918
zones to be activated. This requirement may be
removed in future releases.
3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
[RT #24950]
3134. [bug] Improve the accuracy of dnssec-signzone's signing
statistics. [RT #16030]
--- 9.8.1b3 released ---
3133. [bug] Change #3114 was incomplete. [RT #24577]
3131. [tuning] Improve scalability by allocating one zone task
per 100 zones at startup time, rather than using a
fixed-size task table. [RT #24406]
3129. [bug] Named could crash on 'rndc reconfig' when
allow-new-zones was set to yes and named ACLs
were used. [RT #22739]
--- 9.8.1b2 released ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
RPZ to exit with a assertion failure. [RT #24766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
--- 9.8.0-P2 released ---
3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
@ -33,12 +65,256 @@
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
--- 9.8.0-P1 released ---
3119. [bug] When rolling to a new DNSSEC key, a private-type
record could be created and never marked complete.
[RT #23253]
3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]
3117. [cleanup] Remove doc and parser references to the
never-implemented 'auto-dnssec create' option.
[RT #24533]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #24455]
3114. [bug] Retain expired RRSIGs in dynamic zones if key is
inactive and there is no replacement key. [RT #23136]
3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.
--- 9.8.1b1 released ---
3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.
3111. [bug] Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the
checkconf system test. [RT #24398]
3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]
3105. [bug] GOST support can be suppressed by "configure
--without-gost" [RT #24367]
3104. [bug] Better support for cross-compiling. [RT #24367]
3103. [bug] Configuring 'dnssec-validation auto' in a view
instead of in the options statement could trigger
an assertion failure in named-checkconf. [RT #24382]
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280]
3099. [test] "dlz" system test now runs but gives R:SKIPPED if
not compiled with --with-dlz-filesystem. [RT #24146]
3098. [bug] DLZ zones were answering without setting the AA bit.
[RT #24146]
3097. [test] Add a tool to test handling of malformed packets.
[RT #24096]
3096. [bug] Set KRB5_KTNAME before calling log_cred() in
dst_gssapi_acceptctx(). [RT #24004]
3095. [bug] Handle isolated reserved ports in the port range.
[RT #23957]
3094. [doc] Expand dns64 documentation.
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3092. [bug] Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
3091. [bug] Fixed a bug in which zone keys that were published
and then subsequently activated could fail to trigger
automatic signing. [RT #22911]
3090. [func] Make --with-gssapi default [RT #23738]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3087. [bug] DDNS updates using SIG(0) with update-policy match
type "external" could cause a crash. [RT #23735]
3086. [bug] Running dnssec-settime -f on an old-style key will
now force an update to the new key format even if no
other change has been specified, using "-P now -A now"
as default values. [RT #22474]
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
YXDOMAIN. [RT #23591]
3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
[RT #23587]
3079. [bug] Handle isc_event_allocate failures in t_tasks.
[RT #23572]
3078. [func] Added a new include file with function typedefs
for the DLZ "dlopen" driver. [RT #23629]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
dns_zone_attach(), use zone->irefs instead. [RT #23303]
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
timestamp when determining which keys are active.
[RT #23642]
3074. [bug] Make the adb cache read through for zone data and
glue learn for zone named is authoritative for.
[RT #22842]
3073. [bug] managed-keys changes were not properly being recorded.
[RT #20256]
3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
[RT #20256]
3071. [bug] has_nsec could be used unintialised in
update.c:next_active. [RT #20256]
3070. [bug] dnssec-signzone potential NULL pointer dereference.
[RT #20256]
3069. [cleanup] Silence warnings messages from clang static analysis.
[RT #20256]
3068. [bug] Named failed to build with a OpenSSL without engine
support. [RT #23473]
3067. [bug] ixfr-from-differences {master|slave}; failed to
select the master/slave zones. [RT #23580]
3066. [func] The DLZ "dlopen" driver is now built by default,
no longer requiring a configure option. To
disable it, use "configure --without-dlopen".
(Note: driver not supported on win32.) [RT #23467]
3065. [bug] RRSIG could have time stamps too far in the future.
[RT #23356]
3064. [bug] powerpc: add sync instructions to the end of atomic
operations. [RT #23469]
3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
3059. [test] Added a regression test for change #3023.
3058. [bug] Cause named to terminate at startup or rndc reconfig/
reload to fail, if a log file specified in the conf
file isn't a plain file. [RT #22771]
3057. [bug] "rndc secroots" would abort after the first error
and so could miss some views. [RT #23488]
3054. [bug] Added elliptic curve support check in
GOST OpenSSL engine detection. [RT #23485]
3053. [bug] Under a sustained high query load with a finite
max-cache-size, it was possible for cache memory
to be exhausted and not recovered. [RT #23371]
3052. [test] Fixed last autosign test report. [RT #23256]
3051. [bug] NS records obsure DNAME records at the bottom of the
zone if both are present. [RT #23035]
3050. [bug] The autosign system test was timing dependent.
Wait for the initial autosigning to complete
before running the rest of the test. [RT #23035]
3049. [bug] Save and restore the gid when creating creating
named.pid at startup. [RT #23290]
3048. [bug] Fully separate view key mangement. [RT #23419]
3047. [bug] DNSKEY NODATA responses not cached fixed in
validator.c. Tests added to dnssec system test.
[RT #22908]
3046. [bug] Use RRSIG original TTL to compute validated RRset
and RRSIG TTL. [RT #23332]
3044. [bug] Hold the socket manager lock while freeing the socket.
[RT #23333]
3043. [test] Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
3042. [bug] dig +trace could fail attempting to use IPv6
addresses on systems with only IPv4 connectivity.
[RT #23297]
3041. [bug] dnssec-signzone failed to generate new signatures on
ttl changes. [RT #23330]
3040. [bug] Named failed to validate insecure zones where a node
with a CNAME existed between the trust anchor and the
top of the zone. [RT #23338]
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3037. [doc] Update COPYRIGHT to contain all the individual
copyright notices that cover various parts.
3036. [bug] Check built-in zone arguments to see if the zone
is re-usable or not. [RT #21914]
3035. [cleanup] Simplify by using strlcpy. [RT #22521]
3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
[RT #22521]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
[RT #22521]
3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
[RT #22521]
3029. [bug] isc_netaddr_format() handle a zero sized buffer.
[RT #22521]
3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
[RT #22521]
3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
catch NULL pointer dereferences before they happen.
[RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
after calling grow_headerspace() and if not
re-call grow_headerspace() until we do. [RT #22521]
--- 9.8.0 released ---
3025. [bug] Fixed a possible deadlock due to zone resigning.
@ -51,8 +327,8 @@
receiving multiple AXFR response messages that were
not all TSIG-signed. [RT #23254]
3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
[RT #23246]
3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
[RT #23246]
3021. [bug] Change #3010 was incomplete. [RT #22296]
@ -86,7 +362,7 @@
'resolver-query-timeout' option, which specifies a max
time in seconds. 0 means 'default' and anything longer
than 30 will be silently set to 30. [RT #22852]
3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
for refreshing managed-keys. [RT #22296]
@ -436,7 +712,7 @@
2927. [placeholder]
2926. [placeholder]
h
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
@ -495,7 +771,7 @@ h
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
@ -783,7 +1059,7 @@ h
[RT #20710]
2812. [bug] Make sure updates can't result in a zone with
NSEC-only keys and NSEC3 records. [RT 20748]
NSEC-only keys and NSEC3 records. [RT #20748]
2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
output. [RT #20733]
@ -864,7 +1140,7 @@ h
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2788. [bug] dnssec-signzone could sign with keys that were
not requested [RT #20625]
@ -1760,7 +2036,7 @@ h
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [placeholder]
@ -2045,13 +2321,13 @@ h
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
2440. [bug] named-checkconf used an incorrect test to determine
2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
2438. [bug] Timeouts could be logged incorrectly under win32.
2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
@ -2065,7 +2341,7 @@ h
2433. [tuning] Set initial timeout to 800ms.
2432. [bug] More Windows socket handling improvements. Stop
2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
@ -2100,7 +2376,7 @@ h
epoll and /dev/poll to be selected at compile
time. [RT #18277]
2423. [security] Randomize server selection on queries, so as to
2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
pick a server with RTT within the same 128
@ -2114,7 +2390,7 @@ h
Use caution: this option may not work for some
operating systems without rebuilding named.
2420. [bug] Windows socket handling cleanup. Let the io
2420. [bug] Windows socket handling cleanup. Let the io
completion event send out canceled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
@ -2436,8 +2712,8 @@ h
2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
[RT #17513]
2315. [bug] Used incorrect address family for mapped IPv4
addresses in acl.c. [RT #17519]
2315. [bug] Used incorrect address family for mapped IPv4
addresses in acl.c. [RT #17519]
2314. [bug] Uninitialized memory use on error path in
bin/named/lwdnoop.c. [RT #17476]
@ -2448,14 +2724,14 @@ h
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
2311. [bug] IPv6 addresses could match IPv4 ACL entries and
vice versa. [RT #17462]
2311. [bug] IPv6 addresses could match IPv4 ACL entries and
vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
[RT #17455]
2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
[RT #17455]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
@ -2507,7 +2783,7 @@ h
2292. [bug] Log if the working directory is not writable.
[RT #17312]
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
@ -2545,7 +2821,7 @@ h
2280. [func] Allow the experimental http server to be reached
over IPv6 as well as IPv4. [RT #17332]
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
@ -2580,9 +2856,9 @@ h
--- 9.5.0b1 released ---
2267. [bug] Radix tree node_num value could be set incorrectly,
causing positive ACL matches to look like negative
ones. [RT #17311]
2267. [bug] Radix tree node_num value could be set incorrectly,
causing positive ACL matches to look like negative
ones. [RT #17311]
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
@ -2598,7 +2874,7 @@ h
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]

492
contrib/bind9/COPYRIGHT
View File

@ -13,9 +13,15 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.17 2011-01-04 23:47:13 tbox Exp $
$Id: COPYRIGHT,v 1.17.14.1 2011-02-22 06:34:47 marka Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source
files for details.
For binary releases also see: OpenSSL-LICENSE.
Copyright (C) 1996-2001 Nominum, Inc.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
@ -28,3 +34,485 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Copyright (C) 1995-2000 by Network Associates, Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all
copies.
THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
conceived and contributed by Rob Butler.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all
copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Copyright (c) 1987, 1990, 1993, 1994
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (C) The Internet Society 2005. This version of
this module is part of RFC 4178; see the RFC itself for
full legal notices.
(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
-----------------------------------------------------------------------------
Copyright (c) 2004 Masarykova universita
(Masaryk University, Brno, Czech Republic)
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors may
be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
(Royal Institute of Technology, Stockholm, Sweden).
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the Institute nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (c) 1998 Doug Rabson
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright ((c)) 2002, Rice University
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of Rice University (RICE) nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
This software is provided by RICE and the contributors on an "as is"
basis, without any representations or warranties of any kind, express
or implied including, but not limited to, representations or
warranties of non-infringement, merchantability or fitness for a
particular purpose. In no event shall RICE or contributors be liable
for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of
substitute goods or services; loss of use, data, or profits; or
business interruption) however caused and on any theory of liability,
whether in contract, strict liability, or tort (including negligence
or otherwise) arising in any way out of the use of this software, even
if advised of the possibility of such damage.
-----------------------------------------------------------------------------
Copyright (c) 1993 by Digital Equipment Corporation.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies, and that
the name of Digital Equipment Corporation not be used in advertising or
publicity pertaining to distribution of the document or software without
specific, written prior permission.
THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
-----------------------------------------------------------------------------
Copyright 2000 Aaron D. Gifford. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (c) 1998 Doug Rabson.
Copyright (c) 2001 Jake Burkholder.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the project nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (c) 1999-2000 by Nortel Networks Corporation
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
-----------------------------------------------------------------------------
Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved.
By using this file, you agree to the terms and conditions set forth bellow.
LICENSE TERMS AND CONDITIONS
The following License Terms and Conditions apply, unless a different
license is obtained from Japan Network Information Center ("JPNIC"),
a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
Chiyoda-ku, Tokyo 101-0047, Japan.
1. Use, Modification and Redistribution (including distribution of any
modified or derived work) in source and/or binary forms is permitted
under this License Terms and Conditions.
2. Redistribution of source code must retain the copyright notices as they
appear in each source code file, this License Terms and Conditions.
3. Redistribution in binary form must reproduce the Copyright Notice,
this License Terms and Conditions, in the documentation and/or other
materials provided with the distribution. For the purposes of binary
distribution the "Copyright Notice" refers to the following language:
"Copyright (c) 2000-2002 Japan Network Information Center. All rights
reserved."
4. The name of JPNIC may not be used to endorse or promote products
derived from this Software without specific prior written approval of
JPNIC.
5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-----------------------------------------------------------------------------
Copyright (C) 2004 Nominet, Ltd.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Portions Copyright RSA Security Inc.
License to copy and use this software is granted provided that it is
identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
(Cryptoki)" in all material mentioning or referencing this software.
License is also granted to make and use derivative works provided that
such works are identified as "derived from the RSA Security Inc. PKCS #11
Cryptographic Token Interface (Cryptoki)" in all material mentioning or
referencing the derived work.
RSA Security Inc. makes no representations concerning either the
merchantability of this software or the suitability of this software for
any particular purpose. It is provided "as is" without express or implied
warranty of any kind.
-----------------------------------------------------------------------------
Copyright (c) 1996, David Mazieres <dm@uun.org>
Copyright (c) 2008, Damien Miller <djm@openbsd.org>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
endorse or promote products derived from this software without
prior written permission. For written permission, please contact
licensing@OpenSSL.org.
5. Products derived from this software may not be called "OpenSSL"
nor may "OpenSSL" appear in their names without prior written
permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

7
contrib/bind9/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.58 2009-11-26 20:52:44 marka Exp $
# $Id: Makefile.in,v 1.58.250.2 2011-02-28 01:19:57 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
SUBDIRS = make lib bin doc @LIBEXPORT@
SUBDIRS = make unit lib bin doc @LIBEXPORT@
TARGETS =
MANPAGES = isc-config.sh.1
@ -65,6 +65,7 @@ check: test
test:
(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh)
FAQ: FAQ.xml
${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \

11
contrib/bind9/README
View File

@ -48,6 +48,17 @@ BIND 9
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
BIND 9.8.1
BIND 9.8.1 includes a number of bug fixes and enhancements from
BIND 9.8 and earlier releases. New features include:
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier

368
contrib/bind9/RELEASE-NOTES-BIND-9.8.1.html Normal file
View File

@ -0,0 +1,368 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title></title><link rel="stylesheet" href="release-notes.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><hr></div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359008"></a>Introduction</h2></div></div></div>
<p>
BIND 9.8.1 is the current production release of BIND 9.8.
</p>
<p>
This document summarizes changes from BIND 9.8.0 to BIND 9.8.1.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359050"></a>Download</h2></div></div></div>
<p>
The latest versions of BIND 9 software can always be found
on our web site at
<a href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
There you will find additional information about each
release, source code, and some pre-compiled versions for certain operating systems.
</p>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2545549"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
for paid support options. Free support is provided by our user
community via a mailing list. Information on all public email
lists is available at
<a href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
</p>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358108"></a>New Features</h2></div></div></div>
<div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358149"></a>9.8.1</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li>
Added a new include file with function typedefs
for the DLZ "dlopen" driver. [RT #23629]
</li><li>
Added a tool able to generate malformed packets to allow testing
of how named handles them.
[RT #24096]
</li><li>
The root key is now provided in the file bind.keys allowing DNSSEC validation to be switched on at start up by adding "dnssec-validation auto;" to named.conf. If the root key provided has expired, named will log the expiration and validation will not work. More information and the most current copy of bind.keys can be found at http://www.isc.org/bind-keys. *Please note this feature was actually added in 9.8.0 but was not included in the 9.8.0 release notes. [RT #21727]
</li></ul></div>
</div>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358206"></a>Security Fixes</h2></div></div></div>
<div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358226"></a>9.8.1</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li>
If named is configured with a response policy zone (RPZ) and a query
of type RRSIG is received for a name configured for RRset replacement
in that RPZ, it will trigger an INSIST and crash the server.
RRSIG. [RT #24280]
</li><li>
named, set up to be a caching resolver, is vulnerable to a
user querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
</li><li>
Using Response Policy Zone (RPZ) to query a wildcard CNAME label with
QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type
independant.
[RT #24715]
</li><li>
Using Response Policy Zone (RPZ) with DNAME records and querying the
subdomain of that label can cause named to crash. Now logs that DNAME
is not supported.
[RT #24766]
</li><li>
Change #2912 populated the message section in replies to UPDATE requests,
which some Windows clients wanted. This exposed a latent bug that allowed
the response message to crash named. With this fix, change 2912 has been
reduced to copy only the zone section to the reply. A more complete fix
for the latent bug will be released later.
[RT #24777]
</li></ul></div>
</div>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358283"></a>Feature Changes</h2></div></div></div>
<div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358291"></a>9.8.1</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li>
Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
</li><li>
Added more verbose error reporting from DLZ LDAP. [RT #23402]
</li><li>
The DLZ "dlopen" driver is now built by default,
no longer requiring a configure option. To
disable it, use "configure --without-dlopen".
(Note: driver not supported on win32.) [RT #23467]
</li><li>
Replaced compile time constant with STDTIME_ON_32BITS.
[RT #23587]
</li><li>
Make --with-gssapi default for ./configure. [RT #23738]
</li><li>
Improved the startup time for an authoritative server with a large
number of zones by making the zone task table of variable size
rather than fixed size. This means that authoritative servers with
lots of zones will be serving that zone data much sooner. [RT #24406]
</li><li>
Per RFC 6303, RFC 1918 reverse zones are now part of the built-in list of empty zones. [RT #24990]
</li></ul></div>
</div>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358460"></a>Bug Fixes</h2></div></div></div>
<div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358468"></a>9.8.1</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li>
During RFC5011 processing some journal write errors were not detected.
This could lead to managed-keys changes being committed but not
recorded in the journal files, causing potential inconsistencies
during later processing. [RT #20256]
</li><li>
A potential NULL pointer deference in the DNS64 code could cause
named to terminate unexpectedly. [RT #20256]
</li><li>
A state variable relating to DNSSEC could fail to be set during
some infrequently-executed code paths, allowing it to be used whilst
in an unitialized state during cache updates, with unpredictable results.
[RT #20256]
</li><li>
A potential NULL pointer deference in DNSSEC signing code could
cause named to terminate unexpectedly [RT #20256]
</li><li>
Several cosmetic code changes were made to silence warnings
generated by a static code analysis tool. [RT #20256]
</li><li>
When using the -x (sign with only KSK) option on dnssec-signzone,
it could incorrectly count the number of ZSKs in the zone. (And in 9.9.0,
some code cleanup and improved warning messages). [RT #20852]
</li><li>
When using _builtin in named.conf, named.conf changes were not found
when reloading the config file. Now checks _builtin zone arguments
to see if the zone is re-usable or not. [RT #21914]
</li><li>
Running dnssec-settime -f on an old-style key will
now force the key to be rewritten to the new key format even if no
other change has been specified, using "-P now -A now"
as default values. [RT #22474]
</li><li>
After an external code review, a code cleanup was done. [RT #22521]
</li><li>
Cause named to terminate at startup or rndc reconfig
reload to fail, if a log file specified in the
conf file isn't a plain file. (RT #22771]
</li><li>
named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in cases
where a server was authoritative for the A record of a nameserver for a
delegated zone and was queried to recursively resolve records within
that zone. [RT #22842]
</li><li>
When a validating resolver got a NODATA response for DNSKEY, it was
not caching the NODATA. Fixed and test added. [RT #22908]
</li><li>
Fixed a bug in which zone keys that were published
and but not immediately activated, automatic signing could fail to trigger.
[RT #22911]
</li><li>
Fixed precedence order bug with NS and DNAME records if both are present.
(Also fixed timing of autosign test in 9.7+) [RT #23035]
</li><li>
When a DNSSEC signed dynamic zone's signatures need to be refreshed,
named would first delete the old signatures in the zone. If a private
key of the same algorithm isn't available to named, the signing would
fail but the old signatures would already be deleted. named now checks
if it can access the private key before deleting the old signatures and
leaves the old signature if no private key is found. [RT #23136]
</li><li>
When using "auto-dnssec maintain" and rolling to a new key, a
private-type record (only used internally by named) could be created
and not marked as complete. [RT #23253]
</li><li>
Fixed last autosign test report. [RT #23256]
</li><li>
named didn't save gid at startup and later assumed gid 0.
named now saves/restores the gid when creating creating
named.pid at startup. [RT #23290]
</li><li>
If the server has an IPv6 address but does not have IPv6 connectivity
to the internet, dig +trace could fail attempting to use IPv6
addresses. [RT #23297]
</li><li>
If named is configured with managed zones, the managed key maint timer
can exercise a race condition that can crash the server.
[RT #23303]
</li><li>
Changing TTL did not cause dnssec-signzone to generate new signatures.
[RT #23330]
</li><li>
Have the validating resolver use RRSIG original TTL to compute
validated RRset and RRSIG TTL. [RT #23332]
</li><li>
In "make test" bin/tests/resolver, hold the socket manager lock
while freeing the socket.
[RT #23333]
</li><li>
If named encountered a CNAME instead of a DS record when walking
the chain of trust down from the trust anchor, it incorrectly stopped
validating. [RT #23338]
</li><li>
dns/view.h needed dns/rpz.h but it wasn't in the Makfile.in
HEADERS variable. [RT #23342]
</li><li>
RRSIG records could have time stamps too far in the future.
[RT #23356]
</li><li>
named stores cached data in an in-memory database and keeps track of
how recently the data is used with a heap. The heap is stored within the
cache's memory space. Under a sustained high query load and with a small
cache size, this could lead to the heap exhausting the cache space. This
would result in cache misses and SERVFAILs, with named never releasing
the cache memory the heap used up and never recovering.
This fix removes the heap into its own memory space, preventing the heap
from exhausting the cache space and allowing named to recover gracefully
when the high query load abates. [RT #23371]
</li><li>
Fully separated key management on a per view basis. [RT #23419]
</li><li>
If running on a powerpc CPU and with atomic operations enabled,
named could lock up. Added sync instructions to the end of atomic
operations. [RT #23469]
</li><li>
If OpenSSL was built without engine support, named would have
compile errors and fail to build.
[RT #23473]
</li><li>
If ./configure finds GOST but not elliptic curve, named fails to
build. Added elliptic curve support check in GOST OpenSSL engine
detection. [RT #23485]
</li><li>
"rndc secroots" would abort on the first error
and so could miss remaining views. [RT #23488]
</li><li>
Handle isc_event_allocate failures in t_tasks test.
[RT #23572]
</li><li>
ixfr-from-differences {master|slave};
failed to select the master/slave zones, resulting in on diff/journal
file being created.
[RT #23580]
</li><li>
If a DNAME substitution failed, named returned NOERROR. The correct
response should be YXDOMAIN.
[RT #23591]
</li><li>
dns_dnssec_findzonekeys{2} used a inconsistant
timestamp when determining which keys are active. This could result in
some RRsets not being signed/re-signed.
[RT #23642]
</li><li>
Remove bin/tests/system/logfileconfig/ns1/named.conf and
add setup.sh in order to resolve changing named.conf issue. [RT #23687]
</li><li>
NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
</li><li>
DDNS updates using SIG(0) with update-policy match
type "external" could cause a crash. Also fixed nsupdate core
dump on shutdown when using a SIG(0) key, due to the key
not being freed. [RT #23735]
</li><li>
Zones using automatic key maintenance could fail to check the key
repository for updates. named now checks once per hour and the
automatic check bug has been fixed. [RT #23744]
</li><li>
named now uses the correct strtok/strtok_r/strtok_s based on OS.
[RT #23747]
</li><li>
Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
</li><li>
The autosign tests attempted to open ports within reserved ranges. Test
now avoids those ports.
[RT #23957]
</li><li>
GSS TGIS test was failing, since log_cred() caused KRB5_KTNAME to
be cached. Now sets KRB5_KTNAME before calling log_cred() in
dst_gssapi_acceptctx(). [RT #24004]
</li><li>
named, acting as authoritative server for DLZ zones, was not correctly
setting the authoritative (AA) bit.
[RT #24146]
</li><li>
Clean up some cross-compiling issues and added two undocumented
configure options, --with-gost and --with-rlimtype, to allow over-riding
default settings (gost=no and rlimtype="long int") when cross-compiling.
[RT #24367]
</li><li>
When trying sign with NSEC3, if dnssec-signzone couldn't find the
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
</li><li>
Configuring 'dnssec-validation auto' in a view instead of in the
options statement could trigger an assertion failure in named-checkconf.
[RT #24382]
</li><li>
Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the
checkconf system test. [RT #24398]
</li><li>
If named is configured to be both authoritative and recursive and receives
a recursive query for a CNAME in a zone that it is authoritative for, if that
CNAME also points to a zone the server is authoritative for, the recursive part of name will not follow the CNAME change and the response will not be a
complete CNAME chain. [RT #24455]
</li><li>
nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]
</li><li>
Named could fail to validate zones list in a DLV that validated insecure
without using DLV and had DS records in the parent zone. [RT #24631]
</li><li>
dnssec-signzone now records timestamps just before and just after signing, improving the accuracy of signing statistics. [RT #16030]
</li><li>
If allow-new-zones was set to yes and name-based ACLs were used, named could crash when "rndc reconfig" was issued. [RT #22739]
</li><li>
RT #23136 fixed a problem where named would delete old signatures even
when the private key wasn't available to re-sign the zone, resulting in
a zone with missing signatures. This fix (CHANGES 3114) did not
completely fix all issues. [RT #24577]
</li><li>
A bug in FreeBSD kernels causes IPv6 UDP responses greater than
1280 bytes to not fragment as they should. Until there is a kernel
fix, named will work around this by setting IPV6_USE_MIN_MTU on a
per packet basis. [RT #24950]
</li></ul></div>
</div>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359134"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul type="disc"><li>
<p>
None.
</p>
</li></ul></div>
</div>
<div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359152"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at
<a href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
</p>
</div>
</div></body></html>

BIN
contrib/bind9/RELEASE-NOTES-BIND-9.8.1.pdf Normal file
View File

Binary file not shown.

