aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2005-12-29 04:22:58 +0000
committerDoug Barton <dougb@FreeBSD.org>2005-12-29 04:22:58 +0000
commita00aca3467ce973cd6d2414c81fd5e39559374b3 (patch)
tree570b6e4f35462e81147786cc2f272d28fac7f470
parentadaaaab975815edcabdc20da6c7f0ad57ca75402 (diff)
downloadsrc-a00aca3467ce973cd6d2414c81fd5e39559374b3.tar.gz
src-a00aca3467ce973cd6d2414c81fd5e39559374b3.zip
Vendor import of BIND 9.3.2
Notes
Notes: svn path=/vendor/bind9/dist/; revision=153816
-rw-r--r--contrib/bind9/CHANGES257
-rw-r--r--contrib/bind9/FAQ759
-rw-r--r--contrib/bind9/FAQ.xml1007
-rw-r--r--contrib/bind9/README24
-rw-r--r--contrib/bind9/bin/check/named-checkconf.867
-rw-r--r--contrib/bind9/bin/check/named-checkconf.docbook25
-rw-r--r--contrib/bind9/bin/check/named-checkconf.html276
-rw-r--r--contrib/bind9/bin/check/named-checkzone.8113
-rw-r--r--contrib/bind9/bin/check/named-checkzone.docbook28
-rw-r--r--contrib/bind9/bin/check/named-checkzone.html464
-rw-r--r--contrib/bind9/bin/dig/dig.1512
-rw-r--r--contrib/bind9/bin/dig/dig.c40
-rw-r--r--contrib/bind9/bin/dig/dig.docbook60
-rw-r--r--contrib/bind9/bin/dig/dig.html1524
-rw-r--r--contrib/bind9/bin/dig/dighost.c911
-rw-r--r--contrib/bind9/bin/dig/host.1249
-rw-r--r--contrib/bind9/bin/dig/host.c20
-rw-r--r--contrib/bind9/bin/dig/host.docbook26
-rw-r--r--contrib/bind9/bin/dig/host.html533
-rw-r--r--contrib/bind9/bin/dig/include/dig/dig.h54
-rw-r--r--contrib/bind9/bin/dig/nslookup.1179
-rw-r--r--contrib/bind9/bin/dig/nslookup.c17
-rw-r--r--contrib/bind9/bin/dig/nslookup.docbook40
-rw-r--r--contrib/bind9/bin/dig/nslookup.html811
-rw-r--r--contrib/bind9/bin/dnssec/Makefile.in7
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.8240
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.docbook28
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.html666
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.8244
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.c79
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.docbook26
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.html665
-rw-r--r--contrib/bind9/bin/dnssec/dnssectool.c6
-rw-r--r--contrib/bind9/bin/named/aclconf.c23
-rw-r--r--contrib/bind9/bin/named/client.c35
-rw-r--r--contrib/bind9/bin/named/control.c40
-rw-r--r--contrib/bind9/bin/named/include/named/client.h14
-rw-r--r--contrib/bind9/bin/named/include/named/ns_smf_globals.h44
-rw-r--r--contrib/bind9/bin/named/log.c16
-rw-r--r--contrib/bind9/bin/named/lwresd.8174
-rw-r--r--contrib/bind9/bin/named/lwresd.docbook21
-rw-r--r--contrib/bind9/bin/named/lwresd.html594
-rw-r--r--contrib/bind9/bin/named/main.c135
-rw-r--r--contrib/bind9/bin/named/named.8237
-rw-r--r--contrib/bind9/bin/named/named.conf.5493
-rw-r--r--contrib/bind9/bin/named/named.conf.docbook60
-rw-r--r--contrib/bind9/bin/named/named.conf.html2311
-rw-r--r--contrib/bind9/bin/named/named.docbook22
-rw-r--r--contrib/bind9/bin/named/named.html775
-rw-r--r--contrib/bind9/bin/named/query.c108
-rw-r--r--contrib/bind9/bin/named/server.c66
-rw-r--r--contrib/bind9/bin/named/unix/os.c16
-rw-r--r--contrib/bind9/bin/named/update.c8
-rw-r--r--contrib/bind9/bin/named/xfrout.c8
-rw-r--r--contrib/bind9/bin/named/zoneconf.c23
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.8327
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.c6
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.docbook39
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.html1158
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.8241
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.docbook21
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.html661
-rw-r--r--contrib/bind9/bin/rndc/rndc.8146
-rw-r--r--contrib/bind9/bin/rndc/rndc.c7
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.5196
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.docbook23
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.html448
-rw-r--r--contrib/bind9/bin/rndc/rndc.docbook23
-rw-r--r--contrib/bind9/bin/rndc/rndc.html454
-rw-r--r--contrib/bind9/config.threads.in152
-rw-r--r--contrib/bind9/configure.in362
-rw-r--r--contrib/bind9/doc/Makefile.in6
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM-book.xml174
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch01.html1377
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch02.html372
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch03.html1794
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch04.html1846
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch05.html352
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch06.html13727
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch07.html616
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch08.html360
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch09.html1879
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.html1073
-rwxr-xr-xcontrib/bind9/doc/arm/Bv9ARM.pdf8964
-rw-r--r--contrib/bind9/doc/arm/Makefile.in60
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-2929bis-01.txt928
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dhcid-rr-09.txt562
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dns-name-p-s-00.txt1397
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-01.txt616
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-experiments-01.txt784
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-online-signing-00.txt560
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-opt-in-07.txt896
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-trans-02.txt839
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-ecc-key-07.txt928
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-insensitive-06.txt754
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-interop3597-02.txt334
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-mdns-43.txt1740
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-nsec3-02.txt2072
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-06.txt464
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2538bis-04.txt840
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-06.txt580
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-signed-nonexistence-requirements-01.txt755
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-tkey-renewal-mode-05.txt1292
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-trustupdate-threshold-00.txt1501
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-trustupdate-timers-01.txt730
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-tsig-sha-04.txt580
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-wcard-clarify-08.txt956
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-bad-dns-res-04.txt1176
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-dnssec-operational-practices-04.txt1736
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-inaddr-required-07.txt396
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-configuration-06.txt1848
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-issues-11.txt1682
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-key-rollover-requirements-02.txt389
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-respsize-02.txt480
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-serverid-04.txt616
-rw-r--r--contrib/bind9/doc/misc/options1
-rw-r--r--contrib/bind9/doc/rfc/index11
-rw-r--r--contrib/bind9/doc/rfc/rfc3757.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc3901.txt283
-rw-r--r--contrib/bind9/doc/rfc/rfc4025.txt675
-rw-r--r--contrib/bind9/doc/rfc/rfc4033.txt1179
-rw-r--r--contrib/bind9/doc/rfc/rfc4034.txt1627
-rw-r--r--contrib/bind9/doc/rfc/rfc4035.txt2971
-rw-r--r--contrib/bind9/doc/rfc/rfc4074.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc4159.txt171
-rw-r--r--contrib/bind9/lib/bind/Makefile.in13
-rw-r--r--contrib/bind9/lib/bind/api4
-rw-r--r--contrib/bind9/lib/bind/config.h.in4
-rwxr-xr-xcontrib/bind9/lib/bind/configure591
-rw-r--r--contrib/bind9/lib/bind/configure.in223
-rw-r--r--contrib/bind9/lib/bind/dst/dst_api.c12
-rw-r--r--contrib/bind9/lib/bind/dst/hmac_link.c15
-rw-r--r--contrib/bind9/lib/bind/dst/md5.h5
-rw-r--r--contrib/bind9/lib/bind/dst/md5_dgst.c2
-rw-r--r--contrib/bind9/lib/bind/dst/support.c20
-rw-r--r--contrib/bind9/lib/bind/include/isc/eventlib.h4
-rw-r--r--contrib/bind9/lib/bind/include/resolv.h7
-rw-r--r--contrib/bind9/lib/bind/include/resolv_mt.h47
-rw-r--r--contrib/bind9/lib/bind/inet/inet_cidr_ntop.c4
-rw-r--r--contrib/bind9/lib/bind/inet/inet_ntop.c4
-rw-r--r--contrib/bind9/lib/bind/inet/inet_pton.c17
-rw-r--r--contrib/bind9/lib/bind/inet/nsap_addr.c5
-rw-r--r--contrib/bind9/lib/bind/irs/dns_ho.c5
-rw-r--r--contrib/bind9/lib/bind/irs/getaddrinfo.c27
-rw-r--r--contrib/bind9/lib/bind/irs/gethostent_r.c14
-rw-r--r--contrib/bind9/lib/bind/irs/getnetent_r.c8
-rw-r--r--contrib/bind9/lib/bind/irs/getnetgrent_r.c13
-rw-r--r--contrib/bind9/lib/bind/irs/hesiod.c6
-rw-r--r--contrib/bind9/lib/bind/isc/ev_connects.c8
-rw-r--r--contrib/bind9/lib/bind/isc/ev_files.c25
-rw-r--r--contrib/bind9/lib/bind/isc/eventlib.c235
-rw-r--r--contrib/bind9/lib/bind/isc/eventlib_p.h63
-rw-r--r--contrib/bind9/lib/bind/isc/memcluster.c50
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_parse.c10
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_ttl.c5
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_verify.c17
-rw-r--r--contrib/bind9/lib/bind/port_after.h.in13
-rw-r--r--contrib/bind9/lib/bind/port_before.h.in8
-rw-r--r--contrib/bind9/lib/bind/resolv/Makefile.in8
-rw-r--r--contrib/bind9/lib/bind/resolv/mtctxres.c128
-rw-r--r--contrib/bind9/lib/bind/resolv/res_comp.c14
-rw-r--r--contrib/bind9/lib/bind/resolv/res_debug.c16
-rw-r--r--contrib/bind9/lib/bind/resolv/res_findzonecut.c6
-rw-r--r--contrib/bind9/lib/bind/resolv/res_init.c69
-rw-r--r--contrib/bind9/lib/bind/resolv/res_mkupdate.c11
-rw-r--r--contrib/bind9/lib/bind/resolv/res_send.c46
-rw-r--r--contrib/bind9/lib/bind/resolv/res_sendsigned.c12
-rw-r--r--contrib/bind9/lib/bind9/api2
-rw-r--r--contrib/bind9/lib/bind9/check.c10
-rw-r--r--contrib/bind9/lib/bind9/getaddresses.c8
-rw-r--r--contrib/bind9/lib/dns/adb.c12
-rw-r--r--contrib/bind9/lib/dns/api4
-rw-r--r--contrib/bind9/lib/dns/cache.c27
-rw-r--r--contrib/bind9/lib/dns/forward.c13
-rw-r--r--contrib/bind9/lib/dns/gen-unix.h8
-rw-r--r--contrib/bind9/lib/dns/include/dns/forward.h9
-rw-r--r--contrib/bind9/lib/dns/include/dns/masterdump.h6
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataset.h37
-rw-r--r--contrib/bind9/lib/dns/include/dns/validator.h10
-rw-r--r--contrib/bind9/lib/dns/journal.c19
-rw-r--r--contrib/bind9/lib/dns/key.c5
-rw-r--r--contrib/bind9/lib/dns/message.c62
-rw-r--r--contrib/bind9/lib/dns/name.c28
-rw-r--r--contrib/bind9/lib/dns/rbt.c9
-rw-r--r--contrib/bind9/lib/dns/rbtdb.c43
-rw-r--r--contrib/bind9/lib/dns/rdata.c14
-rw-r--r--contrib/bind9/lib/dns/rdata/any_255/tsig_250.c16
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ds_43.c12
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rt_21.c6
-rw-r--r--contrib/bind9/lib/dns/resolver.c224
-rw-r--r--contrib/bind9/lib/dns/tkey.c10
-rw-r--r--contrib/bind9/lib/dns/tsig.c6
-rw-r--r--contrib/bind9/lib/dns/validator.c618
-rw-r--r--contrib/bind9/lib/dns/xfrin.c10
-rw-r--r--contrib/bind9/lib/dns/zone.c245
-rw-r--r--contrib/bind9/lib/isc/api6
-rw-r--r--contrib/bind9/lib/isc/include/isc/Makefile.in8
-rw-r--r--contrib/bind9/lib/isc/include/isc/netaddr.h6
-rw-r--r--contrib/bind9/lib/isc/include/isc/print.h8
-rw-r--r--contrib/bind9/lib/isc/include/isc/quota.h14
-rw-r--r--contrib/bind9/lib/isc/include/isc/sockaddr.h6
-rw-r--r--contrib/bind9/lib/isc/include/isc/timer.h13
-rw-r--r--contrib/bind9/lib/isc/inet_pton.c19
-rw-r--r--contrib/bind9/lib/isc/lfsr.c8
-rw-r--r--contrib/bind9/lib/isc/mem.c31
-rw-r--r--contrib/bind9/lib/isc/nls/msgcat.c5
-rw-r--r--contrib/bind9/lib/isc/pthreads/mutex.c30
-rw-r--r--contrib/bind9/lib/isc/quota.c39
-rw-r--r--contrib/bind9/lib/isc/result.c5
-rw-r--r--contrib/bind9/lib/isc/rwlock.c18
-rw-r--r--contrib/bind9/lib/isc/timer.c6
-rw-r--r--contrib/bind9/lib/isc/unix/entropy.c21
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_ioctl.c16
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_sysctl.c6
-rw-r--r--contrib/bind9/lib/isc/unix/net.c8
-rw-r--r--contrib/bind9/lib/isc/unix/os.c6
-rw-r--r--contrib/bind9/lib/isc/unix/socket.c105
-rw-r--r--contrib/bind9/lib/isc/unix/stdtime.c5
-rw-r--r--contrib/bind9/lib/isccfg/api2
-rw-r--r--contrib/bind9/lib/isccfg/namedconf.c7
-rw-r--r--contrib/bind9/lib/lwres/Makefile.in10
-rw-r--r--contrib/bind9/lib/lwres/api6
-rw-r--r--contrib/bind9/lib/lwres/getaddrinfo.c6
-rw-r--r--contrib/bind9/lib/lwres/getipnode.c7
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/platform.h.in14
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/stdlib.h40
-rw-r--r--contrib/bind9/lib/lwres/lwconfig.c12
-rw-r--r--contrib/bind9/lib/lwres/lwinetntop.c6
-rw-r--r--contrib/bind9/lib/lwres/lwinetpton.c19
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.3176
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.html537
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.3272
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.html832
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.392
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.html388
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.3163
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.docbook25
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.html653
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.3147
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.html580
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.369
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.html381
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3204
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html800
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.3334
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.docbook20
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.html1110
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.3123
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.html688
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.398
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.html410
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.398
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook24
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html455
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.3160
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.html587
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.382
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.html311
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.381
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.html247
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.3205
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.html585
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.3140
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.html482
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.3171
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.docbook23
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.html544
-rw-r--r--contrib/bind9/lib/lwres/print.c26
-rw-r--r--contrib/bind9/lib/lwres/strtoul.c135
-rw-r--r--contrib/bind9/make/rules.in64
-rw-r--r--contrib/bind9/version4
284 files changed, 66160 insertions, 38640 deletions
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES
index 1673ae0c476c..941b946db36a 100644
--- a/contrib/bind9/CHANGES
+++ b/contrib/bind9/CHANGES
@@ -1,4 +1,261 @@
+ --- 9.3.2 released ---
+
+ --- 9.3.2rc1 released ---
+
+1936. [bug] The validator could leak memory. [RT #15544]
+
+1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
+
+ --- 9.3.2b2 released ---
+
+1930. [port] HPUX: ia64 support. [RT #15473]
+
+1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
+
+1926. [bug] The Windows installer did not check for empty
+ passwords. BINDinstall was being installed in
+ the wrong place. [RT #15483]
+
+1925. [port] All outer level AC_TRY_RUNs need cross compiling
+ defaults. [RT #15469]
+
+1924. [port] libbind: hpux ia64 support. [RT #15473]
+
+1923. [bug] ns_client_detach() called too early. [RT #15499]
+
+ --- 9.3.2b1 released ---
+
+1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
+ when generating man pages. [RT #15385]
+
+1915. [bug] dig +ndots was broken. [RT #15215]
+
+1914. [protocol] DS is required to accept mnemonic algorithms
+ (RFC 4034). Still emit numeric algorithms for
+ compatability with RFC 3658. [RT #15354]
+
+1911. [bug] Update windows socket code. [RT #14965]
+
+1910. [bug] dig's +sigchase code overhauled. [RT #14933]
+
+1909. [bug] The DLV code has been re-worked to make no longer
+ query order sensitive. [RT #14933]
+
+1905. [bug] Strings returned from cfg_obj_asstring() should be
+ treated as read-only. [RT #15256]
+
+1901. [cleanup] Don't add DNSKEY records to the additional section.
+
+1900. [bug] ixfr-from-differences failed to ensure that the
+ serial number increased. [RT #15036]
+
+1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
+ ISC_NETADDR_FORMATSIZE to allow for scope details.
+
+1894. [bug] Recursive clients soft quota support wasn't working
+ as expected. [RT #15103]
+
+1893. [bug] A escaped character is, potentially, converted to
+ the output character set too early. [RT #14666]
+
+1892. [port] Use uintptr_t if available. [RT #14606]
+
+1889. [port] sunos: non blocking i/o support. [RT #14951]
+
+1887. [bug] The cache could delete expired records too fast for
+ clients with a virtual time in the past. [RT #14991]
+
+1886. [bug] fctx_create() could return success even though it
+ failed. [RT #14993]
+
+1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
+
+1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
+ levels. [RT #14962]
+
+1881. [func] Add a system test for named-checkconf. [RT #14931]
+
+1877. [bug] Fix unreasonably low quantum on call to
+ dns_rbt_destroy2(). Remove unnecessay unhash_node()
+ call. [RT #14919]
+
+1875. [bug] process_dhtkey() was using the wrong memory context
+ to free some memory. [RT #14890]
+
+1874. [port] sunos: portability fixes. [RT #14814]
+
+1873. [port] win32: isc__errno2result() now reports its caller.
+ [RT #13753]
+
+1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
+
+1867. [bug] It was possible to trigger a INSIST in
+ dlv_validatezonekey(). [RT #14846]
+
+1866. [bug] resolv.conf parse errors were being ignored by
+ dig/host/nslookup. [RT #14841]
+
+1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
+ bad addresses. [RT #14841]
+
+1864. [bug] Don't try the alternative transfer source if you
+ got a answer / transfer with the main source
+ address. [RT #14802]
+
+1863. [bug] rrset-order "fixed" error messages not complete.
+
+1861. [bug] dig could trigger a INSIST on certain malformed
+ responses. [RT #14801]
+
+1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
+ incorrectly set. [RT #14775]
+
+1858. [bug] The flush-zones-on-shutdown option wasn't being
+ parsed. [RT #14686]
+
+1857. [bug] named could trigger a INSIST() if reconfigured /
+ reloaded too fast. [RT #14673]
+
+1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
+ [RT #11398]
+
+1855. [bug] ixfr-from-differences was failing to detect changes
+ of ttl due to dns_diff_subtract() was ignoring the ttl
+ of records. [RT #14616]
+
+1854. [bug] lwres also needs to know the print format for
+ (long long). [RT #13754]
+
+1853. [bug] Rework how DLV interacts with proveunsecure().
+ [RT #13605]
+
+1852. [cleanup] Remove last vestiges of dnssec-signkey and
+ dnssec-makekeyset (removed from Makefile years ago).
+
+1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
+
+1849. [doc] All forms of the man pages (docbook, man, html) should
+ have consistant copyright dates.
+
+1848. [bug] Improve SMF integration. [RT #13238]
+
+1847. [bug] isc_ondestroy_init() is called too late in
+ dns_rbtdb_create()/dns_rbtdb64_create().
+ [RT #13661]
+
+1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
+ <bortzmeyer@nic.fr>.
+
+1845. [bug] Improve error reporting to distingish between
+ accept()/fcntl() and socket()/fcntl() errors.
+ [RT #13745]
+
+1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
+ for each 16 bit piece of the IPv6 address. The text
+ representation of a IPv6 address has been tighted
+ to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
+ [RT #5662]
+
+1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
+ when CFLAGS contains "-I /usr/local/include"
+ resulting in old header files being used.
+
+1842. [port] cmsg_len() could produce incorrect results on
+ some platform. [RT #13744]
+
+1841. [bug] "dig +nssearch" now makes a recursive query to
+ find the list of nameservers to query. [RT #13694]
+
+1839. [bug] <isc/hash.h> was not being installed.
+
+1838. [cleanup] Don't allow Linux capabilities to be inherited.
+ [RT #13707]
+
+1837. [bug] Compile time option ISC_FACILITY was not effective
+ for 'named -u <user>'. [RT #13714]
+
+1836. [cleanup] Silence compiler warnings in hash_test.c.
+
+1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
+
+1834. [bug] Bad memset in rdata_test.c. [RT #13658]
+
+1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
+
+1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
+ [RT #13620]
+
+1831. [doc] Update named-checkzone documentation. [RT#13604]
+
+1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
+
+1829. [bug] win32: "pid-file none;" broken. [RT #13563]
+
+1828. [bug] isc_rwlock_init() failed to properly cleanup if it
+ encountered a error. [RT #13549]
+
+1827. [bug] host: update usage message for '-a'. [RT #37116]
+
+1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
+ of memory error. [RT #13537]
+
+1825. [bug] Missing UNLOCK() on out of memory error from in
+ rbtdb.c:subtractrdataset(). [RT #13519]
+
+1824. [bug] Memory leak on dns_zone_setdbtype() failure.
+ [RT #13510]
+
+1823. [bug] Wrong macro used to check for point to point interface.
+ [RT#13418]
+
+1822. [bug] check-names test for RT was reversed. [RT #13382]
+
+1821. [doc] acls definitions are no longer required to be
+ in named.conf prior to reference. They can be
+ defined after being referenced.
+
+1820. [bug] Gracefully handle acl loops. [RT #13659]
+
+1819. [bug] The validator needed to check both the algorithm and
+ digest types of the DS to determine if it could be
+ used to introduce a secure zone. [RT #13593]
+
+1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
+ [RT #13597]
+
+1815. [bug] nsupdate triggered a REQUIRE if the server was set
+ without also setting the zone and it encountered
+ a CNAME and was using TSIG. [RT #13086]
+
+1810. [bug] configure, lib/bind/configure make different default
+ decisions about whether to do a threaded build.
+ [RT #13212]
+
+1809. [bug] "make distclean" failed for libbind if the platform
+ is not supported.
+
+1807. [bug] When forwarding (forward only) set the active domain
+ from the forward zone name. [RT #13526]
+
+1804. [bug] Ensure that if we are queried for glue that it fits
+ in the additional section or TC is set to tell the
+ client to retry using TCP. [RT #10114]
+
+1803. [bug] dnssec-signzone sometimes failed to remove old
+ RRSIGs. [RT #13483]
+
+1802. [bug] Handle connection resets better. [RT #11280]
+
+1799. [bug] 'rndc flushname' failed to flush negative cache
+ entries. [RT #13438]
+
+1795. [bug] "rndc dumpdb" was not fully documented. Minor
+ formating issues with "rndc dumpdb -all". [RT #13396]
+
+1791. [bug] 'host -t a' still printed out AAAA and MX records.
+ [RT #13230]
+
--- 9.3.1 released ---
1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
diff --git a/contrib/bind9/FAQ b/contrib/bind9/FAQ
index f6ed41e422c5..9b806cbde533 100644
--- a/contrib/bind9/FAQ
+++ b/contrib/bind9/FAQ
@@ -1,470 +1,525 @@
-
-
-
Frequently Asked Questions about BIND 9
+-------------------------------------------------------------------------------
Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
A: Linux threads do not fully implement the Posix threads (pthreads) standard.
-In particular, setuid() operates only on the current thread, not the full
-process. Because of this limitation, BIND 9 cannot use setuid() on Linux as it
-can on all other supported platforms. setuid() cannot be called before
-creating threads, since the server does not start listening on reserved ports
-until after threads have started.
+ In particular, setuid() operates only on the current thread, not the full
+ process. Because of this limitation, BIND 9 cannot use setuid() on Linux as
+ it can on all other supported platforms. setuid() cannot be called before
+ creating threads, since the server does not start listening on reserved
+ ports until after threads have started.
- In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
-capabilities across a setuid() call is present. This allows BIND 9 to call
-setuid() early, while retaining the ability to bind reserved ports. This is
-a Linux-specific hack.
+ In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
+ capabilities across a setuid() call is present. This allows BIND 9 to call
+ setuid() early, while retaining the ability to bind reserved ports. This is
+ a Linux-specific hack.
- On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
-of a security risk than a root process that has not dropped privileges.
+ On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
+ of a security risk than a root process that has not dropped privileges.
- If Linux threads ever work correctly, this restriction will go away.
+ If Linux threads ever work correctly, this restriction will go away.
- Configuring BIND9 with the --disable-threads option (the default) causes a
-non-threaded version to be built, which will allow -u to be used.
+ Configuring BIND9 with the --disable-threads option (the default) causes a
+ non-threaded version to be built, which will allow -u to be used.
+Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
+ instead"?
-Q: Why does named log the warning message "no TTL specified - using SOA
-MINTTL instead"?
-
-A: Your zone file is illegal according to RFC1035. It must either
-have a line like
+A: Your zone file is illegal according to RFC1035. It must either have a line
+ like:
$TTL 86400
-at the beginning, or the first record in it must have a TTL field,
-like the "84600" in this example:
+ at the beginning, or the first record in it must have a TTL field, like the
+ "84600" in this example:
example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
Q: Why do I see 5 (or more) copies of named on Linux?
-A: Linux threads each show up as a process under ps. The approximate
-number of threads running is n+4, where n is the number of CPUs. Note that
-the amount of memory used is not cumulative; if each process is using 10M of
-memory, only a total of 10M is used.
-
+A: Linux threads each show up as a process under ps. The approximate number of
+ threads running is n+4, where n is the number of CPUs. Note that the amount
+ of memory used is not cumulative; if each process is using 10M of memory,
+ only a total of 10M is used.
-Q: Why does BIND 9 log "permission denied" errors accessing its
-configuration files or zones on my Linux system even though it is running
-as root?
-
-A: On Linux, BIND 9 drops most of its root privileges on startup.
-This including the privilege to open files owned by other users.
-Therefore, if the server is running as root, the configuration files
-and zone files should also be owned by root.
+Q: Why does BIND 9 log "permission denied" errors accessing its configuration
+ files or zones on my Linux system even though it is running as root?
+A: On Linux, BIND 9 drops most of its root privileges on startup. This
+ including the privilege to open files owned by other users. Therefore, if
+ the server is running as root, the configuration files and zone files should
+ also be owned by root.
Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file
-bar: ran out of space"
-
-A: This is often caused by TXT records with missing close quotes. Check that
-all TXT records containing quoted strings have both open and close quotes.
+ bar: ran out of space"?
+A: This is often caused by TXT records with missing close quotes. Check that
+ all TXT records containing quoted strings have both open and close quotes.
Q: How do I produce a usable core file from a multithreaded named on Linux?
-A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps
-are usable (that is, the correct thread is dumped). Otherwise, if using
-a 2.2 kernel, apply the kernel patch found in contrib/linux/coredump-patch
-and rebuild the kernel. This patch will cause multithreaded programs to dump
-the correct thread.
-
+A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
+ (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
+ apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
+ kernel. This patch will cause multithreaded programs to dump the correct
+ thread.
Q: How do I restrict people from looking up the server version?
-A: Put a "version" option containing something other than the real
-version in the "options" section of named.conf. Note doing this will
-not prevent attacks and may impede people trying to diagnose problems
-with your server. Also it is possible to "fingerprint" nameservers to
-determine their version.
-
-
-Q: How do I restrict only remote users from looking up the server
-version?
+A: Put a "version" option containing something other than the real version in
+ the "options" section of named.conf. Note doing this will not prevent
+ attacks and may impede people trying to diagnose problems with your server.
+ Also it is possible to "fingerprint" nameservers to determine their version.
-A: The following view statement will intercept lookups as the internal
-view that holds the version information will be matched last. The
-caveats of the previous answer still apply, of course.
+Q: How do I restrict only remote users from looking up the server version?
- view "chaos" chaos {
- match-clients { <those to be refused>; };
- allow-query { none; };
- zone "." {
- type hint;
- file "/dev/null"; // or any empty file
- };
- };
+A: The following view statement will intercept lookups as the internal view
+ that holds the version information will be matched last. The caveats of the
+ previous answer still apply, of course.
+ view "chaos" chaos {
+ match-clients { <those to be refused>; };
+ allow-query { none; };
+ zone "." {
+ type hint;
+ file "/dev/null"; // or any empty file
+ };
+ };
Q: What do "no source of entropy found" or "could not open entropy source foo"
-mean?
+ mean?
A: The server requires a source of entropy to perform certain operations,
-mostly DNSSEC related. These messages indicate that you have no source
-of entropy. On systems with /dev/random or an equivalent, it is used by
-default. A source of entropy can also be defined using the random-device
-option in named.conf.
+ mostly DNSSEC related. These messages indicate that you have no source of
+ entropy. On systems with /dev/random or an equivalent, it is used by
+ default. A source of entropy can also be defined using the random-device
+ option in named.conf.
+Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
-Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
+A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
+ under /usr. Check that the correct named is running.
-A: BIND 9 is installed under /usr/local by default. BIND 8 is often
-installed under /usr. Check that the correct named is running.
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers.
+ I'm sure I have the keys set up correctly, but the server is rejecting the
+ TSIG. Why?
+A: This may be a clock skew problem. Check that the the clocks on the client
+ and server are properly synchronised (e.g., using ntp).
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone
-transfers. I'm sure I have the keys set up correctly, but the server
-is rejecting the TSIG. Why?
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
+ found. Why?
-A: This may be a clock skew problem. Check that the the clocks on
-the client and server are properly synchronized (e.g., using ntp).
+A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
+ doesn't work. If you are using one of these, use normal make or gmake
+ instead.
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging
+ error messages like "notify to 10.0.0.1#53 failed: unexpected end of input".
+ What's wrong?
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not
-being found. Why?
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in
+ BIND 8.2.4. It can be safely ignored - the notify has been acted on by the
+ slave despite the error message.
-A: Using a parallel or distributed "make" to build BIND 9 is not
-supported, and doesn't work. If you are using one of these, use
-normal make or gmake instead.
+Q: I keep getting log messages like the following. Why?
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
+ failed: 'RRset exists (value dependent)' prerequisite not satisfied
+ (NXRRSET)
-Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is
-logging error messages like "notify to 10.0.0.1#53 failed: unexpected
-end of input". What's wrong?
+A: DNS updates allow the update request to test to see if certain conditions
+ are met prior to proceeding with the update. The message above is saying
+ that conditions were not met and the update is not proceeding. See doc/rfc/
+ rfc2136.txt for more details on prerequisites.
-A: This error message is caused by a known bug in BIND 8.2.3 and is fixed
-in BIND 8.2.4. It can be safely ignored - the notify has been acted on by
-the slave despite the error message.
+Q: I keep getting log messages like the following. Why?
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
-Q: I keep getting log messages like the following. Why?
+A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
+ protocol. Windows 2000 machines have a habit of sending dynamic update
+ requests to DNS servers without being specifically configured to do so. If
+ the update requests are coming from a Windows 2000 machine, see http://
+ support.microsoft.com/support/kb/articles/q246/8/04.asp for information
+ about how to turn them off.
- Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
- update failed: 'RRset exists (value dependent)' prerequisite not
- satisfied (NXRRSET)
+Q: I see a log message like the following. Why?
-A: DNS updates allow the update request to test to see if certain
-conditions are met prior to proceeding with the update. The message
-above is saying that conditions were not met and the update is not
-proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
+ couldn't open pid file '/var/run/named.pid': Permission denied
+A: You are most likely running named as a non-root user, and that user does not
+ have permission to write in /var/run. The common ways of fixing this are to
+ create a /var/run/named directory owned by the named user and set pid-file
+ to "/var/run/named/named.pid", or set pid-file to "named.pid", which will
+ put the file in the directory specified by the directory option (which, in
+ this case, must be writable by the named user).
+
+Q: When I do a "dig . ns", many of the A records for the root servers are
+ missing. Why?
+
+A: This is normal and harmless. It is a somewhat confusing side effect of the
+ way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to
+ avoid promoting glue into answers.
+
+ When BIND 9 first starts up and primes its cache, it receives the root
+ server addresses as additional data in an authoritative response from a root
+ server, and these records are eligible for inclusion as additional data in
+ responses. Subsequently it receives a subset of the root server addresses as
+ additional data in a non-authoritative (referral) response from a root
+ server. This causes the addresses to now be considered non-authoritative
+ (glue) data, which is not eligible for inclusion in responses.
+
+ The server does have a complete set of root server addresses cached at all
+ times, it just may not include all of them as additional data, depending on
+ whether they were last received as answers or as glue. You can always look
+ up the addresses with explicit queries like "dig a.root-servers.net A".
+
+Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
+
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS
+ messages larger than 16K are not handled properly. This can be worked around
+ by setting the option "transfer-format one-answer;". Also check whether your
+ zone contains domain names with embedded spaces or other special characters,
+ like "John\032Doe\213s\032Computer", since such names have been known to
+ cause Windows 2000 slaves to incorrectly reject the zone.
-Q: I keep getting log messages like the following. Why?
+Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
- Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+A: A zone can be updated either by editing zone files and reloading the server
+ or by dynamic update, but not both. If you have enabled dynamic update for a
+ zone using the "allow-update" option, you are not supposed to edit the zone
+ file by hand, and the server will not attempt to reload it.
+
+Q: I can query the nameserver from the nameserver but not from other machines.
+ Why?
+
+A: This is usually the result of the firewall configuration stopping the
+ queries and / or the replies.
+
+Q: How can I make a server a slave for both an internal and an external view at
+ the same time? When I tried, both views on the slave were transferred from
+ the same view on the master.
+
+A: You will need to give the master and slave multiple IP addresses and use
+ those to make sure you reach the correct view on the other machine.
+
+ Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.1;
+ transfer-source 10.0.1.1;
+ query-source address 10.0.1.1;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.2;
+ transfer-source 10.0.1.2;
+ query-source address 10.0.1.2;
+
+ Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.3;
+ transfer-source 10.0.1.3;
+ query-source address 10.0.1.3;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.4;
+ transfer-source 10.0.1.4;
+ query-source address 10.0.1.4;
+
+ You put the external address on the alias so that all the other dns clients
+ on these boxes see the internal view by default.
+
+A: BIND 9.3 and later: Use TSIG to select the appropriate view.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.2 { keys external; };
+ recursion no;
+ ...
+ };
+
+ Slave 10.0.1.2:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.1 { keys external; };
+ recursion no;
+ ...
+ };
+
+Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
+
+A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
+ certain interrupts as a source of random events. You can make this permanent
+ by setting rand_irqs in /etc/rc.conf.
+
+ /etc/rc.conf
+ rand_irqs="3 14 15"
+
+ See also http://people.freebsd.org/~dougb/randomness.html
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic
-Update protocol. Windows 2000 machines have a habit of sending dynamic
-update requests to DNS servers without being specifically configured to
-do so. If the update requests are coming from a Windows 2000 machine,
-see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
-for information about how to turn them off.
+Q: Why is named listening on UDP port other than 53?
+A: Named uses a system selected port to make queries of other nameservers. This
+ behaviour can be overridden by using query-source to lock down the port and/
+ or address. See also notify-source and transfer-source.
-Q: I see a log message like the following. Why?
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME and
+ other data" when transferring a zone. What does this mean?
- couldn't open pid file '/var/run/named.pid': Permission denied
+A: These indicate a malformed master zone. You can identify the exact records
+ involved by transferring the zone using dig then running named-checkzone on
+ it.
-A: You are most likely running named as a non-root user, and that user
-does not have permission to write in /var/run. The common ways of
-fixing this are to create a /var/run/named directory owned by the named
-user and set pid-file to "/var/run/named/named.pid", or set
-pid-file to "named.pid", which will put the file in the directory
-specified by the directory option (which, in this case, must be writable
-by the named user).
+ dig axfr example.com @master-server > tmp
+ named-checkzone example.com tmp
+ A CNAME record cannot exist with the same name as another record except for
+ the DNSSEC records which prove its existance (NSEC).
-Q: When I do a "dig . ns", many of the A records for the root
-servers are missing. Why?
+ RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
+ should be present; this ensures that the data for a canonical name and its
+ aliases cannot be different. This rule also insures that a cached CNAME can
+ be used without checking with an authoritative server for other RR types."
-A: This is normal and harmless. It is a somewhat confusing side effect
-of the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
-makes to avoid promoting glue into answers.
+Q: I get error messages like "named.conf:99: unexpected end of input" where 99
+ is the last line of named.conf.
-When BIND 9 first starts up and primes its cache, it receives the root
-server addresses as additional data in an authoritative response from
-a root server, and these records are eligible for inclusion as
-additional data in responses. Subsequently it receives a subset of
-the root server addresses as additional data in a non-authoritative
-(referral) response from a root server. This causes the addresses to
-now be considered non-authoritative (glue) data, which is not eligible
-for inclusion in responses.
+A: Some text editors (notepad and wordpad) fail to put a line title indication
+ (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding"
+ a blank line to the end of the file. Named expects to see EOF immediately
+ after EOL and treats text files where this is not met as truncated.
-The server does have a complete set of root server addresses cached
-at all times, it just may not include all of them as additional data,
-depending on whether they were last received as answers or as glue.
-You can always look up the addresses with explicit queries like
-"dig a.root-servers.net A".
+Q: I get warning messages like "zone example.com/IN: refresh: failure trying
+ master 1.2.3.4#53: timed out".
+A: Check that you can make UDP queries from the slave to the master
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave
-fail. Why?
+ dig +norec example.com soa @1.2.3.4
-A: This may be caused by a bug in the Windows 2000 DNS server where
-DNS messages larger than 16K are not handled properly. This can be
-worked around by setting the option "transfer-format one-answer;".
-Also check whether your zone contains domain names with embedded
-spaces or other special characters, like "John\032Doe\213s\032Computer",
-since such names have been known to cause Windows 2000 slaves to
-incorrectly reject the zone.
+ You could be generating queries faster than the slave can cope with. Lower
+ the serial query rate.
+ serial-query-rate 5; // default 20
-Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+Q: How do I share a dynamic zone between multiple views?
-A: A zone can be updated either by editing zone files and reloading
-the server or by dynamic update, but not both. If you have enabled
-dynamic update for a zone using the "allow-update" option, you are not
-supposed to edit the zone file by hand, and the server will not
-attempt to reload it.
-
-
-Q: I can query the nameserver from the nameserver but not from other
-machines. Why?
-
-A: This is usually the result of the firewall configuration stopping
-the queries and / or the replies.
-
-
-Q: How can I make a server a slave for both an internal and
-an external view at the same time? When I tried, both views
-on the slave were transferred from the same view on the master.
-
-A: You will need to give the master and slave multiple IP addresses and
-use those to make sure you reach the correct view on the other machine.
-
- e.g.
- Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.1;
- transfer-source 10.0.1.1;
- query-source address 10.0.1.1;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.2;
- transfer-source 10.0.1.2;
- query-source address 10.0.1.2;
-
- Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.3;
- transfer-source 10.0.1.3;
- query-source address 10.0.1.3;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.4;
- transfer-source 10.0.1.4;
- query-source address 10.0.1.4;
-
- You put the external address on the alias so that all the other
- dns clients on these boxes see the internal view by default.
-
-A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
-
- Master 10.0.1.1:
- key "external" {
- algorithm hmac-md5;
- secret "xxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- ...
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.0.2 { keys external; };
- recursion no;
- ...
- };
-
- Slave 10.0.1.2:
- key "external" {
- algorithm hmac-md5;
- secret "xxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.0.1 { keys external; };
- recursion no;
- ...
- };
-
-
-Q: I have Freebsd 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel
-to use certain interrupts as a source of random events. You can make this
-permanent by setting rand_irqs in /etc/rc.conf.
-
-e.g.
- /etc/rc.conf
- rand_irqs="3 14 15"
-
-See also http://people.freebsd.org/~dougb/randomness.html
+A: You choose one view to be master and the second a slave and transfer the
+ zone between views.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+
+ key "mykey" {
+ algorithm hmac-md5;
+ secret "yyyyyyyy";
+ };
+
+ view "internal" {
+ match-clients { !external; 10.0.1/24; };
+ server 10.0.1.1 {
+ /* Deliver notify messages to external view. */
+ keys { external; };
+ };
+ zone "example.com" {
+ type master;
+ file "internal/example.db";
+ allow-update { key mykey; };
+ notify-also { 10.0.1.1; };
+ };
+ };
+
+ view "external" {
+ match-clients { external; any; };
+ zone "example.com" {
+ type slave;
+ file "external/example.db";
+ masters { 10.0.1.1; };
+ transfer-source { 10.0.1.1; };
+ // allow-update-forwarding { any; };
+ // allow-notify { ... };
+ };
+ };
+Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
+ file primaries/wireless.ietf56.ietf.org: no owner".
-Q: Why is named listening on UDP port other than 53?