268
contrib/bind9/RELEASE-NOTES-BIND-9.8.1.txt Normal file
View File

@ -0,0 +1,268 @@
__________________________________________________________________
Introduction
BIND 9.8.1 is the current production release of BIND 9.8.
This document summarizes changes from BIND 9.8.0 to BIND 9.8.1. Please
see the CHANGES file in the source code release for a complete list of
all changes.
Download
The latest versions of BIND 9 software can always be found on our web
site at http://www.isc.org/downloads/all. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
Support
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.
New Features
9.8.1
* Added a new include file with function typedefs for the DLZ
"dlopen" driver. [RT #23629]
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
* The root key is now provided in the file bind.keys allowing DNSSEC
validation to be switched on at start up by adding
"dnssec-validation auto;" to named.conf. If the root key provided
has expired, named will log the expiration and validation will not
work. More information and the most current copy of bind.keys can
be found at http://www.isc.org/bind-keys. *Please note this feature
was actually added in 9.8.0 but was not included in the 9.8.0
release notes. [RT #21727]
Security Fixes
9.8.1
* If named is configured with a response policy zone (RPZ) and a
query of type RRSIG is received for a name configured for RRset
replacement in that RPZ, it will trigger an INSIST and crash the
server. RRSIG. [RT #24280]
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
query type independant. [RT #24715]
* Using Response Policy Zone (RPZ) with DNAME records and querying
the subdomain of that label can cause named to crash. Now logs that
DNAME is not supported. [RT #24766]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.8.1
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* The DLZ "dlopen" driver is now built by default, no longer
requiring a configure option. To disable it, use "configure
--without-dlopen". (Note: driver not supported on win32.) [RT
#23467]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
* Make --with-gssapi default for ./configure. [RT #23738]
* Improved the startup time for an authoritative server with a large
number of zones by making the zone task table of variable size
rather than fixed size. This means that authoritative servers with
lots of zones will be serving that zone data much sooner. [RT
#24406]
* Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
list of empty zones. [RT #24990]
Bug Fixes
9.8.1
* During RFC5011 processing some journal write errors were not
detected. This could lead to managed-keys changes being committed
but not recorded in the journal files, causing potential
inconsistencies during later processing. [RT #20256]
* A potential NULL pointer deference in the DNS64 code could cause
named to terminate unexpectedly. [RT #20256]
* A state variable relating to DNSSEC could fail to be set during
some infrequently-executed code paths, allowing it to be used
whilst in an unitialized state during cache updates, with
unpredictable results. [RT #20256]
* A potential NULL pointer deference in DNSSEC signing code could
cause named to terminate unexpectedly [RT #20256]
* Several cosmetic code changes were made to silence warnings
generated by a static code analysis tool. [RT #20256]
* When using the -x (sign with only KSK) option on dnssec-signzone,
it could incorrectly count the number of ZSKs in the zone. (And in
9.9.0, some code cleanup and improved warning messages). [RT
#20852]
* When using _builtin in named.conf, named.conf changes were not
found when reloading the config file. Now checks _builtin zone
arguments to see if the zone is re-usable or not. [RT #21914]
* Running dnssec-settime -f on an old-style key will now force the
key to be rewritten to the new key format even if no other change
has been specified, using "-P now -A now" as default values. [RT
#22474]
* After an external code review, a code cleanup was done. [RT #22521]
* Cause named to terminate at startup or rndc reconfig reload to
fail, if a log file specified in the conf file isn't a plain file.
(RT #22771]
* named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in
cases where a server was authoritative for the A record of a
nameserver for a delegated zone and was queried to recursively
resolve records within that zone. [RT #22842]
* When a validating resolver got a NODATA response for DNSKEY, it was
not caching the NODATA. Fixed and test added. [RT #22908]
* Fixed a bug in which zone keys that were published and but not
immediately activated, automatic signing could fail to trigger. [RT
#22911]
* Fixed precedence order bug with NS and DNAME records if both are
present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
* When a DNSSEC signed dynamic zone's signatures need to be
refreshed, named would first delete the old signatures in the zone.
If a private key of the same algorithm isn't available to named,
the signing would fail but the old signatures would already be
deleted. named now checks if it can access the private key before
deleting the old signatures and leaves the old signature if no
private key is found. [RT #23136]
* When using "auto-dnssec maintain" and rolling to a new key, a
private-type record (only used internally by named) could be
created and not marked as complete. [RT #23253]
* Fixed last autosign test report. [RT #23256]
* named didn't save gid at startup and later assumed gid 0. named now
saves/restores the gid when creating creating named.pid at startup.
[RT #23290]
* If the server has an IPv6 address but does not have IPv6
connectivity to the internet, dig +trace could fail attempting to
use IPv6 addresses. [RT #23297]
* If named is configured with managed zones, the managed key maint
timer can exercise a race condition that can crash the server. [RT
#23303]
* Changing TTL did not cause dnssec-signzone to generate new
signatures. [RT #23330]
* Have the validating resolver use RRSIG original TTL to compute
validated RRset and RRSIG TTL. [RT #23332]
* In "make test" bin/tests/resolver, hold the socket manager lock
while freeing the socket. [RT #23333]
* If named encountered a CNAME instead of a DS record when walking
the chain of trust down from the trust anchor, it incorrectly
stopped validating. [RT #23338]
* dns/view.h needed dns/rpz.h but it wasn't in the Makfile.in HEADERS
variable. [RT #23342]
* RRSIG records could have time stamps too far in the future. [RT
#23356]
* named stores cached data in an in-memory database and keeps track
of how recently the data is used with a heap. The heap is stored
within the cache's memory space. Under a sustained high query load
and with a small cache size, this could lead to the heap exhausting
the cache space. This would result in cache misses and SERVFAILs,
with named never releasing the cache memory the heap used up and
never recovering. This fix removes the heap into its own memory
space, preventing the heap from exhausting the cache space and
allowing named to recover gracefully when the high query load
abates. [RT #23371]
* Fully separated key management on a per view basis. [RT #23419]
* If running on a powerpc CPU and with atomic operations enabled,
named could lock up. Added sync instructions to the end of atomic
operations. [RT #23469]
* If OpenSSL was built without engine support, named would have
compile errors and fail to build. [RT #23473]
* If ./configure finds GOST but not elliptic curve, named fails to
build. Added elliptic curve support check in GOST OpenSSL engine
detection. [RT #23485]
* "rndc secroots" would abort on the first error and so could miss
remaining views. [RT #23488]
* Handle isc_event_allocate failures in t_tasks test. [RT #23572]
* ixfr-from-differences {master|slave}; failed to select the
master/slave zones, resulting in on diff/journal file being
created. [RT #23580]
* If a DNAME substitution failed, named returned NOERROR. The correct
response should be YXDOMAIN. [RT #23591]
* dns_dnssec_findzonekeys{2} used a inconsistant timestamp when
determining which keys are active. This could result in some RRsets
not being signed/re-signed. [RT #23642]
* Remove bin/tests/system/logfileconfig/ns1/named.conf and add
setup.sh in order to resolve changing named.conf issue. [RT #23687]
* NOTIFY messages were not being sent when generating a NSEC3 chain
incrementally. [RT #23702]
* DDNS updates using SIG(0) with update-policy match type "external"
could cause a crash. Also fixed nsupdate core dump on shutdown when
using a SIG(0) key, due to the key not being freed. [RT #23735]
* Zones using automatic key maintenance could fail to check the key
repository for updates. named now checks once per hour and the
automatic check bug has been fixed. [RT #23744]
* named now uses the correct strtok/strtok_r/strtok_s based on OS.
[RT #23747]
* Signatures for records at the zone apex could go stale due to an
incorrect timer setting. [RT #23769]
* The autosign tests attempted to open ports within reserved ranges.
Test now avoids those ports. [RT #23957]
* GSS TGIS test was failing, since log_cred() caused KRB5_KTNAME to
be cached. Now sets KRB5_KTNAME before calling log_cred() in
dst_gssapi_acceptctx(). [RT #24004]
* named, acting as authoritative server for DLZ zones, was not
correctly setting the authoritative (AA) bit. [RT #24146]
* Clean up some cross-compiling issues and added two undocumented
configure options, --with-gost and --with-rlimtype, to allow
over-riding default settings (gost=no and rlimtype="long int") when
cross-compiling. [RT #24367]
* When trying sign with NSEC3, if dnssec-signzone couldn't find the
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
* Configuring 'dnssec-validation auto' in a view instead of in the
options statement could trigger an assertion failure in
named-checkconf. [RT #24382]
* Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the checkconf system test.
[RT #24398]
* If named is configured to be both authoritative and recursive and
receives a recursive query for a CNAME in a zone that it is
authoritative for, if that CNAME also points to a zone the server
is authoritative for, the recursive part of name will not follow
the CNAME change and the response will not be a complete CNAME
chain. [RT #24455]
* nsupdate could dump core on shutdown when using SIG(0) keys. [RT
#24604]
* Named could fail to validate zones list in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
[RT #24631]
* dnssec-signzone now records timestamps just before and just after
signing, improving the accuracy of signing statistics. [RT #16030]
* If allow-new-zones was set to yes and name-based ACLs were used,
named could crash when "rndc reconfig" was issued. [RT #22739]
* RT #23136 fixed a problem where named would delete old signatures
even when the private key wasn't available to re-sign the zone,
resulting in a zone with missing signatures. This fix (CHANGES
3114) did not completely fix all issues. [RT #24577]
* A bug in FreeBSD kernels causes IPv6 UDP responses greater than
1280 bytes to not fragment as they should. Until there is a kernel
fix, named will work around this by setting IPV6_USE_MIN_MTU on a
per packet basis. [RT #24950]
Known issues in this release
* None.
Thank You
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.

6
contrib/bind9/bin/check/named-checkconf.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.54 2010-09-07 01:49:08 marka Exp $ */
/* $Id: named-checkconf.c,v 1.54.62.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@ -190,7 +190,7 @@ configure_zone(const char *vclass, const char *view,
if (obj != NULL)
maps[i++] = obj;
}
maps[i++] = NULL;
maps[i] = NULL;
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)

5
contrib/bind9/bin/confgen/ddns-confgen.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ddns-confgen.c,v 1.9 2009-09-29 15:06:05 fdupont Exp $ */
/* $Id: ddns-confgen.c,v 1.9.308.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@ -160,6 +160,7 @@ main(int argc, char **argv) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
POST(argv);
if (self_domain != NULL && zone != NULL)
usage(1); /* -s and -z cannot coexist */

5
contrib/bind9/bin/confgen/rndc-confgen.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc-confgen.c,v 1.5 2009-09-29 15:06:05 fdupont Exp $ */
/* $Id: rndc-confgen.c,v 1.5.308.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@ -200,6 +200,7 @@ main(int argc, char **argv) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
POST(argv);
if (argc > 0)
usage(1);

35
contrib/bind9/bin/dig/dig.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.237 2010-05-13 00:40:46 marka Exp $ */
/* $Id: dig.c,v 1.237.124.3 2011-03-11 06:46:58 marka Exp $ */
/*! \file */
@ -44,8 +44,6 @@
#include <dns/result.h>
#include <dns/tsig.h>
#include <bind9/getaddresses.h>
#include <dig/dig.h>
#define ADD_STRING(b, s) { \
@ -479,8 +477,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (!query->lookup->comments)
flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
result = ISC_R_SUCCESS;
result = isc_buffer_allocate(mctx, &buf, len);
check_result(result, "isc_buffer_allocate");
@ -1437,30 +1433,6 @@ preparse_args(int argc, char **argv) {
}
}
static void
getaddresses(dig_lookup_t *lookup, const char *host) {
isc_result_t result;
isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
isc_netaddr_t netaddr;
int count, i;
dig_server_t *srv;
char tmp[ISC_NETADDR_FORMATSIZE];
result = bind9_getaddresses(host, 0, sockaddrs,
DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
host, isc_result_totext(result));
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
srv = make_server(tmp, host);
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
}
addresscount = count;
}
static void
parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
int argc, char **argv) {
@ -1555,7 +1527,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (strncmp(rv[0], "%", 1) == 0)
break;
if (strncmp(rv[0], "@", 1) == 0) {
getaddresses(lookup, &rv[0][1]);
addresscount = getaddresses(lookup, &rv[0][1]);
} else if (rv[0][0] == '+') {
plus_option(&rv[0][1], is_batchfile,
lookup);
@ -1592,7 +1564,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
result = DNS_R_UNKNOWN;
fprintf(stderr, ";; Warning, "
"ixfr requires a "
"serial number\n");

59
contrib/bind9/bin/dig/dighost.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.336 2010-12-09 00:54:33 marka Exp $ */
/* $Id: dighost.c,v 1.336.22.4 2011-03-11 06:46:58 marka Exp $ */
/*! \file
* \note
@ -566,10 +566,8 @@ make_server(const char *servname, const char *userarg) {
if (srv == NULL)
fatal("memory allocation failure in %s:%d",
__FILE__, __LINE__);
strncpy(srv->servername, servname, MXNAME);
strncpy(srv->userarg, userarg, MXNAME);
srv->servername[MXNAME-1] = 0;
srv->userarg[MXNAME-1] = 0;
strlcpy(srv->servername, servname, MXNAME);
strlcpy(srv->userarg, userarg, MXNAME);
ISC_LINK_INIT(srv, link);
return (srv);
}
@ -1767,8 +1765,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
dns_rdata_freestruct(&ns);
/* Initialize lookup if we've not yet */
debug("found NS %d %s", numLookups, namestr);
numLookups++;
debug("found NS %s", namestr);
if (!success) {
success = ISC_TRUE;
lookup_counter++;
@ -1790,9 +1787,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain, NULL);
}
srv = make_server(namestr, namestr);
debug("adding server %s", srv->servername);
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
debug("adding server %s", namestr);
numLookups += getaddresses(lookup, namestr);
dns_rdata_reset(&rdata);
}
}
@ -1808,17 +1804,25 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
if (numLookups > 1) {
isc_uint32_t i, j;
dig_serverlist_t my_server_list;
dig_server_t *next;
ISC_LIST_INIT(my_server_list);
for (i = numLookups; i > 0; i--) {
i = numLookups;
for (srv = ISC_LIST_HEAD(lookup->my_server_list);
srv != NULL;
srv = ISC_LIST_HEAD(lookup->my_server_list)) {
INSIST(i > 0);
isc_random_get(&j);
j %= i;
srv = ISC_LIST_HEAD(lookup->my_server_list);
while (j-- > 0)
srv = ISC_LIST_NEXT(srv, link);
next = ISC_LIST_NEXT(srv, link);
while (j-- > 0 && next != NULL) {
srv = next;
next = ISC_LIST_NEXT(srv, link);
}
ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);
ISC_LIST_APPEND(my_server_list, srv, link);
i--;
}
ISC_LIST_APPENDLIST(lookup->my_server_list,
my_server_list, link);
@ -3541,6 +3545,31 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
return (ISC_R_SUCCESS);
}
int
getaddresses(dig_lookup_t *lookup, const char *host) {
isc_result_t result;
isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
isc_netaddr_t netaddr;
int count, i;
dig_server_t *srv;
char tmp[ISC_NETADDR_FORMATSIZE];
result = bind9_getaddresses(host, 0, sockaddrs,
DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
host, isc_result_totext(result));
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
srv = make_server(tmp, host);
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
}
return count;
}
/*%
* Initiate either a TCP or UDP lookup
*/

9
contrib/bind9/bin/dig/host.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.124 2010-11-16 05:38:30 marka Exp $ */
/* $Id: host.c,v 1.124.40.3 2011-03-11 06:46:59 marka Exp $ */
/*! \file */
@ -521,6 +521,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
printf("%scd", did_flag ? " " : "");
did_flag = ISC_TRUE;
POST(did_flag);
}
printf("; QUERY: %u, ANSWER: %u, "
"AUTHORITY: %u, ADDITIONAL: %u\n",
@ -824,8 +825,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
if (isc_commandline_index >= argc)
show_usage();
strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
hostname[sizeof(hostname)-1]=0;
strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
if (argc > isc_commandline_index + 1) {
set_nameserver(argv[isc_commandline_index+1]);
debug("server is %s", argv[isc_commandline_index+1]);

7
contrib/bind9/bin/dig/include/dig/dig.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.h,v 1.111 2009-09-29 15:06:06 fdupont Exp $ */
/* $Id: dig.h,v 1.111.306.2 2011-02-28 01:19:58 tbox Exp $ */
#ifndef DIG_H
#define DIG_H
@ -288,6 +288,9 @@ extern int idnoptions;
isc_result_t
get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
int
getaddresses(dig_lookup_t *lookup, const char *host);
isc_result_t
get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
isc_boolean_t strict);

34
contrib/bind9/bin/dig/nslookup.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nslookup.c,v 1.127 2010-11-17 23:47:08 tbox Exp $ */
/* $Id: nslookup.c,v 1.127.38.2 2011-02-28 01:19:58 tbox Exp $ */
#include <config.h>
@ -535,12 +535,6 @@ testclass(char *typetext) {
}
}
static void
safecpy(char *dest, char *src, int size) {
strncpy(dest, src, size);
dest[size-1] = 0;
}
static void
set_port(const char *value) {
isc_uint32_t n;
@ -571,34 +565,34 @@ setoption(char *opt) {
show_settings(ISC_TRUE, ISC_FALSE);
} else if (strncasecmp(opt, "class=", 6) == 0) {
if (testclass(&opt[6]))
safecpy(defclass, &opt[6], sizeof(defclass));
strlcpy(defclass, &opt[6], sizeof(defclass));
} else if (strncasecmp(opt, "cl=", 3) == 0) {
if (testclass(&opt[3]))
safecpy(defclass, &opt[3], sizeof(defclass));
strlcpy(defclass, &opt[3], sizeof(defclass));
} else if (strncasecmp(opt, "type=", 5) == 0) {
if (testtype(&opt[5]))
safecpy(deftype, &opt[5], sizeof(deftype));
strlcpy(deftype, &opt[5], sizeof(deftype));
} else if (strncasecmp(opt, "ty=", 3) == 0) {
if (testtype(&opt[3]))
safecpy(deftype, &opt[3], sizeof(deftype));
strlcpy(deftype, &opt[3], sizeof(deftype));
} else if (strncasecmp(opt, "querytype=", 10) == 0) {
if (testtype(&opt[10]))
safecpy(deftype, &opt[10], sizeof(deftype));
strlcpy(deftype, &opt[10], sizeof(deftype));
} else if (strncasecmp(opt, "query=", 6) == 0) {
if (testtype(&opt[6]))
safecpy(deftype, &opt[6], sizeof(deftype));
strlcpy(deftype, &opt[6], sizeof(deftype));
} else if (strncasecmp(opt, "qu=", 3) == 0) {
if (testtype(&opt[3]))
safecpy(deftype, &opt[3], sizeof(deftype));
strlcpy(deftype, &opt[3], sizeof(deftype));
} else if (strncasecmp(opt, "q=", 2) == 0) {
if (testtype(&opt[2]))
safecpy(deftype, &opt[2], sizeof(deftype));
strlcpy(deftype, &opt[2], sizeof(deftype));
} else if (strncasecmp(opt, "domain=", 7) == 0) {
safecpy(domainopt, &opt[7], sizeof(domainopt));
strlcpy(domainopt, &opt[7], sizeof(domainopt));
set_search_domain(domainopt);
usesearch = ISC_TRUE;
} else if (strncasecmp(opt, "do=", 3) == 0) {
safecpy(domainopt, &opt[3], sizeof(domainopt));
strlcpy(domainopt, &opt[3], sizeof(domainopt));
set_search_domain(domainopt);
usesearch = ISC_TRUE;
} else if (strncasecmp(opt, "port=", 5) == 0) {
@ -677,11 +671,11 @@ addlookup(char *opt) {
lookup = make_empty_lookup();
if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
== ISC_R_SUCCESS) {
safecpy(lookup->textname, store, sizeof(lookup->textname));
strlcpy(lookup->textname, store, sizeof(lookup->textname));
lookup->rdtype = dns_rdatatype_ptr;
lookup->rdtypeset = ISC_TRUE;
} else {
safecpy(lookup->textname, opt, sizeof(lookup->textname));
strlcpy(lookup->textname, opt, sizeof(lookup->textname));
lookup->rdtype = rdtype;
lookup->rdtypeset = ISC_TRUE;
}

2
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
View File

@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.1.2.1 2011-06-09 03:41:05 tbox Exp $
.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.2 2011-02-28 02:37:42 tbox Exp $
.\"
.hy 0
.ad l

10
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2007-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2007-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.32 2010-12-23 04:07:59 marka Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@ -518,6 +518,9 @@ main(int argc, char **argv) {
{
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, directory, &buf);
if (ret != ISC_R_SUCCESS)
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
if (exact)
fatal("%s: %s already exists\n", program, filename);
@ -542,6 +545,9 @@ main(int argc, char **argv) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS)
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
printf("%s\n", filename);
dst_key_free(&key);

2
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.1.2.1 2011-06-02 23:47:27 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011-02-28 01:19:58 tbox Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>

2
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
View File

@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.1.2.1 2011-06-09 03:41:05 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.2 2011-02-28 02:37:42 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

22
contrib/bind9/bin/dnssec/dnssec-keygen.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.115 2010-12-23 04:07:59 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.115.14.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@ -975,12 +975,15 @@ main(int argc, char **argv) {
if (verbose > 0) {
isc_buffer_clear(&buf);
dst_key_buildfilename(key, 0, directory, &buf);
fprintf(stderr,
"%s: %s already exists, or might "
"collide with another key upon "
"revokation. Generating a new key\n",
program, filename);
ret = dst_key_buildfilename(key, 0,
directory, &buf);
if (ret == ISC_R_SUCCESS)
fprintf(stderr,
"%s: %s already exists, or "
"might collide with another "
"key upon revokation. "
"Generating a new key\n",
program, filename);
}
dst_key_free(&key);
@ -1001,6 +1004,9 @@ main(int argc, char **argv) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS)
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
printf("%s\n", filename);
dst_key_free(&key);
if (prevkey != NULL)

8
contrib/bind9/bin/dnssec/dnssec-settime.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-settime.8,v 1.14 2010-08-17 01:15:26 tbox Exp $
.\" $Id: dnssec-settime.8,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $
.\"
.hy 0
.ad l
@ -59,7 +59,7 @@ and
.RS 4
Force an update of an old\-format key with no metadata fields. Without this option,
\fBdnssec\-settime\fR
will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time.
will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time. If no other values are specified, then the key's publication and activation dates will also be set to the present time.
.RE
.PP
\-K \fIdirectory\fR
@ -162,5 +162,5 @@ RFC 5011.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
.br

17
contrib/bind9/bin/dnssec/dnssec-settime.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-settime.c,v 1.28 2010-12-19 07:29:36 each Exp $ */
/* $Id: dnssec-settime.c,v 1.28.16.3 2011-06-02 20:24:11 each Exp $ */
/*! \file */
@ -81,8 +81,7 @@ usage(void) {
"deletion date\n");
fprintf(stderr, "Printing options:\n");
fprintf(stderr, " -p C/P/A/R/I/D/all: print a particular time "
"value or values "
"[default: all]\n");
"value or values\n");
fprintf(stderr, " -u: print times in unix epoch "
"format\n");
fprintf(stderr, "Output:\n");
@ -513,6 +512,16 @@ main(int argc, char **argv) {
else if (unsetdel)
dst_key_unsettime(key, DST_TIME_DELETE);
/*
* No metadata changes were made but we're forcing an upgrade
* to the new format anyway: use "-P now -A now" as the default
*/
if (force && !changed) {
dst_key_settime(key, DST_TIME_PUBLISH, now);
dst_key_settime(key, DST_TIME_ACTIVATE, now);
changed = ISC_TRUE;
}
/*
* Print out time values, if -p was used.
*/

9
contrib/bind9/bin/dnssec/dnssec-settime.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.docbook,v 1.11 2010-08-16 22:21:06 marka Exp $ -->
<!-- $Id: dnssec-settime.docbook,v 1.11.70.2 2011-03-21 23:46:58 tbox Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
@ -38,6 +38,7 @@
<copyright>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@ -98,7 +99,9 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
set to the present time.
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</para>
</listitem>
</varlistentry>

20
contrib/bind9/bin/dnssec/dnssec-settime.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.html,v 1.14 2010-08-17 01:15:26 tbox Exp $ -->
<!-- $Id: dnssec-settime.html,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543419"></a><h2>DESCRIPTION</h2>
<a name="id2543422"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543467"></a><h2>OPTIONS</h2>
<a name="id2543470"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -65,7 +65,9 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
set to the present time.
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -87,7 +89,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543559"></a><h2>TIMING OPTIONS</h2>
<a name="id2543562"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -166,7 +168,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543698"></a><h2>PRINTING OPTIONS</h2>
<a name="id2543701"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -192,7 +194,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543912"></a><h2>SEE ALSO</h2>
<a name="id2543915"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -200,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543945"></a><h2>AUTHOR</h2>
<a name="id2543948"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