+A: This error is produced when a line in the master file contains leading white
+ space (tab/space) but the is no current record owner name to inherit the
+ name from. Usually this is the result of putting white space before a
+ comment. Forgeting the "@" for the SOA record or indenting the master file.
-A: Named uses a system selected port to make queries of other nameservers.
-This behaviour can be overridden by using query-source to lock down the
-port and/or address. See also notify-source and transfer-source.
+Q: Why are my logs in GMT (UTC).
+A: You are running chrooted (-t) and have not supplied local timzone
+ information in the chroot area.
-Q: I get error messages like "multiple RRs of singleton type" and
-"CNAME and other data" when transferring a zone. What does this mean?
+ FreeBSD: /etc/localtime
+ Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
+ OSF: /etc/zoneinfo/localtime
-A: These indicate a malformed master zone. You can identify the
-exact records involved by transferring the zone using dig then
-running named-checkzone on it.
+ See also tzset(3) and zic(8).
- e.g.
- dig axfr example.com @master-server > tmp
- named-checkzone example.com tmp
+Q: I get the error message "named: capset failed: Operation not permitted" when
+ starting named.
+A: The capability module, part of "Linux Security Modules/LSM", has not been
+ loaded into the kernel. See insmod(8).
-Q: I get error messages like "named.conf:99: unexpected end of input" where
-99 is the last line of named.conf.
+Q: I get "rndc: connect failed: connection refused" when I try to run rndc.
-A: Some text editors (notepad and wordpad) fail to put a line termination
-indication (e.g. CR/LF) on the last line of a text file. This can be fixed
-by "adding" a blank line to the end of the file. Named expects to see EOF
-immediately after EOL and treats text files where this is not met as truncated.
+A: This is usually a configuration error.
+ First ensure that named is running and no errors are being reported at
+ startup (/var/log/messages or equivalent). Running "named -g <usual
+ arguments>" from a title can help at this point.
-Q: I get warning messages like "zone example.com/IN: refresh: failure trying master
-1.2.3.4#53: timed out".
+ Secondly ensure that named is configured to use rndc either by "rndc-confgen
+ -a", rndc-confgen or manually. The Administrators Reference manual has
+ details on how to do this.
-A: Check that you can make UDP queries from the slave to the master
+ Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
+ rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
+ the default server listed in /etc/rndc.conf matches the addresses used in
+ named.conf. "localhost" has two address (127.0.0.1 and ::1).
- dig +norec example.com soa @1.2.3.4
+ If you use "rndc-confgen -a" and named is running with -t or -u ensure that
+ /etc/rndc.conf has the correct ownership and that a copy is in the chroot
+ area. You can do this by re-running "rndc-confgen -a" with appropriate -t
+ and -u arguments.
-A: You could be generating queries faster than the slave can cope with. Lower
-the serial query rate.
+Q: I don't get RRSIG's returned when I use "dig +dnssec".
- serial-query-rate 5; // default 20
+A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
-Q: How do I share a dynamic zone between multiple views?
+Q: I get "Error 1067" when starting named under Windows.
-A: You choose one view to be master and the second a slave and transfer
-the zone between views.
-
- Master 10.0.1.1:
- key "external" {
- algorithm hmac-md5;
- secret "xxxxxxxx";
- };
-
- key "mykey" {
- algorithm hmac-md5;
- secret "yyyyyyyy";
- };
-
- view "internal" {
- match-clients { !external; 10.0.1/24; };
- server 10.0.1.1 {
- /* Deliver notify messages to external view. */
- keys { external; };
- };
- zone "example.com" {
- type master;
- file "internal/example.db";
- allow-update { key mykey; };
- notify-also { 10.0.1.1; };
- };
- };
-
- view "external" {
- match-clients { external; any; };
- zone "example.com" {
- type slave;
- file "external/example.db";
- masters { 10.0.1.1; };
- transfer-source { 10.0.1.1; };
- // allow-update-forwarding { any; };
- // allow-notify { ... };
- };
- };
+A: This is the service manager saying that named exited. You need to examine
+ the Application log in the EventViewer to find out why.
-Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
-file primaries/wireless.ietf56.ietf.org: no owner".
+ Common causes are that you failed to create "named.conf" (usually "C:\
+ windows\dns\etc\named.conf") or failed to specify the directory in
+ named.conf.
-A: This error is produced when a line in the master file contains leading
-white space (tab/space) but the is no current record owner name to inherit
-the name from. Usually this is the result of putting white space before
-a comment. Forgeting the "@" for the SOA record or indenting the master
-file.
+ options {
+ Directory "C:\windows\dns\etc";
+ };
+Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
+ receiving responses: permission denied" error messages.
-Q: Why are my logs in GMT (UTC).
+A: These indicate a filesystem permission error preventing named creating /
+ renaming the temporary file. These will usually also have other associated
+ error messages like
-A: You are running chrooted (-t) and have not supplied local timzone
-information in the chroot area.
+ "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
- FreeBSD: /etc/localtime
- Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
- OSF: /etc/zoneinfo/localtime
+ Named needs write permission on the directory containing the file. Named
+ writes the new cache file to a temporary file then renames it to the name
+ specified in named.conf to ensure that the contents are always complete.
+ This is to prevent named loading a partial zone in the event of power
+ failure or similar interrupting the write of the master file.
- See also tzset(3) and zic(8).
+ Note file names are relative to the directory specified in options and any
+ chroot directory ([<chroot dir>/][<options dir>]).
+ If named is invoked as "named -t /chroot/DNS" with the following named.conf
+ then "/chroot/DNS/var/named/sl" needs to be writable by the user named is
+ running as.
-Q: I get the error message "named: capset failed: Operation not permitted"
-when starting named.
+ options {
+ directory "/var/named";
+ };
-A: The capset module has not been loaded into the kernel. See insmod(8).
+ zone "example.net" {
+ type slave;
+ file "sl/example.net";
+ masters { 192.168.4.12; };
+ };
+Q: How do I intergrate BIND 9 and Solaris SMF
-Q: I get "rndc: connect failed: connection refused" when I try to run
- rndc.
+A: Sun has a blog entry describing how to do this.
-A: This is usually a configuration error.
+ http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
- First ensure that named is running and no errors are being
- reported at startup (/var/log/messages or equivalent). Running
- "named -g <usual arguements>" from a terminal can help at this
- point.
+Q: Can a NS record refer to a CNAME.
- Secondly ensure that named is configured to use rndc either by
- "rndc-confgen -a", rndc-confgen or manually. The Administators
- Reference manual has details on how to do this.
+A: No. The rules for glue (copies of the *address* records in the parent zones)
+ and additional section processing do not allow it to work.
- Old versions of rndc-confgen used localhost rather than 127.0.0.1
- in /etc/rndc.conf for the default server. Update /etc/rndc.conf
- if necessary so that the default server listed in /etc/rndc.conf
- matches the addresses used in named.conf. "localhost" has two
- address (127.0.0.1 and ::1).
+ You would have to add both the CNAME and address records (A/AAAA) as glue to
+ the parent zone and have CNAMEs be followed when doing additional section
+ processing to make it work. No namesever implementation supports either of
+ these requirements.
- If you use "rndc-confgen -a" and named is running with -t or -u
- ensure that /etc/rndc.conf has the correct ownership and that
- a copy is in the chroot area. You can do this by re-running
- "rndc-confgen -a" with appropriate -t and -u arguements.
+Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
+A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
+ using then you have failed to follow RFC 1918 usage rules and are leaking
+ queries to the Internet. You should establish your own zones for these
+ addresses to prevent you quering the Internet's name servers for these
+ addresses. Please see http://as112.net/ for details of the problems you are
+ causing and the counter measures that have had to be deployed.
-Q: I don't get RRSIG's returned when I use "dig +dnssec".
+ If you are not using these private addresses then a client has queried for
+ them. You can just ignore the messages, get the offending client to stop
+ sending you these messages as they are most probably leaking them or setup
+ your own zones empty zones to serve answers to these queries.
-A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
+ zone "10.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
+ zone "16.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
-Q: I get "Error 1067" when starting named under Windows.
+ ...
+
+ zone "31.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
-A: This is the service manager saying that named exited. You need to
- examine the Application log in the EventViewer to find out why.
+ zone "168.192.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
- Common causes are that you failed to create "named.conf" (usually
- "C:\windows\dns\etc\named.conf") or failed to specify the directory
- in named.conf.
+ empty:
+ @ 10800 IN SOA <name-of-server>. <contact-email>. (
+ 1 3600 1200 604800 10800 )
+ @ 10800 IN NS <name-of-server>.
- options {
- Directory "C:\windows\dns\etc";
- };
+ Note
+ Future versions of named are likely to do this automatically.
diff --git a/contrib/bind9/FAQ.xml b/contrib/bind9/FAQ.xml
new file mode 100644
index 000000000000..963cd0a8c40d
--- /dev/null
+++ b/contrib/bind9/FAQ.xml
@@ -0,0 +1,1007 @@
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
+<!--
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: FAQ.xml,v 1.4.6.3 2005/11/02 22:53:51 marka Exp $ -->
+
+<article class="faq">
+ <title>Frequently Asked Questions about BIND 9</title>
+ <qandaset defaultlabel='qanda'>
+ <qandaentry>
+ <question>
+ <para>
+ Why doesn't -u work on Linux 2.2.x when I build with
+ --enable-threads?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Linux threads do not fully implement the Posix threads
+ (pthreads) standard. In particular, setuid() operates only
+ on the current thread, not the full process. Because of
+ this limitation, BIND 9 cannot use setuid() on Linux as it
+ can on all other supported platforms. setuid() cannot be
+ called before creating threads, since the server does not
+ start listening on reserved ports until after threads have
+ started.
+ </para>
+ <para>
+ In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability
+ to preserve capabilities across a setuid() call is present.
+ This allows BIND 9 to call setuid() early, while retaining
+ the ability to bind reserved ports. This is a Linux-specific
+ hack.
+ </para>
+ <para>
+ On a 2.2 kernel, BIND 9 does drop many root privileges, so
+ it should be less of a security risk than a root process
+ that has not dropped privileges.
+ </para>
+ <para>
+ If Linux threads ever work correctly, this restriction will
+ go away.
+ </para>
+ <para>
+ Configuring BIND9 with the --disable-threads option (the
+ default) causes a non-threaded version to be built, which
+ will allow -u to be used.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why does named log the warning message <quote>no TTL specified -
+ using SOA MINTTL instead</quote>?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Your zone file is illegal according to RFC1035. It must either
+ have a line like:
+ </para>
+ <informalexample>
+ <programlisting>
+$TTL 86400</programlisting>
+ </informalexample>
+ <para>
+ at the beginning, or the first record in it must have a TTL field,
+ like the "84600" in this example:
+ </para>
+ <informalexample>
+ <programlisting>
+example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why do I see 5 (or more) copies of named on Linux?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Linux threads each show up as a process under ps. The
+ approximate number of threads running is n+4, where n is
+ the number of CPUs. Note that the amount of memory used
+ is not cumulative; if each process is using 10M of memory,
+ only a total of 10M is used.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why does BIND 9 log <quote>permission denied</quote> errors accessing
+ its configuration files or zones on my Linux system even
+ though it is running as root?
+ </para>
+ </question>
+ <answer>
+ <para>
+ On Linux, BIND 9 drops most of its root privileges on
+ startup. This including the privilege to open files owned
+ by other users. Therefore, if the server is running as
+ root, the configuration files and zone files should also
+ be owned by root.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why do I get errors like <quote>dns_zone_load: zone foo/IN: loading
+ master file bar: ran out of space</quote>?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is often caused by TXT records with missing close
+ quotes. Check that all TXT records containing quoted strings
+ have both open and close quotes.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I produce a usable core file from a multithreaded
+ named on Linux?
+ </para>
+ </question>
+ <answer>
+ <para>
+ If the Linux kernel is 2.4.7 or newer, multithreaded core
+ dumps are usable (that is, the correct thread is dumped).
+ Otherwise, if using a 2.2 kernel, apply the kernel patch
+ found in contrib/linux/coredump-patch and rebuild the kernel.
+ This patch will cause multithreaded programs to dump the
+ correct thread.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I restrict people from looking up the server version?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Put a "version" option containing something other than the
+ real version in the "options" section of named.conf. Note
+ doing this will not prevent attacks and may impede people
+ trying to diagnose problems with your server. Also it is
+ possible to "fingerprint" nameservers to determine their
+ version.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I restrict only remote users from looking up the
+ server version?
+ </para>
+ </question>
+ <answer>
+ <para>
+ The following view statement will intercept lookups as the
+ internal view that holds the version information will be
+ matched last. The caveats of the previous answer still
+ apply, of course.
+ </para>
+ <informalexample>
+ <programlisting>
+view "chaos" chaos {
+ match-clients { &lt;those to be refused&gt;; };
+ allow-query { none; };
+ zone "." {
+ type hint;
+ file "/dev/null"; // or any empty file
+ };
+};</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ What do <quote>no source of entropy found</quote> or <quote>could not
+ open entropy source foo</quote> mean?
+ </para>
+ </question>
+ <answer>
+ <para>
+ The server requires a source of entropy to perform certain
+ operations, mostly DNSSEC related. These messages indicate
+ that you have no source of entropy. On systems with
+ /dev/random or an equivalent, it is used by default. A
+ source of entropy can also be defined using the random-device
+ option in named.conf.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I installed BIND 9 and restarted named, but it's still BIND 8. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ BIND 9 is installed under /usr/local by default. BIND 8
+ is often installed under /usr. Check that the correct named
+ is running.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I'm trying to use TSIG to authenticate dynamic updates or
+ zone transfers. I'm sure I have the keys set up correctly,
+ but the server is rejecting the TSIG. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This may be a clock skew problem. Check that the the clocks
+ on the client and server are properly synchronised (e.g.,
+ using ntp).
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I'm trying to compile BIND 9, and "make" is failing due to
+ files not being found. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Using a parallel or distributed "make" to build BIND 9 is
+ not supported, and doesn't work. If you are using one of
+ these, use normal make or gmake instead.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I have a BIND 9 master and a BIND 8.2.3 slave, and the
+ master is logging error messages like <quote>notify to 10.0.0.1#53
+ failed: unexpected end of input</quote>. What's wrong?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This error message is caused by a known bug in BIND 8.2.3
+ and is fixed in BIND 8.2.4. It can be safely ignored - the
+ notify has been acted on by the slave despite the error
+ message.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I keep getting log messages like the following. Why?
+ </para>
+ <para>
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone
+ 'example.com/IN': update failed: 'RRset exists (value
+ dependent)' prerequisite not satisfied (NXRRSET)
+ </para>
+ </question>
+ <answer>
+ <para>
+ DNS updates allow the update request to test to see if
+ certain conditions are met prior to proceeding with the
+ update. The message above is saying that conditions were
+ not met and the update is not proceeding. See doc/rfc/rfc2136.txt
+ for more details on prerequisites.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I keep getting log messages like the following. Why?
+ </para>
+ <para>
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+ </para>
+ </question>
+ <answer>
+ <para>
+ Someone is trying to update your DNS data using the RFC2136
+ Dynamic Update protocol. Windows 2000 machines have a habit
+ of sending dynamic update requests to DNS servers without
+ being specifically configured to do so. If the update
+ requests are coming from a Windows 2000 machine, see
+ <ulink
+ url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
+ http://support.microsoft.com/support/kb/articles/q246/8/04.asp
+ </ulink>
+ for information about how to turn them off.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I see a log message like the following. Why?
+ </para>
+ <para>
+ couldn't open pid file '/var/run/named.pid': Permission denied
+ </para>
+ </question>
+ <answer>
+ <para>
+ You are most likely running named as a non-root user, and
+ that user does not have permission to write in /var/run.
+ The common ways of fixing this are to create a /var/run/named
+ directory owned by the named user and set pid-file to
+ "/var/run/named/named.pid", or set pid-file to "named.pid",
+ which will put the file in the directory specified by the
+ directory option (which, in this case, must be writable by
+ the named user).
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ When I do a "dig . ns", many of the A records for the root
+ servers are missing. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is normal and harmless. It is a somewhat confusing
+ side effect of the way BIND 9 does RFC2181 trust ranking
+ and of the efforts BIND 9 makes to avoid promoting glue
+ into answers.
+ </para>
+ <para>
+ When BIND 9 first starts up and primes its cache, it receives
+ the root server addresses as additional data in an authoritative
+ response from a root server, and these records are eligible
+ for inclusion as additional data in responses. Subsequently
+ it receives a subset of the root server addresses as
+ additional data in a non-authoritative (referral) response
+ from a root server. This causes the addresses to now be
+ considered non-authoritative (glue) data, which is not
+ eligible for inclusion in responses.
+ </para>
+ <para>
+ The server does have a complete set of root server addresses
+ cached at all times, it just may not include all of them
+ as additional data, depending on whether they were last
+ received as answers or as glue. You can always look up the
+ addresses with explicit queries like "dig a.root-servers.net A".
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Zone transfers from my BIND 9 master to my Windows 2000
+ slave fail. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This may be caused by a bug in the Windows 2000 DNS server
+ where DNS messages larger than 16K are not handled properly.
+ This can be worked around by setting the option "transfer-format
+ one-answer;". Also check whether your zone contains domain
+ names with embedded spaces or other special characters,
+ like "John\032Doe\213s\032Computer", since such names have
+ been known to cause Windows 2000 slaves to incorrectly
+ reject the zone.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+ </para>
+ </question>
+ <answer>
+ <para>
+ A zone can be updated either by editing zone files and
+ reloading the server or by dynamic update, but not both.
+ If you have enabled dynamic update for a zone using the
+ "allow-update" option, you are not supposed to edit the
+ zone file by hand, and the server will not attempt to reload
+ it.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I can query the nameserver from the nameserver but not from other
+ machines. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is usually the result of the firewall configuration stopping
+ the queries and / or the replies.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How can I make a server a slave for both an internal and
+ an external view at the same time? When I tried, both views
+ on the slave were transferred from the same view on the master.
+ </para>
+ </question>
+ <answer>
+ <para>
+ You will need to give the master and slave multiple IP
+ addresses and use those to make sure you reach the correct
+ view on the other machine.
+ </para>
+ <informalexample>
+ <programlisting>
+Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.1;
+ transfer-source 10.0.1.1;
+ query-source address 10.0.1.1;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.2;
+ transfer-source 10.0.1.2;
+ query-source address 10.0.1.2;
+
+Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.3;
+ transfer-source 10.0.1.3;
+ query-source address 10.0.1.3;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.4;
+ transfer-source 10.0.1.4;
+ query-source address 10.0.1.4;</programlisting>
+ </informalexample>
+ <para>
+ You put the external address on the alias so that all the other
+ dns clients on these boxes see the internal view by default.
+ </para>
+ </answer>
+ <answer>
+ <para>
+ BIND 9.3 and later: Use TSIG to select the appropriate view.
+ </para>
+ <informalexample>
+ <programlisting>
+Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.2 { keys external; };
+ recursion no;
+ ...
+ };
+
+Slave 10.0.1.2:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.1 { keys external; };
+ recursion no;
+ ...
+ };</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
+ </para>
+ </question>
+ <answer>
+ <para>
+ /dev/random is not configured. Use rndcontrol(8) to tell
+ the kernel to use certain interrupts as a source of random
+ events. You can make this permanent by setting rand_irqs
+ in /etc/rc.conf.
+ </para>
+ <informalexample>
+ <programlisting>
+/etc/rc.conf
+rand_irqs="3 14 15"</programlisting>
+ </informalexample>
+ <para>
+ See also
+ <ulink url="http://people.freebsd.org/~dougb/randomness.html">
+ http://people.freebsd.org/~dougb/randomness.html
+ </ulink>
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why is named listening on UDP port other than 53?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Named uses a system selected port to make queries of other
+ nameservers. This behaviour can be overridden by using
+ query-source to lock down the port and/or address. See
+ also notify-source and transfer-source.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get error messages like <quote>multiple RRs of singleton type</quote>
+ and <quote>CNAME and other data</quote> when transferring a zone. What
+ does this mean?
+ </para>
+ </question>
+ <answer>
+ <para>
+ These indicate a malformed master zone. You can identify
+ the exact records involved by transferring the zone using
+ dig then running named-checkzone on it.
+ </para>
+ <informalexample>
+ <programlisting>
+dig axfr example.com @master-server &gt; tmp
+named-checkzone example.com tmp</programlisting>
+ </informalexample>
+ <para>
+ A CNAME record cannot exist with the same name as another record
+ except for the DNSSEC records which prove its existance (NSEC).