149
contrib/bind9/bin/dnssec/dnssec-signzone.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.262 2010-06-03 23:51:04 tbox Exp $ */
/* $Id: dnssec-signzone.c,v 1.262.110.9 2011-07-19 23:47:12 tbox Exp $ */
/*! \file */
@ -338,7 +338,7 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) {
} else {
dns_dnsseckey_create(mctx, &pubkey, &key);
}
key->force_publish = ISC_TRUE;
key->force_publish = ISC_FALSE;
key->force_sign = ISC_FALSE;
ISC_LIST_APPEND(keylist, key, link);
@ -486,32 +486,32 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
if (!expired)
keep = ISC_TRUE;
} else if (issigningkey(key)) {
if (!expired && setverifies(name, set, key->key,
&sigrdata)) {
if (!expired && rrsig.originalttl == set->ttl &&
setverifies(name, set, key->key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->index] = ISC_TRUE;
nowsignedby[key->index] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
sigstr,
expired ? "expired" :
"failed to verify");
sigstr, expired ? "expired" :
rrsig.originalttl != set->ttl ?
"ttl change" : "failed to verify");
wassignedby[key->index] = ISC_TRUE;
resign = ISC_TRUE;
}
} else if (iszonekey(key)) {
if (!expired && setverifies(name, set, key->key,
&sigrdata)) {
if (!expired && rrsig.originalttl == set->ttl &&
setverifies(name, set, key->key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->index] = ISC_TRUE;
nowsignedby[key->index] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
sigstr,
expired ? "expired" :
"failed to verify");
sigstr, expired ? "expired" :
rrsig.originalttl != set->ttl ?
"ttl change" : "failed to verify");
wassignedby[key->index] = ISC_TRUE;
}
} else if (!expired) {
@ -522,7 +522,8 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
}
if (keep) {
nowsignedby[key->index] = ISC_TRUE;
if (key != NULL)
nowsignedby[key->index] = ISC_TRUE;
INCSTAT(nretained);
if (sigset.ttl != ttl) {
vbprintf(2, "\tfixing ttl %s\n", sigstr);
@ -1387,6 +1388,13 @@ verifyset(dns_rdataset_t *rdataset, dns_name_t *name, dns_dbnode_t *node,
dns_rdataset_current(&sigrdataset, &rdata);
dns_rdata_tostruct(&rdata, &sig, NULL);
if (rdataset->ttl != sig.originalttl) {
dns_name_format(name, namebuf, sizeof(namebuf));
type_format(rdataset->type, typebuf, sizeof(typebuf));
fprintf(stderr, "TTL mismatch for %s %s keytag %u\n",
namebuf, typebuf, sig.keyid);
continue;
}
if ((set_algorithms[sig.algorithm] != 0) ||
(ksk_algorithms[sig.algorithm] == 0))
continue;
@ -1443,14 +1451,14 @@ verifynode(dns_name_t *name, dns_dbnode_t *node, isc_boolean_t delegation,
/*%
* Verify that certain things are sane:
*
* The apex has a DNSKEY record with at least one KSK, and at least
* The apex has a DNSKEY RRset with at least one KSK, and at least
* one ZSK if the -x flag was not used.
*
* The DNSKEY record was signed with at least one of the KSKs in this
* set.
* The DNSKEY record was signed with at least one of the KSKs in
* the DNSKEY RRset.
*
* The rest of the zone was signed with at least one of the ZSKs
* present in the DNSKEY RRSET.
* present in the DNSKEY RRset.
*/
static void
verifyzone(void) {
@ -1461,13 +1469,12 @@ verifyzone(void) {
dns_name_t *name, *nextname, *zonecut;
dns_rdata_dnskey_t dnskey;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t rdataset;
dns_rdataset_t sigrdataset;
dns_rdataset_t keyset, soaset;
dns_rdataset_t keysigs, soasigs;
int i;
isc_boolean_t done = ISC_FALSE;
isc_boolean_t first = ISC_TRUE;
isc_boolean_t goodksk = ISC_FALSE;
isc_boolean_t goodzsk = ISC_FALSE;
isc_result_t result;
unsigned char revoked_ksk[256];
unsigned char revoked_zsk[256];
@ -1489,18 +1496,30 @@ verifyzone(void) {
fatal("failed to find the zone's origin: %s",
isc_result_totext(result));
dns_rdataset_init(&rdataset);
dns_rdataset_init(&sigrdataset);
dns_rdataset_init(&keyset);
dns_rdataset_init(&keysigs);
dns_rdataset_init(&soaset);
dns_rdataset_init(&soasigs);
result = dns_db_findrdataset(gdb, node, gversion,
dns_rdatatype_dnskey,
0, 0, &rdataset, &sigrdataset);
dns_db_detachnode(gdb, &node);
0, 0, &keyset, &keysigs);
if (result != ISC_R_SUCCESS)
fatal("cannot find DNSKEY rrset\n");
if (!dns_rdataset_isassociated(&sigrdataset))
result = dns_db_findrdataset(gdb, node, gversion,
dns_rdatatype_soa,
0, 0, &soaset, &soasigs);
dns_db_detachnode(gdb, &node);
if (result != ISC_R_SUCCESS)
fatal("cannot find SOA rrset\n");
if (!dns_rdataset_isassociated(&keysigs))
fatal("cannot find DNSKEY RRSIGs\n");
if (!dns_rdataset_isassociated(&soasigs))
fatal("cannot find SOA RRSIGs\n");
memset(revoked_ksk, 0, sizeof(revoked_ksk));
memset(revoked_zsk, 0, sizeof(revoked_zsk));
memset(standby_ksk, 0, sizeof(standby_ksk));
@ -1517,10 +1536,10 @@ verifyzone(void) {
* and one ZSK per algorithm in it (or, if -x was used, one
* self-signing KSK).
*/
for (result = dns_rdataset_first(&rdataset);
for (result = dns_rdataset_first(&keyset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdataset_next(&keyset)) {
dns_rdataset_current(&keyset, &rdata);
result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
check_result(result, "dns_rdata_tostruct");
@ -1528,8 +1547,8 @@ verifyzone(void) {
;
else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
!dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
&sigrdataset, ISC_FALSE,
!dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
&keysigs, ISC_FALSE,
mctx)) {
char namebuf[DNS_NAME_FORMATSIZE];
char buffer[1024];
@ -1551,8 +1570,8 @@ verifyzone(void) {
revoked_zsk[dnskey.algorithm] != 255)
revoked_zsk[dnskey.algorithm]++;
} else if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0) {
if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
&sigrdataset, ISC_FALSE, mctx)) {
if (dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
&keysigs, ISC_FALSE, mctx)) {
if (ksk_algorithms[dnskey.algorithm] != 255)
ksk_algorithms[dnskey.algorithm]++;
goodksk = ISC_TRUE;
@ -1560,8 +1579,8 @@ verifyzone(void) {
if (standby_ksk[dnskey.algorithm] != 255)
standby_ksk[dnskey.algorithm]++;
}
} else if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
&sigrdataset, ISC_FALSE,
} else if (dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
&keysigs, ISC_FALSE,
mctx)) {
#ifdef ALLOW_KSKLESS_ZONES
if (self_algorithms[dnskey.algorithm] != 255)
@ -1569,7 +1588,10 @@ verifyzone(void) {
#endif
if (zsk_algorithms[dnskey.algorithm] != 255)
zsk_algorithms[dnskey.algorithm]++;
goodzsk = ISC_TRUE;
} else if (dns_dnssec_signs(&rdata, gorigin, &soaset,
&soasigs, ISC_FALSE, mctx)) {
if (zsk_algorithms[dnskey.algorithm] != 255)
zsk_algorithms[dnskey.algorithm]++;
} else {
if (standby_zsk[dnskey.algorithm] != 255)
standby_zsk[dnskey.algorithm]++;
@ -1580,7 +1602,9 @@ verifyzone(void) {
dns_rdata_freestruct(&dnskey);
dns_rdata_reset(&rdata);
}
dns_rdataset_disassociate(&sigrdataset);
dns_rdataset_disassociate(&keysigs);
dns_rdataset_disassociate(&soaset);
dns_rdataset_disassociate(&soasigs);
#ifdef ALLOW_KSKLESS_ZONES
if (!goodksk) {
@ -1595,7 +1619,7 @@ verifyzone(void) {
}
#else
if (!goodksk) {
fatal("no self signed KSK's found");
fatal("No self signed KSK's found");
}
#endif
@ -1669,7 +1693,7 @@ verifyzone(void) {
dns_name_copy(name, zonecut, NULL);
isdelegation = ISC_TRUE;
}
verifynode(name, node, isdelegation, &rdataset,
verifynode(name, node, isdelegation, &keyset,
ksk_algorithms, bad_algorithms);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
@ -1706,13 +1730,13 @@ verifyzone(void) {
result = dns_dbiterator_next(dbiter) ) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
verifynode(name, node, ISC_FALSE, &rdataset,
verifynode(name, node, ISC_FALSE, &keyset,
ksk_algorithms, bad_algorithms);
dns_db_detachnode(gdb, &node);
}
dns_dbiterator_destroy(&dbiter);
dns_rdataset_disassociate(&rdataset);
dns_rdataset_disassociate(&keyset);
/*
* If we made it this far, we have what we consider a properly signed
@ -2192,6 +2216,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length,
result = dns_rdata_fromstruct(&rdata, gclass,
dns_rdatatype_nsec3param,
&nsec3param, &b);
check_result(result, "dns_rdata_fromstruct()");
rdatalist.rdclass = rdata.rdclass;
rdatalist.type = rdata.type;
rdatalist.covers = 0;
@ -2801,7 +2826,7 @@ loadzonekeys(isc_boolean_t preserve_keys, isc_boolean_t load_public) {
}
keyttl = rdataset.ttl;
/* Load keys corresponding to the existing DNSKEY RRset */
/* Load keys corresponding to the existing DNSKEY RRset. */
result = dns_dnssec_keylistfromrdataset(gorigin, directory, mctx,
&rdataset, &keysigs, &soasigs,
preserve_keys, load_public,
@ -3320,28 +3345,36 @@ removetempfile(void) {
}
static void
print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
isc_uint64_t runtime_us; /* Runtime in microseconds */
isc_uint64_t runtime_ms; /* Runtime in milliseconds */
print_stats(isc_time_t *timer_start, isc_time_t *timer_finish,
isc_time_t *sign_start, isc_time_t *sign_finish)
{
isc_uint64_t time_us; /* Time in microseconds */
isc_uint64_t time_ms; /* Time in milliseconds */
isc_uint64_t sig_ms; /* Signatures per millisecond */
runtime_us = isc_time_microdiff(timer_finish, timer_start);
printf("Signatures generated: %10d\n", nsigned);
printf("Signatures retained: %10d\n", nretained);
printf("Signatures dropped: %10d\n", ndropped);
printf("Signatures successfully verified: %10d\n", nverified);
printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
runtime_ms = runtime_us / 1000;
printf("Runtime in seconds: %7u.%03u\n",
(unsigned int) (runtime_ms / 1000),
(unsigned int) (runtime_ms % 1000));
if (runtime_us > 0) {
sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
time_us = isc_time_microdiff(sign_finish, sign_start);
time_ms = time_us / 1000;
printf("Signing time in seconds: %7u.%03u\n",
(unsigned int) (time_ms / 1000),
(unsigned int) (time_ms % 1000));
if (time_us > 0) {
sig_ms = ((isc_uint64_t)nsigned * 1000000000) / time_us;
printf("Signatures per second: %7u.%03u\n",
(unsigned int) sig_ms / 1000,
(unsigned int) sig_ms % 1000);
}
time_us = isc_time_microdiff(timer_finish, timer_start);
time_ms = time_us / 1000;
printf("Runtime in seconds: %7u.%03u\n",
(unsigned int) (time_ms / 1000),
(unsigned int) (time_ms % 1000));
}
int
@ -3355,6 +3388,7 @@ main(int argc, char *argv[]) {
int ndskeys = 0;
char *endp;
isc_time_t timer_start, timer_finish;
isc_time_t sign_start, sign_finish;
dns_dnsseckey_t *key;
isc_result_t result;
isc_log_t *log = NULL;
@ -3805,6 +3839,8 @@ main(int argc, char *argv[]) {
nokeys = ISC_TRUE;
}
warnifallksk(gdb);
if (IS_NSEC3) {
unsigned int max;
result = dns_nsec3_maxiterations(gdb, NULL, mctx, &max);
@ -3814,8 +3850,6 @@ main(int argc, char *argv[]) {
"strength. Maximum iterations allowed %u.", max);
}
warnifallksk(gdb);
gversion = NULL;
result = dns_db_newversion(gdb, &gversion);
check_result(result, "dns_db_newversion()");
@ -3895,6 +3929,7 @@ main(int argc, char *argv[]) {
RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS);
presign();
TIME_NOW(&sign_start);
signapex();
if (!finished) {
/*
@ -3919,6 +3954,7 @@ main(int argc, char *argv[]) {
isc_taskmgr_destroy(&taskmgr);
isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
postsign();
TIME_NOW(&sign_finish);
verifyzone();
if (outputformat != dns_masterformat_text) {
@ -3972,7 +4008,8 @@ main(int argc, char *argv[]) {
if (printstats) {
TIME_NOW(&timer_finish);
print_stats(&timer_start, &timer_finish);
print_stats(&timer_start, &timer_finish,
&sign_start, &sign_finish);
}
return (0);

8
contrib/bind9/bin/named/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.114 2010-12-22 09:00:40 marka Exp $
# $Id: Makefile.in,v 1.114.14.2 2011-03-10 23:47:25 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -45,7 +45,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
CDEFINES = @USE_DLZ@ @USE_PKCS11@ @USE_OPENSSL@
CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @USE_OPENSSL@
CWARNINGS =
@ -89,7 +89,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
UOBJS = unix/os.@O@
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
SYMOBJS = symtbl.@O@

10
contrib/bind9/bin/named/client.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.271 2011-01-11 23:47:12 tbox Exp $ */
/* $Id: client.c,v 1.271.10.2 2011-07-28 04:30:54 marka Exp $ */
#include <config.h>
@ -633,6 +633,7 @@ ns_client_endrequest(ns_client_t *client) {
dns_message_puttemprdataset(client->message, &client->opt);
}
client->signer = NULL;
client->udpsize = 512;
client->extflags = 0;
client->ednsversion = -1;
@ -1312,6 +1313,12 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
UNUSED(arg);
/*
* ns_g_server->interfacemgr is task exclusive locked.
*/
if (ns_g_server->interfacemgr == NULL)
return (ISC_TRUE);
if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr))
return (ISC_FALSE);
@ -2095,6 +2102,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->next = NULL;
client->shutdown = NULL;
client->shutdown_arg = NULL;
client->signer = NULL;
dns_name_init(&client->signername, NULL);
client->mortal = ISC_FALSE;
client->tcpquota = NULL;

2
contrib/bind9/bin/named/config.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.113.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
/* $Id: config.c,v 1.113.16.2 2011-02-28 01:19:58 tbox Exp $ */
/*! \file */

6
contrib/bind9/bin/named/controlconf.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.60 2008-07-23 23:27:54 marka Exp $ */
/* $Id: controlconf.c,v 1.60.544.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on command channel: %s",
keyid->keyname, isc_result_totext(result));
CHECK(result);
goto cleanup;
}
keyid->secret.length = isc_buffer_usedlength(&b);

27
contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h Normal file
View File

@ -0,0 +1,27 @@
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */
#ifndef DLZ_DLOPEN_DRIVER_H
#define DLZ_DLOPEN_DRIVER_H
isc_result_t
dlz_dlopen_init(isc_mem_t *mctx);
void
dlz_dlopen_clear(void);
#endif

6
contrib/bind9/bin/named/include/named/globals.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.89 2010-09-15 12:07:55 marka Exp $ */
/* $Id: globals.h,v 1.89.54.2 2011-06-17 23:47:10 tbox Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@ -26,6 +26,7 @@
#include <isc/log.h>
#include <isc/net.h>
#include <isccfg/aclconf.h>
#include <isccfg/cfg.h>
#include <dns/zone.h>
@ -102,6 +103,7 @@ EXTERN const char * lwresd_g_resolvconffile INIT("/etc"
EXTERN isc_boolean_t ns_g_conffileset INIT(ISC_FALSE);
EXTERN isc_boolean_t lwresd_g_useresolvconf INIT(ISC_FALSE);
EXTERN isc_uint16_t ns_g_udpsize INIT(4096);
EXTERN cfg_aclconfctx_t * ns_g_aclconfctx INIT(NULL);
/*
* Initial resource limits.

7
contrib/bind9/bin/named/interfacemgr.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: interfacemgr.c,v 1.95 2009-01-17 23:47:42 tbox Exp $ */
/* $Id: interfacemgr.c,v 1.95.426.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@ -379,7 +379,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
}
}
*ifpret = ifp;
return (ISC_R_SUCCESS);
return (result);
cleanup_interface:
ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
@ -964,7 +964,6 @@ isc_boolean_t
ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {
isc_sockaddr_t *old;
old = ISC_LIST_HEAD(mgr->listenon);
for (old = ISC_LIST_HEAD(mgr->listenon);
old != NULL;
old = ISC_LIST_NEXT(old, link))

57
contrib/bind9/bin/named/logconf.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,12 +15,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: logconf.c,v 1.42 2007-06-19 23:46:59 tbox Exp $ */
/* $Id: logconf.c,v 1.42.816.3 2011-03-05 23:52:06 tbox Exp $ */
/*! \file */
#include <config.h>
#include <isc/file.h>
#include <isc/offset.h>
#include <isc/result.h>
#include <isc/stdio.h>
@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
}
type = ISC_LOG_TONULL;
if (fileobj != NULL) {
const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_offset_t size = 0;
type = ISC_LOG_TOFILE;
if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
versions = cfg_obj_asuint32(versionsobj);
if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&
@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
FILE *fp;
/*
* Test that the file can be opened, since isc_log_open()
* can't effectively report failures when called in
* isc_log_doit().
*/
result = isc_stdio_open(dest.file.name, "a", &fp);
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"logging channel '%s' file '%s': %s",
channelname, dest.file.name,
isc_result_totext(result));
else
(void)isc_stdio_close(fp);
/*
* Allow named to continue by returning success.
*/
result = ISC_R_SUCCESS;
* Test to make sure that file is a plain file.
* Fix defect #22771
*/
result = isc_file_isplainfile(dest.file.name);
if (result == ISC_R_SUCCESS ||
result == ISC_R_FILENOTFOUND) {
/*
* Test that the file can be opened, since
* isc_log_open() can't effectively report
* failures when called in
* isc_log_doit().
*/
result = isc_stdio_open(dest.file.name, "a", &fp);
if (result != ISC_R_SUCCESS) {
syslog(LOG_ERR,
"isc_stdio_open '%s' failed: %s",
dest.file.name,
isc_result_totext(result));
fprintf(stderr,
"isc_stdio_open '%s' failed: %s",
dest.file.name,
isc_result_totext(result));
} else
(void)isc_stdio_close(fp);
} else {
syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
dest.file.name, isc_result_totext(result));
fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
dest.file.name, isc_result_totext(result));
}
}
return (result);

35
contrib/bind9/bin/named/main.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: main.c,v 1.180 2010-12-22 03:59:02 marka Exp $ */
/* $Id: main.c,v 1.180.14.3 2011-03-11 06:47:00 marka Exp $ */
/*! \file */
@ -51,6 +51,8 @@
#include <dst/result.h>
#include <dlz/dlz_dlopen_driver.h>
/*
* Defining NS_MAIN provides storage declarations (rather than extern)
* for variables in named/globals.h.
@ -81,10 +83,10 @@
*/
/* #include "xxdb.h" */
#ifdef CONTRIB_DLZ
/*
* Include DLZ drivers if appropriate.
* Include contributed DLZ drivers if appropriate.
*/
#ifdef DLZ
#include <dlz/dlz_drivers.h>
#endif
@ -560,6 +562,7 @@ parse_command_line(int argc, char *argv[]) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
POST(argv);
if (argc > 0) {
usage();
@ -856,9 +859,19 @@ setup(void) {
*/
/* xxdb_init(); */
#ifdef DLZ
#ifdef ISC_DLZ_DLOPEN
/*
* Register any DLZ drivers.
* Register the DLZ "dlopen" driver.
*/
result = dlz_dlopen_init(ns_g_mctx);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("dlz_dlopen_init() failed: %s",
isc_result_totext(result));
#endif
#if CONTRIB_DLZ
/*
* Register any other contributed DLZ drivers.
*/
result = dlz_drivers_init();
if (result != ISC_R_SUCCESS)
@ -882,12 +895,18 @@ cleanup(void) {
*/
/* xxdb_clear(); */
#ifdef DLZ
#ifdef CONTRIB_DLZ
/*
* Unregister any DLZ drivers.
* Unregister contributed DLZ drivers.
*/
dlz_drivers_clear();
#endif
#ifdef ISC_DLZ_DLOPEN
/*
* Unregister "dlopen" DLZ driver.
*/
dlz_dlopen_clear();
#endif
dns_name_destroy();

67
contrib/bind9/bin/named/query.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.353.8.2.2.5 2011-06-09 03:17:10 marka Exp $ */
/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
/*! \file */
@ -31,9 +31,7 @@
#include <dns/adb.h>
#include <dns/byaddr.h>
#include <dns/db.h>
#ifdef DLZ
#include <dns/dlz.h>
#endif
#include <dns/dns64.h>
#include <dns/dnssec.h>
#include <dns/events.h>
@ -1027,7 +1025,6 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
{
isc_result_t result;
#ifdef DLZ
isc_result_t tresult;
unsigned int namelabels;
unsigned int zonelabels;
@ -1093,16 +1090,10 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
result = tresult;
}
}
#else
result = query_getzonedb(client, name, qtype, options,
zonep, dbp, versionp);
#endif
/* If successful, Transfer ownership of zone. */
if (result == ISC_R_SUCCESS) {
#ifdef DLZ
*zonep = zone;
#endif
/*
* If neither attempt above succeeded, return the cache instead
*/
@ -1633,6 +1624,7 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
need_addname = ISC_FALSE;
zone = NULL;
needadditionalcache = ISC_FALSE;
POST(needadditionalcache);
additionaltype = dns_rdatasetadditional_fromauth;
dns_name_init(&cfname, NULL);
@ -4305,11 +4297,12 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype,
* Check rules for the name if this it the first time,
* i.e. we've not been recursing.
*/
result = DNS_R_SERVFAIL;
st->state &= ~(DNS_RPZ_HAVE_IP | DNS_RPZ_HAVE_NSIPv4 |
DNS_RPZ_HAVE_NSIPv6 | DNS_RPZ_HAD_NSDNAME);
result = rpz_rewrite_name(client, qtype, client->query.qname,
DNS_RPZ_TYPE_QNAME, &rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
if (st->m.policy != DNS_RPZ_POLICY_MISS)
goto cleanup;
if ((st->state & (DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 |
@ -4415,9 +4408,10 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype,
(st->state & DNS_RPZ_HAVE_NSIPv6) != 0 &&
st->m.type != DNS_RPZ_TYPE_NSDNAME) {
result = rpz_rewrite_nsip(client,
dns_rdatatype_aaaa,
&ns.name, &ipdb, version,
&rdataset, resuming);
dns_rdatatype_aaaa,
&ns.name, &ipdb,
version, &rdataset,
resuming);
}
dns_rdata_freestruct(&ns);
if (ipdb != NULL)
@ -4932,12 +4926,14 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
break;
}
}
if (i == count)
if (i == count && aaaaok != NULL)
isc_mem_put(client->mctx, aaaaok,
sizeof(isc_boolean_t) * count);
return (ISC_TRUE);
}
isc_mem_put(client->mctx, aaaaok, sizeof(isc_boolean_t) * count);
if (aaaaok != NULL)
isc_mem_put(client->mctx, aaaaok,
sizeof(isc_boolean_t) * count);
return (ISC_FALSE);
}
@ -5198,25 +5194,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
is_staticstub_zone = ISC_FALSE;
if (is_zone && zone != NULL) {
if (is_zone) {
authoritative = ISC_TRUE;
if (dns_zone_gettype(zone) == dns_zone_staticstub)
if (zone != NULL &&
dns_zone_gettype(zone) == dns_zone_staticstub)
is_staticstub_zone = ISC_TRUE;
}
if (event == NULL && client->query.restarts == 0) {
if (is_zone) {
#ifdef DLZ
if (zone != NULL) {
/*
* if is_zone = true, zone = NULL then this is
* a DLZ zone. Don't attempt to attach zone.
*/
#endif
dns_zone_attach(zone, &client->query.authzone);
#ifdef DLZ
}
#endif
dns_db_attach(db, &client->query.authdb);
}
client->query.authdbset = ISC_TRUE;
@ -5290,7 +5283,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dns_name_copy(fname, rpz_st->fname, NULL);
rpz_st->q.result = result;
client->query.attributes |= NS_QUERYATTR_RECURSING;
result = ISC_R_SUCCESS;
goto cleanup;
default:
RECURSE_ERROR(rresult);
@ -5743,8 +5735,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto db_find;
}
result = DNS_R_NXRRSET;
/*
* Look for a NSEC3 record if we don't have a NSEC record.
*/
@ -5880,9 +5870,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* resolver and not have it cached.
*/
if (qtype == dns_rdatatype_soa &&
#ifdef DLZ
zone != NULL &&
#endif
dns_zone_getzeronosoattl(zone))
result = query_addsoa(client, db, version, 0,
dns_rdataset_isassociated(rdataset));
@ -6161,17 +6149,17 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
result = dns_name_concatenate(prefix, tname, fname, NULL);
dns_message_puttempname(client->message, &tname);
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_NOSPACE) {
/*
* RFC2672, section 4.1, subsection 3c says
* we should return YXDOMAIN if the constructed
* name would be too long.
*/
client->message->rcode = dns_rcode_yxdomain;
}
/*
* RFC2672, section 4.1, subsection 3c says
* we should return YXDOMAIN if the constructed
* name would be too long.
*/
if (result == DNS_R_NAMETOOLONG)
client->message->rcode = dns_rcode_yxdomain;
if (result != ISC_R_SUCCESS)
goto cleanup;
}
query_keepname(client, fname, dbuf);
/*
* Synthesize a CNAME consisting of
@ -6642,9 +6630,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* Add a fake SOA record.
*/
result = query_addsoa(client, db,
version, 600,
ISC_FALSE);
(void)query_addsoa(client, db, version,
600, ISC_FALSE);
goto cleanup;
}
#endif

486
contrib/bind9/bin/named/server.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp $ */
/* $Id: server.c,v 1.599.8.12 2011-08-02 04:58:45 each Exp $ */
/*! \file */
@ -60,9 +60,7 @@
#include <dns/cache.h>
#include <dns/db.h>
#include <dns/dispatch.h>
#ifdef DLZ
#include <dns/dlz.h>
#endif
#include <dns/dns64.h>
#include <dns/forward.h>
#include <dns/journal.h>
@ -206,13 +204,15 @@ struct zonelistentry {
/*%
* Configuration context to retain for each view that allows
* new zones to be added at runtime
* new zones to be added at runtime.
*/
struct cfg_context {
isc_mem_t * mctx;
cfg_obj_t * config;
cfg_parser_t * parser;
cfg_aclconfctx_t actx;
cfg_obj_t * config;
cfg_parser_t * nzparser;
cfg_obj_t * nzconfig;
cfg_aclconfctx_t * actx;
};
/*
@ -222,7 +222,6 @@ static const struct {
const char *zone;
isc_boolean_t rfc1918;
} empty_zones[] = {
#ifdef notyet
/* RFC 1918 */
{ "10.IN-ADDR.ARPA", ISC_TRUE },
{ "16.172.IN-ADDR.ARPA", ISC_TRUE },
@ -242,7 +241,6 @@ static const struct {
{ "30.172.IN-ADDR.ARPA", ISC_TRUE },
{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
#endif
/* RFC 5735 and RFC 5737 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
@ -304,7 +302,7 @@ static void
end_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
static void
cfgctx_destroy(void **cfgp);
newzone_cfgctx_destroy(void **cfgp);
/*%
* Configure a single view ACL at '*aclp'. Get its configuration from
@ -847,18 +845,13 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
int af, dns_dispatch_t **dispatchp,
isc_boolean_t is_firstview)
{
isc_result_t result;
isc_result_t result = ISC_R_FAILURE;
dns_dispatch_t *disp;
isc_sockaddr_t sa;
unsigned int attrs, attrmask;
const cfg_obj_t *obj = NULL;
unsigned int maxdispatchbuffers;
/*
* Make compiler happy.
*/
result = ISC_R_FAILURE;
switch (af) {
case AF_INET:
result = ns_config_get(maps, "query-source", &obj);
@ -1340,7 +1333,6 @@ cache_sharable(dns_view_t *originview, dns_view_t *view,
return (ISC_TRUE);
}
#ifdef DLZ
/*
* Callback from DLZ configure when the driver sets up a writeable zone
*/
@ -1358,7 +1350,6 @@ dlzconfigure_callback(dns_view_t *view, dns_zone_t *zone) {
return ns_zone_configure_writeable_dlz(view->dlzdatabase,
zone, zclass, origin);
}
#endif
static isc_result_t
dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
@ -1554,8 +1545,7 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element) {
* global defaults in 'config' used exclusively.
*/
static isc_result_t
configure_view(dns_view_t *view, cfg_parser_t* parser,
cfg_obj_t *config, cfg_obj_t *vconfig,
configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
ns_cachelist_t *cachelist, const cfg_obj_t *bindkeys,
isc_mem_t *mctx, cfg_aclconfctx_t *actx,
isc_boolean_t need_hints)
@ -1569,11 +1559,9 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
const cfg_obj_t *forwarders;
const cfg_obj_t *alternates;
const cfg_obj_t *zonelist;
#ifdef DLZ
const cfg_obj_t *dlz;
unsigned int dlzargc;
char **dlzargv;
#endif
const cfg_obj_t *disabled;
const cfg_obj_t *obj;
const cfg_listelt_t *element;
@ -1587,7 +1575,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
isc_uint32_t lame_ttl;
dns_tsig_keyring_t *ring = NULL;
dns_view_t *pview = NULL; /* Production view */
isc_mem_t *cmctx;
isc_mem_t *cmctx = NULL, *hmctx = NULL;
dns_dispatch_t *dispatch4 = NULL;
dns_dispatch_t *dispatch6 = NULL;
isc_boolean_t reused_cache = ISC_FALSE;
@ -1612,15 +1600,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
isc_boolean_t auto_root = ISC_FALSE;
ns_cache_t *nsc;
isc_boolean_t zero_no_soattl;
cfg_parser_t *newzones_parser = NULL;
cfg_obj_t *nzfconf = NULL;
dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
unsigned int query_timeout;
struct cfg_context *nzctx;
REQUIRE(DNS_VIEW_VALID(view));
cmctx = NULL;
if (config != NULL)
(void)cfg_map_get(config, "options", &options);
@ -1651,6 +1636,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
sep = "";
viewname = "";
forview = "";
POST(forview);
}
/*
@ -1722,6 +1708,10 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
(void)cfg_map_get(voptions, "zone", &zonelist);
else
(void)cfg_map_get(config, "zone", &zonelist);
/*
* Load zone configuration
*/
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element))
@ -1731,62 +1721,32 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
actx, ISC_FALSE));
}
/*
* Are we allowing zones to be added and deleted dynamically?
*/
obj = NULL;
result = ns_config_get(maps, "allow-new-zones", &obj);
if (result == ISC_R_SUCCESS) {
isc_boolean_t allow = cfg_obj_asboolean(obj);
struct cfg_context *cfg = NULL;
if (allow) {
cfg = isc_mem_get(view->mctx, sizeof(*cfg));
if (cfg == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
memset(cfg, 0, sizeof(*cfg));
isc_mem_attach(view->mctx, &cfg->mctx);
if (config != NULL)
cfg_obj_attach(config, &cfg->config);
cfg_parser_attach(parser, &cfg->parser);
cfg_aclconfctx_clone(actx, &cfg->actx);
}
dns_view_setnewzones(view, allow, cfg, cfgctx_destroy);
}
/*
* If we're allowing added zones, then load zone configuration
* from the newzone file for zones that were added during previous
* runs.
*/
if (view->new_zone_file != NULL) {
nzctx = view->new_zone_config;
if (nzctx != NULL && nzctx->nzconfig != NULL) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"loading additional zones for view '%s'",
view->name);
CHECK(cfg_parser_create(view->mctx, ns_g_lctx,
&newzones_parser));
result = cfg_parse_file(newzones_parser, view->new_zone_file,
&cfg_type_newzones, &nzfconf);
if (result == ISC_R_SUCCESS) {
zonelist = NULL;
cfg_map_get(nzfconf, "zone", &zonelist);
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *zconfig =
cfg_listelt_value(element);
CHECK(configure_zone(config, zconfig, vconfig,
mctx, view, actx,
ISC_TRUE));
}
zonelist = NULL;
cfg_map_get(nzctx->nzconfig, "zone", &zonelist);
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *zconfig = cfg_listelt_value(element);
CHECK(configure_zone(config, zconfig, vconfig,
mctx, view, actx,
ISC_TRUE));
}
}
#ifdef DLZ
/*
* Create Dynamically Loadable Zone driver.
*/
@ -1831,7 +1791,6 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
goto cleanup;
}
}
#endif
/*
* Obtain configuration parameters that affect the decision of whether
@ -2103,13 +2062,21 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
* view but is not yet configured. If it is not the
* view name but not a forward reference either, then it
* is simply a named cache that is not shared.
*
* We use two separate memory contexts for the
* cache, for the main cache memory and the heap
* memory.
*/
CHECK(isc_mem_create(0, 0, &cmctx));
isc_mem_setname(cmctx, "cache", NULL);
CHECK(dns_cache_create2(cmctx, ns_g_taskmgr,
CHECK(isc_mem_create(0, 0, &hmctx));
isc_mem_setname(hmctx, "cache_heap", NULL);
CHECK(dns_cache_create3(cmctx, hmctx, ns_g_taskmgr,
ns_g_timermgr, view->rdclass,
cachename, "rbt", 0, NULL,
&cache));
isc_mem_detach(&cmctx);
isc_mem_detach(&hmctx);
}
nsc = isc_mem_get(mctx, sizeof(*nsc));
if (nsc == NULL) {
@ -2910,8 +2877,8 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
if (result == ISC_R_SUCCESS)
cfg_map_get(obj, "zone", &zonelist);
}
if (zonelist != NULL) {
if (zonelist != NULL) {
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element)) {
@ -2947,16 +2914,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
dns_order_detach(&order);
if (cmctx != NULL)
isc_mem_detach(&cmctx);
if (hmctx != NULL)
isc_mem_detach(&hmctx);
if (cache != NULL)
dns_cache_detach(&cache);
if (newzones_parser != NULL) {
if (nzfconf != NULL)
cfg_obj_destroy(newzones_parser, &nzfconf);
cfg_parser_destroy(&newzones_parser);
}
return (result);
}
@ -3161,21 +3124,16 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
return (result);
}
/*
* Create a new view and add it to the list.
*
* If 'vconfig' is NULL, create the default view.
*
* The view created is attached to '*viewp'.
*/
static isc_result_t
create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
dns_view_t **viewp)
get_viewinfo(const cfg_obj_t *vconfig, const char **namep,
dns_rdataclass_t *classp)
{
isc_result_t result;
isc_result_t result = ISC_R_SUCCESS;
const char *viewname;
dns_rdataclass_t viewclass;
dns_view_t *view = NULL;
REQUIRE(namep != NULL && *namep == NULL);
REQUIRE(classp != NULL);
if (vconfig != NULL) {
const cfg_obj_t *classobj = NULL;
@ -3188,6 +3146,59 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
viewname = "_default";
viewclass = dns_rdataclass_in;
}
*namep = viewname;
*classp = viewclass;
return (result);
}
/*
* Find a view based on its configuration info and attach to it.
*
* If 'vconfig' is NULL, attach to the default view.
*/
static isc_result_t
find_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
dns_view_t **viewp)
{
isc_result_t result;
const char *viewname = NULL;
dns_rdataclass_t viewclass;
dns_view_t *view = NULL;
result = get_viewinfo(vconfig, &viewname, &viewclass);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
if (result != ISC_R_SUCCESS)
return (result);
*viewp = view;
return (ISC_R_SUCCESS);
}
/*
* Create a new view and add it to the list.
*
* If 'vconfig' is NULL, create the default view.
*
* The view created is attached to '*viewp'.
*/
static isc_result_t
create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
dns_view_t **viewp)
{
isc_result_t result;
const char *viewname = NULL;
dns_rdataclass_t viewclass;
dns_view_t *view = NULL;
result = get_viewinfo(vconfig, &viewname, &viewclass);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
if (result == ISC_R_SUCCESS)
return (ISC_R_EXISTS);
@ -4145,11 +4156,99 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
return (result);
}
static isc_result_t
setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
cfg_parser_t *parser, cfg_aclconfctx_t *actx)
{
isc_result_t result = ISC_R_SUCCESS;
isc_boolean_t allow = ISC_FALSE;
struct cfg_context *nzcfg = NULL;
cfg_parser_t *nzparser = NULL;
cfg_obj_t *nzconfig = NULL;
const cfg_obj_t *maps[4];
const cfg_obj_t *options = NULL, *voptions = NULL;
const cfg_obj_t *nz = NULL;
int i = 0;
REQUIRE (config != NULL);
if (vconfig != NULL)
voptions = cfg_tuple_get(vconfig, "options");
if (voptions != NULL)
maps[i++] = voptions;
result = cfg_map_get(config, "options", &options);
if (result == ISC_R_SUCCESS)
maps[i++] = options;
maps[i++] = ns_g_defaults;
maps[i] = NULL;
result = ns_config_get(maps, "allow-new-zones", &nz);
if (result == ISC_R_SUCCESS)
allow = cfg_obj_asboolean(nz);
if (!allow) {
dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
return (ISC_R_SUCCESS);
}
nzcfg = isc_mem_get(view->mctx, sizeof(*nzcfg));
if (nzcfg == NULL) {
dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
return (ISC_R_NOMEMORY);
}
dns_view_setnewzones(view, allow, nzcfg, newzone_cfgctx_destroy);
memset(nzcfg, 0, sizeof(*nzcfg));
isc_mem_attach(view->mctx, &nzcfg->mctx);
cfg_obj_attach(config, &nzcfg->config);
cfg_parser_attach(parser, &nzcfg->parser);
cfg_aclconfctx_attach(actx, &nzcfg->actx);
/*
* Attempt to create a parser and parse the newzones
* file. If successful, preserve both; otherwise leave
* them NULL.
*/
result = cfg_parser_create(view->mctx, ns_g_lctx, &nzparser);
if (result == ISC_R_SUCCESS)
result = cfg_parse_file(nzparser, view->new_zone_file,
&cfg_type_newzones, &nzconfig);
if (result == ISC_R_SUCCESS) {
cfg_parser_attach(nzparser, &nzcfg->nzparser);
cfg_obj_attach(nzconfig, &nzcfg->nzconfig);
}
if (nzparser != NULL) {
if (nzconfig != NULL)
cfg_obj_destroy(nzparser, &nzconfig);
cfg_parser_destroy(&nzparser);
}
return (ISC_R_SUCCESS);
}
static int
count_zones(const cfg_obj_t *conf) {
const cfg_obj_t *zonelist = NULL;
const cfg_listelt_t *element;
int n = 0;
REQUIRE(conf != NULL);
cfg_map_get(conf, "zone", &zonelist);
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element))
n++;
return (n);
}
static isc_result_t
load_configuration(const char *filename, ns_server_t *server,
isc_boolean_t first_time)
{
cfg_aclconfctx_t aclconfctx;
cfg_obj_t *config = NULL, *bindkeys = NULL;
cfg_parser_t *conf_parser = NULL, *bindkeys_parser = NULL;
const cfg_listelt_t *element;
@ -4177,8 +4276,9 @@ load_configuration(const char *filename, ns_server_t *server,
ns_cachelist_t cachelist, tmpcachelist;
unsigned int maxsocks;
ns_cache_t *nsc;
struct cfg_context *nzctx;
int num_zones = 0;
cfg_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(builtin_viewlist);
ISC_LIST_INIT(cachelist);
@ -4187,6 +4287,11 @@ load_configuration(const char *filename, ns_server_t *server,
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Create the ACL configuration context */
if (ns_g_aclconfctx != NULL)
cfg_aclconfctx_detach(&ns_g_aclconfctx);
CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
/*
* Parse the global default pseudo-config file.
*/
@ -4250,7 +4355,7 @@ load_configuration(const char *filename, ns_server_t *server,
if (result == ISC_R_SUCCESS)
maps[i++] = options;
maps[i++] = ns_g_defaults;
maps[i++] = NULL;
maps[i] = NULL;
/*
* If bind.keys exists, load it. If "dnssec-lookaside auto"
@ -4337,8 +4442,9 @@ load_configuration(const char *filename, ns_server_t *server,
else
isc_quota_soft(&server->recursionquota, 0);
CHECK(configure_view_acl(NULL, config, "blackhole", NULL, &aclconfctx,
ns_g_mctx, &server->blackholeacl));
CHECK(configure_view_acl(NULL, config, "blackhole", NULL,
ns_g_aclconfctx, ns_g_mctx,
&server->blackholeacl));
if (server->blackholeacl != NULL)
dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
server->blackholeacl);
@ -4348,7 +4454,7 @@ load_configuration(const char *filename, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx),
CHECKM(ns_statschannels_configure(ns_g_server, config, ns_g_aclconfctx),
"configuring statistics server(s)");
/*
@ -4476,11 +4582,10 @@ load_configuration(const char *filename, ns_server_t *server,
if (options != NULL)
(void)cfg_map_get(options, "listen-on", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
/* check return code? */
(void)ns_listenlist_fromconfig(clistenon, config,
ns_g_aclconfctx,
ns_g_mctx, &listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
@ -4504,11 +4609,10 @@ load_configuration(const char *filename, ns_server_t *server,
if (options != NULL)
(void)cfg_map_get(options, "listen-on-v6", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
/* check return code? */
(void)ns_listenlist_fromconfig(clistenon, config,
ns_g_aclconfctx,
ns_g_mctx, &listenon);
} else if (!ns_g_lwresdonly) {
isc_boolean_t enable;
/*
@ -4601,25 +4705,87 @@ load_configuration(const char *filename, ns_server_t *server,
*/
(void)configure_session_key(maps, server, ns_g_mctx);
/*
* Configure and freeze all explicit views. Explicit
* views that have zones were already created at parsing
* time, but views with no zones must be created here.
*/
views = NULL;
(void)cfg_map_get(config, "view", &views);
/*
* Create the views and count all the configured zones in
* order to correctly size the zone manager's task table.
* (We only count zones for configured views; the built-in
* "bind" view can be ignored as it only adds a negligible
* number of zones.)
*
* If we're allowing new zones, we need to be able to find the
* new zone file and count those as well. So we setup the new
* zone configuration context, but otherwise view configuration
* waits until after the zone manager's task list has been sized.
*/
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *vconfig = cfg_listelt_value(element);
const cfg_obj_t *voptions = cfg_tuple_get(vconfig, "options");
view = NULL;
CHECK(create_view(vconfig, &viewlist, &view));
INSIST(view != NULL);
CHECK(configure_view(view, conf_parser, config, vconfig,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_TRUE));
num_zones += count_zones(voptions);
CHECK(setup_newzones(view, config, vconfig, conf_parser,
ns_g_aclconfctx));
nzctx = view->new_zone_config;
if (nzctx != NULL && nzctx->nzconfig != NULL)
num_zones += count_zones(nzctx->nzconfig);
dns_view_detach(&view);
}
/*
* If there were no explicit views then we do the default
* view here.
*/
if (views == NULL) {
CHECK(create_view(NULL, &viewlist, &view));
INSIST(view != NULL);
num_zones = count_zones(config);
CHECK(setup_newzones(view, config, NULL, conf_parser,
ns_g_aclconfctx));
nzctx = view->new_zone_config;
if (nzctx != NULL && nzctx->nzconfig != NULL)
num_zones += count_zones(nzctx->nzconfig);
dns_view_detach(&view);
}
/*
* Zones have been counted; set the zone manager task pool size.
*/
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"sizing zone task pool based on %d zones", num_zones);
CHECK(dns_zonemgr_setsize(ns_g_server->zonemgr, num_zones));
/*
* Configure and freeze all explicit views. Explicit
* views that have zones were already created at parsing
* time, but views with no zones must be created here.
*/
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *vconfig = cfg_listelt_value(element);
view = NULL;
CHECK(find_view(vconfig, &viewlist, &view));
CHECK(configure_view(view, config, vconfig,
&cachelist, bindkeys, ns_g_mctx,
ns_g_aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
@ -4629,16 +4795,11 @@ load_configuration(const char *filename, ns_server_t *server,
* were no explicit views.
*/
if (views == NULL) {
/*
* No explicit views; there ought to be a default view.
* There may already be one created as a side effect
* of zone statements, or we may have to create one.
* In either case, we need to configure and freeze it.
*/
CHECK(create_view(NULL, &viewlist, &view));
CHECK(configure_view(view, conf_parser, config, NULL,
view = NULL;
CHECK(find_view(NULL, &viewlist, &view));
CHECK(configure_view(view, config, NULL,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_TRUE));
ns_g_mctx, ns_g_aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
@ -4656,9 +4817,9 @@ load_configuration(const char *filename, ns_server_t *server,
cfg_obj_t *vconfig = cfg_listelt_value(element);
CHECK(create_view(vconfig, &builtin_viewlist, &view));
CHECK(configure_view(view, conf_parser, config, vconfig,
CHECK(configure_view(view, config, vconfig,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_FALSE));
ns_g_mctx, ns_g_aclconfctx, ISC_FALSE));
dns_view_freeze(view);
dns_view_detach(&view);
view = NULL;
@ -4699,7 +4860,7 @@ load_configuration(const char *filename, ns_server_t *server,
* Bind the control port(s).
*/
CHECKM(ns_controls_configure(ns_g_server->controls, config,
&aclconfctx),
ns_g_aclconfctx),
"binding control channel(s)");
/*
@ -4941,8 +5102,6 @@ load_configuration(const char *filename, ns_server_t *server,
if (v6portset != NULL)
isc_portset_destroy(ns_g_mctx, &v6portset);
cfg_aclconfctx_clear(&aclconfctx);
if (conf_parser != NULL) {
if (config != NULL)
cfg_obj_destroy(conf_parser, &config);
@ -5149,6 +5308,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
end_reserved_dispatches(server, ISC_TRUE);
cleanup_session_key(server, server->mctx);
if (ns_g_aclconfctx != NULL)
cfg_aclconfctx_detach(&ns_g_aclconfctx);
cfg_obj_destroy(ns_g_parser, &ns_g_config);
cfg_parser_destroy(&ns_g_parser);
@ -5200,8 +5362,8 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
void
ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
isc_result_t result;
ns_server_t *server = isc_mem_get(mctx, sizeof(*server));
if (server == NULL)
fatal("allocating server object", ISC_R_NOMEMORY);
@ -5274,6 +5436,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr,
ns_g_socketmgr, &server->zonemgr),
"dns_zonemgr_create");
CHECKFATAL(dns_zonemgr_setsize(server->zonemgr, 1000),
"dns_zonemgr_setsize");
server->statsfile = isc_mem_strdup(server->mctx, "named.stats");
CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
@ -5383,7 +5547,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->server_id != NULL)
isc_mem_free(server->mctx, server->server_id);
dns_zonemgr_detach(&server->zonemgr);
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@ -5947,7 +6112,6 @@ ns_server_dumpstats(ns_server_t *server) {
"could not open statistics dump file", server->statsfile);
result = ns_stats_dump(server, fp);
CHECK(result);
cleanup:
if (fp != NULL)
@ -6135,6 +6299,7 @@ dumpdone(void *arg, isc_result_t result) {
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
result = ISC_R_SUCCESS;
POST(result);
goto nextzone;
}
if (result != ISC_R_SUCCESS)
@ -6260,28 +6425,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
fprintf(fp, "%s\n", tbuf);
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
if (secroots != NULL)
dns_keytable_detach(&secroots);
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
do {
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
if (secroots != NULL)
dns_keytable_detach(&secroots);
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
}
fprintf(fp, "\n Start view %s\n\n", view->name);
result = dns_keytable_dump(secroots, fp);
if (result != ISC_R_SUCCESS)
fprintf(fp, " dumpsecroots failed: %s\n",
isc_result_totext(result));
}
fprintf(fp, "\n Start view %s\n\n", view->name);
CHECK(dns_keytable_dump(secroots, fp));
}
if (ptr != NULL) {
ptr = next_token(&args, " \t");
if (ptr != NULL)
goto nextview;
}
ptr = next_token(&args, " \t");
} while (ptr != NULL);
cleanup:
if (secroots != NULL)
@ -7188,7 +7354,7 @@ ns_server_add_zone(ns_server_t *server, char *args) {
/* Mark view unfrozen so that zone can be added */
dns_view_thaw(view);
result = configure_zone(cfg->config, parms, vconfig,
server->mctx, view, &cfg->actx, ISC_FALSE);
server->mctx, view, cfg->actx, ISC_FALSE);
dns_view_freeze(view);
if (result != ISC_R_SUCCESS) {
goto cleanup;
@ -7437,23 +7603,27 @@ ns_server_del_zone(ns_server_t *server, char *args) {
}
static void
cfgctx_destroy(void **cfgp) {
newzone_cfgctx_destroy(void **cfgp) {
struct cfg_context *cfg;
isc_mem_t *mctx;
REQUIRE(cfgp != NULL && *cfgp != NULL);
cfg = *cfgp;
mctx = cfg->mctx;
cfg->mctx = NULL;
if (cfg->actx != NULL)
cfg_aclconfctx_detach(&cfg->actx);
if (cfg->parser != NULL) {
if (cfg->config != NULL)
cfg_obj_destroy(cfg->parser, &cfg->config);
cfg_parser_destroy(&cfg->parser);
}
cfg_aclconfctx_clear(&cfg->actx);
if (cfg->nzparser != NULL) {
if (cfg->nzconfig != NULL)
cfg_obj_destroy(cfg->nzparser, &cfg->nzconfig);
cfg_parser_destroy(&cfg->nzparser);
}
isc_mem_put(mctx, cfg, sizeof(*cfg));
isc_mem_detach(&mctx);
isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg));
*cfgp = NULL;
}

6
contrib/bind9/bin/named/statschannel.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: statschannel.c,v 1.26 2010-02-04 23:49:13 tbox Exp $ */
/* $Id: statschannel.c,v 1.26.150.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@ -638,7 +638,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
static void
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
FILE *fp = arg;
FILE *fp;
isc_buffer_t b;
char codebuf[64];
stats_dumparg_t *dumparg = arg;

9
contrib/bind9/bin/named/unix/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1999-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.13 2009-12-05 23:31:40 each Exp $
# $Id: Makefile.in,v 1.13.244.2 2011-03-10 23:47:26 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -22,14 +22,15 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${DNS_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
OBJS = os.@O@
OBJS = os.@O@ dlz_dlopen_driver.@O@
SRCS = os.c
SRCS = os.c dlz_dlopen_driver.c
TARGETS = ${OBJS}

616
contrib/bind9/bin/named/unix/dlz_dlopen_driver.c Normal file
View File

@ -0,0 +1,616 @@
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dlz_dlopen_driver.c,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <dns/log.h>
#include <dns/result.h>
#include <dns/dlz_dlopen.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/result.h>
#include <isc/util.h>
#include <named/globals.h>
#include <dlz/dlz_dlopen_driver.h>
#ifdef ISC_DLZ_DLOPEN
static dns_sdlzimplementation_t *dlz_dlopen = NULL;
typedef struct dlopen_data {
isc_mem_t *mctx;
char *dl_path;
char *dlzname;
void *dl_handle;
void *dbdata;
unsigned int flags;
isc_mutex_t lock;
int version;
isc_boolean_t in_configure;
dlz_dlopen_version_t *dlz_version;
dlz_dlopen_create_t *dlz_create;
dlz_dlopen_findzonedb_t *dlz_findzonedb;
dlz_dlopen_lookup_t *dlz_lookup;
dlz_dlopen_authority_t *dlz_authority;
dlz_dlopen_allnodes_t *dlz_allnodes;
dlz_dlopen_allowzonexfr_t *dlz_allowzonexfr;
dlz_dlopen_newversion_t *dlz_newversion;
dlz_dlopen_closeversion_t *dlz_closeversion;
dlz_dlopen_configure_t *dlz_configure;
dlz_dlopen_ssumatch_t *dlz_ssumatch;
dlz_dlopen_addrdataset_t *dlz_addrdataset;
dlz_dlopen_subrdataset_t *dlz_subrdataset;
dlz_dlopen_delrdataset_t *dlz_delrdataset;
dlz_dlopen_destroy_t *dlz_destroy;
} dlopen_data_t;
/* Modules can choose whether they are lock-safe or not. */
#define MAYBE_LOCK(cd) \
do { \
if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \
cd->in_configure == ISC_FALSE) \
LOCK(&cd->lock); \
} while (0)
#define MAYBE_UNLOCK(cd) \
do { \
if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \
cd->in_configure == ISC_FALSE) \
UNLOCK(&cd->lock); \
} while (0)
/*
* Log a message at the given level.
*/
static void dlopen_log(int level, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
isc_log_vwrite(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(level),
fmt, ap);
va_end(ap);
}
/*
* SDLZ methods
*/
static isc_result_t
dlopen_dlz_allnodes(const char *zone, void *driverarg, void *dbdata,
dns_sdlzallnodes_t *allnodes)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_allnodes == NULL) {
return (ISC_R_NOPERM);
}
MAYBE_LOCK(cd);
result = cd->dlz_allnodes(zone, cd->dbdata, allnodes);
MAYBE_UNLOCK(cd);
return (result);
}
static isc_result_t
dlopen_dlz_allowzonexfr(void *driverarg, void *dbdata, const char *name,
const char *client)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_allowzonexfr == NULL) {
return (ISC_R_NOPERM);
}
MAYBE_LOCK(cd);
result = cd->dlz_allowzonexfr(cd->dbdata, name, client);
MAYBE_UNLOCK(cd);
return (result);
}
static isc_result_t
dlopen_dlz_authority(const char *zone, void *driverarg, void *dbdata,
dns_sdlzlookup_t *lookup)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_authority == NULL) {
return (ISC_R_NOTIMPLEMENTED);
}
MAYBE_LOCK(cd);
result = cd->dlz_authority(zone, cd->dbdata, lookup);
MAYBE_UNLOCK(cd);
return (result);
}
static isc_result_t
dlopen_dlz_findzonedb(void *driverarg, void *dbdata, const char *name)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
MAYBE_LOCK(cd);
result = cd->dlz_findzonedb(cd->dbdata, name);
MAYBE_UNLOCK(cd);
return (result);
}
static isc_result_t
dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
void *dbdata, dns_sdlzlookup_t *lookup)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
MAYBE_LOCK(cd);
result = cd->dlz_lookup(zone, name, cd->dbdata, lookup);
MAYBE_UNLOCK(cd);
return (result);
}
/*
* Load a symbol from the library
*/
static void *
dl_load_symbol(dlopen_data_t *cd, const char *symbol, isc_boolean_t mandatory) {
void *ptr = dlsym(cd->dl_handle, symbol);
if (ptr == NULL && mandatory) {
dlopen_log(ISC_LOG_ERROR,
"dlz_dlopen: library '%s' is missing "
"required symbol '%s'", cd->dl_path, symbol);
}
return (ptr);
}
/*
* Called at startup for each dlopen zone in named.conf
*/
static isc_result_t
dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
void *driverarg, void **dbdata)
{
dlopen_data_t *cd;
isc_mem_t *mctx = NULL;
isc_result_t result = ISC_R_FAILURE;
int dlopen_flags = 0;
UNUSED(driverarg);
if (argc < 2) {
dlopen_log(ISC_LOG_ERROR,
"dlz_dlopen driver for '%s' needs a path to "
"the shared library", dlzname);
return (ISC_R_FAILURE);
}
isc_mem_create(0, 0, &mctx);
cd = isc_mem_get(mctx, sizeof(*cd));
if (cd == NULL) {
isc_mem_destroy(&mctx);
return (ISC_R_NOMEMORY);
}
memset(cd, 0, sizeof(*cd));
cd->mctx = mctx;
cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]);
if (cd->dl_path == NULL) {
goto failed;
}
cd->dlzname = isc_mem_strdup(cd->mctx, dlzname);
if (cd->dlzname == NULL) {
goto failed;
}
/* Initialize the lock */
isc_mutex_init(&cd->lock);
/* Open the library */
dlopen_flags = RTLD_NOW;
#ifdef RTLD_DEEPBIND
/*
* If RTLD_DEEPBIND is available then use it. This can avoid
* issues with a module using a different version of a system
* library than one that bind9 uses. For example, bind9 may link
* to MIT kerberos, but the module may use Heimdal. If we don't
* use RTLD_DEEPBIND then we could end up with Heimdal functions
* calling MIT functions, which leads to bizarre results (usually
* a segfault).
*/
dlopen_flags |= RTLD_DEEPBIND;
#endif
cd->dl_handle = dlopen(cd->dl_path, dlopen_flags);
if (cd->dl_handle == NULL) {
dlopen_log(ISC_LOG_ERROR,
"dlz_dlopen failed to open library '%s' - %s",
cd->dl_path, dlerror());
goto failed;
}
/* Find the symbols */
cd->dlz_version = (dlz_dlopen_version_t *)
dl_load_symbol(cd, "dlz_version", ISC_TRUE);
cd->dlz_create = (dlz_dlopen_create_t *)
dl_load_symbol(cd, "dlz_create", ISC_TRUE);
cd->dlz_lookup = (dlz_dlopen_lookup_t *)
dl_load_symbol(cd, "dlz_lookup", ISC_TRUE);
cd->dlz_findzonedb = (dlz_dlopen_findzonedb_t *)
dl_load_symbol(cd, "dlz_findzonedb", ISC_TRUE);
if (cd->dlz_create == NULL ||
cd->dlz_lookup == NULL ||
cd->dlz_findzonedb == NULL)
{
/* We're missing a required symbol */
goto failed;
}
cd->dlz_allowzonexfr = (dlz_dlopen_allowzonexfr_t *)
dl_load_symbol(cd, "dlz_allowzonexfr", ISC_FALSE);
cd->dlz_allnodes = (dlz_dlopen_allnodes_t *)
dl_load_symbol(cd, "dlz_allnodes",
ISC_TF(cd->dlz_allowzonexfr != NULL));
cd->dlz_authority = (dlz_dlopen_authority_t *)
dl_load_symbol(cd, "dlz_authority", ISC_FALSE);
cd->dlz_newversion = (dlz_dlopen_newversion_t *)
dl_load_symbol(cd, "dlz_newversion", ISC_FALSE);
cd->dlz_closeversion = (dlz_dlopen_closeversion_t *)
dl_load_symbol(cd, "dlz_closeversion",
ISC_TF(cd->dlz_newversion != NULL));
cd->dlz_configure = (dlz_dlopen_configure_t *)
dl_load_symbol(cd, "dlz_configure", ISC_FALSE);
cd->dlz_ssumatch = (dlz_dlopen_ssumatch_t *)
dl_load_symbol(cd, "dlz_ssumatch", ISC_FALSE);
cd->dlz_addrdataset = (dlz_dlopen_addrdataset_t *)
dl_load_symbol(cd, "dlz_addrdataset", ISC_FALSE);
cd->dlz_subrdataset = (dlz_dlopen_subrdataset_t *)
dl_load_symbol(cd, "dlz_subrdataset", ISC_FALSE);
cd->dlz_delrdataset = (dlz_dlopen_delrdataset_t *)
dl_load_symbol(cd, "dlz_delrdataset", ISC_FALSE);
/* Check the version of the API is the same */
cd->version = cd->dlz_version(&cd->flags);
if (cd->version != DLZ_DLOPEN_VERSION) {
dlopen_log(ISC_LOG_ERROR,
"dlz_dlopen: incorrect version %d "
"should be %d in '%s'",
cd->version, DLZ_DLOPEN_VERSION, cd->dl_path);
goto failed;
}
/*
* Call the library's create function. Note that this is an
* extended version of dlz create, with the addition of
* named function pointers for helper functions that the
* driver will need. This avoids the need for the backend to
* link the BIND9 libraries
*/
MAYBE_LOCK(cd);
result = cd->dlz_create(dlzname, argc-1, argv+1,
&cd->dbdata,
"log", dlopen_log,
"putrr", dns_sdlz_putrr,
"putnamedrr", dns_sdlz_putnamedrr,
"writeable_zone", dns_dlz_writeablezone,
NULL);
MAYBE_UNLOCK(cd);
if (result != ISC_R_SUCCESS)
goto failed;
*dbdata = cd;
return (ISC_R_SUCCESS);
failed:
dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname);
if (cd->dl_path)
isc_mem_free(mctx, cd->dl_path);
if (cd->dlzname)
isc_mem_free(mctx, cd->dlzname);
if (dlopen_flags)
(void) isc_mutex_destroy(&cd->lock);
#ifdef HAVE_DLCLOSE
if (cd->dl_handle)
dlclose(cd->dl_handle);
#endif
isc_mem_put(mctx, cd, sizeof(*cd));
isc_mem_destroy(&mctx);
return (result);
}
/*
* Called when bind is shutting down
*/
static void
dlopen_dlz_destroy(void *driverarg, void *dbdata) {
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_mem_t *mctx;
UNUSED(driverarg);
if (cd->dlz_destroy) {
MAYBE_LOCK(cd);
cd->dlz_destroy(cd->dbdata);
MAYBE_UNLOCK(cd);
}
if (cd->dl_path)
isc_mem_free(cd->mctx, cd->dl_path);
if (cd->dlzname)
isc_mem_free(cd->mctx, cd->dlzname);
#ifdef HAVE_DLCLOSE
if (cd->dl_handle)
dlclose(cd->dl_handle);
#endif
(void) isc_mutex_destroy(&cd->lock);
mctx = cd->mctx;
isc_mem_put(mctx, cd, sizeof(*cd));
isc_mem_destroy(&mctx);
}
/*
* Called to start a transaction
*/
static isc_result_t
dlopen_dlz_newversion(const char *zone, void *driverarg, void *dbdata,
void **versionp)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_newversion == NULL)
return (ISC_R_NOTIMPLEMENTED);
MAYBE_LOCK(cd);
result = cd->dlz_newversion(zone, cd->dbdata, versionp);
MAYBE_UNLOCK(cd);
return (result);
}
/*
* Called to end a transaction
*/
static void
dlopen_dlz_closeversion(const char *zone, isc_boolean_t commit,
void *driverarg, void *dbdata, void **versionp)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
UNUSED(driverarg);
if (cd->dlz_newversion == NULL) {
*versionp = NULL;
return;
}
MAYBE_LOCK(cd);
cd->dlz_closeversion(zone, commit, cd->dbdata, versionp);
MAYBE_UNLOCK(cd);
}
/*
* Called on startup to configure any writeable zones
*/
static isc_result_t
dlopen_dlz_configure(dns_view_t *view, void *driverarg, void *dbdata) {
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_configure == NULL)
return (ISC_R_SUCCESS);
MAYBE_LOCK(cd);
cd->in_configure = ISC_TRUE;
result = cd->dlz_configure(view, cd->dbdata);
cd->in_configure = ISC_FALSE;
MAYBE_UNLOCK(cd);
return (result);
}
/*
* Check for authority to change a name
*/
static isc_boolean_t
dlopen_dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
const char *type, const char *key, isc_uint32_t keydatalen,
unsigned char *keydata, void *driverarg, void *dbdata)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_boolean_t ret;
UNUSED(driverarg);
if (cd->dlz_ssumatch == NULL)
return (ISC_FALSE);
MAYBE_LOCK(cd);
ret = cd->dlz_ssumatch(signer, name, tcpaddr, type, key, keydatalen,
keydata, cd->dbdata);
MAYBE_UNLOCK(cd);
return (ret);
}
/*
* Add an rdataset
*/
static isc_result_t
dlopen_dlz_addrdataset(const char *name, const char *rdatastr,
void *driverarg, void *dbdata, void *version)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_addrdataset == NULL)
return (ISC_R_NOTIMPLEMENTED);
MAYBE_LOCK(cd);
result = cd->dlz_addrdataset(name, rdatastr, cd->dbdata, version);
MAYBE_UNLOCK(cd);
return (result);
}
/*
* Subtract an rdataset
*/
static isc_result_t
dlopen_dlz_subrdataset(const char *name, const char *rdatastr,
void *driverarg, void *dbdata, void *version)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_subrdataset == NULL)
return (ISC_R_NOTIMPLEMENTED);
MAYBE_LOCK(cd);
result = cd->dlz_subrdataset(name, rdatastr, cd->dbdata, version);
MAYBE_UNLOCK(cd);
return (result);
}
/*
delete a rdataset
*/
static isc_result_t
dlopen_dlz_delrdataset(const char *name, const char *type,
void *driverarg, void *dbdata, void *version)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
UNUSED(driverarg);
if (cd->dlz_delrdataset == NULL)
return (ISC_R_NOTIMPLEMENTED);
MAYBE_LOCK(cd);
result = cd->dlz_delrdataset(name, type, cd->dbdata, version);
MAYBE_UNLOCK(cd);
return (result);
}
static dns_sdlzmethods_t dlz_dlopen_methods = {
dlopen_dlz_create,
dlopen_dlz_destroy,
dlopen_dlz_findzonedb,
dlopen_dlz_lookup,
dlopen_dlz_authority,
dlopen_dlz_allnodes,
dlopen_dlz_allowzonexfr,
dlopen_dlz_newversion,
dlopen_dlz_closeversion,
dlopen_dlz_configure,
dlopen_dlz_ssumatch,
dlopen_dlz_addrdataset,
dlopen_dlz_subrdataset,
dlopen_dlz_delrdataset
};
#endif
/*
* Register driver with BIND
*/
isc_result_t
dlz_dlopen_init(isc_mem_t *mctx) {
#ifndef ISC_DLZ_DLOPEN
UNUSED(mctx);
return (ISC_R_NOTIMPLEMENTED);
#else
isc_result_t result;
dlopen_log(2, "Registering DLZ_dlopen driver");
result = dns_sdlzregister("dlopen", &dlz_dlopen_methods, NULL,
DNS_SDLZFLAG_RELATIVEOWNER |
DNS_SDLZFLAG_THREADSAFE,
mctx, &dlz_dlopen);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"dns_sdlzregister() failed: %s",
isc_result_totext(result));
result = ISC_R_UNEXPECTED;
}
return (result);
#endif
}
/*
* Unregister the driver
*/
void
dlz_dlopen_clear(void) {
#ifdef ISC_DLZ_DLOPEN
dlopen_log(2, "Unregistering DLZ_dlopen driver");
if (dlz_dlopen != NULL)
dns_sdlzunregister(&dlz_dlopen);
#endif
}