+ </para>
+ <para>
+ RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
+ no other data should be present; this ensures that the data for a
+ canonical name and its aliases cannot be different. This rule also
+ insures that a cached CNAME can be used without checking with an
+ authoritative server for other RR types.</quote>
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get error messages like <quote>named.conf:99: unexpected end
+ of input</quote> where 99 is the last line of named.conf.
+ </para>
+ </question>
+ <answer>
+ <para>
+ Some text editors (notepad and wordpad) fail to put a line
+ title indication (e.g. CR/LF) on the last line of a
+ text file. This can be fixed by "adding" a blank line to
+ the end of the file. Named expects to see EOF immediately
+ after EOL and treats text files where this is not met as
+ truncated.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get warning messages like <quote>zone example.com/IN: refresh:
+ failure trying master 1.2.3.4#53: timed out</quote>.
+ </para>
+ </question>
+ <answer>
+ <para>
+ Check that you can make UDP queries from the slave to the master
+ </para>
+ <informalexample>
+ <programlisting>
+dig +norec example.com soa @1.2.3.4</programlisting>
+ </informalexample>
+ <para>
+ You could be generating queries faster than the slave can
+ cope with. Lower the serial query rate.
+ </para>
+ <informalexample>
+ <programlisting>
+serial-query-rate 5; // default 20</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I share a dynamic zone between multiple views?
+ </para>
+ </question>
+ <answer>
+ <para>
+ You choose one view to be master and the second a slave and
+ transfer the zone between views.
+ </para>
+ <informalexample>
+ <programlisting>
+Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+
+ key "mykey" {
+ algorithm hmac-md5;
+ secret "yyyyyyyy";
+ };
+
+ view "internal" {
+ match-clients { !external; 10.0.1/24; };
+ server 10.0.1.1 {
+ /* Deliver notify messages to external view. */
+ keys { external; };
+ };
+ zone "example.com" {
+ type master;
+ file "internal/example.db";
+ allow-update { key mykey; };
+ notify-also { 10.0.1.1; };
+ };
+ };
+
+ view "external" {
+ match-clients { external; any; };
+ zone "example.com" {
+ type slave;
+ file "external/example.db";
+ masters { 10.0.1.1; };
+ transfer-source { 10.0.1.1; };
+ // allow-update-forwarding { any; };
+ // allow-notify { ... };
+ };
+ };</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get a error message like <quote>zone wireless.ietf56.ietf.org/IN:
+ loading master file primaries/wireless.ietf56.ietf.org: no
+ owner</quote>.
+ </para>
+ </question>
+ <answer>
+ <para>
+ This error is produced when a line in the master file
+ contains leading white space (tab/space) but the is no
+ current record owner name to inherit the name from. Usually
+ this is the result of putting white space before a comment.
+ Forgeting the "@" for the SOA record or indenting the master
+ file.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why are my logs in GMT (UTC).
+ </para>
+ </question>
+ <answer>
+ <para>
+ You are running chrooted (-t) and have not supplied local timzone
+ information in the chroot area.
+ </para>
+ <simplelist>
+ <member>FreeBSD: /etc/localtime</member>
+ <member>Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo</member>
+ <member>OSF: /etc/zoneinfo/localtime</member>
+ </simplelist>
+ <para>
+ See also tzset(3) and zic(8).
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get the error message <quote>named: capset failed: Operation
+ not permitted</quote> when starting named.
+ </para>
+ </question>
+ <answer>
+ <para>
+ The capability module, part of "Linux Security Modules/LSM",
+ has not been loaded into the kernel. See insmod(8).
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get <quote>rndc: connect failed: connection refused</quote> when
+ I try to run rndc.
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is usually a configuration error.
+ </para>
+ <para>
+ First ensure that named is running and no errors are being
+ reported at startup (/var/log/messages or equivalent).
+ Running "named -g &lt;usual arguments&gt;" from a title
+ can help at this point.
+ </para>
+ <para>
+ Secondly ensure that named is configured to use rndc either
+ by "rndc-confgen -a", rndc-confgen or manually. The
+ Administrators Reference manual has details on how to do
+ this.
+ </para>
+ <para>
+ Old versions of rndc-confgen used localhost rather than
+ 127.0.0.1 in /etc/rndc.conf for the default server. Update
+ /etc/rndc.conf if necessary so that the default server
+ listed in /etc/rndc.conf matches the addresses used in
+ named.conf. "localhost" has two address (127.0.0.1 and
+ ::1).
+ </para>
+ <para>
+ If you use "rndc-confgen -a" and named is running with -t or -u
+ ensure that /etc/rndc.conf has the correct ownership and that
+ a copy is in the chroot area. You can do this by re-running
+ "rndc-confgen -a" with appropriate -t and -u arguments.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I don't get RRSIG's returned when I use "dig +dnssec".
+ </para>
+ </question>
+ <answer>
+ <para>
+ You need to ensure DNSSEC is enabled (dnssec-enable yes;).
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get <quote>Error 1067</quote> when starting named under Windows.
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is the service manager saying that named exited. You
+ need to examine the Application log in the EventViewer to
+ find out why.
+ </para>
+ <para>
+ Common causes are that you failed to create "named.conf"
+ (usually "C:\windows\dns\etc\named.conf") or failed to
+ specify the directory in named.conf.
+ </para>
+ <informalexample>
+ <programlisting>
+options {
+ Directory "C:\windows\dns\etc";
+};</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get <quote>transfer of 'example.net/IN' from 192.168.4.12#53:
+ failed while receiving responses: permission denied</quote> error
+ messages.
+ </para>
+ </question>
+ <answer>
+ <para>
+ These indicate a filesystem permission error preventing
+ named creating / renaming the temporary file. These will
+ usually also have other associated error messages like
+ </para>
+ <informalexample>
+ <programlisting>
+"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"</programlisting>
+ </informalexample>
+ <para>
+ Named needs write permission on the directory containing
+ the file. Named writes the new cache file to a temporary
+ file then renames it to the name specified in named.conf
+ to ensure that the contents are always complete. This is
+ to prevent named loading a partial zone in the event of
+ power failure or similar interrupting the write of the
+ master file.
+ </para>
+ <para>
+ Note file names are relative to the directory specified in
+ options and any chroot directory ([&lt;chroot
+ dir&gt;/][&lt;options dir&gt;]).
+ </para>
+ <informalexample>
+ <para>
+ If named is invoked as "named -t /chroot/DNS" with
+ the following named.conf then "/chroot/DNS/var/named/sl"
+ needs to be writable by the user named is running as.
+ </para>
+ <programlisting>
+options {
+ directory "/var/named";
+};
+
+zone "example.net" {
+ type slave;
+ file "sl/example.net";
+ masters { 192.168.4.12; };
+};</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I intergrate BIND 9 and Solaris SMF
+ </para>
+ </question>
+ <answer>
+ <para>
+ Sun has a blog entry describing how to do this.
+ </para>
+ <para>
+ <ulink
+ url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
+ http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ </ulink>
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Can a NS record refer to a CNAME.
+ </para>
+ </question>
+ <answer>
+ <para>
+ No. The rules for glue (copies of the *address* records
+ in the parent zones) and additional section processing do
+ not allow it to work.
+ </para>
+ <para>
+ You would have to add both the CNAME and address records
+ (A/AAAA) as glue to the parent zone and have CNAMEs be
+ followed when doing additional section processing to make
+ it work. No namesever implementation supports either of
+ these requirements.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ What does <quote>RFC 1918 response from Internet for
+ 0.0.0.10.IN-ADDR.ARPA</quote> mean?
+ </para>
+ </question>
+ <answer>
+ <para>
+ If the IN-ADDR.ARPA name covered refers to a internal address
+ space you are using then you have failed to follow RFC 1918
+ usage rules and are leaking queries to the Internet. You
+ should establish your own zones for these addresses to prevent
+ you quering the Internet's name servers for these addresses.
+ Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
+ for details of the problems you are causing and the counter
+ measures that have had to be deployed.
+ </para>
+ <para>
+ If you are not using these private addresses then a client
+ has queried for them. You can just ignore the messages,
+ get the offending client to stop sending you these messages
+ as they are most probably leaking them or setup your own zones
+ empty zones to serve answers to these queries.
+ </para>
+ <informalexample>
+ <programlisting>
+zone "10.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+};
+
+zone "16.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+};
+
+...
+
+zone "31.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+};
+
+zone "168.192.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+};
+
+empty:
+@ 10800 IN SOA &lt;name-of-server&gt;. &lt;contact-email&gt;. (
+ 1 3600 1200 604800 10800 )
+@ 10800 IN NS &lt;name-of-server&gt;.</programlisting>
+ </informalexample>
+ <note>
+ Future versions of named are likely to do this automatically.
+ </note>
+ </answer>
+ </qandaentry>
+
+ </qandaset>
+</article>
diff --git a/contrib/bind9/README b/contrib/bind9/README
index 8e3d01df5bbf..574b07d73247 100644
--- a/contrib/bind9/README
+++ b/contrib/bind9/README
@@ -43,6 +43,26 @@ BIND 9
Nominum, Inc.
+BIND 9.3.2
+
+ BIND 9.3.2 is a maintenance release, containing fixes for
+ a number of bugs in 9.3.1.
+
+ libbind: corresponds to that from BIND 8.4.7-REL.
+
+ Known Issues:
+
+ The following INSIST can be triggered with DNSSEC enabled.
+
+resolver.c:762: INSIST(result != 0 || dns_rdataset_isassociated(event->rdataset) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_rrsig)) failed
+
+ We are still trying to isolate the cause. If you have core
+ dump please send a bug report to bind9-bugs@isc.org with
+ the location of the core, named executable and OS details.
+
+ Note: contrib/nanny contains a perl script to restart named
+ in the event of a INSIST/REQUIRE/ENSURE failure.
+
BIND 9.3.1
BIND 9.3.1 is a maintenance release, containing fixes for
@@ -210,7 +230,7 @@ Building
UnixWare 7.1.1
HP-UX 10.20
BSD/OS 4.2
- Mac OS X 10.1
+ Mac OS X 10.1, 10.3.8
To build, just
@@ -300,9 +320,11 @@ Building
Building with gcc is not supported, unless gcc is the vendor's usual
compiler (e.g. the various BSD systems, Linux).
+ Known compiler issues:
* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
* gcc-3.3.5 powerpc generates incorrect code at -02.
+ * Irix, MipsPRO 7.4.1m is known to cause problems.
A limited test suite can be run with "make test". Many of
the tests require you to configure a set of virtual IP addresses
diff --git a/contrib/bind9/bin/check/named-checkconf.8 b/contrib/bind9/bin/check/named-checkconf.8
index 25dbdd86ff15..68b745aed290 100644
--- a/contrib/bind9/bin/check/named-checkconf.8
+++ b/contrib/bind9/bin/check/named-checkconf.8
@@ -1,59 +1,70 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.11.12.4 2004/06/03 05:35:41 marka Exp $
+.\" $Id: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $
.\"
-.TH "NAMED-CHECKCONF" "8" "June 14, 2000" "BIND9" ""
-.SH NAME
-named-checkconf \- named configuration file syntax checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkconf\fR [ \fB-v\fR ] [ \fB-j\fR ] [ \fB-t \fIdirectory\fB\fR ] \fBfilename\fR [ \fB-z\fR ]
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkconf \- named configuration file syntax checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
.SH "DESCRIPTION"
.PP
-\fBnamed-checkconf\fR checks the syntax, but not
-the semantics, of a named configuration file.
+\fBnamed\-checkconf\fR
+checks the syntax, but not the semantics, of a named configuration file.
.SH "OPTIONS"
.TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
+\-t \fIdirectory\fR
+chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.TP
-\fB-v\fR
-Print the version of the \fBnamed-checkconf\fR
+\-v
+Print the version of the
+\fBnamed\-checkconf\fR
program and exit.
.TP
-\fB-z\fR
+\-z
Perform a check load the master zonefiles found in
\fInamed.conf\fR.
.TP
-\fB-j\fR
+\-j
When loading a zonefile read the journal if it exists.
.TP
-\fBfilename\fR
-The name of the configuration file to be checked. If not
-specified, it defaults to \fI/etc/named.conf\fR.
+filename
+The name of the configuration file to be checked. If not specified, it defaults to
+\fI/etc/named.conf\fR.
.SH "RETURN VALUES"
.PP
-\fBnamed-checkconf\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkconf\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
diff --git a/contrib/bind9/bin/check/named-checkconf.docbook b/contrib/bind9/bin/check/named-checkconf.docbook
index d1336cfa537b..c2529f642fe0 100644
--- a/contrib/bind9/bin/check/named-checkconf.docbook
+++ b/contrib/bind9/bin/check/named-checkconf.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.5 2004/06/03 02:24:59 marka Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.7 2005/05/12 21:35:56 sra Exp $ -->
<refentry>
<refentryinfo>
@@ -29,6 +31,20 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><application>named-checkconf</application></refname>
<refpurpose>named configuration file syntax checking tool</refpurpose>
@@ -116,6 +132,7 @@
<para>
<command>named-checkconf</command> returns an exit status of 1 if
errors were detected and 0 otherwise.
+ </para>
</refsect1>
<refsect1>
diff --git a/contrib/bind9/bin/check/named-checkconf.html b/contrib/bind9/bin/check/named-checkconf.html
index 8d5f38e99c51..14b8ff89cb1f 100644
--- a/contrib/bind9/bin/check/named-checkconf.html
+++ b/contrib/bind9/bin/check/named-checkconf.html
@@ -1,216 +1,92 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: named-checkconf.html,v 1.5.2.1.4.5 2004/08/22 23:38:57 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->named-checkconf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
->&nbsp;--&nbsp;named configuration file syntax checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkconf</B
-> [<VAR
-CLASS="OPTION"
->-v</VAR
->] [<VAR
-CLASS="OPTION"
->-j</VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] {filename} [<VAR
-CLASS="OPTION"
->-z</VAR
->]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN26"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <B
-CLASS="COMMAND"
->named-checkconf</B
-> checks the syntax, but not
+<!-- $Id: named-checkconf.html,v 1.5.2.1.4.12 2005/10/13 02:33:42 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkconf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525865"></a><h2>DESCRIPTION</h2>
+<p>
+ <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
the semantics, of a named configuration file.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN30"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
-> chroot to <TT
-CLASS="FILENAME"
->directory</TT
-> so that include
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525878"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ chroot to <code class="filename">directory</code> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
- </P
-></DD
-><DT
->-v</DT
-><DD
-><P
-> Print the version of the <B
-CLASS="COMMAND"
->named-checkconf</B
->
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Print the version of the <span><strong class="command">named-checkconf</strong></span>
program and exit.
- </P
-></DD
-><DT
->-z</DT
-><DD
-><P
-> Perform a check load the master zonefiles found in
- <TT
-CLASS="FILENAME"
->named.conf</TT
->.
- </P
-></DD
-><DT
->-j</DT
-><DD
-><P
-> When loading a zonefile read the journal if it exists.
- </P
-></DD
-><DT
->filename</DT
-><DD
-><P
-> The name of the configuration file to be checked. If not
- specified, it defaults to <TT
-CLASS="FILENAME"
->/etc/named.conf</TT
->.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN58"
-></A
-><H2
->RETURN VALUES</H2
-><P
-> <B
-CLASS="COMMAND"
->named-checkconf</B
-> returns an exit status of 1 if
+ </p></dd>
+<dt><span class="term">-z</span></dt>
+<dd><p>
+ Perform a check load the master zonefiles found in
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+ When loading a zonefile read the journal if it exists.
+ </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+ The name of the configuration file to be checked. If not
+ specified, it defaults to <code class="filename">/etc/named.conf</code>.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525970"></a><h2>RETURN VALUES</h2>
+<p>
+ <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN62"
-></A
-><H2
->SEE ALSO</H2
-><P
-> <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
- <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN69"
-></A
-><H2
->AUTHOR</H2
-><P
-> Internet Systems Consortium
- </P
-></DIV
-></BODY
-></HTML
->
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525982"></a><h2>SEE ALSO</h2>
+<p>
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526006"></a><h2>AUTHOR</h2>
+<p>
+ <span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/check/named-checkzone.8 b/contrib/bind9/bin/check/named-checkzone.8
index efa600c8e087..33402d5fe8d0 100644
--- a/contrib/bind9/bin/check/named-checkzone.8
+++ b/contrib/bind9/bin/check/named-checkzone.8
@@ -1,94 +1,111 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.11.2.1.8.4 2004/06/03 05:35:42 marka Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $
.\"
-.TH "NAMED-CHECKZONE" "8" "June 13, 2000" "BIND9" ""
-.SH NAME
-named-checkzone \- zone file validity checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkzone\fR [ \fB-d\fR ] [ \fB-j\fR ] [ \fB-q\fR ] [ \fB-v\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-k \fImode\fB\fR ] [ \fB-n \fImode\fB\fR ] [ \fB-o \fIfilename\fB\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-w \fIdirectory\fB\fR ] [ \fB-D\fR ] \fBzonename\fR \fBfilename\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkzone \- zone file validity checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename}
.SH "DESCRIPTION"
.PP
-\fBnamed-checkzone\fR checks the syntax and integrity of
-a zone file. It performs the same checks as \fBnamed\fR
+\fBnamed\-checkzone\fR
+checks the syntax and integrity of a zone file. It performs the same checks as
+\fBnamed\fR
does when loading a zone. This makes
-\fBnamed-checkzone\fR useful for checking zone
-files before configuring them into a name server.
+\fBnamed\-checkzone\fR
+useful for checking zone files before configuring them into a name server.
.SH "OPTIONS"
.TP
-\fB-d\fR
+\-d
Enable debugging.
.TP
-\fB-q\fR
-Quiet mode - exit code only.
+\-q
+Quiet mode \- exit code only.
.TP
-\fB-v\fR
-Print the version of the \fBnamed-checkzone\fR
+\-v
+Print the version of the
+\fBnamed\-checkzone\fR
program and exit.
.TP
-\fB-j\fR
+\-j
When loading the zone file read the journal if it exists.
.TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
Specify the class of the zone. If not specified "IN" is assumed.
.TP
-\fB-k \fImode\fB\fR
-Perform \fB"check-name"\fR checks with the specified failure mode.
-Possible modes are \fB"fail"\fR,
-\fB"warn"\fR (default) and
+\-k \fImode\fR
+Perform
+\fB"check\-name"\fR
+checks with the specified failure mode. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
\fB"ignore"\fR.
.TP
-\fB-n \fImode\fB\fR
-Specify whether NS records should be checked to see if they
-are addresses. Possible modes are \fB"fail"\fR,
-\fB"warn"\fR (default) and
+\-n \fImode\fR
+Specify whether NS records should be checked to see if they are addresses. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
\fB"ignore"\fR.
.TP
-\fB-o \fIfilename\fB\fR
-Write zone output to \fIdirectory\fR.
+\-o \fIfilename\fR
+Write zone output to
+\fIfilename\fR.
.TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
+\-t \fIdirectory\fR
+chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.TP
-\fB-w \fIdirectory\fB\fR
-chdir to \fIdirectory\fR so that relative
-filenames in master file $INCLUDE directives work. This
-is similar to the directory clause in
+\-w \fIdirectory\fR
+chdir to
+\fIdirectory\fR
+so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
\fInamed.conf\fR.
.TP
-\fB-D\fR
+\-D
Dump zone file in canonical format.
.TP
-\fBzonename\fR
+zonename
The domain name of the zone being checked.
.TP
-\fBfilename\fR
+filename
The name of the zone file.
.SH "RETURN VALUES"
.PP
-\fBnamed-checkzone\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkzone\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
-\fIRFC 1035\fR,
-\fIBIND 9 Administrator Reference Manual\fR.
+RFC 1035,
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
diff --git a/contrib/bind9/bin/check/named-checkzone.docbook b/contrib/bind9/bin/check/named-checkzone.docbook
index 68b0baeeba44..ce0d78bdbdfe 100644
--- a/contrib/bind9/bin/check/named-checkzone.docbook
+++ b/contrib/bind9/bin/check/named-checkzone.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.7 2004/06/03 02:25:00 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.11 2005/05/12 21:35:57 sra Exp $ -->
<refentry>
<refentryinfo>
@@ -29,6 +31,20 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><application>named-checkzone</application></refname>
<refpurpose>zone file validity checking tool</refpurpose>
@@ -103,6 +119,7 @@
When loading the zone file read the journal if it exists.
</para>
</listitem>
+ </varlistentry>
<varlistentry>
<term>-c <replaceable class="parameter">class</replaceable></term>
@@ -141,7 +158,7 @@
<term>-o <replaceable class="parameter">filename</replaceable></term>
<listitem>
<para>
- Write zone output to <filename>directory</filename>.
+ Write zone output to <filename>filename</filename>.