11
contrib/bind9/bin/named/unix/os.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: os.c,v 1.104 2010-11-17 23:47:08 tbox Exp $ */
/* $Id: os.c,v 1.104.38.3 2011-03-02 00:04:01 marka Exp $ */
/*! \file */
@ -790,6 +790,9 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) {
free(f);
if (switch_user && runas_pw != NULL) {
#ifndef HAVE_LINUXTHREADS
gid_t oldgid = getgid();
#endif
/* Set UID/GID to the one we'll be running with eventually */
setperms(runas_pw->pw_uid, runas_pw->pw_gid);
@ -797,7 +800,7 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) {
#ifndef HAVE_LINUXTHREADS
/* Restore UID/GID to root */
setperms(0, 0);
setperms(0, oldgid);
#endif /* HAVE_LINUXTHREADS */
if (fd == -1) {
@ -950,7 +953,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
isc_buffer_availablelength(text),
"pid: %ld", (long)pid);
/* Only send a message if it is complete. */
if (n < isc_buffer_availablelength(text))
if (n > 0 && n < isc_buffer_availablelength(text))
isc_buffer_add(text, n);
}

9
contrib/bind9/bin/named/update.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.186.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
/* $Id: update.c,v 1.186.16.5 2011-03-25 23:53:52 each Exp $ */
#include <config.h>
@ -1692,7 +1692,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
{
isc_result_t result;
dns_dbiterator_t *dbit = NULL;
isc_boolean_t has_nsec;
isc_boolean_t has_nsec = ISC_FALSE;
unsigned int wraps = 0;
isc_boolean_t secure = dns_db_issecure(db);
@ -2395,7 +2395,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
name, diff));
}
CHECK(add_exposed_sigs(client, zone, db, newver, name,
cut, diff, zone_keys, nkeys,
cut, &sig_diff, zone_keys, nkeys,
inception, expire, check_ksk,
keyset_kskonly));
}
@ -2554,7 +2554,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
privatetype, &nsec_diff));
} else {
CHECK(add_exposed_sigs(client, zone, db, newver, name,
cut, diff, zone_keys, nkeys,
cut, &sig_diff, zone_keys, nkeys,
inception, expire, check_ksk,
keyset_kskonly));
CHECK(dns_nsec3_addnsec3sx(db, newver, name, nsecttl,
@ -3734,7 +3734,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
* Check Requestor's Permissions. It seems a bit silly to do this
* only after prerequisite testing, but that is what RFC2136 says.
*/
result = ISC_R_SUCCESS;
if (ssutable == NULL)
CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
"update", zonename, ISC_FALSE, ISC_FALSE));

52
contrib/bind9/bin/named/xfrout.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: xfrout.c,v 1.139 2010-12-18 01:56:19 each Exp $ */
/* $Id: xfrout.c,v 1.139.16.3 2011-07-28 04:30:54 marka Exp $ */
#include <config.h>
@ -28,9 +28,7 @@
#include <dns/db.h>
#include <dns/dbiterator.h>
#ifdef DLZ
#include <dns/dlz.h>
#endif
#include <dns/fixedname.h>
#include <dns/journal.h>
#include <dns/message.h>
@ -752,9 +750,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
char keyname[DNS_NAME_FORMATSIZE];
isc_boolean_t is_poll = ISC_FALSE;
#ifdef DLZ
isc_boolean_t is_dlz = ISC_FALSE;
#endif
switch (reqtype) {
case dns_rdatatype_axfr:
@ -806,9 +802,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
&zone);
if (result != ISC_R_SUCCESS)
#ifdef DLZ
{
if (result != ISC_R_SUCCESS) {
/*
* Normal zone table does not have a match.
* Try the DLZ database
@ -836,10 +830,8 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
goto failure;
}
if (result != ISC_R_SUCCESS)
#endif
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
#ifdef DLZ
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
is_dlz = ISC_TRUE;
/*
* DLZ only support full zone transfer, not incremental
@ -859,7 +851,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
}
} else {
/* zone table has a match */
#endif
switch(dns_zone_gettype(zone)) {
case dns_zone_master:
case dns_zone_slave:
@ -870,9 +861,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
}
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &ver);
#ifdef DLZ
}
#endif
xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
"%s question section OK", mnemonic);
@ -926,22 +915,15 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
"%s authority section OK", mnemonic);
/*
* Decide whether to allow this transfer.
*/
#ifdef DLZ
/*
* if not a DLZ zone decide whether to allow this transfer.
* If not a DLZ zone, decide whether to allow this transfer.
*/
if (!is_dlz) {
#endif
ns_client_aclmsg("zone transfer", question_name, reqtype,
client->view->rdclass, msg, sizeof(msg));
CHECK(ns_client_checkacl(client, NULL, msg,
dns_zone_getxfracl(zone),
ISC_TRUE, ISC_LOG_ERROR));
#ifdef DLZ
}
#endif
/*
* AXFR over UDP is not possible.
@ -965,10 +947,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
/*
* Get a dynamically allocated copy of the current SOA.
*/
#ifdef DLZ
if (is_dlz)
dns_db_currentversion(db, &ver);
#endif
CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
&current_soa_tuple));
@ -1054,7 +1035,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
#ifdef DLZ
if (is_dlz)
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
@ -1067,7 +1047,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
ISC_TRUE : ISC_FALSE,
&xfr));
else
#endif
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
@ -1085,9 +1064,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
CHECK(xfr->stream->methods->first(xfr->stream));
if (xfr->tsigkey != NULL) {
if (xfr->tsigkey != NULL)
dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
} else
else
keyname[0] = '\0';
if (is_poll)
xfrout_log1(client, question_name, question_class,
@ -1157,7 +1136,8 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
xfr = isc_mem_get(mctx, sizeof(*xfr));
if (xfr == NULL)
return (ISC_R_NOMEMORY);
xfr->mctx = mctx;
xfr->mctx = NULL;
isc_mem_attach(mctx, &xfr->mctx);
xfr->client = NULL;
ns_client_attach(client, &xfr->client);
xfr->id = id;
@ -1531,6 +1511,7 @@ sendstream(xfrout_ctx_t *xfr) {
static void
xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
xfrout_ctx_t *xfr = *xfrp;
ns_client_t *client = NULL;
INSIST(xfr->sends == 0);
@ -1554,9 +1535,14 @@ xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
if (xfr->db != NULL)
dns_db_detach(&xfr->db);
/*
* We want to detch the client after we have released the memory
* context as ns_client_detach checks the memory reference count.
*/
ns_client_attach(xfr->client, &client);
ns_client_detach(&xfr->client);
isc_mem_put(xfr->mctx, xfr, sizeof(*xfr));
isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr));
ns_client_detach(&client);
*xfrp = NULL;
}

104
contrib/bind9/bin/named/zoneconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.170 2011-01-06 23:47:00 tbox Exp $ */
/* $Id: zoneconf.c,v 1.170.14.4 2011-05-23 20:56:10 each Exp $ */
/*% */
@ -127,7 +127,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
/* First check to see if ACL is defined within the zone */
if (zconfig != NULL) {
maps[0] = cfg_tuple_get(zconfig, "options");
ns_config_get(maps, aclname, &aclobj);
(void)ns_config_get(maps, aclname, &aclobj);
if (aclobj != NULL) {
aclp = NULL;
goto parse_acl;
@ -155,7 +155,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
maps[i++] = ns_g_defaults;
maps[i] = NULL;
result = ns_config_get(maps, aclname, &aclobj);
(void)ns_config_get(maps, aclname, &aclobj);
if (aclobj == NULL) {
(*clearzacl)(zone);
return (ISC_R_SUCCESS);
@ -605,7 +605,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
/* Prepare zone RRs from the configuration */
obj = NULL;
result = cfg_map_get(zconfig, "server-addresses", &obj);
if (obj != NULL) {
if (result == ISC_R_SUCCESS) {
INSIST(obj != NULL);
result = configure_staticstub_serveraddrs(obj, zone,
&rdatalist_ns,
&rdatalist_a,
@ -616,7 +617,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
obj = NULL;
result = cfg_map_get(zconfig, "server-names", &obj);
if (obj != NULL) {
if (result == ISC_R_SUCCESS) {
INSIST(obj != NULL);
result = configure_staticstub_servernames(obj, zone,
&rdatalist_ns,
zname);
@ -714,7 +716,7 @@ zonetype_fromconfig(const cfg_obj_t *map) {
isc_result_t result;
result = cfg_map_get(map, "type", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
return (ns_config_getzonetype(obj));
}
@ -778,7 +780,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
INSIST(0);
}
result = ns_checknames_get(maps, zone, objp);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
}
isc_result_t
@ -832,7 +834,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
maps[i++] = options;
}
maps[i++] = ns_g_defaults;
maps[i++] = NULL;
maps[i] = NULL;
if (vconfig != NULL)
RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),
@ -934,7 +936,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "dialup", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
dialup = dns_dialuptype_yes;
@ -957,7 +959,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "zone-statistics", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
zonestats_on = cfg_obj_asboolean(obj);
zoneqrystats = NULL;
if (zonestats_on) {
@ -976,7 +978,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) {
obj = NULL;
result = ns_config_get(maps, "notify", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
notifytype = dns_notifytype_yes;
@ -1012,19 +1014,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "notify-source", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "notify-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "notify-to-soa", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
cfg_obj_asboolean(obj));
@ -1037,17 +1039,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "max-transfer-time-out", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-transfer-idle-out", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-journal-size", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setjournalsize(zone, -1);
if (cfg_obj_isstring(obj)) {
const char *str = cfg_obj_asstring(obj);
@ -1071,13 +1073,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "ixfr-from-differences", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj))
ixfrdiff = cfg_obj_asboolean(obj);
else if (strcasecmp(cfg_obj_asstring(obj), "master") &&
else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&
ztype == dns_zone_master)
ixfrdiff = ISC_TRUE;
else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&
else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&
ztype == dns_zone_slave)
ixfrdiff = ISC_TRUE;
else
@ -1100,23 +1102,23 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "notify-delay", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "check-sibling", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "nsec3-test-zone", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
cfg_obj_asboolean(obj));
}
@ -1145,7 +1147,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "sig-validity-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
{
const cfg_obj_t *validity, *resign;
@ -1176,28 +1178,28 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "sig-signing-signatures", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "sig-signing-nodes", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setnodes(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "sig-signing-type", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "update-check-ksk", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "dnssec-dnskey-kskonly", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY,
cfg_obj_asboolean(obj));
} else if (ztype == dns_zone_slave) {
@ -1212,7 +1214,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
*/
if (ztype == dns_zone_master) {
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
isc_boolean_t create = ISC_FALSE;
obj = NULL;
result = ns_config_get(maps, "check-wildcard", &obj);
@ -1224,7 +1225,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-dup-records", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
@ -1239,7 +1240,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-mx", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
@ -1254,13 +1255,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-integrity", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "check-mx-cname", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
@ -1275,7 +1276,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-srv-cname", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
@ -1290,7 +1291,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
INSIST(obj != NULL);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_SECURETOINSECURE,
cfg_obj_asboolean(obj));
@ -1302,15 +1303,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
allow = ISC_TRUE;
else if (strcasecmp(arg, "maintain") == 0)
allow = maint = ISC_TRUE;
else if (strcasecmp(arg, "create") == 0)
allow = maint = create = ISC_TRUE;
else if (strcasecmp(arg, "off") == 0)
;
else
INSIST(0);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, create);
}
}
@ -1322,7 +1320,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
case dns_zone_stub:
count = 0;
obj = NULL;
result = cfg_map_get(zoptions, "masters", &obj);
(void)cfg_map_get(zoptions, "masters", &obj);
if (obj != NULL) {
addrs = NULL;
keynames = NULL;
@ -1341,61 +1339,61 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (count > 1) {
obj = NULL;
result = ns_config_get(maps, "multi-master", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
multi = cfg_obj_asboolean(obj);
}
dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
obj = NULL;
result = ns_config_get(maps, "max-transfer-time-in", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-transfer-idle-in", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-refresh-time", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-refresh-time", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "max-retry-time", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-retry-time", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
@ -1433,7 +1431,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
}
#ifdef DLZ
/*
* Set up a DLZ zone as writeable
*/
@ -1455,7 +1452,6 @@ ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
dns_db_detach(&db);
return result;
}
#endif
isc_boolean_t
ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {

8
contrib/bind9/bin/nsupdate/nsupdate.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.193 2011-01-10 05:32:03 marka Exp $ */
/* $Id: nsupdate.c,v 1.193.12.3 2011-05-23 22:12:14 each Exp $ */
/*! \file */
@ -145,7 +145,7 @@ static dns_name_t tmpzonename;
static dns_name_t restart_master;
static dns_tsig_keyring_t *gssring = NULL;
static dns_tsigkey_t *tsigkey = NULL;
static dst_key_t *sig0key;
static dst_key_t *sig0key = NULL;
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;
static isc_sockaddr_t *servers;
@ -2262,6 +2262,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
}
check_result(result, "dns_request_getresponse");
section = DNS_SECTION_ANSWER;
POST(section);
if (debugging)
show_message(stderr, rcvmsg, "Reply from SOA query:");
@ -2881,6 +2882,9 @@ cleanup(void) {
}
#endif
if (sig0key != NULL)
dst_key_free(&sig0key);
ddebug("Shutting down task manager");
isc_taskmgr_destroy(&taskmgr);

2
contrib/bind9/bin/rndc/rndc.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.131.20.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
/* $Id: rndc.c,v 1.131.20.2 2011-02-28 01:19:59 tbox Exp $ */
/*! \file */

8
contrib/bind9/bin/tools/genrandom.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: genrandom.8,v 1.8 2010-05-19 01:14:14 tbox Exp $
.\" $Id: genrandom.8,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $
.\"
.hy 0
.ad l
@ -53,7 +53,7 @@ size
The size of the file, in kilobytes, to generate.
.RE
.PP
domain
filename
.RS 4
The file name into which random data should be written.
.RE
@ -65,5 +65,5 @@ The file name into which random data should be written.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
.br

7
contrib/bind9/bin/tools/genrandom.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: genrandom.docbook,v 1.6 2010-05-17 23:51:05 tbox Exp $ -->
<!-- $Id: genrandom.docbook,v 1.6.124.2 2011-08-08 23:45:44 tbox Exp $ -->
<refentry id="man.genrandom">
<refentryinfo>
<date>Feb 19, 2009</date>
@ -38,6 +38,7 @@
<copyright>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@ -84,7 +85,7 @@
</varlistentry>
<varlistentry>
<term>domain</term>
<term>filename</term>
<listitem>
<para>
The file name into which random data should be written.

14
contrib/bind9/bin/tools/genrandom.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: genrandom.html,v 1.8 2010-05-19 01:14:14 tbox Exp $ -->
<!-- $Id: genrandom.html,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543363"></a><h2>DESCRIPTION</h2>
<a name="id2543366"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543376"></a><h2>ARGUMENTS</h2>
<a name="id2543379"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@ -51,21 +51,21 @@
<dd><p>
The size of the file, in kilobytes, to generate.
</p></dd>
<dt><span class="term">domain</span></dt>
<dt><span class="term">filename</span></dt>
<dd><p>
The file name into which random data should be written.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543436"></a><h2>SEE ALSO</h2>
<a name="id2543440"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543463"></a><h2>AUTHOR</h2>
<a name="id2543466"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

31
contrib/bind9/config.h.in
View File

@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h.in,v 1.143.8.1 2011-02-03 05:52:35 marka Exp $ */
/* $Id: config.h.in,v 1.143.8.4 2011-03-10 04:29:14 each Exp $ */
/*! \file */
@ -144,12 +144,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define to enable the "filter-aaaa-on-v4" option. */
#undef ALLOW_FILTER_AAAA_ON_V4
/* define if ATF unit tests are to be built. */
#undef ATF_TEST
/* Define if recvmsg() does not meet all of the BSD socket API specifications.
*/
#undef BROKEN_RECVMSG
@ -241,9 +241,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the `c_r' library (-lc_r). */
#undef HAVE_LIBC_R
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
/* Define to 1 if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
@ -361,6 +358,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the flags type used by getnameinfo(3). */
#undef IRS_GETNAMEINFO_FLAGS_T
/* Define to allow building of objects for dlopen(). */
#undef ISC_DLZ_DLOPEN
/* Defined if extern char *optarg is not declared. */
#undef NEED_OPTARG
@ -380,9 +380,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@ -403,17 +400,9 @@ int sigwait(const unsigned int *set, int *sig);
/* define if idnkit support is to be included. */
#undef WITH_IDN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
#undef const

244
contrib/bind9/configure.in
View File

@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.512.8.1 $)
AC_REVISION($Revision: 1.512.8.12 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@ -267,6 +267,14 @@ case "$host" in
STD_CDEFINES="$STD_CDEFINES -D_GNU_SOURCE"
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
;;
#
# Starting with OSX 10.7 (Lion) we must choose which IPv6 API to use.
# Setting this is sufficient to select the correct behavior for BIND 9.
#
*-darwin*)
STD_CDEFINES="$STD_CDEFINES -D__APPLE_USE_RFC_3542"
CPPFLAGS="$CPPFLAGS -D__APPLE_USE_RFC_3542"
;;
esac
AC_HEADER_STDC
@ -682,7 +690,9 @@ esac
int main() {
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
ENGINE *e;
EC_KEY *ek;
ek = NULL;
OPENSSL_config(NULL);
e = ENGINE_by_id("gost");
@ -699,7 +709,25 @@ int main() {
[AC_MSG_RESULT(yes)
have_gost="yes"],
[AC_MSG_RESULT(no)
have_gost="no"])
have_gost="no"],
[AC_MSG_RESULT(using --with-gost)])
AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto")
case "$with_gost" in
yes)
case "$have_gost" in
no) AC_MSG_ERROR([gost not supported]) ;;
*) have_gost=yes ;;
esac
;;
no)
have_gost=no ;;
*)
case "$have_gost" in
yes|no) ;;
*) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
esac
;;
esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
@ -795,20 +823,42 @@ AC_SUBST(PKCS11_PROVIDER)
AC_MSG_CHECKING(for GSSAPI library)
AC_ARG_WITH(gssapi,
[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
use_gssapi="$withval", use_gssapi="no")
[ --with-gssapi=PATH Specify path for system-supplied GSSAPI [[default=yes]]],
use_gssapi="$withval", use_gssapi="yes")
gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
# gssapi is just the framework, we really require kerberos v5, so
# look for those headers (the gssapi headers must be there, too)
# The problem with this implementation is that it doesn't allow
# for the specification of gssapi and krb5 headers in different locations,
# which probably ought to be fixed although fixing might raise the issue of
# trying to build with incompatible versions of gssapi and krb5.
if test "$use_gssapi" = "yes"
then
for d in $gssapidirs
do
if test -f $d/include/gssapi/gssapi.h -o -f $d/include/gssapi.h
# first, deal with the obvious
if test \( -f /usr/include/kerberosv5/krb5.h -o \
-f /usr/include/krb5/krb5.h -o \
-f /usr/include/krb5.h \) -a \
\( -f /usr/include/gssapi.h -o \
-f /usr/include/gssapi/gssapi.h \)
then
use_gssapi=/usr
else
krb5dirs="/usr/local /usr/local/krb5 /usr/local/kerberosv5 /usr/local/kerberos /usr/pkg /usr/krb5 /usr/kerberosv5 /usr/kerberos /usr"
for d in $krb5dirs
do
if test -f $d/include/gssapi/gssapi_krb5.h -o \
-f $d/include/krb5.h
then
use_gssapi=$d
break
if test -f $d/include/gssapi/gssapi.h -o \
-f $d/include/gssapi.h
then
use_gssapi=$d
break
fi
fi
done
use_gssapi="no"
done
fi
fi
case "$use_gssapi" in
@ -1821,10 +1871,8 @@ char a[16],b[64]; return(inet_ntop(AF_INET6, a, b, sizeof(b)) == (char*)0);}],
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c"
ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"],
[AC_MSG_RESULT(assuming inet_ntop needed)
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c"
ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"])
[AC_MSG_RESULT(assuming inet_ntop not needed)
ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"])
# On NetBSD 1.4.2 and maybe others, inet_pton() incorrectly accepts
@ -1846,14 +1894,10 @@ main() { char a[16]; return (inet_pton(AF_INET, "1.2.3", a) == 1 ? 1 :
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c"
ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"],
[AC_MSG_RESULT(assuming target platform has working inet_pton)
ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"],
[AC_MSG_RESULT(assuming inet_pton needed)
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c"
ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"],
[AC_MSG_RESULT(assuming target platform has working inet_pton)
ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"])
ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"])
AC_SUBST(ISC_PLATFORM_NEEDNTOP)
AC_SUBST(ISC_PLATFORM_NEEDPTON)
@ -2357,8 +2401,9 @@ ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int"],
],[AC_MSG_ERROR(this cannot happen)])
],[AC_MSG_ERROR(this cannot happen)])
],[
ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int"
AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming long long int)])
AC_ARG_WITH(rlimtype, , rlimtype="$withval", rlimtype="long long int")
ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE $rlimtype"
AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming $rlimtype)])
])
AC_SUBST(ISC_PLATFORM_RLIMITTYPE)
@ -2567,27 +2612,22 @@ if test "$use_atomic" = "yes"; then
[i[3456]86-*])
# XXX: some old x86 architectures actually do not support
# (some of) these operations. Do we need stricter checks?
AC_TRY_RUN([
main() {
exit((sizeof(void *) == 8) ? 0 : 1);
}
],
[arch=x86_64
have_xaddq=yes],
[arch=x86_32],
[arch=x86_32])
AC_CHECK_SIZEOF([void *])
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
else
arch=x86_32
fi
;;
x86_64-*|amd64-*)
AC_TRY_RUN([
main() {
exit((sizeof(void *) == 8) ? 0 : 1);
}
],
[arch=x86_64
have_xaddq=yes],
[arch=x86_32],
[arch=x86_64
have_xaddq=yes])
AC_CHECK_SIZEOF([void *])
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
else
arch=x86_32
fi
;;
alpha*-*)
arch=alpha
@ -3033,6 +3073,34 @@ if test "$use_idn" != no; then
fi
AC_SUBST(IDNLIBS)
#
# Check whether to build Automated Test Framework unit tests
#
AC_ARG_WITH(atf,
[ --with-atf=ARG Automated Test Framework support],
atf="$withval", atf="no")
if test "$atf" = yes; then
atf=`pwd`/unit/atf
ATFBUILD=atf-src
AC_SUBST(ATFBUILD)
AC_CONFIG_COMMANDS([atf-config],
[cd unit/atf-src; ${SHELL} ./configure MISSING=: --prefix $atfdir; cd ../..],
[atfdir=`pwd`/unit/atf])
AC_MSG_RESULT(building ATF from bind9/unit/atf-src)
fi
ATFLIBS=
if test "$atf" != no; then
AC_DEFINE(ATF_TEST, 1, [define if ATF unit tests are to be built.])
STD_CINCLUDES="$STD_CINCLUDES -I$atf/include"
ATFBIN="$atf/bin"
ATFLIBS="-L$atf/lib -latf-c"
UNITTESTS=tests
fi
AC_SUBST(ATFBIN)
AC_SUBST(ATFLIBS)
AC_SUBST(UNITTESTS)
AC_CHECK_HEADERS(locale.h)
AC_CHECK_FUNCS(setlocale)
@ -3111,28 +3179,98 @@ LIBIRS_API=$srcdir/lib/irs/api
# Configure any DLZ drivers.
#
# If config.dlz.in selects one or more DLZ drivers, it will set
# USE_DLZ to a non-empty value, which will be our clue to
# enable the DLZ core functions.
# CONTRIB_DLZ to a non-empty value, which will be our clue to
# build DLZ drivers in contrib.
#
# This section has to come after the libtool stuff because it needs to
# know how to name the driver object files.
#
USE_DLZ=""
CONTRIB_DLZ=""
DLZ_DRIVER_INCLUDES=""
DLZ_DRIVER_LIBS=""
DLZ_DRIVER_SRCS=""
DLZ_DRIVER_OBJS=""
DLZ_SYSTEM_TEST=""
#
# Configure support for building a shared library object
#
# Even when libtool is available it can't always be relied upon
# to build an object that can be dlopen()'ed, but this is necessary
# for building the dlzexternal system test, so we'll try it the
# old-fashioned way.
#
SO="so"
SO_CFLAGS=""
SO_LD=""
SO_TARGETS=""
AC_ARG_WITH(dlopen,
[ --with-dlopen=ARG Support dynamically loadable DLZ drivers],
dlopen="$withval", dlopen="yes")
if test "$dlopen" = "yes"; then
AC_CHECK_LIB(dl, dlopen, have_dl=yes, have_dl=no)
if test "$have_dl" = "yes"; then
LIBS="-ldl $LIBS"
fi
AC_CHECK_FUNCS(dlopen dlclose dlsym,,dlopen=no)
fi
if test "$dlopen" = "yes"; then
case $host in
*-linux*)
SO_CFLAGS="-fPIC"
if test "$have_dl" = "yes"
then
SO_LD="${CC} -shared"
else
SO_LD="ld -shared"
fi
;;
*-freebsd*|*-openbsd*|*-netbsd*)
SO_CFLAGS="-fpic"
SO_LD="ld -Bshareable -x"
;;
*-solaris*)
SO_CFLAGS="-KPIC"
SO_LD="ld -G -z text"
;;
*-hp-hpux*)
SO=sl
SO_CFLAGS="+z"
SO_LD="ld -b"
;;
*)
SO_CFLAGS="-fPIC"
;;
esac
if test "X$GCC" = "Xyes"; then
SO_CFLAGS="-fPIC"
test -n "$SO_LD" || SO_LD="${CC} -shared"
fi
# If we still don't know how to make shared objects, don't make any.
if test -n "$SO_LD"; then
SO_TARGETS="\${SO_TARGETS}"
AC_DEFINE(ISC_DLZ_DLOPEN, 1,
[Define to allow building of objects for dlopen().])
fi
fi
AC_SUBST(SO)
AC_SUBST(SO_CFLAGS)
AC_SUBST(SO_LD)
AC_SUBST(SO_TARGETS)
sinclude(contrib/dlz/config.dlz.in)
AC_MSG_CHECKING(contributed DLZ drivers)
AC_MSG_CHECKING(for DLZ)
if test -n "$USE_DLZ"
if test -n "$CONTRIB_DLZ"
then
AC_MSG_RESULT(yes)
USE_DLZ="-DDLZ $USE_DLZ"
DLZ_DRIVER_RULES=contrib/dlz/drivers/rules
AC_CONFIG_FILES([$DLZ_DRIVER_RULES])
else
@ -3140,7 +3278,7 @@ else
DLZ_DRIVER_RULES=/dev/null
fi
AC_SUBST(USE_DLZ)
AC_SUBST(CONTRIB_DLZ)
AC_SUBST(DLZ_DRIVER_INCLUDES)
AC_SUBST(DLZ_DRIVER_LIBS)
AC_SUBST(DLZ_DRIVER_SRCS)
@ -3303,11 +3441,15 @@ AC_CONFIG_FILES([
bin/tests/sockaddr/Makefile
bin/tests/system/Makefile
bin/tests/system/conf.sh
bin/tests/system/dlz/prereq.sh
bin/tests/system/dlzexternal/Makefile
bin/tests/system/dlzexternal/ns1/named.conf
bin/tests/system/filter-aaaa/Makefile
bin/tests/system/gost/prereq.sh
bin/tests/system/lwresd/Makefile
bin/tests/system/rpz/Makefile
bin/tests/system/tkey/Makefile
bin/tests/system/tsiggss/Makefile
bin/tests/tasks/Makefile
bin/tests/timers/Makefile
bin/tests/virtual-time/Makefile
@ -3335,6 +3477,7 @@ AC_CONFIG_FILES([
lib/dns/include/Makefile
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
lib/export/Makefile
lib/export/dns/Makefile
lib/export/dns/include/Makefile
@ -3373,6 +3516,7 @@ AC_CONFIG_FILES([
lib/isc/include/Makefile
lib/isc/include/isc/Makefile
lib/isc/include/isc/platform.h
lib/isc/tests/Makefile
lib/isc/nls/Makefile
lib/isc/unix/Makefile
lib/isc/unix/include/Makefile
@ -3395,6 +3539,8 @@ AC_CONFIG_FILES([
lib/tests/Makefile
lib/tests/include/Makefile
lib/tests/include/tests/Makefile
unit/Makefile
unit/unittest.sh
])
#