</para>
</listitem>
</varlistentry>
@@ -205,6 +222,7 @@
<para>
<command>named-checkzone</command> returns an exit status of 1 if
errors were detected and 0 otherwise.
+ </para>
</refsect1>
<refsect1>
diff --git a/contrib/bind9/bin/check/named-checkzone.html b/contrib/bind9/bin/check/named-checkzone.html
index dd14c1f8fd73..cf544c94728a 100644
--- a/contrib/bind9/bin/check/named-checkzone.html
+++ b/contrib/bind9/bin/check/named-checkzone.html
@@ -1,367 +1,135 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: named-checkzone.html,v 1.5.2.2.4.5 2004/08/22 23:38:57 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->named-checkzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
->&nbsp;--&nbsp;zone file validity checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkzone</B
-> [<VAR
-CLASS="OPTION"
->-d</VAR
->] [<VAR
-CLASS="OPTION"
->-j</VAR
->] [<VAR
-CLASS="OPTION"
->-q</VAR
->] [<VAR
-CLASS="OPTION"
->-v</VAR
->] [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-k <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-n <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-o <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-w <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-D</VAR
->] {zonename} {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN46"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <B
-CLASS="COMMAND"
->named-checkzone</B
-> checks the syntax and integrity of
- a zone file. It performs the same checks as <B
-CLASS="COMMAND"
->named</B
->
+<!-- $Id: named-checkzone.html,v 1.5.2.2.4.13 2005/10/13 02:33:42 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525922"></a><h2>DESCRIPTION</h2>
+<p>
+ <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
+ a zone file. It performs the same checks as <span><strong class="command">named</strong></span>
does when loading a zone. This makes
- <B
-CLASS="COMMAND"
->named-checkzone</B
-> useful for checking zone
+ <span><strong class="command">named-checkzone</strong></span> useful for checking zone
files before configuring them into a name server.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN52"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-d</DT
-><DD
-><P
-> Enable debugging.
- </P
-></DD
-><DT
->-q</DT
-><DD
-><P
-> Quiet mode - exit code only.
- </P
-></DD
-><DT
->-v</DT
-><DD
-><P
-> Print the version of the <B
-CLASS="COMMAND"
->named-checkzone</B
->
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525942"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-d</span></dt>
+<dd><p>
+ Enable debugging.
+ </p></dd>
+<dt><span class="term">-q</span></dt>
+<dd><p>
+ Quiet mode - exit code only.
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Print the version of the <span><strong class="command">named-checkzone</strong></span>
program and exit.
- </P
-></DD
-><DT
->-j</DT
-><DD
-><P
-> When loading the zone file read the journal if it exists.
- </P
-></DD
-><DT
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></DT
-><DD
-><P
-> Specify the class of the zone. If not specified "IN" is assumed.
- </P
-></DD
-><DT
->-k <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></DT
-><DD
-><P
-> Perform <B
-CLASS="COMMAND"
->"check-name"</B
-> checks with the specified failure mode.
- Possible modes are <B
-CLASS="COMMAND"
->"fail"</B
->,
- <B
-CLASS="COMMAND"
->"warn"</B
-> (default) and
- <B
-CLASS="COMMAND"
->"ignore"</B
->.
- </P
-></DD
-><DT
->-n <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></DT
-><DD
-><P
-> Specify whether NS records should be checked to see if they
- are addresses. Possible modes are <B
-CLASS="COMMAND"
->"fail"</B
->,
- <B
-CLASS="COMMAND"
->"warn"</B
-> (default) and
- <B
-CLASS="COMMAND"
->"ignore"</B
->.
- </P
-></DD
-><DT
->-o <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></DT
-><DD
-><P
-> Write zone output to <TT
-CLASS="FILENAME"
->directory</TT
->.
- </P
-></DD
-><DT
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
-> chroot to <TT
-CLASS="FILENAME"
->directory</TT
-> so that include
+ </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+ When loading the zone file read the journal if it exists.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Specify the class of the zone. If not specified "IN" is assumed.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Perform <span><strong class="command">"check-name"</strong></span> checks with the specified failure mode.
+ Possible modes are <span><strong class="command">"fail"</strong></span>,
+ <span><strong class="command">"warn"</strong></span> (default) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Specify whether NS records should be checked to see if they
+ are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>,
+ <span><strong class="command">"warn"</strong></span> (default) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
+<dd><p>
+ Write zone output to <code class="filename">filename</code>.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ chroot to <code class="filename">directory</code> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
- </P
-></DD
-><DT
->-w <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
-> chdir to <TT
-CLASS="FILENAME"
->directory</TT
-> so that relative
+ </p></dd>
+<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ chdir to <code class="filename">directory</code> so that relative
filenames in master file $INCLUDE directives work. This
is similar to the directory clause in
- <TT
-CLASS="FILENAME"
->named.conf</TT
->.
- </P
-></DD
-><DT
->-D</DT
-><DD
-><P
-> Dump zone file in canonical format.
- </P
-></DD
-><DT
->zonename</DT
-><DD
-><P
-> The domain name of the zone being checked.
- </P
-></DD
-><DT
->filename</DT
-><DD
-><P
-> The name of the zone file.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN125"
-></A
-><H2
->RETURN VALUES</H2
-><P
-> <B
-CLASS="COMMAND"
->named-checkzone</B
-> returns an exit status of 1 if
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term">-D</span></dt>
+<dd><p>
+ Dump zone file in canonical format.
+ </p></dd>
+<dt><span class="term">zonename</span></dt>
+<dd><p>
+ The domain name of the zone being checked.
+ </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+ The name of the zone file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526187"></a><h2>RETURN VALUES</h2>
+<p>
+ <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN129"
-></A
-><H2
->SEE ALSO</H2
-><P
-> <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
- <I
-CLASS="CITETITLE"
->RFC 1035</I
->,
- <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN137"
-></A
-><H2
->AUTHOR</H2
-><P
-> Internet Systems Consortium
- </P
-></DIV
-></BODY
-></HTML
->
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526200"></a><h2>SEE ALSO</h2>
+<p>
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <em class="citetitle">RFC 1035</em>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526227"></a><h2>AUTHOR</h2>
+<p>
+ <span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dig/dig.1 b/contrib/bind9/bin/dig/dig.1
index f14d9216873b..7031217dd2bb 100644
--- a/contrib/bind9/bin/dig/dig.1
+++ b/contrib/bind9/bin/dig/dig.1
@@ -1,216 +1,244 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.14.2.4.2.6 2004/06/23 09:11:01 marka Exp $
+.\" $Id: dig.1,v 1.14.2.4.2.10 2005/10/13 02:33:42 marka Exp $
.\"
-.TH "DIG" "1" "Jun 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
dig \- DNS lookup utility
-.SH SYNOPSIS
-.sp
-\fBdig\fR [ \fB@server\fR ] [ \fB-b \fIaddress\fB\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-f \fIfilename\fB\fR ] [ \fB-k \fIfilename\fB\fR ] [ \fB-p \fIport#\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-x \fIaddr\fB\fR ] [ \fB-y \fIname:key\fB\fR ] [ \fB-4\fR ] [ \fB-6\fR ] [ \fBname\fR ] [ \fBtype\fR ] [ \fBclass\fR ] [ \fBqueryopt\fR\fI...\fR ]
-.sp
-\fBdig\fR [ \fB-h\fR ]
-.sp
-\fBdig\fR [ \fBglobal-queryopt\fR\fI...\fR ] [ \fBquery\fR\fI...\fR ]
+.SH "SYNOPSIS"
+.HP 4
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+.HP 4
+\fBdig\fR [\fB\-h\fR]
+.HP 4
+\fBdig\fR [global\-queryopt...] [query...]
.SH "DESCRIPTION"
.PP
-\fBdig\fR (domain information groper) is a flexible tool
-for interrogating DNS name servers. It performs DNS lookups and
-displays the answers that are returned from the name server(s) that
-were queried. Most DNS administrators use \fBdig\fR to
-troubleshoot DNS problems because of its flexibility, ease of use and
-clarity of output. Other lookup tools tend to have less functionality
-than \fBdig\fR.
+\fBdig\fR
+(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
+\fBdig\fR
+to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
+\fBdig\fR.
.PP
-Although \fBdig\fR is normally used with command-line
-arguments, it also has a batch mode of operation for reading lookup
-requests from a file. A brief summary of its command-line arguments
-and options is printed when the \fB-h\fR option is given.
-Unlike earlier versions, the BIND9 implementation of
-\fBdig\fR allows multiple lookups to be issued from the
-command line.
+Although
+\fBdig\fR
+is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
+\fB\-h\fR
+option is given. Unlike earlier versions, the BIND9 implementation of
+\fBdig\fR
+allows multiple lookups to be issued from the command line.
.PP
Unless it is told to query a specific name server,
-\fBdig\fR will try each of the servers listed in
+\fBdig\fR
+will try each of the servers listed in
\fI/etc/resolv.conf\fR.
.PP
-When no command line arguments or options are given, will perform an
-NS query for "." (the root).
+When no command line arguments or options are given, will perform an NS query for "." (the root).
.PP
-It is possible to set per-user defaults for \fBdig\fR via
-\fI${HOME}/.digrc\fR. This file is read and any options in it
-are applied before the command line arguments.
+It is possible to set per\-user defaults for
+\fBdig\fR
+via
+\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
.SH "SIMPLE USAGE"
.PP
-A typical invocation of \fBdig\fR looks like:
+A typical invocation of
+\fBdig\fR
+looks like:
.sp
.nf
dig @server name type
-.sp
.fi
+.sp
where:
.TP
\fBserver\fR
-is the name or IP address of the name server to query. This can be an IPv4
-address in dotted-decimal notation or an IPv6
-address in colon-delimited notation. When the supplied
-\fIserver\fR argument is a hostname,
-\fBdig\fR resolves that name before querying that name
-server. If no \fIserver\fR argument is provided,
-\fBdig\fR consults \fI/etc/resolv.conf\fR
-and queries the name servers listed there. The reply from the name
-server that responds is displayed.
+is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
+\fIserver\fR
+argument is a hostname,
+\fBdig\fR
+resolves that name before querying that name server. If no
+\fIserver\fR
+argument is provided,
+\fBdig\fR
+consults
+\fI/etc/resolv.conf\fR
+and queries the name servers listed there. The reply from the name server that responds is displayed.
.TP
\fBname\fR
is the name of the resource record that is to be looked up.
.TP
\fBtype\fR
-indicates what type of query is required \(em
-ANY, A, MX, SIG, etc.
-\fItype\fR can be any valid query type. If no
-\fItype\fR argument is supplied,
-\fBdig\fR will perform a lookup for an A record.
+indicates what type of query is required \(em ANY, A, MX, SIG, etc.
+\fItype\fR
+can be any valid query type. If no
+\fItype\fR
+argument is supplied,
+\fBdig\fR
+will perform a lookup for an A record.
.SH "OPTIONS"
.PP
-The \fB-b\fR option sets the source IP address of the query
-to \fIaddress\fR. This must be a valid address on
-one of the host's network interfaces or "0.0.0.0" or "::". An optional port
-may be specified by appending "#<port>"
+The
+\fB\-b\fR
+option sets the source IP address of the query to
+\fIaddress\fR. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>"
.PP
The default query class (IN for internet) is overridden by the
-\fB-c\fR option. \fIclass\fR is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+\fB\-c\fR
+option.
+\fIclass\fR
+is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
.PP
-The \fB-f\fR option makes \fBdig \fR operate
-in batch mode by reading a list of lookup requests to process from the
-file \fIfilename\fR. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
-the same way they would be presented as queries to
-\fBdig\fR using the command-line interface.
+The
+\fB\-f\fR
+option makes
+\fBdig \fR
+operate in batch mode by reading a list of lookup requests to process from the file
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
+\fBdig\fR
+using the command\-line interface.
.PP
-If a non-standard port number is to be queried, the
-\fB-p\fR option is used. \fIport#\fR is
-the port number that \fBdig\fR will send its queries
-instead of the standard DNS port number 53. This option would be used
-to test a name server that has been configured to listen for queries
-on a non-standard port number.
+If a non\-standard port number is to be queried, the
+\fB\-p\fR
+option is used.
+\fIport#\fR
+is the port number that
+\fBdig\fR
+will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
.PP
-The \fB-4\fR option forces \fBdig\fR to only
-use IPv4 query transport. The \fB-6\fR option forces
-\fBdig\fR to only use IPv6 query transport.
+The
+\fB\-4\fR
+option forces
+\fBdig\fR
+to only use IPv4 query transport. The
+\fB\-6\fR
+option forces
+\fBdig\fR
+to only use IPv6 query transport.
.PP
-The \fB-t\fR option sets the query type to
-\fItype\fR. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
-\fB-x\fR option is supplied to indicate a reverse lookup.
-A zone transfer can be requested by specifying a type of AXFR. When
-an incremental zone transfer (IXFR) is required,
-\fItype\fR is set to ixfr=N.
-The incremental zone transfer will contain the changes made to the zone
-since the serial number in the zone's SOA record was
+The
+\fB\-t\fR
+option sets the query type to
+\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
+\fB\-x\fR
+option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
+\fItype\fR
+is set to
+ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
\fIN\fR.
.PP
-Reverse lookups - mapping addresses to names - are simplified by the
-\fB-x\fR option. \fIaddr\fR is an IPv4
-address in dotted-decimal notation, or a colon-delimited IPv6 address.
-When this option is used, there is no need to provide the
-\fIname\fR, \fIclass\fR and
-\fItype\fR arguments. \fBdig\fR
+Reverse lookups \- mapping addresses to names \- are simplified by the
+\fB\-x\fR
+option.
+\fIaddr\fR
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
+\fIname\fR,
+\fIclass\fR
+and
+\fItype\fR
+arguments.
+\fBdig\fR
automatically performs a lookup for a name like
-11.12.13.10.in-addr.arpa and sets the query type and
-class to PTR and IN respectively. By default, IPv6 addresses are
-looked up using nibble format under the IP6.ARPA domain.
-To use the older RFC1886 method using the IP6.INT domain
-specify the \fB-i\fR option. Bit string labels (RFC2874)
-are now experimental and are not attempted.
+11.12.13.10.in\-addr.arpa
+and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the
+\fB\-i\fR
+option. Bit string labels (RFC2874) are now experimental and are not attempted.
.PP
-To sign the DNS queries sent by \fBdig\fR and their
-responses using transaction signatures (TSIG), specify a TSIG key file
-using the \fB-k\fR option. You can also specify the TSIG
-key itself on the command line using the \fB-y\fR option;
-\fIname\fR is the name of the TSIG key and
-\fIkey\fR is the actual key. The key is a base-64
-encoded string, typically generated by \fBdnssec-keygen\fR(8).
-Caution should be taken when using the \fB-y\fR option on
-multi-user systems as the key can be visible in the output from
-\fBps\fR(1) or in the shell's history file. When
-using TSIG authentication with \fBdig\fR, the name
-server that is queried needs to know the key and algorithm that is
-being used. In BIND, this is done by providing appropriate
-\fBkey\fR and \fBserver\fR statements in
+To sign the DNS queries sent by
+\fBdig\fR
+and their responses using transaction signatures (TSIG), specify a TSIG key file using the
+\fB\-k\fR
+option. You can also specify the TSIG key itself on the command line using the
+\fB\-y\fR
+option;
+\fIname\fR
+is the name of the TSIG key and
+\fIkey\fR
+is the actual key. The key is a base\-64 encoded string, typically generated by
+\fBdnssec\-keygen\fR(8). Caution should be taken when using the
+\fB\-y\fR
+option on multi\-user systems as the key can be visible in the output from
+\fBps\fR(1 )
+or in the shell's history file. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
+\fBkey\fR
+and
+\fBserver\fR
+statements in
\fInamed.conf\fR.
.SH "QUERY OPTIONS"
.PP
-\fBdig\fR provides a number of query options which affect
-the way in which lookups are made and the results displayed. Some of
-these set or reset flag bits in the query header, some determine which
-sections of the answer get printed, and others determine the timeout
-and retry strategies.
+\fBdig\fR
+provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
.PP
-Each query option is identified by a keyword preceded by a plus sign
-(+). Some keywords set or reset an option. These may be preceded
-by the string no to negate the meaning of that keyword. Other
-keywords assign values to options like the timeout interval. They
-have the form \fB+keyword=value\fR.
-The query options are:
+Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
+no
+to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
+\fB+keyword=value\fR. The query options are:
.TP
\fB+[no]tcp\fR
-Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
-which case a TCP connection is used.
+Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
.TP
\fB+[no]vc\fR
-Use [do not use] TCP when querying name servers. This alternate
-syntax to \fI+[no]tcp\fR is provided for backwards
-compatibility. The "vc" stands for "virtual circuit".
+Use [do not use] TCP when querying name servers. This alternate syntax to
+\fI+[no]tcp\fR
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
.TP
\fB+[no]ignore\fR
-Ignore truncation in UDP responses instead of retrying with TCP. By
-default, TCP retries are performed.
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
.TP
\fB+domain=somename\fR
Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
-\fBdomain\fR directive in
-\fI/etc/resolv.conf\fR, and enable search list
-processing as if the \fI+search\fR option were given.
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
+\fI+search\fR
+option were given.
.TP
\fB+[no]search\fR
-Use [do not use] the search list defined by the searchlist or domain
-directive in \fIresolv.conf\fR (if any).
-The search list is not used by default.
+Use [do not use] the search list defined by the searchlist or domain directive in
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
.TP
\fB+[no]defname\fR
-Deprecated, treated as a synonym for \fI+[no]search\fR
+Deprecated, treated as a synonym for
+\fI+[no]search\fR
.TP
\fB+[no]aaonly\fR
Sets the "aa" flag in the query.
.TP
\fB+[no]aaflag\fR
-A synonym for \fI+[no]aaonly\fR.
+A synonym for
+\fI+[no]aaonly\fR.
.TP
\fB+[no]adflag\fR
-Set [do not set] the AD (authentic data) bit in the query. The AD bit
-currently has a standard meaning only in responses, not in queries,
-but the ability to set the bit in the query is provided for
-completeness.
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
.TP
\fB+[no]cdflag\fR
-Set [do not set] the CD (checking disabled) bit in the query. This
-requests the server to not perform DNSSEC validation of responses.
+Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
.TP
\fB+[no]cl\fR
Display [do not display] the CLASS when printing the record.
@@ -219,170 +247,164 @@ Display [do not display] the CLASS when printing the record.
Display [do not display] the TTL when printing the record.
.TP
\fB+[no]recurse\fR
-Toggle the setting of the RD (recursion desired) bit in the query.
-This bit is set by default, which means \fBdig\fR
-normally sends recursive queries. Recursion is automatically disabled
-when the \fI+nssearch\fR or
-\fI+trace\fR query options are used.
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+\fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled when the
+\fI+nssearch\fR
+or
+\fI+trace\fR
+query options are used.
.TP
\fB+[no]nssearch\fR
-When this option is set, \fBdig\fR attempts to find the
-authoritative name servers for the zone containing the name being
-looked up and display the SOA record that each name server has for the
-zone.
+When this option is set,
+\fBdig\fR
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
.TP
\fB+[no]trace\fR
-Toggle tracing of the delegation path from the root name servers for
-the name being looked up. Tracing is disabled by default. When
-tracing is enabled, \fBdig\fR makes iterative queries to
-resolve the name being looked up. It will follow referrals from the
-root servers, showing the answer from each server that was used to
-resolve the lookup.
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+\fBdig\fR
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.TP
\fB+[no]cmd\fR
-toggles the printing of the initial comment in the output identifying
-the version of \fBdig\fR and the query options that have
-been applied. This comment is printed by default.
+toggles the printing of the initial comment in the output identifying the version of
+\fBdig\fR
+and the query options that have been applied. This comment is printed by default.
.TP
\fB+[no]short\fR
-Provide a terse answer. The default is to print the answer in a
-verbose form.
+Provide a terse answer. The default is to print the answer in a verbose form.
.TP
\fB+[no]identify\fR
-Show [or do not show] the IP address and port number that supplied the
-answer when the \fI+short\fR option is enabled. If
-short form answers are requested, the default is not to show the
-source address and port number of the server that provided the answer.
+Show [or do not show] the IP address and port number that supplied the answer when the
+\fI+short\fR
+option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
.TP
\fB+[no]comments\fR
-Toggle the display of comment lines in the output. The default is to
-print comments.
+Toggle the display of comment lines in the output. The default is to print comments.
.TP
\fB+[no]stats\fR
-This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
-to print the query statistics.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
.TP
\fB+[no]qr\fR
-Print [do not print] the query as it is sent.
-By default, the query is not printed.
+Print [do not print] the query as it is sent. By default, the query is not printed.