181
contrib/bind9/doc/arm/Bv9ARM-book.xml
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.478.8.2.2.1 2011-06-09 03:17:11 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.478.8.11 2011-08-02 04:58:46 each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@ -70,7 +70,7 @@
</para>
<para>
This version of the manual corresponds to BIND version 9.7.
This version of the manual corresponds to BIND version 9.8.
</para>
</sect1>
@ -1188,11 +1188,11 @@ zone "eng.example.com" {
</para>
<para>
This command requires that the
<command>auto-dnssec</command> zone option to be set
to <literal>allow</literal>,
<literal>maintain</literal>, or
<literal>create</literal>, and also requires
the zone to be configured to allow dynamic DNS.
<command>auto-dnssec</command> zone option be set
to <literal>allow</literal> or
<literal>maintain</literal>,
and also requires the zone to be configured to
allow dynamic DNS.
See <xref linkend="dynamic_update_policies"/> for
more details.
</para>
@ -1217,10 +1217,10 @@ zone "eng.example.com" {
</para>
<para>
This command requires that the
<command>auto-dnssec</command> zone option to
be set to <literal>maintain</literal> or
<literal>create</literal>, and also requires
the zone to be configured to allow dynamic DNS.
<command>auto-dnssec</command> zone option
be set to <literal>maintain</literal>,
and also requires the zone to be configured to
allow dynamic DNS.
See <xref linkend="dynamic_update_policies"/> for
more details.
</para>
@ -5791,12 +5791,15 @@ options {
<userinput>any;</userinput>.
</para>
<para>
Each <command>dns64</command> supports an optional
<command>exclude</command> ACL that selects which
IPv6 addresses will be ignored for the purposes
of determining whether dns64 is to be applied.
Any non-matching address will prevent further
DNS64 processing from occurring for this client.
Normally, DNS64 won't apply to a domain name that
owns one or more AAAA records; these records will
simply be returned. The optional
<command>exclude</command> ACL allows specification
of a list of IPv6 addresses that will be ignored
if they appear in a domain name's AAAA records, and
DNS64 will be applied to any A records the domain
name owns. If not defined, <command>exclude</command>
defaults to none.
</para>
<para>
A optional <command>suffix</command> can also
@ -5806,6 +5809,21 @@ options {
matching the prefix and mapped IPv4 address
must be zero.
</para>
<para>
If <command>recursive-only</command> is set to
<command>yes</command> the DNS64 synthesis will
only happen for recursive queries. The default
is <command>no</command>.
</para>
<para>
If <command>break-dnssec</command> is set to
<command>yes</command> the DNS64 synthesis will
happen even if the result, if validated, would
cause a DNSSEC validation failure. If this option
is set to <command>no</command> (the default), the DO
is set on the incoming query, and there are RRSIGs on
the applicable records, then synthesis will not happen.
</para>
<programlisting>
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
@ -7570,22 +7588,27 @@ avoid-v6-udp-ports {};
<varlistentry>
<term><command>serial-query-rate</command></term>
<listitem>
<para>
Slave servers will periodically query master servers
to find out if zone serial numbers have changed. Each such
query uses
a minute amount of the slave server's network bandwidth. To
limit the
amount of bandwidth used, BIND 9 limits the rate at which
queries are
sent. The value of the <command>serial-query-rate</command> option,
an integer, is the maximum number of queries sent per
second.
The default is 20.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Slave servers will periodically query master
servers to find out if zone serial numbers have
changed. Each such query uses a minute amount of
the slave server's network bandwidth. To limit
the amount of bandwidth used, BIND 9 limits the
rate at which queries are sent. The value of the
<command>serial-query-rate</command> option, an
integer, is the maximum number of queries sent
per second. The default is 20.
</para>
<para>
In addition to controlling the rate SOA refresh
queries are issued at
<command>serial-query-rate</command> also controls
the rate at which NOTIFY messages are sent from
both master and slave zones.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>serial-queries</command></term>
@ -8618,7 +8641,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
Sets the advertised EDNS UDP buffer size in bytes
to control the size of packets received.
Valid values are 1024 to 4096 (values outside this range
Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
<command>edns-udp-size</command> to a non-default
@ -8731,6 +8754,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The delay, in seconds, between sending sets of notify
messages for a zone. The default is five (5) seconds.
</para>
<para>
The overall rate that NOTIFY messages are sent for all
zones is controlled by <command>serial-query-rate</command>.
</para>
</listitem>
</varlistentry>
</variablelist>
@ -8839,7 +8866,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
The current list of empty zones is:
<itemizedlist>
<!-- XXX: The RFC1918 addresses are #defined out in sources currently.
<listitem>10.IN-ADDR.ARPA</listitem>
<listitem>16.172.IN-ADDR.ARPA</listitem>
<listitem>17.172.IN-ADDR.ARPA</listitem>
@ -8858,7 +8884,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem>30.172.IN-ADDR.ARPA</listitem>
<listitem>31.172.IN-ADDR.ARPA</listitem>
<listitem>168.192.IN-ADDR.ARPA</listitem>
XXX: end of RFC1918 addresses #defined out -->
<listitem>0.IN-ADDR.ARPA</listitem>
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
@ -9986,7 +10011,7 @@ view "external" {
<optional> min-retry-time <replaceable>number</replaceable> ; </optional>
<optional> max-retry-time <replaceable>number</replaceable> ; </optional>
<optional> key-directory <replaceable>path_name</replaceable>; </optional>
<optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; </optional>
<optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
};
@ -9998,6 +10023,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
<optional> dnssec-update-mode ( <replaceable>maintain</replaceable> | <replaceable>no-resign</replaceable> ); </optional>
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
<optional> dnssec-secure-to-insecure <replaceable>yes_or_no</replaceable> ; </optional>
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
@ -11043,7 +11069,7 @@ example.com. NS ns2.example.net.
<para>
Zones configured for dynamic DNS may also use this
option to allow varying levels of automatic DNSSEC key
management. There are four possible settings:
management. There are three possible settings:
</para>
<para>
<command>auto-dnssec allow;</command> permits
@ -11067,7 +11093,12 @@ example.com. NS ns2.example.net.
<command>named</command> to load keys from the key
repository and schedule key maintenance events to occur
in the future, but it does not sign the full zone
immediately.
immediately. Note: once keys have been loaded for a
zone the first time, the repository will be searched
for changes periodically, regardless of whether
<command>rndc loadkeys</command> is used. The recheck
interval is hard-coded to
one hour.
</para>
<para>
<command>auto-dnssec create;</command> includes the
@ -11220,7 +11251,13 @@ example.com. NS ns2.example.net.
The <replaceable>identity</replaceable> field must
contain a fully-qualified domain name.
</para>
<para>
For nametypes <varname>krb5-self</varname>,
<varname>ms-self</varname>, <varname>krb5-subdomain</varname>,
and <varname>ms-subdomain</varname> the
<replaceable>identity</replaceable> field specifies
the Windows or Kerberos realm of the machine belongs to.
</para>
<para>
The <replaceable>nametype</replaceable> field has 13
values:
@ -11352,6 +11389,70 @@ example.com. NS ns2.example.net.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>ms-self</varname>
</para>
</entry> <entry colname="2">
<para>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <replacable>identity</replacable>
field.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>ms-subdomain</varname>
</para>
</entry> <entry colname="2">
<para>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
<replacable>identity</replacable> field.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>krb5-self</varname>
</para>
</entry> <entry colname="2">
<para>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <replacable>identity</replacable>
field.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>krb5-subdomain</varname>
</para>
</entry> <entry colname="2">
<para>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
<replacable>identity</replacable> field.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>

4
contrib/bind9/doc/arm/Bv9ARM.ch01.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch01.html,v 1.49 2011-01-05 01:14:07 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch01.html,v 1.49.14.1 2011-06-22 02:37:19 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -82,7 +82,7 @@
system administrators.
</p>
<p>
This version of the manual corresponds to BIND version 9.7.
This version of the manual corresponds to BIND version 9.8.
</p>
</div>
<div class="sect1" lang="en">

24
contrib/bind9/doc/arm/Bv9ARM.ch03.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch03.html,v 1.83 2011-01-21 01:14:13 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch03.html,v 1.83.8.1 2011-05-24 02:37:17 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -54,7 +54,7 @@
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568364">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570385">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570378">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@ -490,11 +490,11 @@ zone "eng.example.com" {
</p>
<p>
This command requires that the
<span><strong class="command">auto-dnssec</strong></span> zone option to be set
to <code class="literal">allow</code>,
<code class="literal">maintain</code>, or
<code class="literal">create</code>, and also requires
the zone to be configured to allow dynamic DNS.
<span><strong class="command">auto-dnssec</strong></span> zone option be set
to <code class="literal">allow</code> or
<code class="literal">maintain</code>,
and also requires the zone to be configured to
allow dynamic DNS.
See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
more details.
</p>
@ -518,10 +518,10 @@ zone "eng.example.com" {
</p>
<p>
This command requires that the
<span><strong class="command">auto-dnssec</strong></span> zone option to
be set to <code class="literal">maintain</code> or
<code class="literal">create</code>, and also requires
the zone to be configured to allow dynamic DNS.
<span><strong class="command">auto-dnssec</strong></span> zone option
be set to <code class="literal">maintain</code>,
and also requires the zone to be configured to
allow dynamic DNS.
See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
more details.
</p>
@ -873,7 +873,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570385"></a>Signals</h3></div></div></div>
<a name="id2570378"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can

162
contrib/bind9/doc/arm/Bv9ARM.ch04.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch04.html,v 1.125.8.1.2.1 2011-06-09 03:41:07 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch04.html,v 1.125.8.9 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -49,59 +49,59 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570823">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570841">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570885">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570903">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571342">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571553">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571563">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571600">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571657">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571706">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571336">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571478">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571489">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571525">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571651">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571700">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571720">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563987">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571714">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563980">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564055">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572189">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572270">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564117">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572183">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572264">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607351">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563529">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563611">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563649">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563661">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563763">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563789">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563799">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563809">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563859">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563868">NSEC3 and OPTOUT</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563484">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563522">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563626">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563777">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563814">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563827">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563860">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563896">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563906">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563918">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571816">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607271">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607293">Authoritative Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571869">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571892">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609524">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607678">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607842">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607873">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609709">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609755">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609757">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607912">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608144">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608174">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610353">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610467">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572490">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572484">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572757">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572846">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572819">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572840">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@ -256,7 +256,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2570823"></a>Split DNS</h2></div></div></div>
<a name="id2570885"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@ -286,7 +286,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570841"></a>Example split DNS setup</h3></div></div></div>
<a name="id2570903"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@ -543,7 +543,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571342"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<a name="id2571336"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@ -551,7 +551,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571360"></a>Automatic Generation</h4></div></div></div>
<a name="id2571353"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
@ -575,7 +575,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571398"></a>Manual Generation</h4></div></div></div>
<a name="id2571392"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@ -590,7 +590,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571553"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<a name="id2571478"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@ -598,7 +598,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571563"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<a name="id2571489"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@ -625,7 +625,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571600"></a>Instructing the Server to Use the Key</h3></div></div></div>
<a name="id2571525"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@ -657,7 +657,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571657"></a>TSIG Key Based Access Control</h3></div></div></div>
<a name="id2571651"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@ -684,7 +684,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571706"></a>Errors</h3></div></div></div>
<a name="id2571700"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@ -710,7 +710,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571720"></a>TKEY</h2></div></div></div>
<a name="id2571714"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@ -746,7 +746,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2563987"></a>SIG(0)</h2></div></div></div>
<a name="id2563980"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@ -807,7 +807,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564055"></a>Generating Keys</h3></div></div></div>
<a name="id2564117"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@ -863,7 +863,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572189"></a>Signing the Zone</h3></div></div></div>
<a name="id2572183"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@ -905,7 +905,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572270"></a>Configuring Servers</h3></div></div></div>
<a name="id2572264"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@ -1065,7 +1065,7 @@ options {
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2607351"></a>Converting from insecure to secure</h3></div></div></div></div>
<a name="id2563484"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@ -1091,7 +1091,7 @@ options {
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563493"></a>Dynamic DNS update method</h3></div></div></div></div>
<a name="id2563522"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@ -1127,7 +1127,7 @@ options {
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563529"></a>Fully automatic zone signing</h3></div></div></div></div>
<a name="id2563626"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@ -1162,7 +1162,7 @@ options {
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563611"></a>Private-type records</h3></div></div></div></div>
<a name="id2563777"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@ -1203,12 +1203,12 @@ options {
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563649"></a>DNSKEY rollovers</h3></div></div></div></div>
<a name="id2563814"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563661"></a>Dynamic DNS update method</h3></div></div></div></div>
<a name="id2563827"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@ -1230,7 +1230,7 @@ options {
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563763"></a>Automatic key rollovers</h3></div></div></div></div>
<a name="id2563860"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@ -1245,27 +1245,27 @@ options {
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563789"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<a name="id2563886"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563799"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<a name="id2563896"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563809"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<a name="id2563906"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563821"></a>Converting from secure to insecure</h3></div></div></div></div>
<a name="id2563918"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@ -1280,14 +1280,14 @@ options {
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563859"></a>Periodic re-signing</h3></div></div></div></div>
<a name="id2563956"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563868"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<a name="id2571816"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@ -1309,7 +1309,7 @@ options {
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607271"></a>Validating Resolver</h3></div></div></div>
<a name="id2571869"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@ -1320,7 +1320,7 @@ options {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607293"></a>Authoritative Server</h3></div></div></div>
<a name="id2571892"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@ -1394,7 +1394,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
Debian Linux, Solaris x86 and Windows Server 2003.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609524"></a>Prerequisites</h3></div></div></div>
<a name="id2609757"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@ -1468,7 +1468,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8l \
when we configure BIND 9.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607504"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<a name="id2607669"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@ -1500,7 +1500,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607573"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<a name="id2607806"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@ -1544,12 +1544,12 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607678"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<a name="id2607912"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607687"></a>Configuring BIND 9 for Linux</h4></div></div></div>
<a name="id2607921"></a>Configuring BIND 9 for Linux</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
@ -1565,7 +1565,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607786"></a>Configuring BIND 9 for Solaris</h4></div></div></div>
<a name="id2608020"></a>Configuring BIND 9 for Solaris</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
@ -1588,7 +1588,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607842"></a>PKCS #11 Tools</h3></div></div></div>
<a name="id2608144"></a>PKCS #11 Tools</h3></div></div></div>
<p>BIND 9 includes a minimal set of tools to operate the
HSM, including
<span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
@ -1606,7 +1606,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607873"></a>Using the HSM</h3></div></div></div>
<a name="id2608174"></a>Using the HSM</h3></div></div></div>
<p>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</p>
<pre class="screen">
@ -1694,7 +1694,7 @@ example.net.signed
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609709"></a>Specifying the engine on the command line</h3></div></div></div>
<a name="id2610353"></a>Specifying the engine on the command line</h3></div></div></div>
<p>The OpenSSL engine can be specified in
<span><strong class="command">named</strong></span> and all of the BIND
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
@ -1715,7 +1715,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609755"></a>Running named with automatic zone re-signing</h3></div></div></div>
<a name="id2610467"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>If you want
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
@ -1751,7 +1751,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572490"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<a name="id2572484"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@ -1789,7 +1789,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572757"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id2572819"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@ -1808,7 +1808,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572846"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id2572840"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and

6
contrib/bind9/doc/arm/Bv9ARM.ch05.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch05.html,v 1.93 2011-01-05 01:14:08 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch05.html,v 1.93.14.1 2011-05-24 02:37:16 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572880">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572873">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572880"></a>The Lightweight Resolver Library</h2></div></div></div>
<a name="id2572873"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name

334
contrib/bind9/doc/arm/Bv9ARM.ch06.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch06.html,v 1.275.8.1.2.1 2011-06-09 03:41:07 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch06.html,v 1.275.8.10 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,58 +48,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574290">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574283">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574944"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574937"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575133"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575127"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575425"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575442"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575418"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575504"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575465"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575648"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575842"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575527"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575550"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575709"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575835"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577841"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577982"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578046"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578090"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577834"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577908"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578040"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578084"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578105"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578099"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589239"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589395"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589379"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589494"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589581"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589851"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590007"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591396"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591558"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2594660">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595030">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596822">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597260">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597574">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597701">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597974"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597876">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598003">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598276"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -477,7 +477,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2574056"></a>Syntax</h4></div></div></div>
<a name="id2574050"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@ -486,7 +486,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2574084"></a>Definition and Usage</h4></div></div></div>
<a name="id2574077"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@ -570,7 +570,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574290"></a>Comment Syntax</h3></div></div></div>
<a name="id2574283"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@ -580,7 +580,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2574305"></a>Syntax</h4></div></div></div>
<a name="id2574298"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@ -596,7 +596,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2574334"></a>Definition and Usage</h4></div></div></div>
<a name="id2574328"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@ -848,7 +848,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574944"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574937"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@ -930,7 +930,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575133"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575127"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
@ -1054,12 +1054,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575425"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575418"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575442"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2575504"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@ -1074,7 +1074,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575465"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575527"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@ -1083,7 +1083,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575489"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2575550"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@ -1130,7 +1130,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575648"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575709"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@ -1154,7 +1154,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575842"></a><span><strong class="command">logging</strong></span> Statement Definition and
<a name="id2575835"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@ -1188,7 +1188,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2575894"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<a name="id2575888"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@ -1753,7 +1753,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2577253"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<a name="id2577315"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@ -1981,7 +1981,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577841"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577834"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -1997,7 +1997,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577982"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2577908"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@ -2048,7 +2048,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2578046"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2578040"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
@ -2056,7 +2056,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2578090"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2578084"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@ -2065,7 +2065,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2578105"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2578099"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -2737,12 +2737,15 @@ options {
<strong class="userinput"><code>any;</code></strong>.
</p>
<p>
Each <span><strong class="command">dns64</strong></span> supports an optional
<span><strong class="command">exclude</strong></span> ACL that selects which
IPv6 addresses will be ignored for the purposes
of determining whether dns64 is to be applied.
Any non-matching address will prevent further
DNS64 processing from occurring for this client.
Normally, DNS64 won't apply to a domain name that
owns one or more AAAA records; these records will
simply be returned. The optional
<span><strong class="command">exclude</strong></span> ACL allows specification
of a list of IPv6 addresses that will be ignored
if they appear in a domain name's AAAA records, and
DNS64 will be applied to any A records the domain
name owns. If not defined, <span><strong class="command">exclude</strong></span>
defaults to none.
</p>
<p>
A optional <span><strong class="command">suffix</strong></span> can also
@ -2752,6 +2755,21 @@ options {
matching the prefix and mapped IPv4 address
must be zero.
</p>
<p>
If <span><strong class="command">recursive-only</strong></span> is set to
<span><strong class="command">yes</strong></span> the DNS64 synthesis will
only happen for recursive queries. The default
is <span><strong class="command">no</strong></span>.
</p>
<p>
If <span><strong class="command">break-dnssec</strong></span> is set to
<span><strong class="command">yes</strong></span> the DNS64 synthesis will
happen even if the result, if validated, would
cause a DNSSEC validation failure. If this option
is set to <span><strong class="command">no</strong></span> (the default), the DO
is set on the incoming query, and there are RRSIGs on
the applicable records, then synthesis will not happen.
</p>
<pre class="programlisting">
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
@ -3631,7 +3649,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2583480"></a>Forwarding</h4></div></div></div>
<a name="id2583636"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@ -3675,7 +3693,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2583607"></a>Dual-stack Servers</h4></div></div></div>
<a name="id2583763"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@ -3886,7 +3904,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2584227"></a>Interfaces</h4></div></div></div>
<a name="id2584382"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@ -4160,19 +4178,26 @@ avoid-v6-udp-ports {};
hour). The maximum value is 28 days (40320 minutes).
</p></dd>
<dt><span class="term"><span><strong class="command">serial-query-rate</strong></span></span></dt>
<dd><p>
Slave servers will periodically query master servers
to find out if zone serial numbers have changed. Each such
query uses
a minute amount of the slave server's network bandwidth. To
limit the
amount of bandwidth used, BIND 9 limits the rate at which
queries are
sent. The value of the <span><strong class="command">serial-query-rate</strong></span> option,
an integer, is the maximum number of queries sent per
second.
The default is 20.
</p></dd>
<dd>
<p>
Slave servers will periodically query master
servers to find out if zone serial numbers have
changed. Each such query uses a minute amount of
the slave server's network bandwidth. To limit
the amount of bandwidth used, BIND 9 limits the
rate at which queries are sent. The value of the
<span><strong class="command">serial-query-rate</strong></span> option, an
integer, is the maximum number of queries sent
per second. The default is 20.
</p>
<p>
In addition to controlling the rate SOA refresh
queries are issued at
<span><strong class="command">serial-query-rate</strong></span> also controls
the rate at which NOTIFY messages are sent from
both master and slave zones.
</p>
</dd>
<dt><span class="term"><span><strong class="command">serial-queries</strong></span></span></dt>
<dd><p>
In BIND 8, the <span><strong class="command">serial-queries</strong></span>
@ -4338,7 +4363,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585362"></a>UDP Port Lists</h4></div></div></div>
<a name="id2585456"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@ -4380,7 +4405,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585421"></a>Operating System Resource Limits</h4></div></div></div>
<a name="id2585584"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@ -4542,7 +4567,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585912"></a>Periodic Task Intervals</h4></div></div></div>
<a name="id2585869"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@ -5007,7 +5032,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<p>
Sets the advertised EDNS UDP buffer size in bytes
to control the size of packets received.
Valid values are 1024 to 4096 (values outside this range
Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
<span><strong class="command">edns-udp-size</strong></span> to a non-default
@ -5102,10 +5127,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
</dd>
<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
<dd><p>
<dd>
<p>
The delay, in seconds, between sending sets of notify
messages for a zone. The default is five (5) seconds.
</p></dd>
</p>
<p>
The overall rate that NOTIFY messages are sent for all
zones is controlled by <span><strong class="command">serial-query-rate</strong></span>.
</p>
</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
@ -5193,6 +5224,24 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The current list of empty zones is:
</p>
<div class="itemizedlist"><ul type="disc">
<li>10.IN-ADDR.ARPA</li>
<li>16.172.IN-ADDR.ARPA</li>
<li>17.172.IN-ADDR.ARPA</li>
<li>18.172.IN-ADDR.ARPA</li>
<li>19.172.IN-ADDR.ARPA</li>
<li>20.172.IN-ADDR.ARPA</li>
<li>21.172.IN-ADDR.ARPA</li>
<li>22.172.IN-ADDR.ARPA</li>
<li>23.172.IN-ADDR.ARPA</li>
<li>24.172.IN-ADDR.ARPA</li>
<li>25.172.IN-ADDR.ARPA</li>
<li>26.172.IN-ADDR.ARPA</li>
<li>27.172.IN-ADDR.ARPA</li>
<li>28.172.IN-ADDR.ARPA</li>
<li>29.172.IN-ADDR.ARPA</li>
<li>30.172.IN-ADDR.ARPA</li>
<li>31.172.IN-ADDR.ARPA</li>
<li>168.192.IN-ADDR.ARPA</li>
<li>0.IN-ADDR.ARPA</li>
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
@ -5357,7 +5406,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2588025"></a>Content Filtering</h4></div></div></div>
<a name="id2588113"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@ -5480,7 +5529,7 @@ deny-answer-aliases { "example.net"; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2588148"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<a name="id2588372"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes an intentionally limited
mechanism to modify DNS responses for recursive requests
@ -5818,7 +5867,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2589239"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<a name="id2589395"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@ -5878,7 +5927,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2589379"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2589534"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@ -5918,7 +5967,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2589494"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2589581"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
<em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@ -6053,7 +6102,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2589851"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2590007"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@ -6219,7 +6268,7 @@ view "external" {
[<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
};
@ -6231,6 +6280,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-update-mode ( <em class="replaceable"><code>maintain</code></em> | <em class="replaceable"><code>no-resign</code></em> ); </span>]
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
@ -6341,10 +6391,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591396"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2591558"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591403"></a>Zone Types</h4></div></div></div>
<a name="id2591565"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -6604,7 +6654,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592085"></a>Class</h4></div></div></div>
<a name="id2592179"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@ -6626,7 +6676,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592118"></a>Zone Options</h4></div></div></div>
<a name="id2592212"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@ -7025,7 +7075,7 @@ example.com. NS ns2.example.net.
<p>
Zones configured for dynamic DNS may also use this
option to allow varying levels of automatic DNSSEC key
management. There are four possible settings:
management. There are three possible settings:
</p>
<p>
<span><strong class="command">auto-dnssec allow;</strong></span> permits
@ -7049,7 +7099,12 @@ example.com. NS ns2.example.net.
<span><strong class="command">named</strong></span> to load keys from the key
repository and schedule key maintenance events to occur
in the future, but it does not sign the full zone
immediately.
immediately. Note: once keys have been loaded for a
zone the first time, the repository will be searched
for changes periodically, regardless of whether
<span><strong class="command">rndc loadkeys</strong></span> is used. The recheck
interval is hard-coded to
one hour.
</p>
<p>
<span><strong class="command">auto-dnssec create;</strong></span> includes the
@ -7180,6 +7235,13 @@ example.com. NS ns2.example.net.
The <em class="replaceable"><code>identity</code></em> field must
contain a fully-qualified domain name.
</p>
<p>
For nametypes <code class="varname">krb5-self</code>,
<code class="varname">ms-self</code>, <code class="varname">krb5-subdomain</code>,
and <code class="varname">ms-subdomain</code> the
<em class="replaceable"><code>identity</code></em> field specifies
the Windows or Kerberos realm of the machine belongs to.
</p>
<p>
The <em class="replaceable"><code>nametype</code></em> field has 13
values:
@ -7319,6 +7381,74 @@ example.com. NS ns2.example.net.
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">ms-self</code>
</p>
</td>
<td>
<p>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font>
field.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">ms-subdomain</code>
</p>
</td>
<td>
<p>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
<font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font> field.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">krb5-self</code>
</p>
</td>
<td>
<p>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font>
field.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">krb5-subdomain</code>
</p>
</td>
<td>
<p>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
<font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font> field.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">tcp-self</code>
@ -7423,7 +7553,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2594660"></a>Zone File</h2></div></div></div>
<a name="id2595030"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@ -7436,7 +7566,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594678"></a>Resource Records</h4></div></div></div>
<a name="id2595048"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@ -8173,7 +8303,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596301"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2596603"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@ -8376,7 +8506,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2596822"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2597260"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@ -8632,7 +8762,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2597574"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2597876"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@ -8693,7 +8823,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2597701"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2598003"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@ -8708,7 +8838,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597723"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2598093"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@ -8719,7 +8849,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597739"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2598109"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@ -8748,7 +8878,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597868"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2598170"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@ -8784,7 +8914,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597938"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2598240"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@ -8803,7 +8933,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2597974"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2598276"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@ -9227,7 +9357,7 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2598928"></a>Name Server Statistics Counters</h4></div></div></div>
<a name="id2599229"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -9784,7 +9914,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2600401"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<a name="id2600702"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -9938,7 +10068,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2600852"></a>Resolver Statistics Counters</h4></div></div></div>
<a name="id2601154"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -10321,7 +10451,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2601942"></a>Socket I/O Statistics Counters</h4></div></div></div>
<a name="id2602312"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@ -10476,7 +10606,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2602384"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<a name="id2602685"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in

14
contrib/bind9/doc/arm/Bv9ARM.ch07.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch07.html,v 1.242.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch07.html,v 1.242.8.7 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602626"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602996"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602707">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602766">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603077">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603137">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@ -122,7 +122,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2602626"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
<a name="id2602996"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@ -148,7 +148,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2602707"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2603077"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@ -176,7 +176,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2602766"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2603137"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

18
contrib/bind9/doc/arm/Bv9ARM.ch08.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch08.html,v 1.242.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch08.html,v 1.242.8.7 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602915">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2602920">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602932">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602949">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603285">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603302">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603319">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2602915"></a>Common Problems</h2></div></div></div>
<a name="id2603285"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2602920"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2603290"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2602932"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2603302"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2602949"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2603319"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

220
contrib/bind9/doc/arm/Bv9ARM.ch09.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch09.html,v 1.246.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
<!-- $Id: Bv9ARM.ch09.html,v 1.246.8.9 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,31 +45,31 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603147">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603449">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603319">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603553">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606462">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606901">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608789">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608798">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608004">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608035">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608112">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608138">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609111">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608203">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608213">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608237">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608268">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608413">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608440">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609345">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2603147"></a>Acknowledgments</h2></div></div></div>
<a name="id2603449"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@ -172,7 +172,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2603319"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<a name="id2603553"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@ -260,17 +260,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2603507"></a>Bibliography</h4></div></div></div>
<a name="id2603809"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2603517"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2603819"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2603541"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2603843"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2603564"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2603866"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@ -278,42 +278,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2603601"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2603902"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2603627"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2603929"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2603653"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2603955"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2603677"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2603979"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2603701"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2604003"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2603756"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2604058"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2603783"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2604085"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2603810"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2604112"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2603872"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2604173"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2603901"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2604203"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2603931"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2604233"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2603958"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2604260"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@ -322,19 +322,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2604040"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2604342"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2604067"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2604369"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2604103"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2604405"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2604168"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2604470"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2604233"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2604603"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@ -342,146 +342,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2604375"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2604677"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2604401"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2604702"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2604469"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2604771"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2604504"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2604806"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2604550"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2604852"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2604608"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2604909"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2604645"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2604947"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2604680"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2604982"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2604734"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2605036"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2604773"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2605075"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2604798"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2605100"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2604824"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2605126"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604851"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2605153"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604877"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2605179"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604917"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2605219"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604947"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2605249"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604977"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2605278"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605019"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2605321"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605052"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2605354"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605079"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2605381"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605102"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2605473"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2605160"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2605530"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2605192"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2605562"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2605218"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2605588"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2605240"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2605610"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2605264"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2605634"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605309"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2605680"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605333"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2605703"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2605390"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2605761"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2605414"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2605784"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2605441"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2605811"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605467"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2605837"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605504"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2605874"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2605549"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2605920"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605581"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2605952"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2605627"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2605997"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2605662"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2606033"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@ -497,47 +497,47 @@
</p>
</div>
<div class="biblioentry">
<a name="id2605707"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2606077"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2605730"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2606100"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2605755"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2606125"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2605781"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2606151"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605804"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2606174"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605850"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2606220"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605874"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2606244"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605900"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2606270"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2605926"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2606296"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2605970"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2606340"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2606027"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2606397"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606054"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2606424"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@ -551,39 +551,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2606102"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2606472"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606141"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2606512"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606168"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2606538"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606198"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2606568"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2606224"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2606594"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2606250"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2606620"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2606286"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2606657"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2606323"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2606693"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2606349"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2606720"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2606376"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2606746"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2606421"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2606791"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@ -604,14 +604,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2606462"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2606901"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2606472"></a>Bibliography</h4></div></div></div>
<a name="id2606910"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2606474"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2606913"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
@ -648,7 +648,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608789"></a>Prerequisite</h3></div></div></div>
<a name="id2608203"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@ -657,7 +657,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608798"></a>Compilation</h3></div></div></div>
<a name="id2608213"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@ -672,7 +672,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608004"></a>Installation</h3></div></div></div>
<a name="id2608237"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@ -694,7 +694,7 @@ $ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608035"></a>Known Defects/Restrictions</h3></div></div></div>
<a name="id2608268"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@ -734,7 +734,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608112"></a>The dns.conf File</h3></div></div></div>
<a name="id2608413"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@ -752,14 +752,14 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608138"></a>Sample Applications</h3></div></div></div>
<a name="id2608440"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608147"></a>sample: a simple stub resolver utility</h4></div></div></div>
<a name="id2608449"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@ -823,7 +823,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608237"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<a name="id2608608"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@ -864,7 +864,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608291"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<a name="id2608661"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@ -905,7 +905,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608355"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<a name="id2608725"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@ -922,7 +922,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608370"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<a name="id2608740"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@ -1017,7 +1017,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2609047"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<a name="id2609281"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@ -1074,7 +1074,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609111"></a>Library References</h3></div></div></div>
<a name="id2609345"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application

162
contrib/bind9/doc/arm/Bv9ARM.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.html,v 1.263.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: Bv9ARM.html,v 1.263.8.9 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -83,7 +83,7 @@
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568364">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570385">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570378">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@ -92,64 +92,64 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570823">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570841">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570885">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570903">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571342">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571553">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571563">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571600">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571657">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571706">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571336">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571478">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571489">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571525">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571651">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571700">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571720">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563987">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571714">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563980">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564055">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572189">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572270">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564117">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572183">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572264">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607351">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563529">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563611">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563649">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563661">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563763">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563789">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563799">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563809">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563859">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563868">NSEC3 and OPTOUT</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563484">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563522">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563626">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563777">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563814">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563827">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563860">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563896">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563906">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563918">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571816">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607271">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607293">Authoritative Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571869">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571892">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609524">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607678">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607842">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607873">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609709">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609755">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609757">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607912">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608144">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608174">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610353">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610467">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572490">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572484">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572757">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572846">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572819">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572840">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572880">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572873">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@ -157,58 +157,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574290">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574283">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574944"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574937"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575133"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575127"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575425"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575442"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575418"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575504"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575465"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575648"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575842"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575527"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575550"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575709"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575835"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577841"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577982"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578046"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578090"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577834"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577908"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578040"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578084"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578105"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578099"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589239"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589395"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589379"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589494"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589581"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589851"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590007"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591396"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591558"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2594660">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595030">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596822">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597260">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597574">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597701">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597974"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597876">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598003">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598276"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -217,41 +217,41 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602626"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602996"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602707">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602766">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603077">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603137">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602915">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2602920">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602932">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602949">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603285">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603302">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603319">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603147">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603449">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603319">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603553">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606462">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606901">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608789">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608798">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608004">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608035">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608112">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608138">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609111">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608203">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608213">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608237">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608268">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608413">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608440">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609345">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>

12918
contrib/bind9/doc/arm/Bv9ARM.pdf
View File

File diff suppressed because one or more lines are too long

8
contrib/bind9/doc/arm/man.arpaname.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.arpaname.html,v 1.33.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.arpaname.html,v 1.33.8.11 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,20 +50,20 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616630"></a><h2>DESCRIPTION</h2>
<a name="id2648201"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616645"></a><h2>SEE ALSO</h2>
<a name="id2648216"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616659"></a><h2>AUTHOR</h2>
<a name="id2648230"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
contrib/bind9/doc/arm/man.ddns-confgen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.ddns-confgen.html,v 1.69.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.ddns-confgen.html,v 1.69.8.11 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2645803"></a><h2>DESCRIPTION</h2>
<a name="id2644606"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">ddns-confgen</strong></span>
generates a key for use by <span><strong class="command">nsupdate</strong></span>
and <span><strong class="command">named</strong></span>. It simplifies configuration
@ -77,7 +77,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2645959"></a><h2>OPTIONS</h2>
<a name="id2644762"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@ -144,7 +144,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2646569"></a><h2>SEE ALSO</h2>
<a name="id2645987"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646608"></a><h2>AUTHOR</h2>
<a name="id2648141"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

20
contrib/bind9/doc/arm/man.dig.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dig.html,v 1.162.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.dig.html,v 1.162.8.9 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2609278"></a><h2>DESCRIPTION</h2>
<a name="id2609512"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -98,7 +98,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609373"></a><h2>SIMPLE USAGE</h2>
<a name="id2609607"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610167"></a><h2>OPTIONS</h2>
<a name="id2610059"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -248,7 +248,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2662324"></a><h2>QUERY OPTIONS</h2>
<a name="id2662694"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -579,7 +579,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663338"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2663708"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -625,7 +625,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663424"></a><h2>IDN SUPPORT</h2>
<a name="id2663794"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -639,14 +639,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663452"></a><h2>FILES</h2>
<a name="id2663822"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663474"></a><h2>SEE ALSO</h2>
<a name="id2663912"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -654,7 +654,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663579"></a><h2>BUGS</h2>
<a name="id2663949"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

16
contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.74.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.74.8.9 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,14 +51,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2611192"></a><h2>DESCRIPTION</h2>
<a name="id2611562"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611411"></a><h2>OPTIONS</h2>
<a name="id2611576"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -119,7 +119,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2611600"></a><h2>EXAMPLE</h2>
<a name="id2611765"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -134,7 +134,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612114"></a><h2>FILES</h2>
<a name="id2611801"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -148,13 +148,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612155"></a><h2>CAVEAT</h2>
<a name="id2612184"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612165"></a><h2>SEE ALSO</h2>
<a name="id2612194"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -164,7 +164,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612204"></a><h2>AUTHOR</h2>
<a name="id2612233"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.110.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.110.8.10 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2612785"></a><h2>DESCRIPTION</h2>
<a name="id2613155"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -63,7 +63,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612805"></a><h2>OPTIONS</h2>
<a name="id2613175"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -182,7 +182,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613241"></a><h2>TIMING OPTIONS</h2>
<a name="id2615181"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -229,7 +229,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615114"></a><h2>GENERATED KEY FILES</h2>
<a name="id2666480"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -268,7 +268,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666203"></a><h2>SEE ALSO</h2>
<a name="id2666573"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -276,7 +276,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666236"></a><h2>AUTHOR</h2>
<a name="id2666606"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/arm/man.dnssec-keygen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keygen.html,v 1.179.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.dnssec-keygen.html,v 1.179.8.10 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614215"></a><h2>DESCRIPTION</h2>
<a name="id2614380"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614235"></a><h2>OPTIONS</h2>
<a name="id2614401"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -266,7 +266,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2667657"></a><h2>TIMING OPTIONS</h2>
<a name="id2667754"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -337,7 +337,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2667847"></a><h2>GENERATED KEYS</h2>
<a name="id2667944"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -383,7 +383,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667955"></a><h2>EXAMPLE</h2>
<a name="id2668052"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -404,7 +404,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668080"></a><h2>SEE ALSO</h2>
<a name="id2668245"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -413,7 +413,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668110"></a><h2>AUTHOR</h2>
<a name="id2668276"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
contrib/bind9/doc/arm/man.dnssec-revoke.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-revoke.html,v 1.62.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.dnssec-revoke.html,v 1.62.8.10 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614277"></a><h2>DESCRIPTION</h2>
<a name="id2614715"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614291"></a><h2>OPTIONS</h2>
<a name="id2614729"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -91,14 +91,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614398"></a><h2>SEE ALSO</h2>
<a name="id2614837"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614423"></a><h2>AUTHOR</h2>
<a name="id2614861"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

18
contrib/bind9/doc/arm/man.dnssec-settime.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-settime.html,v 1.58.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.dnssec-settime.html,v 1.58.8.11 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614556"></a><h2>DESCRIPTION</h2>
<a name="id2615479"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -75,7 +75,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614615"></a><h2>OPTIONS</h2>
<a name="id2615538"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -84,7 +84,9 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
set to the present time.
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -106,7 +108,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615323"></a><h2>TIMING OPTIONS</h2>
<a name="id2615632"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -185,7 +187,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615598"></a><h2>PRINTING OPTIONS</h2>
<a name="id2616453"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -211,7 +213,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615678"></a><h2>SEE ALSO</h2>
<a name="id2616533"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -219,7 +221,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615712"></a><h2>AUTHOR</h2>
<a name="id2616566"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.dnssec-signzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-signzone.html,v 1.179.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.dnssec-signzone.html,v 1.179.8.11 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616507"></a><h2>DESCRIPTION</h2>
<a name="id2617358"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617346"></a><h2>OPTIONS</h2>
<a name="id2617378"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -397,7 +397,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2671803"></a><h2>EXAMPLE</h2>
<a name="id2672040"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -427,14 +427,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2671882"></a><h2>SEE ALSO</h2>
<a name="id2672119"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2671907"></a><h2>AUTHOR</h2>
<a name="id2672144"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.genrandom.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.genrandom.html,v 1.34.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.genrandom.html,v 1.34.8.12 2011-08-09 01:52:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2649447"></a><h2>DESCRIPTION</h2>
<a name="id2615898"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2649462"></a><h2>ARGUMENTS</h2>
<a name="id2648272"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@ -70,21 +70,21 @@
<dd><p>
The size of the file, in kilobytes, to generate.
</p></dd>
<dt><span class="term">domain</span></dt>
<dt><span class="term">filename</span></dt>
<dd><p>
The file name into which random data should be written.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2649523"></a><h2>SEE ALSO</h2>
<a name="id2648332"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2649549"></a><h2>AUTHOR</h2>
<a name="id2648427"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
contrib/bind9/doc/arm/man.host.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.host.html,v 1.160.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
<!-- $Id: man.host.html,v 1.160.8.9 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2610368"></a><h2>DESCRIPTION</h2>
<a name="id2610601"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -202,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610882"></a><h2>IDN SUPPORT</h2>
<a name="id2611184"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -216,12 +216,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610910"></a><h2>FILES</h2>
<a name="id2611212"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610924"></a><h2>SEE ALSO</h2>
<a name="id2611226"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

10
contrib/bind9/doc/arm/man.isc-hmac-fixup.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.isc-hmac-fixup.html,v 1.31.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.isc-hmac-fixup.html,v 1.31.8.12 2011-08-09 01:52:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2650556"></a><h2>DESCRIPTION</h2>
<a name="id2648612"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650584"></a><h2>SECURITY CONSIDERATIONS</h2>
<a name="id2648640"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@ -87,14 +87,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650600"></a><h2>SEE ALSO</h2>
<a name="id2648656"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650617"></a><h2>AUTHOR</h2>
<a name="id2648673"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.named-checkconf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkconf.html,v 1.174.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.named-checkconf.html,v 1.174.8.11 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617782"></a><h2>DESCRIPTION</h2>
<a name="id2618224"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617852"></a><h2>OPTIONS</h2>
<a name="id2618294"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -109,21 +109,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617987"></a><h2>RETURN VALUES</h2>
<a name="id2618428"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618001"></a><h2>SEE ALSO</h2>
<a name="id2618579"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618030"></a><h2>AUTHOR</h2>
<a name="id2618609"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.named-checkzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkzone.html,v 1.183.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.named-checkzone.html,v 1.183.8.11 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619464"></a><h2>DESCRIPTION</h2>
<a name="id2632057"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619514"></a><h2>OPTIONS</h2>
<a name="id2632107"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -265,14 +265,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2672646"></a><h2>RETURN VALUES</h2>
<a name="id2673019"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672660"></a><h2>SEE ALSO</h2>
<a name="id2673033"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -280,7 +280,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672693"></a><h2>AUTHOR</h2>
<a name="id2673066"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
contrib/bind9/doc/arm/man.named-journalprint.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-journalprint.html,v 1.33.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.named-journalprint.html,v 1.33.8.11 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613314"></a><h2>DESCRIPTION</h2>
<a name="id2613550"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2638550"></a><h2>SEE ALSO</h2>
<a name="id2635032"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2638581"></a><h2>AUTHOR</h2>
<a name="id2635063"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/arm/man.named.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named.html,v 1.185.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.named.html,v 1.185.8.11 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2638058"></a><h2>DESCRIPTION</h2>
<a name="id2632834"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2638089"></a><h2>OPTIONS</h2>
<a name="id2632933"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -246,7 +246,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2640076"></a><h2>SIGNALS</h2>
<a name="id2639904"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -267,7 +267,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640126"></a><h2>CONFIGURATION</h2>
<a name="id2674906"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -284,7 +284,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674514"></a><h2>FILES</h2>
<a name="id2674955"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -297,7 +297,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674694"></a><h2>SEE ALSO</h2>
<a name="id2675067"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -310,7 +310,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674764"></a><h2>AUTHOR</h2>
<a name="id2675138"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
contrib/bind9/doc/arm/man.nsec3hash.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.nsec3hash.html,v 1.34.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.nsec3hash.html,v 1.34.8.12 2011-08-09 01:52:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2651073"></a><h2>DESCRIPTION</h2>
<a name="id2616633"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2651088"></a><h2>ARGUMENTS</h2>
<a name="id2616648"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@ -80,14 +80,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2651149"></a><h2>SEE ALSO</h2>
<a name="id2648795"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2651166"></a><h2>AUTHOR</h2>
<a name="id2648812"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
contrib/bind9/doc/arm/man.nsupdate.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.nsupdate.html,v 1.110.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.nsupdate.html,v 1.110.8.11 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2638810"></a><h2>DESCRIPTION</h2>
<a name="id2635224"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2639349"></a><h2>INPUT FORMAT</h2>
<a name="id2638766"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -498,7 +498,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677944"></a><h2>EXAMPLES</h2>
<a name="id2678249"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -552,7 +552,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678062"></a><h2>FILES</h2>
<a name="id2678299"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -575,7 +575,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2678146"></a><h2>SEE ALSO</h2>
<a name="id2678382"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@ -590,7 +590,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678203"></a><h2>BUGS</h2>
<a name="id2678440"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

12
contrib/bind9/doc/arm/man.rndc-confgen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc-confgen.html,v 1.189.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.rndc-confgen.html,v 1.189.8.11 2011-08-03 02:35:09 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2641044"></a><h2>DESCRIPTION</h2>
<a name="id2642305"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2641110"></a><h2>OPTIONS</h2>
<a name="id2642439"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -173,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642384"></a><h2>EXAMPLES</h2>
<a name="id2643098"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -190,7 +190,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642440"></a><h2>SEE ALSO</h2>
<a name="id2648548"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -198,7 +198,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2649715"></a><h2>AUTHOR</h2>
<a name="id2648586"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.rndc.conf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.conf.html,v 1.190.8.1.2.1 2011-06-09 03:41:11 tbox Exp $ -->
<!-- $Id: man.rndc.conf.html,v 1.190.8.11 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2640419"></a><h2>DESCRIPTION</h2>
<a name="id2614578"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640590"></a><h2>EXAMPLE</h2>
<a name="id2640759"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640780"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2641358"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640806"></a><h2>SEE ALSO</h2>
<a name="id2641384"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640844"></a><h2>AUTHOR</h2>
<a name="id2641422"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.rndc.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.188.8.1.2.1 2011-06-09 03:41:10 tbox Exp $ -->
<!-- $Id: man.rndc.html,v 1.188.8.11 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2639501"></a><h2>DESCRIPTION</h2>
<a name="id2640011"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2639552"></a><h2>OPTIONS</h2>
<a name="id2640061"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640254"></a><h2>LIMITATIONS</h2>
<a name="id2640355"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640285"></a><h2>SEE ALSO</h2>
<a name="id2640386"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -175,7 +175,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640341"></a><h2>AUTHOR</h2>
<a name="id2640578"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
contrib/bind9/doc/misc/options
View File

@ -113,7 +113,7 @@ options {
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-lookaside ( <string> trust-anchor <string> | auto );
dnssec-must-be-secure <string> <boolean>;
dnssec-secure-to-insecure <boolean>;
dnssec-validation ( yes | no | auto );
@ -332,7 +332,7 @@ view <string> <optional_class> {
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-lookaside ( <string> trust-anchor <string> | auto );
dnssec-must-be-secure <string> <boolean>;
dnssec-secure-to-insecure <boolean>;
dnssec-validation ( yes | no | auto );
@ -459,7 +459,7 @@ view <string> <optional_class> {
<integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
auto-dnssec ( allow | maintain | create | off );
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
@ -547,7 +547,7 @@ zone <string> <optional_class> {
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
auto-dnssec ( allow | maintain | create | off );
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );

2
contrib/bind9/lib/bind9/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 80
LIBREVISION = 1
LIBREVISION = 3
LIBAGE = 0

79
contrib/bind9/lib/bind9/check.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.125 2011-01-07 23:47:07 tbox Exp $ */
/* $Id: check.c,v 1.125.14.6 2011-06-17 07:04:31 each Exp $ */
/*! \file */
@ -1999,7 +1999,7 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed,
const char *keystr, *keynamestr;
dns_fixedname_t fkeyname;
dns_name_t *keyname;
isc_buffer_t keydatabuf;
isc_buffer_t b;
isc_region_t r;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
@ -2009,9 +2009,20 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed,
flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
dns_fixedname_init(&fkeyname);
keyname = dns_fixedname_name(&fkeyname);
keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
isc_buffer_init(&b, keynamestr, strlen(keynamestr));
isc_buffer_add(&b, strlen(keynamestr));
result = dns_name_fromtext(keyname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(key, logctx, ISC_LOG_WARNING, "bad key name: %s\n",
isc_result_totext(result));
result = ISC_R_FAILURE;
}
if (flags > 0xffff) {
cfg_obj_log(key, logctx, ISC_LOG_WARNING,
"flags too big: %u\n", flags);
@ -2041,17 +2052,17 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed,
}
}
isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
isc_buffer_init(&b, keydata, sizeof(keydata));
keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
tresult = isc_base64_decodestring(keystr, &keydatabuf);
tresult = isc_base64_decodestring(keystr, &b);
if (tresult != ISC_R_SUCCESS) {
cfg_obj_log(key, logctx, ISC_LOG_ERROR,
"%s", isc_result_totext(tresult));
result = ISC_R_FAILURE;
} else {
isc_buffer_usedregion(&keydatabuf, &r);
isc_buffer_usedregion(&b, &r);
if ((alg == DST_ALG_RSASHA1 || alg == DST_ALG_RSAMD5) &&
r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
@ -2075,9 +2086,16 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
isc_symtab_t *symtab = NULL;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult = ISC_R_SUCCESS;
cfg_aclconfctx_t actx;
cfg_aclconfctx_t *actx = NULL;
const cfg_obj_t *obj;
const cfg_obj_t *options = NULL;
isc_boolean_t enablednssec, enablevalidation;
const char *valstr = "no";
/*
* Get global options block
*/
(void)cfg_map_get(config, "options", &options);
/*
* Check that all zone statements are syntactically correct and
@ -2088,7 +2106,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
return (ISC_R_NOMEMORY);
cfg_aclconfctx_init(&actx);
cfg_aclconfctx_create(mctx, &actx);
if (voptions != NULL)
(void)cfg_map_get(voptions, "zone", &zones);
@ -2103,7 +2121,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
const cfg_obj_t *zone = cfg_listelt_value(element);
tresult = check_zoneconf(zone, voptions, config, symtab,
vclass, &actx, logctx, mctx);
vclass, actx, logctx, mctx);
if (tresult != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
}
@ -2114,8 +2132,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
* Check that forwarding is reasonable.
*/
if (voptions == NULL) {
const cfg_obj_t *options = NULL;
(void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_forward(options, NULL,
logctx) != ISC_R_SUCCESS)
@ -2129,8 +2145,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
* Check that dual-stack-servers is reasonable.
*/
if (voptions == NULL) {
const cfg_obj_t *options = NULL;
(void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_dual_stack(options, logctx) != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
@ -2191,8 +2205,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
obj = NULL;
if (voptions != NULL)
(void)cfg_map_get(voptions, "dnssec-enable", &obj);
if (obj == NULL)
(void)cfg_map_get(config, "dnssec-enable", &obj);
if (obj == NULL && options != NULL)
(void)cfg_map_get(options, "dnssec-enable", &obj);
if (obj == NULL)
enablednssec = ISC_TRUE;
else
@ -2201,16 +2215,23 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
obj = NULL;
if (voptions != NULL)
(void)cfg_map_get(voptions, "dnssec-validation", &obj);
if (obj == NULL)
(void)cfg_map_get(config, "dnssec-validation", &obj);
if (obj == NULL)
enablevalidation = ISC_FALSE; /* XXXMPA Change for 9.5. */
else
if (obj == NULL && options != NULL)
(void)cfg_map_get(options, "dnssec-validation", &obj);
if (obj == NULL) {
enablevalidation = enablednssec;
valstr = "yes";
} else if (cfg_obj_isboolean(obj)) {
enablevalidation = cfg_obj_asboolean(obj);
valstr = enablevalidation ? "yes" : "no";
} else {
enablevalidation = ISC_TRUE;
valstr = "auto";
}
if (enablevalidation && !enablednssec)
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"'dnssec-validation yes;' and 'dnssec-enable no;'");
"'dnssec-validation %s;' and 'dnssec-enable no;'",
valstr);
/*
* Check trusted-keys and managed-keys.
@ -2266,25 +2287,25 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
result = tresult;
tresult = check_viewacls(&actx, voptions, config, logctx, mctx);
tresult = check_viewacls(actx, voptions, config, logctx, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
tresult = check_recursionacls(&actx, voptions, viewname,
tresult = check_recursionacls(actx, voptions, viewname,
config, logctx, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
tresult = check_filteraaaa(&actx, voptions, viewname, config,
tresult = check_filteraaaa(actx, voptions, viewname, config,
logctx, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
tresult = check_dns64(&actx, voptions, config, logctx, mctx);
tresult = check_dns64(actx, voptions, config, logctx, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
cfg_aclconfctx_clear(&actx);
cfg_aclconfctx_detach(&actx);
return (result);
}
@ -2441,7 +2462,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,
isc_mem_t *mctx)
{
isc_result_t result = ISC_R_SUCCESS, tresult;
cfg_aclconfctx_t actx;
cfg_aclconfctx_t *actx = NULL;
const cfg_listelt_t *element, *element2;
const cfg_obj_t *allow;
const cfg_obj_t *control;
@ -2462,7 +2483,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,
(void)cfg_map_get(config, "key", &keylist);
cfg_aclconfctx_init(&actx);
cfg_aclconfctx_create(mctx, &actx);
/*
* INET: Check allow clause.
@ -2482,7 +2503,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,
control = cfg_listelt_value(element2);
allow = cfg_tuple_get(control, "allow");
tresult = cfg_acl_fromconfig(allow, config, logctx,
&actx, mctx, 0, &acl);
actx, mctx, 0, &acl);
if (acl != NULL)
dns_acl_detach(&acl);
if (tresult != ISC_R_SUCCESS)
@ -2529,7 +2550,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,
result = tresult;
}
}
cfg_aclconfctx_clear(&actx);
cfg_aclconfctx_detach(&actx);
return (result);
}