.TP
\fB+[no]question\fR
-Print [do not print] the question section of a query when an answer is
-returned. The default is to print the question section as a comment.
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
.TP
\fB+[no]answer\fR
-Display [do not display] the answer section of a reply. The default
-is to display it.
+Display [do not display] the answer section of a reply. The default is to display it.
.TP
\fB+[no]authority\fR
-Display [do not display] the authority section of a reply. The
-default is to display it.
+Display [do not display] the authority section of a reply. The default is to display it.
.TP
\fB+[no]additional\fR
-Display [do not display] the additional section of a reply.
-The default is to display it.
+Display [do not display] the additional section of a reply. The default is to display it.
.TP
\fB+[no]all\fR
Set or clear all display flags.
.TP
\fB+time=T\fR
Sets the timeout for a query to
-\fIT\fR seconds. The default time out is 5 seconds.
-An attempt to set \fIT\fR to less than 1 will result
-in a query timeout of 1 second being applied.
+\fIT\fR
+seconds. The default time out is 5 seconds. An attempt to set
+\fIT\fR
+to less than 1 will result in a query timeout of 1 second being applied.
.TP
\fB+tries=T\fR
Sets the number of times to try UDP queries to server to
-\fIT\fR instead of the default, 3. If
-\fIT\fR is less than or equal to zero, the number of
-tries is silently rounded up to 1.
+\fIT\fR
+instead of the default, 3. If
+\fIT\fR
+is less than or equal to zero, the number of tries is silently rounded up to 1.
.TP
\fB+retry=T\fR
Sets the number of times to retry UDP queries to server to
-\fIT\fR instead of the default, 2. Unlike
-\fI+tries\fR, this does not include the initial
-query.
+\fIT\fR
+instead of the default, 2. Unlike
+\fI+tries\fR, this does not include the initial query.
.TP
\fB+ndots=D\fR
Set the number of dots that have to appear in
-\fIname\fR to \fID\fR for it to be
-considered absolute. The default value is that defined using the
-ndots statement in \fI/etc/resolv.conf\fR, or 1 if no
-ndots statement is present. Names with fewer dots are interpreted as
-relative names and will be searched for in the domains listed in the
-\fBsearch\fR or \fBdomain\fR directive in
+\fIname\fR
+to
+\fID\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
\fI/etc/resolv.conf\fR.
.TP
\fB+bufsize=B\fR
Set the UDP message buffer size advertised using EDNS0 to
-\fIB\fR bytes. The maximum and minimum sizes of this
-buffer are 65535 and 0 respectively. Values outside this range are
-rounded up or down appropriately.
+\fIB\fR
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
.TP
\fB+[no]multiline\fR
-Print records like the SOA records in a verbose multi-line
-format with human-readable comments. The default is to print
-each record on a single line, to facilitate machine parsing
-of the \fBdig\fR output.
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+\fBdig\fR
+output.
.TP
\fB+[no]fail\fR
-Do not try the next server if you receive a SERVFAIL. The default is
-to not try the next server which is the reverse of normal stub resolver
-behaviour.
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
.TP
\fB+[no]besteffort\fR
-Attempt to display the contents of messages which are malformed.
-The default is to not display malformed answers.
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
.TP
\fB+[no]dnssec\fR
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
-in the OPT record in the additional section of the query.
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
.TP
\fB+[no]sigchase\fR
-Chase DNSSEC signature chains. Requires dig be compiled with
--DDIG_SIGCHASE.
+Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
.TP
-\fB+trusted-key=####\fR
-Specify a trusted key to be used with \fB+sigchase\fR.
-Requires dig be compiled with -DDIG_SIGCHASE.
+\fB+trusted\-key=####\fR
+Specifies a file containing trusted keys to be used with
+\fB+sigchase\fR. Each DNSKEY record must be on its own line.
+.sp
+If not specified
+\fBdig\fR
+will look for
+\fI/etc/trusted\-key.key\fR
+then
+\fItrusted\-key.key\fR
+in the current directory.
+.sp
+Requires dig be compiled with \-DDIG_SIGCHASE.
.TP
\fB+[no]topdown\fR
-When chasing DNSSEC signature chains perform a top down validation.
-Requires dig be compiled with -DDIG_SIGCHASE.
+When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.SH "MULTIPLE QUERIES"
.PP
-The BIND 9 implementation of \fBdig \fR supports
-specifying multiple queries on the command line (in addition to
-supporting the \fB-f\fR batch file option). Each of those
-queries can be supplied with its own set of flags, options and query
-options.
+The BIND 9 implementation of
+\fBdig \fR
+supports specifying multiple queries on the command line (in addition to supporting the
+\fB\-f\fR
+batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
.PP
-In this case, each \fIquery\fR argument represent an
-individual query in the command-line syntax described above. Each
-consists of any of the standard options and flags, the name to be
-looked up, an optional query type and class and any query options that
-should be applied to that query.
+In this case, each
+\fIquery\fR
+argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
.PP
-A global set of query options, which should be applied to all queries,
-can also be supplied. These global query options must precede the
-first tuple of name, class, type, options, flags, and query options
-supplied on the command line. Any global query options (except
-the \fB+[no]cmd\fR option) can be
-overridden by a query-specific set of query options. For example:
+A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
+\fB+[no]cmd\fR
+option) can be overridden by a query\-specific set of query options. For example:
.sp
.nf
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-.sp
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
.fi
-shows how \fBdig\fR could be used from the command line
-to make three lookups: an ANY query for www.isc.org, a
-reverse lookup of 127.0.0.1 and a query for the NS records of
-isc.org.
-A global query option of \fI+qr\fR is applied, so
-that \fBdig\fR shows the initial query it made for each
-lookup. The final query has a local query option of
-\fI+noqr\fR which means that \fBdig\fR
+.sp
+shows how
+\fBdig\fR
+could be used from the command line to make three lookups: an ANY query for
+www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org. A global query option of
+\fI+qr\fR
+is applied, so that
+\fBdig\fR
+shows the initial query it made for each lookup. The final query has a local query option of
+\fI+noqr\fR
+which means that
+\fBdig\fR
will not print the initial query when it looks up the NS records for
isc.org.
.SH "FILES"
@@ -394,8 +416,8 @@ isc.org.
.PP
\fBhost\fR(1),
\fBnamed\fR(8),
-\fBdnssec-keygen\fR(8),
-\fIRFC1035\fR.
-.SH "BUGS"
+\fBdnssec\-keygen\fR(8),
+RFC1035.
+.SH "BUGS "
.PP
-There are probably too many query options.
+There are probably too many query options.
diff --git a/contrib/bind9/bin/dig/dig.c b/contrib/bind9/bin/dig/dig.c
index 08f5b5b52802..52df6608685b 100644
--- a/contrib/bind9/bin/dig/dig.c
+++ b/contrib/bind9/bin/dig/dig.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.157.2.13.2.25 2004/09/16 02:14:14 marka Exp $ */
+/* $Id: dig.c,v 1.157.2.13.2.29 2005/10/14 01:38:40 marka Exp $ */
#include <config.h>
#include <stdlib.h>
@@ -45,10 +45,6 @@
#include <dig/dig.h>
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern dig_serverlist_t server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
#define ADD_STRING(b, s) { \
if (strlen(s) >= isc_buffer_availablelength(b)) \
return (ISC_R_NOSPACE); \
@@ -58,31 +54,8 @@ extern ISC_LIST(dig_searchlist_t) search_list;
#define DIG_MAX_ADDRESSES 20
-extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
- usesearch, qr;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern dns_messageid_t id;
-extern int sendcount;
-extern int ndots;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_sockaddr_t bind_address;
-extern char keynametext[MXNAME];
-extern char keyfile[MXNAME];
-extern char keysecret[MXNAME];
-#ifdef DIG_SIGCHASE
-extern char trustedkey[MXNAME];
-#endif
-extern dns_tsigkey_t *key;
-extern isc_boolean_t validated;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern isc_boolean_t free_now;
dig_lookup_t *default_lookup = NULL;
-extern isc_boolean_t debugging, memdebugging;
static char *batchname = NULL;
static FILE *batchfp = NULL;
static char *argv0;
@@ -133,8 +106,6 @@ static const char *rcodetext[] = {
"BADVERS"
};
-extern char *progname;
-
static void
print_usage(FILE *fp) {
fputs(
@@ -593,6 +564,7 @@ buftoosmall:
}
}
}
+
if (headers && query->lookup->comments && !short_form)
printf("\n");
@@ -818,7 +790,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
break;
case 'l': /* cl */
FULLCHECK("cl");
- noclass = !state;
+ noclass = ISC_TF(!state);
break;
case 'm': /* cmd */
FULLCHECK("cmd");
@@ -892,7 +864,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->ns_search_only = state;
if (state) {
lookup->trace_root = ISC_TRUE;
- lookup->recurse = ISC_FALSE;
+ lookup->recurse = ISC_TRUE;
lookup->identify = ISC_TRUE;
lookup->stats = ISC_FALSE;
lookup->comments = ISC_FALSE;
@@ -1054,7 +1026,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
break;
case 't': /* ttlid */
FULLCHECK("ttlid");
- nottl = !state;
+ nottl = ISC_TF(!state);
break;
default:
goto invalid_option;
diff --git a/contrib/bind9/bin/dig/dig.docbook b/contrib/bind9/bin/dig/dig.docbook
index d22ae87064d0..87c98ae7b1f0 100644
--- a/contrib/bind9/bin/dig/dig.docbook
+++ b/contrib/bind9/bin/dig/dig.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.4.2.7.4.9 2004/06/23 04:19:41 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.4.2.7.4.12 2005/08/30 00:50:29 marka Exp $ -->
<refentry>
@@ -30,6 +32,21 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname>dig</refname>
<refpurpose>DNS lookup utility</refpurpose>
@@ -38,7 +55,7 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>dig</command>
-<arg choice=opt>@server</arg>
+<arg choice="opt">@server</arg>
<arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
@@ -49,10 +66,10 @@
<arg><option>-y <replaceable class="parameter">name:key</replaceable></option></arg>
<arg><option>-4</option></arg>
<arg><option>-6</option></arg>
-<arg choice=opt>name</arg>
-<arg choice=opt>type</arg>
-<arg choice=opt>class</arg>
-<arg choice=opt rep=repeat>queryopt</arg>
+<arg choice="opt">name</arg>
+<arg choice="opt">type</arg>
+<arg choice="opt">class</arg>
+<arg choice="opt" rep="repeat">queryopt</arg>
</cmdsynopsis>
<cmdsynopsis>
@@ -62,8 +79,8 @@
<cmdsynopsis>
<command>dig</command>
-<arg choice=opt rep=repeat>global-queryopt</arg>
-<arg choice=opt rep=repeat>query</arg>
+<arg choice="opt" rep="repeat">global-queryopt</arg>
+<arg choice="opt" rep="repeat">query</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -513,11 +530,24 @@ Chase DNSSEC signature chains. Requires dig be compiled with
-DDIG_SIGCHASE.
</para></listitem></varlistentry>
-<varlistentry><term><option>+trusted-key=####</option></term>
-<listitem><para>
-Specify a trusted key to be used with <option>+sigchase</option>.
-Requires dig be compiled with -DDIG_SIGCHASE.
-</para></listitem></varlistentry>
+ <varlistentry>
+ <term><option>+trusted-key=####</option></term>
+ <listitem>
+ <para>
+ Specifies a file containing trusted keys to be used with
+ <option>+sigchase</option>. Each DNSKEY record must be
+ on its own line.
+ </para>
+ <para>
+ If not specified <command>dig</command> will look for
+ <filename>/etc/trusted-key.key</filename> then
+ <filename>trusted-key.key</filename> in the current directory.
+ </para>
+ <para>
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry><term><option>+[no]topdown</option></term>
<listitem><para>
diff --git a/contrib/bind9/bin/dig/dig.html b/contrib/bind9/bin/dig/dig.html
index e9e1fd4dc770..3425fb3d21b2 100644
--- a/contrib/bind9/bin/dig/dig.html
+++ b/contrib/bind9/bin/dig/dig.html
@@ -1,1174 +1,514 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: dig.html,v 1.6.2.4.2.7 2004/08/22 23:38:57 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->dig</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
->dig</H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Name</H2
->dig&nbsp;--&nbsp;DNS lookup utility</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN11"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dig</B
-> [@server] [<VAR
-CLASS="OPTION"
->-b <VAR
-CLASS="REPLACEABLE"
->address</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-f <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-k <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-p <VAR
-CLASS="REPLACEABLE"
->port#</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->type</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-x <VAR
-CLASS="REPLACEABLE"
->addr</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-y <VAR
-CLASS="REPLACEABLE"
->name:key</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-4</VAR
->] [<VAR
-CLASS="OPTION"
->-6</VAR
->] [name] [type] [class] [queryopt...]</P
-><P
-><B
-CLASS="COMMAND"
->dig</B
-> [<VAR
-CLASS="OPTION"
->-h</VAR
->]</P
-><P
-><B
-CLASS="COMMAND"
->dig</B
-> [global-queryopt...] [query...]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN55"
-></A
-><H2
->DESCRIPTION</H2
-><P
-><B
-CLASS="COMMAND"
->dig</B
-> (domain information groper) is a flexible tool
+<!-- $Id: dig.html,v 1.6.2.4.2.13 2005/10/13 02:33:43 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dig</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>dig &#8212; DNS lookup utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525976"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
-were queried. Most DNS administrators use <B
-CLASS="COMMAND"
->dig</B
-> to
+were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output. Other lookup tools tend to have less functionality
-than <B
-CLASS="COMMAND"
->dig</B
->.</P
-><P
->Although <B
-CLASS="COMMAND"
->dig</B
-> is normally used with command-line
+than <span><strong class="command">dig</strong></span>.
+</p>
+<p>
+Although <span><strong class="command">dig</strong></span> is normally used with command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
-and options is printed when the <VAR
-CLASS="OPTION"
->-h</VAR
-> option is given.
+and options is printed when the <code class="option">-h</code> option is given.
Unlike earlier versions, the BIND9 implementation of
-<B
-CLASS="COMMAND"
->dig</B
-> allows multiple lookups to be issued from the
-command line.</P
-><P
->Unless it is told to query a specific name server,
-<B
-CLASS="COMMAND"
->dig</B
-> will try each of the servers listed in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-><P
->When no command line arguments or options are given, will perform an
-NS query for "." (the root).</P
-><P
->It is possible to set per-user defaults for <B
-CLASS="COMMAND"
->dig</B
-> via
-<TT
-CLASS="FILENAME"
->${HOME}/.digrc</TT
->. This file is read and any options in it
-are applied before the command line arguments.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN72"
-></A
-><H2
->SIMPLE USAGE</H2
-><P
->A typical invocation of <B
-CLASS="COMMAND"
->dig</B
-> looks like:
-<PRE
-CLASS="PROGRAMLISTING"
-> dig @server name type </PRE
-> where:
+<span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the
+command line.
+</p>
+<p>
+Unless it is told to query a specific name server,
+<span><strong class="command">dig</strong></span> will try each of the servers listed in
+<code class="filename">/etc/resolv.conf</code>.
+</p>
+<p>
+When no command line arguments or options are given, will perform an
+NS query for "." (the root).
+</p>
+<p>
+It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
+<code class="filename">${HOME}/.digrc</code>. This file is read and any options in it
+are applied before the command line arguments.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526035"></a><h2>SIMPLE USAGE</h2>
+<p>
+A typical invocation of <span><strong class="command">dig</strong></span> looks like:
+</p>
+<pre class="programlisting"> dig @server name type </pre>
+<p> where:
-<P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><CODE
-CLASS="CONSTANT"
->server</CODE
-></DT
-><DD
-><P
->is the name or IP address of the name server to query. This can be an IPv4
+</p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">server</code></span></dt>
+<dd><p>
+is the name or IP address of the name server to query. This can be an IPv4
address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
-<VAR
-CLASS="PARAMETER"
->server</VAR
-> argument is a hostname,
-<B
-CLASS="COMMAND"
->dig</B
-> resolves that name before querying that name
-server. If no <VAR
-CLASS="PARAMETER"
->server</VAR
-> argument is provided,
-<B
-CLASS="COMMAND"
->dig</B
-> consults <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->
+<em class="parameter"><code>server</code></em> argument is a hostname,
+<span><strong class="command">dig</strong></span> resolves that name before querying that name
+server. If no <em class="parameter"><code>server</code></em> argument is provided,
+<span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
and queries the name servers listed there. The reply from the name
-server that responds is displayed.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->name</CODE
-></DT
-><DD
-><P
->is the name of the resource record that is to be looked up.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->type</CODE
-></DT
-><DD
-><P
->indicates what type of query is required &mdash;
+server that responds is displayed.
+</p></dd>
+<dt><span class="term"><code class="constant">name</code></span></dt>
+<dd><p>
+is the name of the resource record that is to be looked up.
+</p></dd>
+<dt><span class="term"><code class="constant">type</code></span></dt>
+<dd><p>
+indicates what type of query is required &#8212;
ANY, A, MX, SIG, etc.
-<VAR
-CLASS="PARAMETER"
->type</VAR
-> can be any valid query type. If no
-<VAR
-CLASS="PARAMETER"
->type</VAR
-> argument is supplied,
-<B
-CLASS="COMMAND"
->dig</B
-> will perform a lookup for an A record.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN101"
-></A
-><H2
->OPTIONS</H2
-><P
->The <VAR
-CLASS="OPTION"
->-b</VAR
-> option sets the source IP address of the query
-to <VAR
-CLASS="PARAMETER"
->address</VAR
->. This must be a valid address on
+<em class="parameter"><code>type</code></em> can be any valid query type. If no
+<em class="parameter"><code>type</code></em> argument is supplied,
+<span><strong class="command">dig</strong></span> will perform a lookup for an A record.
+</p></dd>
+</dl></div>
+<p>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526114"></a><h2>OPTIONS</h2>
+<p>
+The <code class="option">-b</code> option sets the source IP address of the query
+to <em class="parameter"><code>address</code></em>. This must be a valid address on
one of the host's network interfaces or "0.0.0.0" or "::". An optional port
-may be specified by appending "#&lt;port&gt;"</P
-><P
->The default query class (IN for internet) is overridden by the
-<VAR
-CLASS="OPTION"
->-c</VAR
-> option. <VAR
-CLASS="PARAMETER"
->class</VAR
-> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.</P
-><P
->The <VAR
-CLASS="OPTION"
->-f</VAR
-> option makes <B
-CLASS="COMMAND"
->dig </B
-> operate
+may be specified by appending "#&lt;port&gt;"
+</p>
+<p>
+The default query class (IN for internet) is overridden by the
+<code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid
+class, such as HS for Hesiod records or CH for CHAOSNET records.
+</p>
+<p>
+The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate
in batch mode by reading a list of lookup requests to process from the
-file <VAR
-CLASS="PARAMETER"
->filename</VAR
->. The file contains a number of
+file <em class="parameter"><code>filename</code></em>. The file contains a number of
queries, one per line. Each entry in the file should be organised in
the same way they would be presented as queries to
-<B
-CLASS="COMMAND"
->dig</B
-> using the command-line interface.</P
-><P
->If a non-standard port number is to be queried, the
-<VAR
-CLASS="OPTION"
->-p</VAR
-> option is used. <VAR
-CLASS="PARAMETER"
->port#</VAR
-> is
-the port number that <B
-CLASS="COMMAND"
->dig</B
-> will send its queries
+<span><strong class="command">dig</strong></span> using the command-line interface.
+</p>
+<p>
+If a non-standard port number is to be queried, the
+<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
+the port number that <span><strong class="command">dig</strong></span> will send its queries
instead of the standard DNS port number 53. This option would be used
to test a name server that has been configured to listen for queries
-on a non-standard port number.</P
-><P
->The <VAR
-CLASS="OPTION"
->-4</VAR
-> option forces <B
-CLASS="COMMAND"
->dig</B
-> to only
-use IPv4 query transport. The <VAR
-CLASS="OPTION"
->-6</VAR
-> option forces
-<B
-CLASS="COMMAND"
->dig</B
-> to only use IPv6 query transport.</P
-><P
->The <VAR
-CLASS="OPTION"
->-t</VAR
-> option sets the query type to
-<VAR
-CLASS="PARAMETER"
->type</VAR
->. It can be any valid query type which is
+on a non-standard port number.
+</p>
+<p>
+The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span> to only
+use IPv4 query transport. The <code class="option">-6</code> option forces
+<span><strong class="command">dig</strong></span> to only use IPv6 query transport.
+</p>
+<p>
+The <code class="option">-t</code> option sets the query type to
+<em class="parameter"><code>type</code></em>. It can be any valid query type which is
supported in BIND9. The default query type "A", unless the
-<VAR
-CLASS="OPTION"
->-x</VAR
-> option is supplied to indicate a reverse lookup.
+<code class="option">-x</code> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
-<VAR
-CLASS="PARAMETER"
->type</VAR
-> is set to <VAR
-CLASS="LITERAL"
->ixfr=N</VAR
->.
+<em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
The incremental zone transfer will contain the changes made to the zone
since the serial number in the zone's SOA record was
-<VAR
-CLASS="PARAMETER"
->N</VAR
->.</P
-><P
->Reverse lookups - mapping addresses to names - are simplified by the
-<VAR
-CLASS="OPTION"
->-x</VAR
-> option. <VAR
-CLASS="PARAMETER"
->addr</VAR
-> is an IPv4
+<em class="parameter"><code>N</code></em>.
+</p>
+<p>
+Reverse lookups - mapping addresses to names - are simplified by the
+<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
-<VAR
-CLASS="PARAMETER"
->name</VAR
->, <VAR
-CLASS="PARAMETER"
->class</VAR
-> and
-<VAR
-CLASS="PARAMETER"
->type</VAR
-> arguments. <B
-CLASS="COMMAND"
->dig</B
->
+<em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
+<em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
automatically performs a lookup for a name like
-<VAR
-CLASS="LITERAL"
->11.12.13.10.in-addr.arpa</VAR
-> and sets the query type and
+<code class="literal">11.12.13.10.in-addr.arpa</code> and sets the query type and
class to PTR and IN respectively. By default, IPv6 addresses are
looked up using nibble format under the IP6.ARPA domain.
To use the older RFC1886 method using the IP6.INT domain
-specify the <VAR
-CLASS="OPTION"
->-i</VAR
-> option. Bit string labels (RFC2874)
-are now experimental and are not attempted.</P
-><P
->To sign the DNS queries sent by <B
-CLASS="COMMAND"
->dig</B
-> and their
+specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
+are now experimental and are not attempted.
+</p>
+<p>
+To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and their
responses using transaction signatures (TSIG), specify a TSIG key file
-using the <VAR
-CLASS="OPTION"
->-k</VAR
-> option. You can also specify the TSIG
-key itself on the command line using the <VAR
-CLASS="OPTION"
->-y</VAR
-> option;
-<VAR
-CLASS="PARAMETER"
->name</VAR
-> is the name of the TSIG key and
-<VAR
-CLASS="PARAMETER"
->key</VAR
-> is the actual key. The key is a base-64
-encoded string, typically generated by <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->.
+using the <code class="option">-k</code> option. You can also specify the TSIG
+key itself on the command line using the <code class="option">-y</code> option;
+<em class="parameter"><code>name</code></em> is the name of the TSIG key and
+<em class="parameter"><code>key</code></em> is the actual key. The key is a base-64
+encoded string, typically generated by <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
-Caution should be taken when using the <VAR
-CLASS="OPTION"
->-y</VAR
-> option on
+Caution should be taken when using the <code class="option">-y</code> option on
multi-user systems as the key can be visible in the output from
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->ps</SPAN
->(1)</SPAN
-> or in the shell's history file. When
-using TSIG authentication with <B
-CLASS="COMMAND"
->dig</B
->, the name
+<span class="citerefentry"><span class="refentrytitle">ps</span>(1
+)</span> or in the shell's history file. When
+using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
server that is queried needs to know the key and algorithm that is
being used. In BIND, this is done by providing appropriate
-<B
-CLASS="COMMAND"
->key</B
-> and <B
-CLASS="COMMAND"
->server</B
-> statements in
-<TT
-CLASS="FILENAME"
->named.conf</TT
->.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN156"
-></A
-><H2
->QUERY OPTIONS</H2
-><P
-><B
-CLASS="COMMAND"
->dig</B
-> provides a number of query options which affect
+<span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
+<code class="filename">named.conf</code>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526365"></a><h2>QUERY OPTIONS</h2>
+<p>
+<span><strong class="command">dig</strong></span> provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
these set or reset flag bits in the query header, some determine which
sections of the answer get printed, and others determine the timeout
-and retry strategies.</P
-><P
->Each query option is identified by a keyword preceded by a plus sign
-(<VAR
-CLASS="LITERAL"
->+</VAR
->). Some keywords set or reset an option. These may be preceded
-by the string <VAR
-CLASS="LITERAL"
->no</VAR
-> to negate the meaning of that keyword. Other
+and retry strategies.
+</p>
+<p>
+Each query option is identified by a keyword preceded by a plus sign
+(<code class="literal">+</code>). Some keywords set or reset an option. These may be preceded
+by the string <code class="literal">no</code> to negate the meaning of that keyword. Other
keywords assign values to options like the timeout interval. They
-have the form <VAR
-CLASS="OPTION"
->+keyword=value</VAR
->.
+have the form <code class="option">+keyword=value</code>.
The query options are:
-<P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><VAR
-CLASS="OPTION"
->+[no]tcp</VAR
-></DT
-><DD
-><P
->Use [do not use] TCP when querying name servers. The default
+</p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
+<dd><p>
+Use [do not use] TCP when querying name servers. The default
behaviour is to use UDP unless an AXFR or IXFR query is requested, in
-which case a TCP connection is used.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]vc</VAR
-></DT
-><DD
-><P
->Use [do not use] TCP when querying name servers. This alternate
-syntax to <VAR
-CLASS="PARAMETER"
->+[no]tcp</VAR
-> is provided for backwards
-compatibility. The "vc" stands for "virtual circuit".</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]ignore</VAR
-></DT
-><DD
-><P
->Ignore truncation in UDP responses instead of retrying with TCP. By
-default, TCP retries are performed.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+domain=somename</VAR
-></DT
-><DD
-><P
->Set the search list to contain the single domain
-<VAR
-CLASS="PARAMETER"
->somename</VAR
->, as if specified in a
-<B
-CLASS="COMMAND"
->domain</B
-> directive in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->, and enable search list
-processing as if the <VAR
-CLASS="PARAMETER"
->+search</VAR
-> option were given.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]search</VAR
-></DT
-><DD
-><P
->Use [do not use] the search list defined by the searchlist or domain
-directive in <TT
-CLASS="FILENAME"
->resolv.conf</TT
-> (if any).
-The search list is not used by default.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]defname</VAR
-></DT
-><DD
-><P
->Deprecated, treated as a synonym for <VAR
-CLASS="PARAMETER"
->+[no]search</VAR
-></P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]aaonly</VAR
-></DT
-><DD
-><P
->Sets the "aa" flag in the query.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]aaflag</VAR
-></DT
-><DD
-><P
->A synonym for <VAR
-CLASS="PARAMETER"
->+[no]aaonly</VAR
->.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]adflag</VAR
-></DT
-><DD
-><P
->Set [do not set] the AD (authentic data) bit in the query. The AD bit
+which case a TCP connection is used.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
+<dd><p>
+Use [do not use] TCP when querying name servers. This alternate
+syntax to <em class="parameter"><code>+[no]tcp</code></em> is provided for backwards
+compatibility. The "vc" stands for "virtual circuit".
+</p></dd>
+<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
+<dd><p>
+Ignore truncation in UDP responses instead of retrying with TCP. By
+default, TCP retries are performed.
+</p></dd>
+<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
+<dd><p>
+Set the search list to contain the single domain
+<em class="parameter"><code>somename</code></em>, as if specified in a
+<span><strong class="command">domain</strong></span> directive in
+<code class="filename">/etc/resolv.conf</code>, and enable search list
+processing as if the <em class="parameter"><code>+search</code></em> option were given.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]search</code></span></dt>
+<dd><p>
+Use [do not use] the search list defined by the searchlist or domain
+directive in <code class="filename">resolv.conf</code> (if any).
+The search list is not used by default.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
+<dd><p>
+Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
+</p></dd>
+<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
+<dd><p>
+Sets the "aa" flag in the query.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
+<dd><p>
+A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
+<dd><p>
+Set [do not set] the AD (authentic data) bit in the query. The AD bit
currently has a standard meaning only in responses, not in queries,
but the ability to set the bit in the query is provided for
-completeness.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]cdflag</VAR
-></DT
-><DD
-><P
->Set [do not set] the CD (checking disabled) bit in the query. This
-requests the server to not perform DNSSEC validation of responses.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]cl</VAR
-></DT
-><DD
-><P
->Display [do not display] the CLASS when printing the record.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]ttlid</VAR
-></DT
-><DD
-><P
->Display [do not display] the TTL when printing the record.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]recurse</VAR
-></DT
-><DD
-><P
->Toggle the setting of the RD (recursion desired) bit in the query.
-This bit is set by default, which means <B
-CLASS="COMMAND"
->dig</B
->
+completeness.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
+<dd><p>
+Set [do not set] the CD (checking disabled) bit in the query. This
+requests the server to not perform DNSSEC validation of responses.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
+<dd><p>
+Display [do not display] the CLASS when printing the record.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
+<dd><p>
+Display [do not display] the TTL when printing the record.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
+<dd><p>
+Toggle the setting of the RD (recursion desired) bit in the query.
+This bit is set by default, which means <span><strong class="command">dig</strong></span>
normally sends recursive queries. Recursion is automatically disabled
-when the <VAR
-CLASS="PARAMETER"
->+nssearch</VAR
-> or
-<VAR
-CLASS="PARAMETER"
->+trace</VAR
-> query options are used.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]nssearch</VAR
-></DT
-><DD
-><P
->When this option is set, <B
-CLASS="COMMAND"
->dig</B
-> attempts to find the
+when the <em class="parameter"><code>+nssearch</code></em> or
+<em class="parameter"><code>+trace</code></em> query options are used.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
+<dd><p>
+When this option is set, <span><strong class="command">dig</strong></span> attempts to find the
authoritative name servers for the zone containing the name being
looked up and display the SOA record that each name server has for the
-zone.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]trace</VAR
-></DT
-><DD
-><P
->Toggle tracing of the delegation path from the root name servers for
+zone.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
+<dd><p>
+Toggle tracing of the delegation path from the root name servers for
the name being looked up. Tracing is disabled by default. When
-tracing is enabled, <B
-CLASS="COMMAND"
->dig</B
-> makes iterative queries to
+tracing is enabled, <span><strong class="command">dig</strong></span> makes iterative queries to
resolve the name being looked up. It will follow referrals from the
root servers, showing the answer from each server that was used to
-resolve the lookup.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]cmd</VAR
-></DT
-><DD
-><P
->toggles the printing of the initial comment in the output identifying
-the version of <B
-CLASS="COMMAND"
->dig</B
-> and the query options that have
-been applied. This comment is printed by default.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]short</VAR
-></DT
-><DD
-><P
->Provide a terse answer. The default is to print the answer in a
-verbose form.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]identify</VAR
-></DT
-><DD
-><P
->Show [or do not show] the IP address and port number that supplied the
-answer when the <VAR
-CLASS="PARAMETER"
->+short</VAR
-> option is enabled. If
+resolve the lookup.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
+<dd><p>
+toggles the printing of the initial comment in the output identifying
+the version of <span><strong class="command">dig</strong></span> and the query options that have
+been applied. This comment is printed by default.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]short</code></span></dt>
+<dd><p>
+Provide a terse answer. The default is to print the answer in a
+verbose form.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
+<dd><p>
+Show [or do not show] the IP address and port number that supplied the
+answer when the <em class="parameter"><code>+short</code></em> option is enabled. If
short form answers are requested, the default is not to show the
-source address and port number of the server that provided the answer.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]comments</VAR
-></DT
-><DD
-><P
->Toggle the display of comment lines in the output. The default is to
-print comments.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]stats</VAR
-></DT
-><DD
-><P
->This query option toggles the printing of statistics: when the query
+source address and port number of the server that provided the answer.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
+<dd><p>
+Toggle the display of comment lines in the output. The default is to
+print comments.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
+<dd><p>
+This query option toggles the printing of statistics: when the query
was made, the size of the reply and so on. The default behaviour is
-to print the query statistics.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]qr</VAR
-></DT
-><DD
-><P
->Print [do not print] the query as it is sent.
-By default, the query is not printed.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]question</VAR
-></DT
-><DD
-><P
->Print [do not print] the question section of a query when an answer is
-returned. The default is to print the question section as a comment.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]answer</VAR
-></DT
-><DD
-><P
->Display [do not display] the answer section of a reply. The default
-is to display it.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]authority</VAR
-></DT
-><DD
-><P
->Display [do not display] the authority section of a reply. The
-default is to display it.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]additional</VAR
-></DT
-><DD
-><P
->Display [do not display] the additional section of a reply.
-The default is to display it.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]all</VAR
-></DT
-><DD
-><P
->Set or clear all display flags.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+time=T</VAR
-></DT
-><DD
-><P
->&#13;Sets the timeout for a query to
-<VAR
-CLASS="PARAMETER"
->T</VAR
-> seconds. The default time out is 5 seconds.
-An attempt to set <VAR
-CLASS="PARAMETER"
->T</VAR
-> to less than 1 will result
-in a query timeout of 1 second being applied.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+tries=T</VAR
-></DT
-><DD
-><P
->Sets the number of times to try UDP queries to server to
-<VAR
-CLASS="PARAMETER"
->T</VAR
-> instead of the default, 3. If
-<VAR
-CLASS="PARAMETER"
->T</VAR
-> is less than or equal to zero, the number of
-tries is silently rounded up to 1.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+retry=T</VAR
-></DT
-><DD
-><P
->Sets the number of times to retry UDP queries to server to
-<VAR
-CLASS="PARAMETER"
->T</VAR
-> instead of the default, 2. Unlike
-<VAR
-CLASS="PARAMETER"
->+tries</VAR
->, this does not include the initial
-query.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+ndots=D</VAR
-></DT
-><DD
-><P
->Set the number of dots that have to appear in
-<VAR
-CLASS="PARAMETER"
->name</VAR
-> to <VAR
-CLASS="PARAMETER"
->D</VAR
-> for it to be
+to print the query statistics.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
+<dd><p>
+Print [do not print] the query as it is sent.
+By default, the query is not printed.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]question</code></span></dt>
+<dd><p>
+Print [do not print] the question section of a query when an answer is
+returned. The default is to print the question section as a comment.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+<dd><p>
+Display [do not display] the answer section of a reply. The default
+is to display it.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+<dd><p>
+Display [do not display] the authority section of a reply. The
+default is to display it.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
+<dd><p>
+Display [do not display] the additional section of a reply.
+The default is to display it.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+<dd><p>
+Set or clear all display flags.
+</p></dd>
+<dt><span class="term"><code class="option">+time=T</code></span></dt>
+<dd><p>
+
+Sets the timeout for a query to
+<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds.
+An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result
+in a query timeout of 1 second being applied.
+</p></dd>
+<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+<dd><p>
+Sets the number of times to try UDP queries to server to
+<em class="parameter"><code>T</code></em> instead of the default, 3. If
+<em class="parameter"><code>T</code></em> is less than or equal to zero, the number of
+tries is silently rounded up to 1.
+</p></dd>
+<dt><span class="term"><code class="option">+retry=T</code></span></dt>
+<dd><p>
+Sets the number of times to retry UDP queries to server to
+<em class="parameter"><code>T</code></em> instead of the default, 2. Unlike
+<em class="parameter"><code>+tries</code></em>, this does not include the initial
+query.
+</p></dd>
+<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
+<dd><p>
+Set the number of dots that have to appear in
+<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
considered absolute. The default value is that defined using the
-ndots statement in <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->, or 1 if no
+ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
ndots statement is present. Names with fewer dots are interpreted as
relative names and will be searched for in the domains listed in the
-<VAR
-CLASS="OPTION"
->search</VAR
-> or <VAR
-CLASS="OPTION"
->domain</VAR
-> directive in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+bufsize=B</VAR
-></DT
-><DD
-><P
->Set the UDP message buffer size advertised using EDNS0 to
-<VAR
-CLASS="PARAMETER"
->B</VAR
-> bytes. The maximum and minimum sizes of this
+<code class="option">search</code> or <code class="option">domain</code> directive in
+<code class="filename">/etc/resolv.conf</code>.
+</p></dd>
+<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+<dd><p>
+Set the UDP message buffer size advertised using EDNS0 to
+<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes of this
buffer are 65535 and 0 respectively. Values outside this range are
-rounded up or down appropriately.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]multiline</VAR
-></DT
-><DD
-><P
->Print records like the SOA records in a verbose multi-line
+rounded up or down appropriately.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
+<dd><p>
+Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, to facilitate machine parsing
-of the <B
-CLASS="COMMAND"
->dig</B
-> output.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]fail</VAR
-></DT
-><DD
-><P
->Do not try the next server if you receive a SERVFAIL. The default is
+of the <span><strong class="command">dig</strong></span> output.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dd><p>
+Do not try the next server if you receive a SERVFAIL. The default is
to not try the next server which is the reverse of normal stub resolver
-behaviour.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]besteffort</VAR
-></DT
-><DD
-><P
->Attempt to display the contents of messages which are malformed.
-The default is to not display malformed answers.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]dnssec</VAR
-></DT
-><DD
-><P
->Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
-in the OPT record in the additional section of the query.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]sigchase</VAR
-></DT
-><DD
-><P
->Chase DNSSEC signature chains. Requires dig be compiled with
--DDIG_SIGCHASE.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+trusted-key=####</VAR
-></DT
-><DD
-><P
->Specify a trusted key to be used with <VAR
-CLASS="OPTION"
->+sigchase</VAR
->.
-Requires dig be compiled with -DDIG_SIGCHASE.</P
-></DD
-><DT
-><VAR
-CLASS="OPTION"
->+[no]topdown</VAR
-></DT
-><DD
-><P
->When chasing DNSSEC signature chains perform a top down validation.
-Requires dig be compiled with -DDIG_SIGCHASE.</P
-></DD
-></DL
-></DIV
->&#13;</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN385"
-></A
-><H2
->MULTIPLE QUERIES</H2
-><P
->The BIND 9 implementation of <B
-CLASS="COMMAND"
->dig </B
-> supports
+behaviour.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+<dd><p>
+Attempt to display the contents of messages which are malformed.
+The default is to not display malformed answers.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
+<dd><p>
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
+in the OPT record in the additional section of the query.
+</p></dd>
+<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
+<dd><p>
+Chase DNSSEC signature chains. Requires dig be compiled with
+-DDIG_SIGCHASE.
+</p></dd>
+<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
+<dd>
+<p>
+ Specifies a file containing trusted keys to be used with
+ <code class="option">+sigchase</code>. Each DNSKEY record must be
+ on its own line.
+ </p>
+<p>
+ If not specified <span><strong class="command">dig</strong></span> will look for
+ <code class="filename">/etc/trusted-key.key</code> then
+ <code class="filename">trusted-key.key</code> in the current directory.
+ </p>
+<p>
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </p>
+</dd>
+<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
+<dd><p>
+When chasing DNSSEC signature chains perform a top down validation.
+Requires dig be compiled with -DDIG_SIGCHASE.
+</p></dd>
+</dl></div>
+<p>
+
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527033"></a><h2>MULTIPLE QUERIES</h2>
+<p>
+The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
specifying multiple queries on the command line (in addition to
-supporting the <VAR
-CLASS="OPTION"
->-f</VAR
-> batch file option). Each of those
+supporting the <code class="option">-f</code> batch file option). Each of those
queries can be supplied with its own set of flags, options and query
-options.</P
-><P
->In this case, each <VAR
-CLASS="PARAMETER"
->query</VAR
-> argument represent an
+options.
+</p>
+<p>
+In this case, each <em class="parameter"><code>query</code></em> argument represent an
individual query in the command-line syntax described above. Each
consists of any of the standard options and flags, the name to be
looked up, an optional query type and class and any query options that
-should be applied to that query.</P
-><P
->A global set of query options, which should be applied to all queries,
+should be applied to that query.
+</p>
+<p>
+A global set of query options, which should be applied to all queries,
can also be supplied. These global query options must precede the
first tuple of name, class, type, options, flags, and query options
supplied on the command line. Any global query options (except
-the <VAR
-CLASS="OPTION"
->+[no]cmd</VAR
-> option) can be
+the <code class="option">+[no]cmd</code> option) can be
overridden by a query-specific set of query options. For example:
-<PRE
-CLASS="PROGRAMLISTING"
->dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr</PRE
->
-shows how <B
-CLASS="COMMAND"
->dig</B
-> could be used from the command line
-to make three lookups: an ANY query for <VAR
-CLASS="LITERAL"
->www.isc.org</VAR
->, a
+</p>
+<pre class="programlisting">
+dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+</pre>
+<p>
+shows how <span><strong class="command">dig</strong></span> could be used from the command line
+to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
reverse lookup of 127.0.0.1 and a query for the NS records of
-<VAR
-CLASS="LITERAL"
->isc.org</VAR
->.