6
contrib/bind9/lib/dns/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.176 2011-01-13 01:59:27 marka Exp $
# $Id: Makefile.in,v 1.176.8.2 2011-03-10 04:29:17 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -97,11 +97,13 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \
stats.c tcpmsg.c time.c timer.c tkey.c \
tsec.c tsig.c ttl.c validator.c \
version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS}
SRCS = ${DSTSRCS} ${DNSSRCS}
SUBDIRS = include
SUBDIRS = include
TARGETS = include/dns/enumtype.h include/dns/enumclass.h \
include/dns/rdatastruct.h timestamp
TESTDIRS = @UNITTESTS@
DEPENDEXTRA = ./gen -F include/dns/rdatastruct.h \
-s ${srcdir} -d >> Makefile ;

13
contrib/bind9/lib/dns/acl.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: acl.c,v 1.53 2009-01-17 23:47:42 tbox Exp $ */
/* $Id: acl.c,v 1.53.426.2 2011-06-17 23:47:11 tbox Exp $ */
/*! \file */
@ -99,6 +99,7 @@ static isc_result_t
dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) {
isc_result_t result;
dns_acl_t *acl = NULL;
result = dns_acl_create(mctx, 0, &acl);
if (result != ISC_R_SUCCESS)
return (result);
@ -341,7 +342,6 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos)
}
}
/*
* Merge the iptables. Make sure the destination ACL's
* node_count value is set correctly afterward.
@ -439,6 +439,7 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr,
void
dns_acl_attach(dns_acl_t *source, dns_acl_t **target) {
REQUIRE(DNS_ACL_VALID(source));
isc_refcount_increment(&source->refcount, NULL);
*target = source;
}
@ -446,6 +447,9 @@ dns_acl_attach(dns_acl_t *source, dns_acl_t **target) {
static void
destroy(dns_acl_t *dacl) {
unsigned int i;
INSIST(!ISC_LINK_LINKED(dacl, nextincache));
for (i = 0; i < dacl->length; i++) {
dns_aclelement_t *de = &dacl->elements[i];
if (de->type == dns_aclelementtype_keyname) {
@ -470,7 +474,9 @@ void
dns_acl_detach(dns_acl_t **aclp) {
dns_acl_t *acl = *aclp;
unsigned int refs;
REQUIRE(DNS_ACL_VALID(acl));
isc_refcount_decrement(&acl->refcount, &refs);
if (refs == 0)
destroy(acl);
@ -590,6 +596,7 @@ dns_acl_isinsecure(const dns_acl_t *a) {
isc_result_t
dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
isc_result_t result;
env->localhost = NULL;
env->localnets = NULL;
result = dns_acl_create(mctx, 0, &env->localhost);

13
contrib/bind9/lib/dns/adb.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: adb.c,v 1.254 2010-12-21 23:47:08 tbox Exp $ */
/* $Id: adb.c,v 1.254.14.4 2011-03-13 03:36:47 marka Exp $ */
/*! \file
*
@ -910,6 +910,8 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
if (rdataset->trust == dns_trust_glue ||
rdataset->trust == dns_trust_additional)
rdataset->ttl = ADB_CACHE_MINIMUM;
else if (rdataset->trust == dns_trust_ultimate)
rdataset->ttl = 0;
else
rdataset->ttl = ttlclamp(rdataset->ttl);
@ -2195,7 +2197,6 @@ check_expire_name(dns_adbname_t **namep, isc_stdtime_t now) {
static void
check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) {
int victims, max_victims;
isc_boolean_t result;
dns_adbname_t *victim, *next_victim;
isc_boolean_t overmem = isc_mem_isovermem(adb->mctx);
int scans = 0;
@ -2217,7 +2218,7 @@ check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) {
INSIST(!NAME_DEAD(victim));
scans++;
next_victim = ISC_LIST_PREV(victim, plink);
result = check_expire_name(&victim, now);
(void)check_expire_name(&victim, now);
if (victim == NULL) {
victims++;
goto next;
@ -2762,6 +2763,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
REQUIRE((options & DNS_ADBFIND_ADDRESSMASK) != 0);
result = ISC_R_UNEXPECTED;
POST(result);
wanted_addresses = (options & DNS_ADBFIND_ADDRESSMASK);
wanted_fetches = 0;
query_pending = 0;
@ -2813,6 +2815,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
*/
bucket = DNS_ADB_INVALIDBUCKET;
adbname = find_name_and_lock(adb, name, find->options, &bucket);
INSIST(bucket != DNS_ADB_INVALIDBUCKET);
if (adb->name_sd[bucket]) {
DP(DEF_LEVEL,
"dns_adb_createfind: returning ISC_R_SHUTTINGDOWN");
@ -3167,6 +3170,7 @@ dns_adb_cancelfind(dns_adbfind_t *find) {
}
UNLOCK(&adb->namelocks[unlock_bucket]);
bucket = DNS_ADB_INVALIDBUCKET;
POST(bucket);
cleanup:
@ -3945,6 +3949,7 @@ dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa,
result = ISC_R_SUCCESS;
bucket = DNS_ADB_INVALIDBUCKET;
entry = find_entry_and_lock(adb, sa, &bucket, now);
INSIST(bucket != DNS_ADB_INVALIDBUCKET);
if (adb->entry_sd[bucket]) {
result = ISC_R_SHUTTINGDOWN;
goto unlock;

6
contrib/bind9/lib/dns/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 82
LIBREVISION = 3
LIBAGE = 1
LIBINTERFACE = 84
LIBREVISION = 1
LIBAGE = 3

101
contrib/bind9/lib/dns/cache.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: cache.c,v 1.87 2009-11-12 23:43:02 each Exp $ */
/* $Id: cache.c,v 1.87.262.2 2011-03-03 23:47:09 tbox Exp $ */
/*! \file */
@ -40,6 +40,8 @@
#include <dns/rdatasetiter.h>
#include <dns/result.h>
#include "rbtdb.h"
#define CACHE_MAGIC ISC_MAGIC('$', '$', '$', '$')
#define VALID_CACHE(cache) ISC_MAGIC_VALID(cache, CACHE_MAGIC)
@ -121,7 +123,8 @@ struct dns_cache {
unsigned int magic;
isc_mutex_t lock;
isc_mutex_t filelock;
isc_mem_t *mctx;
isc_mem_t *mctx; /* Main cache memory */
isc_mem_t *hmctx; /* Heap memory */
char *name;
/* Locked by 'lock'. */
@ -168,41 +171,54 @@ cache_create_db(dns_cache_t *cache, dns_db_t **db) {
}
isc_result_t
dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
dns_cache_create(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr,
isc_timermgr_t *timermgr, dns_rdataclass_t rdclass,
const char *db_type, unsigned int db_argc, char **db_argv,
dns_cache_t **cachep)
{
return (dns_cache_create2(mctx, taskmgr, timermgr, rdclass, "",
return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass, "",
db_type, db_argc, db_argv, cachep));
}
isc_result_t
dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
dns_cache_create2(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr,
isc_timermgr_t *timermgr, dns_rdataclass_t rdclass,
const char *cachename, const char *db_type,
unsigned int db_argc, char **db_argv, dns_cache_t **cachep)
{
return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass,
cachename, db_type, db_argc, db_argv,
cachep));
}
isc_result_t
dns_cache_create3(isc_mem_t *cmctx, isc_mem_t *hmctx, isc_taskmgr_t *taskmgr,
isc_timermgr_t *timermgr, dns_rdataclass_t rdclass,
const char *cachename, const char *db_type,
unsigned int db_argc, char **db_argv, dns_cache_t **cachep)
{
isc_result_t result;
dns_cache_t *cache;
int i;
int i, extra = 0;
isc_task_t *dbtask;
REQUIRE(cachep != NULL);
REQUIRE(*cachep == NULL);
REQUIRE(mctx != NULL);
REQUIRE(cmctx != NULL);
REQUIRE(hmctx != NULL);
REQUIRE(cachename != NULL);
cache = isc_mem_get(mctx, sizeof(*cache));
cache = isc_mem_get(cmctx, sizeof(*cache));
if (cache == NULL)
return (ISC_R_NOMEMORY);
cache->mctx = NULL;
isc_mem_attach(mctx, &cache->mctx);
cache->mctx = cache->hmctx = NULL;
isc_mem_attach(cmctx, &cache->mctx);
isc_mem_attach(hmctx, &cache->hmctx);
cache->name = NULL;
if (cachename != NULL) {
cache->name = isc_mem_strdup(mctx, cachename);
cache->name = isc_mem_strdup(cmctx, cachename);
if (cache->name == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mem;
@ -221,26 +237,38 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
cache->live_tasks = 0;
cache->rdclass = rdclass;
cache->db_type = isc_mem_strdup(mctx, db_type);
cache->db_type = isc_mem_strdup(cmctx, db_type);
if (cache->db_type == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_filelock;
}
cache->db_argc = db_argc;
if (cache->db_argc == 0)
cache->db_argv = NULL;
else {
cache->db_argv = isc_mem_get(mctx,
/*
* For databases of type "rbt" we pass hmctx to dns_db_create()
* via cache->db_argv, followed by the rest of the arguments in
* db_argv (of which there really shouldn't be any).
*/
if (strcmp(cache->db_type, "rbt") == 0)
extra = 1;
cache->db_argc = db_argc + extra;
cache->db_argv = NULL;
if (cache->db_argc != 0) {
cache->db_argv = isc_mem_get(cmctx,
cache->db_argc * sizeof(char *));
if (cache->db_argv == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_dbtype;
}
for (i = 0; i < cache->db_argc; i++)
cache->db_argv[i] = NULL;
for (i = 0; i < cache->db_argc; i++) {
cache->db_argv[i] = isc_mem_strdup(mctx, db_argv[i]);
cache->db_argv[0] = (char *) hmctx;
for (i = extra; i < cache->db_argc; i++) {
cache->db_argv[i] = isc_mem_strdup(cmctx,
db_argv[i - extra]);
if (cache->db_argv[i] == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_dbargv;
@ -248,6 +276,9 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
}
}
/*
* Create the database
*/
cache->db = NULL;
result = cache_create_db(cache, &cache->db);
if (result != ISC_R_SUCCESS)
@ -284,29 +315,28 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
cleanup_db:
dns_db_detach(&cache->db);
cleanup_dbargv:
for (i = 0; i < cache->db_argc; i++)
for (i = extra; i < cache->db_argc; i++)
if (cache->db_argv[i] != NULL)
isc_mem_free(mctx, cache->db_argv[i]);
isc_mem_free(cmctx, cache->db_argv[i]);
if (cache->db_argv != NULL)
isc_mem_put(mctx, cache->db_argv,
isc_mem_put(cmctx, cache->db_argv,
cache->db_argc * sizeof(char *));
cleanup_dbtype:
isc_mem_free(mctx, cache->db_type);
isc_mem_free(cmctx, cache->db_type);
cleanup_filelock:
DESTROYLOCK(&cache->filelock);
cleanup_lock:
DESTROYLOCK(&cache->lock);
cleanup_mem:
if (cache->name != NULL)
isc_mem_free(mctx, cache->name);
isc_mem_put(mctx, cache, sizeof(*cache));
isc_mem_detach(&mctx);
isc_mem_free(cmctx, cache->name);
isc_mem_detach(&cache->hmctx);
isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache));
return (result);
}
static void
cache_free(dns_cache_t *cache) {
isc_mem_t *mctx;
int i;
REQUIRE(VALID_CACHE(cache));
@ -337,7 +367,14 @@ cache_free(dns_cache_t *cache) {
dns_db_detach(&cache->db);
if (cache->db_argv != NULL) {
for (i = 0; i < cache->db_argc; i++)
/*
* We don't free db_argv[0] in "rbt" cache databases
* as it's a pointer to hmctx
*/
int extra = 0;
if (strcmp(cache->db_type, "rbt") == 0)
extra = 1;
for (i = extra; i < cache->db_argc; i++)
if (cache->db_argv[i] != NULL)
isc_mem_free(cache->mctx, cache->db_argv[i]);
isc_mem_put(cache->mctx, cache->db_argv,
@ -352,10 +389,10 @@ cache_free(dns_cache_t *cache) {
DESTROYLOCK(&cache->lock);
DESTROYLOCK(&cache->filelock);
cache->magic = 0;
mctx = cache->mctx;
isc_mem_put(cache->mctx, cache, sizeof(*cache));
isc_mem_detach(&mctx);
isc_mem_detach(&cache->hmctx);
isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache));
}

12
contrib/bind9/lib/dns/client.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.12 2010-12-03 12:03:22 marka Exp $ */
/* $Id: client.c,v 1.12.24.2 2011-03-12 04:59:16 tbox Exp $ */
#include <config.h>
@ -721,7 +721,7 @@ view_find(resctx_t *rctx, dns_db_t **dbp, dns_dbnode_t **nodep,
static void
client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
isc_mem_t *mctx;
isc_result_t result, tresult;
isc_result_t tresult, result = ISC_R_SUCCESS;
isc_result_t vresult = ISC_R_SUCCESS;
isc_boolean_t want_restart;
isc_boolean_t send_event = ISC_FALSE;
@ -741,7 +741,6 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
mctx = rctx->view->mctx;
result = ISC_R_SUCCESS;
name = dns_fixedname_name(&rctx->name);
do {
@ -782,6 +781,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
goto done;
}
} else {
INSIST(event != NULL);
INSIST(event->fetch == rctx->fetch);
dns_resolver_destroyfetch(&rctx->fetch);
db = event->db;
@ -965,6 +965,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
&rctx->rdataset);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
POST(result);
break;
}
}
@ -976,6 +977,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
* implementation).
*/
result = DNS_R_SERVFAIL; /* better code? */
POST(result);
} else {
ISC_LIST_APPEND(rctx->namelist, ansname, link);
ansname = NULL;
@ -2131,6 +2133,7 @@ receive_soa(isc_task_t *task, isc_event_t *event) {
reqev = (dns_requestevent_t *)event;
request = reqev->request;
result = eresult = reqev->result;
POST(result);
uctx = reqev->ev_arg;
client = uctx->client;
soaquery = uctx->soaquery;
@ -2177,6 +2180,7 @@ receive_soa(isc_task_t *task, isc_event_t *event) {
}
section = DNS_SECTION_ANSWER;
POST(section);
if (rcvmsg->rcode != dns_rcode_noerror &&
rcvmsg->rcode != dns_rcode_nxdomain) {

18
contrib/bind9/lib/dns/diff.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: diff.c,v 1.23 2009-12-01 00:47:09 each Exp $ */
/* $Id: diff.c,v 1.23.248.3 2011-03-25 23:53:52 each Exp $ */
/*! \file */
@ -264,7 +264,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
dns_rdataset_t rds;
dns_rdataset_t ardataset;
dns_rdataset_t *modified = NULL;
isc_boolean_t offline;
op = t->op;
type = t->rdata.type;
@ -301,7 +300,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
CHECK(dns_db_findnsec3node(db, name, ISC_TRUE,
&node));
offline = ISC_FALSE;
while (t != NULL &&
dns_name_equal(&t->name, name) &&
t->op == op &&
@ -323,8 +321,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
namebuf, typebuf, classbuf,
(unsigned long) t->ttl,
(unsigned long) rdl.ttl);
if (t->rdata.flags & DNS_RDATA_OFFLINE)
offline = ISC_TRUE;
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
@ -377,6 +373,15 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
diff->resign);
dns_db_setsigningtime(db, modified,
resign);
if (diff->resign == 0 &&
(op == DNS_DIFFOP_ADDRESIGN ||
op == DNS_DIFFOP_DELRESIGN))
isc_log_write(
DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"resign requested "
"with 0 resign "
"interval");
}
} else if (result == DNS_R_UNCHANGED) {
/*
@ -528,7 +533,6 @@ dns_diff_sort(dns_diff_t *diff, dns_diff_compare_func *compare) {
v = isc_mem_get(diff->mctx, length * sizeof(dns_difftuple_t *));
if (v == NULL)
return (ISC_R_NOMEMORY);
i = 0;
for (i = 0; i < length; i++) {
p = ISC_LIST_HEAD(diff->tuples);
v[i] = p;

14
contrib/bind9/lib/dns/dispatch.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dispatch.c,v 1.168.248.1.2.1 2011-06-02 23:47:34 tbox Exp $ */
/* $Id: dispatch.c,v 1.168.248.4 2011-04-06 10:30:08 marka Exp $ */
/*! \file */
@ -913,6 +913,12 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
}
portentry->refs++;
break;
} else if (result == ISC_R_NOPERM) {
char buf[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&localaddr, buf, sizeof(buf));
dispatch_log(disp, ISC_LOG_WARNING,
"open_socket(%s) -> %s: continuing",
buf, isc_result_totext(result));
} else if (result != ISC_R_ADDRINUSE)
break;
}
@ -1295,7 +1301,6 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
* Look at flags. If query, drop it. If response,
* look to see where it goes.
*/
queue_response = ISC_FALSE;
if ((flags & DNS_MESSAGEFLAG_QR) == 0) {
/* query */
free_buffer(disp, ev->region.base, ev->region.length);
@ -1554,7 +1559,6 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) {
* Look at flags. If query, drop it. If response,
* look to see where it goes.
*/
queue_response = ISC_FALSE;
if ((flags & DNS_MESSAGEFLAG_QR) == 0) {
/*
* Query.
@ -2373,9 +2377,9 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
qid->sock_table = isc_mem_get(mgr->mctx, buckets *
sizeof(dispsocketlist_t));
if (qid->sock_table == NULL) {
isc_mem_put(mgr->mctx, qid, sizeof(*qid));
isc_mem_put(mgr->mctx, qid->qid_table,
buckets * sizeof(dns_displist_t));
isc_mem_put(mgr->mctx, qid, sizeof(*qid));
return (ISC_R_NOMEMORY);
}
}
@ -2985,7 +2989,6 @@ dns_dispatch_detach(dns_dispatch_t **dispp) {
INSIST(disp->refcount > 0);
disp->refcount--;
killit = ISC_FALSE;
if (disp->refcount == 0) {
if (disp->recv_pending > 0)
isc_socket_cancel(disp->socket, disp->task[0],
@ -3258,7 +3261,6 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
disp->requests--;
INSIST(disp->refcount > 0);
disp->refcount--;
killit = ISC_FALSE;
if (disp->refcount == 0) {
if (disp->recv_pending > 0)
isc_socket_cancel(disp->socket, disp->task[0],

9
contrib/bind9/lib/dns/dlz.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -50,7 +50,7 @@
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dlz.c,v 1.10 2010-12-20 23:47:20 tbox Exp $ */
/* $Id: dlz.c,v 1.10.14.2 2011-03-12 04:59:16 tbox Exp $ */
/*! \file */
@ -535,7 +535,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) {
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
dns_rdataclass_t zclass;
dns_dlzdb_t *dlzdatabase;
REQUIRE(DNS_DLZ_VALID(view->dlzdatabase));
@ -553,8 +552,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) {
goto cleanup;
origin = dns_fixedname_name(&fixorigin);
zclass = view->rdclass;
/* See if the zone already exists */
result = dns_view_findzone(view, origin, &dupzone);
if (result == ISC_R_SUCCESS) {
@ -593,8 +590,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) {
*/
result = dns_view_addzone(view, zone);
result = ISC_R_SUCCESS;
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);

6
contrib/bind9/lib/dns/dns64.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dns64.c,v 1.6 2010-12-09 04:59:09 marka Exp $ */
/* $Id: dns64.c,v 1.6.22.2 2011-03-12 04:59:16 tbox Exp $ */
#include <config.h>
@ -253,6 +253,8 @@ dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
*/
if (dns64->excluded == NULL) {
answer = ISC_TRUE;
if (aaaaok == NULL)
goto done;
for (i = 0; i < aaaaoklen; i++)
aaaaok[i] = ISC_TRUE;
goto done;

48
contrib/bind9/lib/dns/dnssec.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.119 2010-01-13 23:48:59 tbox Exp $
* $Id: dnssec.c,v 1.119.170.4 2011-05-06 21:07:50 each Exp $
*/
/*! \file */
@ -543,9 +543,9 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
}
static isc_boolean_t
key_active(dst_key_t *key) {
key_active(dst_key_t *key, isc_stdtime_t now) {
isc_result_t result;
isc_stdtime_t now, publish, active, revoke, inactive, delete;
isc_stdtime_t publish, active, revoke, inactive, delete;
isc_boolean_t pubset = ISC_FALSE, actset = ISC_FALSE;
isc_boolean_t revset = ISC_FALSE, inactset = ISC_FALSE;
isc_boolean_t delset = ISC_FALSE;
@ -553,6 +553,7 @@ key_active(dst_key_t *key) {
/* Is this an old-style key? */
result = dst_key_getprivateformat(key, &major, &minor);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Smart signing started with key format 1.3; prior to that, all
@ -561,8 +562,6 @@ key_active(dst_key_t *key) {
if (major == 1 && minor <= 2)
return (ISC_TRUE);
isc_stdtime_get(&now);
result = dst_key_gettime(key, DST_TIME_PUBLISH, &publish);
if (result == ISC_R_SUCCESS)
pubset = ISC_TRUE;
@ -610,10 +609,13 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver,
isc_result_t result;
dst_key_t *pubkey = NULL;
unsigned int count = 0;
isc_stdtime_t now;
REQUIRE(nkeys != NULL);
REQUIRE(keys != NULL);
isc_stdtime_get(&now);
*nkeys = 0;
dns_rdataset_init(&rdataset);
RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
@ -692,7 +694,7 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver,
/*
* If a key is marked inactive, skip it
*/
if (!key_active(keys[count])) {
if (!key_active(keys[count], now)) {
dst_key_free(&keys[count]);
keys[count] = pubkey;
pubkey = NULL;
@ -1016,13 +1018,6 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx)
{
dst_key_t *dstkey = NULL;
dns_keytag_t keytag;
dns_rdata_dnskey_t key;
dns_rdata_rrsig_t sig;
dns_rdata_t sigrdata = DNS_RDATA_INIT;
isc_result_t result;
INSIST(rdataset->type == dns_rdatatype_key ||
rdataset->type == dns_rdatatype_dnskey);
if (rdataset->type == dns_rdatatype_key) {
@ -1033,6 +1028,27 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name,
INSIST(sigrdataset->covers == dns_rdatatype_dnskey);
}
return (dns_dnssec_signs(rdata, name, rdataset, sigrdataset,
ignoretime, mctx));
}
isc_boolean_t
dns_dnssec_signs(dns_rdata_t *rdata, dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx)
{
dst_key_t *dstkey = NULL;
dns_keytag_t keytag;
dns_rdata_dnskey_t key;
dns_rdata_rrsig_t sig;
dns_rdata_t sigrdata = DNS_RDATA_INIT;
isc_result_t result;
INSIST(sigrdataset->type == dns_rdatatype_rrsig);
if (sigrdataset->covers != rdataset->type)
return (ISC_FALSE);
result = dns_dnssec_keyfromrdata(name, rdata, mctx, &dstkey);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
@ -1095,6 +1111,7 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,
/* Is this an old-style key? */
result = dst_key_getprivateformat(dk->key, &major, &minor);
INSIST(result == ISC_R_SUCCESS);
/* Smart signing started with key format 1.3 */
dk->legacy = ISC_TF(major == 1 && minor <= 2);
@ -1673,9 +1690,6 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
/* No match found in keys; add the new key. */
if (key2 == NULL) {
dns_dnsseckey_t *next;
next = ISC_LIST_NEXT(key1, link);
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);

3
contrib/bind9/lib/dns/dst_api.c
View File

@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.57 2011-01-11 23:47:13 tbox Exp $
* $Id: dst_api.c,v 1.57.10.1 2011-03-21 19:53:34 each Exp $
*/
/*! \file */
@ -1778,5 +1778,6 @@ dst__entropy_status(void) {
isc_buffer_t *
dst_key_tkeytoken(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return (key->key_tkeytoken);
}

19
contrib/bind9/lib/dns/dst_openssl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_openssl.h,v 1.9 2009-10-06 04:40:14 tbox Exp $ */
/* $Id: dst_openssl.h,v 1.9.302.2 2011-03-12 04:59:16 tbox Exp $ */
#ifndef DST_OPENSSL_H
#define DST_OPENSSL_H 1
@ -23,13 +23,28 @@
#include <isc/lang.h>
#include <isc/result.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/conf.h>
#include <openssl/crypto.h>
#if !defined(OPENSSL_NO_ENGINE) && defined(CRYPTO_LOCK_ENGINE) && \
(OPENSSL_VERSION_NUMBER >= 0x0090707f)
#define USE_ENGINE 1
#endif
ISC_LANG_BEGINDECLS
isc_result_t
dst__openssl_toresult(isc_result_t fallback);
#ifdef USE_ENGINE
ENGINE *
dst__openssl_getengine(const char *engine);
#else
#define dst__openssl_getengine(x) NULL
#endif
ISC_LANG_ENDDECLS

8
contrib/bind9/lib/dns/gssapi_link.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: gssapi_link.c,v 1.16 2011-01-11 23:47:13 tbox Exp $
* $Id: gssapi_link.c,v 1.16.10.1 2011-03-28 05:36:05 marka Exp $
*/
#include <config.h>
@ -181,7 +181,7 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) {
* allocated space.
*/
isc_buffer_putmem(sig, gsig.value, gsig.length);
if (gsig.length != 0)
if (gsig.length != 0U)
gss_release_buffer(&minor, &gsig);
return (ISC_R_SUCCESS);
@ -293,7 +293,7 @@ gssapi_restore(dst_key_t *key, const char *keystr) {
isc_result_t result;
len = strlen(keystr);
if ((len % 4) != 0)
if ((len % 4) != 0U)
return (ISC_R_BADBASE64);
len = (len / 4) * 3;
@ -338,7 +338,7 @@ gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
major, minor);
return (ISC_R_FAILURE);
}
if (gssbuffer.length == 0)
if (gssbuffer.length == 0U)
return (ISC_R_FAILURE);
len = ((gssbuffer.length + 2)/3) * 4;
buf = isc_mem_get(mctx, len);

20
contrib/bind9/lib/dns/gssapictx.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gssapictx.c,v 1.26 2011-01-10 03:49:49 marka Exp $ */
/* $Id: gssapictx.c,v 1.26.12.2 2011-04-07 23:05:01 marka Exp $ */
#include <config.h>
@ -179,7 +179,7 @@ log_cred(const gss_cred_id_t cred) {
}
if (gret == GSS_S_COMPLETE) {
if (gbuffer.length != 0) {
if (gbuffer.length != 0U) {
gret = gss_release_buffer(&minor, &gbuffer);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
@ -604,7 +604,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
/*
* RFC 2744 states the a valid output token has a non-zero length.
*/
if (gouttoken.length != 0) {
if (gouttoken.length != 0U) {
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
@ -650,8 +650,6 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
REQUIRE(outtoken != NULL && *outtoken == NULL);
log_cred(cred);
REGION_TO_GBUFFER(*intoken, gintoken);
if (*ctxout == NULL)
@ -687,6 +685,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
#endif
}
log_cred(cred);
gret = gss_accept_sec_context(&minor, &context, cred, &gintoken,
GSS_C_NO_CHANNEL_BINDINGS, &gname,
NULL, &gouttoken, NULL, NULL, NULL);
@ -719,7 +719,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
return (result);
}
if (gouttoken.length > 0) {
if (gouttoken.length > 0U) {
RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length));
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
@ -741,7 +741,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
* case, since principal names really should not
* contain null characters.
*/
if (gnamebuf.length > 0 &&
if (gnamebuf.length > 0U &&
((char *)gnamebuf.value)[gnamebuf.length - 1] == '\0')
gnamebuf.length--;
@ -755,7 +755,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname,
0, NULL));
if (gnamebuf.length != 0) {
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
@ -836,9 +836,9 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor,
snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.",
(char *)msg_major.value, (char *)msg_minor.value);
if (msg_major.length != 0)
if (msg_major.length != 0U)
(void)gss_release_buffer(&minor_stat, &msg_major);
if (msg_minor.length != 0)
if (msg_minor.length != 0U)
(void)gss_release_buffer(&minor_stat, &msg_minor);
return(buf);
#else

Some files were not shown because too many files have changed in this diff Show More