+<code class="literal">isc.org</code>.
-A global query option of <VAR
-CLASS="PARAMETER"
->+qr</VAR
-> is applied, so
-that <B
-CLASS="COMMAND"
->dig</B
-> shows the initial query it made for each
+A global query option of <em class="parameter"><code>+qr</code></em> is applied, so
+that <span><strong class="command">dig</strong></span> shows the initial query it made for each
lookup. The final query has a local query option of
-<VAR
-CLASS="PARAMETER"
->+noqr</VAR
-> which means that <B
-CLASS="COMMAND"
->dig</B
->
+<em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
will not print the initial query when it looks up the NS records for
-<VAR
-CLASS="LITERAL"
->isc.org</VAR
->.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN403"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></P
-><P
-><TT
-CLASS="FILENAME"
->${HOME}/.digrc</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN409"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->host</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-<I
-CLASS="CITETITLE"
->RFC1035</I
->.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN422"
-></A
-><H2
->BUGS </H2
-><P
->There are probably too many query options. </P
-></DIV
-></BODY
-></HTML
->
+<code class="literal">isc.org</code>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527092"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+<p>
+<code class="filename">${HOME}/.digrc</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527111"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+<em class="citetitle">RFC1035</em>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527149"></a><h2>BUGS </h2>
+<p>
+There are probably too many query options.
+</p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dig/dighost.c b/contrib/bind9/bin/dig/dighost.c
index 63a81105a7d8..6129fedb6c64 100644
--- a/contrib/bind9/bin/dig/dighost.c
+++ b/contrib/bind9/bin/dig/dighost.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.221.2.19.2.20 2004/11/22 23:30:31 marka Exp $ */
+/* $Id: dighost.c,v 1.221.2.19.2.31 2005/10/14 01:38:40 marka Exp $ */
/*
* Notice to programmers: Do not use this code as an example of how to
@@ -37,7 +37,6 @@
#include <dns/dnssec.h>
#include <dns/ds.h>
#include <dns/nsec.h>
-#include <isc/file.h>
#include <isc/random.h>
#include <ctype.h>
#endif
@@ -58,6 +57,7 @@
#include <isc/app.h>
#include <isc/base64.h>
#include <isc/entropy.h>
+#include <isc/file.h>
#include <isc/lang.h>
#include <isc/netaddr.h>
#ifdef DIG_SIGCHASE
@@ -90,9 +90,9 @@
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;
-ISC_LIST(dig_lookup_t) lookup_list;
+dig_lookuplist_t lookup_list;
dig_serverlist_t server_list;
-ISC_LIST(dig_searchlist_t) search_list;
+dig_searchlistlist_t search_list;
isc_boolean_t
have_ipv4 = ISC_FALSE,
@@ -146,7 +146,7 @@ dig_lookup_t *current_lookup = NULL;
#ifdef DIG_SIGCHASE
-isc_result_t get_trusted_key(isc_mem_t *mctx);
+isc_result_t get_trusted_key(isc_mem_t *mctx);
dns_rdataset_t * sigchase_scanname(dns_rdatatype_t type,
dns_rdatatype_t covers,
isc_boolean_t *lookedup,
@@ -156,103 +156,104 @@ dns_rdataset_t * chase_scanname_section(dns_message_t *msg,
dns_rdatatype_t type,
dns_rdatatype_t covers,
int section);
-isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
+isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
dns_name_t *name,
dns_rdatatype_t type,
dns_rdatatype_t covers,
isc_boolean_t *lookedup);
-isc_result_t sigchase_verify_sig_key(dns_name_t *name,
+isc_result_t sigchase_verify_sig_key(dns_name_t *name,
dns_rdataset_t *rdataset,
dst_key_t* dnsseckey,
dns_rdataset_t *sigrdataset,
isc_mem_t *mctx);
-isc_result_t sigchase_verify_sig(dns_name_t *name,
+isc_result_t sigchase_verify_sig(dns_name_t *name,
dns_rdataset_t *rdataset,
dns_rdataset_t *keyrdataset,
dns_rdataset_t *sigrdataset,
isc_mem_t *mctx);
-isc_result_t sigchase_verify_ds(dns_name_t *name,
+isc_result_t sigchase_verify_ds(dns_name_t *name,
dns_rdataset_t *keyrdataset,
dns_rdataset_t *dsrdataset,
isc_mem_t *mctx);
-void sigchase(dns_message_t *msg);
-void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
-void print_rdataset(dns_name_t *name,
+void sigchase(dns_message_t *msg);
+void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
+void print_rdataset(dns_name_t *name,
dns_rdataset_t *rdataset, isc_mem_t *mctx);
-void dup_name(dns_name_t *source, dns_name_t* target,
+void dup_name(dns_name_t *source, dns_name_t* target,
isc_mem_t *mctx);
-void dump_database(void);
-void dump_database_section(dns_message_t *msg, int section);
+void free_name(dns_name_t *name, isc_mem_t *mctx);
+void dump_database(void);
+void dump_database_section(dns_message_t *msg, int section);
dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type,
dns_rdatatype_t covers);
-isc_result_t contains_trusted_key(dns_name_t *name,
+isc_result_t contains_trusted_key(dns_name_t *name,
dns_rdataset_t *rdataset,
dns_rdataset_t *sigrdataset,
isc_mem_t *mctx);
-void print_type(dns_rdatatype_t type);
-isc_result_t prove_nx_domain(dns_message_t * msg,
+void print_type(dns_rdatatype_t type);
+isc_result_t prove_nx_domain(dns_message_t * msg,
dns_name_t * name,
dns_name_t * rdata_name,
dns_rdataset_t ** rdataset,
dns_rdataset_t ** sigrdataset);
-isc_result_t prove_nx_type(dns_message_t * msg, dns_name_t *name,
+isc_result_t prove_nx_type(dns_message_t * msg, dns_name_t *name,
dns_rdataset_t *nsec,
dns_rdataclass_t class,
dns_rdatatype_t type,
dns_name_t * rdata_name,
dns_rdataset_t ** rdataset,
dns_rdataset_t ** sigrdataset);
-isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
+isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
dns_rdataclass_t class,
dns_rdatatype_t type,
dns_name_t * rdata_name,
dns_rdataset_t ** rdataset,
dns_rdataset_t ** sigrdataset);
static void nameFromString(const char *str, dns_name_t *p_ret);
-int inf_name(dns_name_t * name1, dns_name_t * name2);
-isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
+int inf_name(dns_name_t * name1, dns_name_t * name2);
+isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
char **tempp, FILE **fp);
-isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
-void clean_trustedkey(void );
-void insert_trustedkey(dst_key_t * key);
+isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
+void clean_trustedkey(void);
+void insert_trustedkey(dst_key_t * key);
#if DIG_SIGCHASE_BU
-isc_result_t getneededrr(dns_message_t *msg);
-void sigchase_bottom_up(dns_message_t *msg);
-void sigchase_bu(dns_message_t *msg);
+isc_result_t getneededrr(dns_message_t *msg);
+void sigchase_bottom_up(dns_message_t *msg);
+void sigchase_bu(dns_message_t *msg);
#endif
#if DIG_SIGCHASE_TD
-isc_result_t initialization(dns_name_t *name);
-isc_result_t prepare_lookup(dns_name_t *name);
-isc_result_t grandfather_pb_test(dns_name_t * zone_name,
+isc_result_t initialization(dns_name_t *name);
+isc_result_t prepare_lookup(dns_name_t *name);
+isc_result_t grandfather_pb_test(dns_name_t * zone_name,
dns_rdataset_t *sigrdataset);
-isc_result_t child_of_zone(dns_name_t *name,
+isc_result_t child_of_zone(dns_name_t *name,
dns_name_t *zone_name,
dns_name_t *child_name);
-void sigchase_td(dns_message_t *msg);
+void sigchase_td(dns_message_t *msg);
#endif
char trustedkey[MXNAME] = "";
-dns_rdataset_t * chase_rdataset = NULL;
-dns_rdataset_t * chase_sigrdataset = NULL;
-dns_rdataset_t * chase_dsrdataset = NULL;
-dns_rdataset_t * chase_sigdsrdataset = NULL;
-dns_rdataset_t * chase_keyrdataset = NULL;
-dns_rdataset_t * chase_sigkeyrdataset = NULL;
-dns_rdataset_t * chase_nsrdataset = NULL;
+dns_rdataset_t *chase_rdataset = NULL;
+dns_rdataset_t *chase_sigrdataset = NULL;
+dns_rdataset_t *chase_dsrdataset = NULL;
+dns_rdataset_t *chase_sigdsrdataset = NULL;
+dns_rdataset_t *chase_keyrdataset = NULL;
+dns_rdataset_t *chase_sigkeyrdataset = NULL;
+dns_rdataset_t *chase_nsrdataset = NULL;
-dns_name_t chase_name; /* the query name */
+dns_name_t chase_name; /* the query name */
#if DIG_SIGCHASE_TD
/*
* the current name is the parent name when we follow delegation
*/
-dns_name_t chase_current_name;
+dns_name_t chase_current_name;
/*
* the child name is used for delegation (NS DS responses in AUTHORITY section)
*/
-dns_name_t chase_authority_name;
+dns_name_t chase_authority_name;
#endif
#if DIG_SIGCHASE_BU
-dns_name_t chase_signame;
+dns_name_t chase_signame;
#endif
@@ -274,7 +275,7 @@ dns_message_t * error_message = NULL;
#endif
isc_boolean_t dsvalidating = ISC_FALSE;
-isc_boolean_t chase_name_dup = ISC_FALSE;
+isc_boolean_t chase_name_dup = ISC_FALSE;
ISC_LIST(dig_message_t) chase_message_list;
ISC_LIST(dig_message_t) chase_message_list2;
@@ -282,11 +283,11 @@ ISC_LIST(dig_message_t) chase_message_list2;
#define MAX_TRUSTED_KEY 5
typedef struct struct_trusted_key_list {
- dst_key_t * key[MAX_TRUSTED_KEY];
- int nb_tk;
+ dst_key_t * key[MAX_TRUSTED_KEY];
+ int nb_tk;
} struct_tk_list;
-struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
+struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
#endif
@@ -581,7 +582,7 @@ set_nameserver(char *opt) {
return;
result = bind9_getaddresses(opt, 0, sockaddrs,
- DIG_MAX_ADDRESSES, &count);
+ DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
opt, isc_result_totext(result));
@@ -690,13 +691,13 @@ make_empty_lookup(void) {
#ifdef DIG_SIGCHASE
looknew->sigchase = ISC_FALSE;
#if DIG_SIGCHASE_TD
- looknew->do_topdown = ISC_FALSE;
+ looknew->do_topdown = ISC_FALSE;
looknew->trace_root_sigchase = ISC_FALSE;
looknew->rdtype_sigchaseset = ISC_FALSE;
looknew->rdtype_sigchase = dns_rdatatype_any;
looknew->qrdtype_sigchase = dns_rdatatype_any;
looknew->rdclass_sigchase = dns_rdataclass_in;
- looknew->rdclass_sigchaseset = ISC_FALSE;
+ looknew->rdclass_sigchaseset = ISC_FALSE;
#endif
#endif
looknew->udpsize = 0;
@@ -766,9 +767,9 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
#ifdef DIG_SIGCHASE
looknew->sigchase = lookold->sigchase;
#if DIG_SIGCHASE_TD
- looknew->do_topdown = lookold->do_topdown;
+ looknew->do_topdown = lookold->do_topdown;
looknew->trace_root_sigchase = lookold->trace_root_sigchase;
- looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
+ looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
looknew->rdtype_sigchase = lookold->rdtype_sigchase;
looknew->qrdtype_sigchase = lookold->qrdtype_sigchase;
looknew->rdclass_sigchase = lookold->rdclass_sigchase;
@@ -944,14 +945,17 @@ setup_system(void) {
if (lwresult != LWRES_R_SUCCESS)
fatal("lwres_context_create failed");
- (void)lwres_conf_parse(lwctx, RESOLV_CONF);
+ if (isc_file_exists(RESOLV_CONF))
+ lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
+ if (lwresult != LWRES_R_SUCCESS)
+ fatal("parse of %s failed", RESOLV_CONF);
+
lwconf = lwres_conf_get(lwctx);
/* Make the search list */
if (lwconf->searchnxt > 0)
create_search_list(lwconf);
- else {
- /* No search list. Use the domain name if any */
+ else { /* No search list. Use the domain name if any */
if (lwconf->domainname != NULL) {
domain = make_searchlist_entry(lwconf->domainname);
ISC_LIST_INITANDAPPEND(search_list, domain, link);
@@ -959,8 +963,10 @@ setup_system(void) {
}
}
- ndots = lwconf->ndots;
- debug("ndots is %d.", ndots);
+ if (ndots == -1) {
+ ndots = lwconf->ndots;
+ debug("ndots is %d.", ndots);
+ }
/* If we don't find a nameserver fall back to localhost */
if (lwconf->nsnext == 0) {
@@ -985,15 +991,15 @@ setup_system(void) {
setup_text_key();
#ifdef DIG_SIGCHASE
/* Setup the list of messages for +sigchase */
- ISC_LIST_INIT(chase_message_list);
- ISC_LIST_INIT(chase_message_list2);
+ ISC_LIST_INIT(chase_message_list);
+ ISC_LIST_INIT(chase_message_list2);
dns_name_init(&chase_name, NULL);
#if DIG_SIGCHASE_TD
dns_name_init(&chase_current_name, NULL);
dns_name_init(&chase_authority_name, NULL);
#endif
#if DIG_SIGCHASE_BU
- dns_name_init(&chase_signame, NULL);
+ dns_name_init(&chase_signame, NULL);
#endif
#endif
@@ -1210,8 +1216,7 @@ try_clear_lookup(dig_lookup_t *lookup) {
if (debugging) {
q = ISC_LIST_HEAD(lookup->q);
while (q != NULL) {
- debug("query to %s still pending",
- q->servname);
+ debug("query to %s still pending", q->servname);
q = ISC_LIST_NEXT(q, link);
}
return (ISC_FALSE);
@@ -1224,8 +1229,7 @@ try_clear_lookup(dig_lookup_t *lookup) {
debug("cleared");
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
- debug("freeing server %p belonging to %p",
- s, lookup);
+ debug("freeing server %p belonging to %p", s, lookup);
ptr = s;
s = ISC_LIST_NEXT(s, link);
ISC_LIST_DEQUEUE(lookup->my_server_list,
@@ -1278,12 +1282,12 @@ start_lookup(void) {
#if DIG_SIGCHASE_TD
if (current_lookup->do_topdown &&
!current_lookup->rdtype_sigchaseset) {
- dst_key_t * trustedkey = NULL;
+ dst_key_t *trustedkey = NULL;
isc_buffer_t *b = NULL;
isc_region_t r;
isc_result_t result;
dns_name_t query_name;
- dns_name_t * key_name;
+ dns_name_t *key_name;
int i;
result = get_trusted_key(mctx);
@@ -1296,9 +1300,9 @@ start_lookup(void) {
dns_name_init(&query_name, NULL);
nameFromString(current_lookup->textname, &query_name);
- for (i = 0; i< tk_list.nb_tk; i++) {
+ for (i = 0; i < tk_list.nb_tk; i++) {
key_name = dst_key_name(tk_list.key[i]);
-
+
if (dns_name_issubdomain(&query_name,
key_name) == ISC_TRUE)
trustedkey = tk_list.key[i];
@@ -1313,35 +1317,32 @@ start_lookup(void) {
printf(" isn't a subdomain of any Trusted Keys"
": +sigchase option is disable\n");
current_lookup->sigchase = ISC_FALSE;
- dns_name_free(&query_name, mctx);
+ free_name(&query_name, mctx);
goto novalidation;
}
- dns_name_free(&query_name, mctx);
+ free_name(&query_name, mctx);
-
current_lookup->rdtype_sigchase
- = current_lookup->rdtype;
+ = current_lookup->rdtype;
current_lookup->rdtype_sigchaseset
- = current_lookup->rdtypeset;
+ = current_lookup->rdtypeset;
current_lookup->rdtype = dns_rdatatype_ns;
-
-
+
current_lookup->qrdtype_sigchase
= current_lookup->qrdtype;
current_lookup->qrdtype = dns_rdatatype_ns;
-
+
current_lookup->rdclass_sigchase
= current_lookup->rdclass;
current_lookup->rdclass_sigchaseset
= current_lookup->rdclassset;
current_lookup->rdclass = dns_rdataclass_in;
-
strncpy(current_lookup->textnamesigchase,
current_lookup->textname, MXNAME);
current_lookup->trace_root_sigchase = ISC_TRUE;
-
+
result = isc_buffer_allocate(mctx, &b, BUFSIZE);
check_result(result, "isc_buffer_allocate");
result = dns_name_totext(dst_key_name(trustedkey),
@@ -1466,6 +1467,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
lookup->ns_search_only =
query->lookup->ns_search_only;
lookup->trace_root = ISC_FALSE;
+ if (lookup->ns_search_only)
+ lookup->recurse = ISC_FALSE;
}
srv = make_server(namestr, namestr);
debug("adding server %s", srv->servername);
@@ -1636,9 +1639,9 @@ setup_lookup(dig_lookup_t *lookup) {
/* XXX New search here? */
if ((count_dots(lookup->textname) >= ndots) || !usesearch)
lookup->origin = NULL; /* Force abs lookup */
- else if (lookup->origin == NULL && lookup->new_search && usesearch) {
+ else if (lookup->origin == NULL && lookup->new_search && usesearch)
lookup->origin = ISC_LIST_HEAD(search_list);
- }
+
if (lookup->origin != NULL) {
debug("trying origin %s", lookup->origin->origin);
result = dns_message_gettempname(lookup->sendmsg,
@@ -1922,21 +1925,17 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) {
if (ISC_LIST_NEXT(query, link) != NULL)
local_timeout = SERVER_TIMEOUT;
else {
- if (timeout == 0) {
+ if (timeout == 0)
local_timeout = default_timeout;
- } else
+ else
local_timeout = timeout;
}
debug("have local timeout of %d", local_timeout);
isc_interval_set(&l->interval, local_timeout, 0);
if (l->timer != NULL)
isc_timer_detach(&l->timer);
- result = isc_timer_create(timermgr,
- isc_timertype_once,
- NULL,
- &l->interval,
- global_task,
- connect_timeout,
+ result = isc_timer_create(timermgr, isc_timertype_once, NULL,
+ &l->interval, global_task, connect_timeout,
l, &l->timer);
check_result(result, "isc_timer_create");
}
@@ -2029,8 +2028,7 @@ send_udp(dig_query_t *query) {
l = query->lookup;
bringup_timer(query, UDP_TIMEOUT);
l->current_query = query;
- debug("working on lookup %p, query %p",
- query->lookup, query);
+ debug("working on lookup %p, query %p", query->lookup, query);
if (!query->recv_made) {
/* XXX Check the sense of this, need assertion? */
query->waiting_connect = ISC_FALSE;
@@ -2056,12 +2054,9 @@ send_udp(dig_query_t *query) {
ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf,
link);
debug("recving with lookup=%p, query=%p, sock=%p",
- query->lookup, query,
- query->sock);
- result = isc_socket_recvv(query->sock,
- &query->recvlist, 1,
- global_task, recv_done,
- query);
+ query->lookup, query, query->sock);
+ result = isc_socket_recvv(query->sock, &query->recvlist, 1,
+ global_task, recv_done, query);
check_result(result, "isc_socket_recvv");
recvcount++;
debug("recvcount=%d", recvcount);
@@ -2097,7 +2092,7 @@ send_udp(dig_query_t *query) {
*/
static void
connect_timeout(isc_task_t *task, isc_event_t *event) {
- dig_lookup_t *l = NULL, *n;
+ dig_lookup_t *l = NULL;
dig_query_t *query = NULL, *cq;
UNUSED(task);
@@ -2133,7 +2128,7 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
debug("making new TCP request, %d tries left",
l->retries);
l->retries--;
- n = requeue_lookup(l, ISC_TRUE);
+ requeue_lookup(l, ISC_TRUE);
cancel_lookup(l);
check_next_lookup(l);
}
@@ -2220,8 +2215,7 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) {
ENSURE(ISC_LIST_EMPTY(query->recvlist));
ISC_LINK_INIT(&query->recvbuf, link);
ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
- debug("recving with lookup=%p, query=%p",
- query->lookup, query);
+ debug("recving with lookup=%p, query=%p", query->lookup, query);
result = isc_socket_recvv(query->sock, &query->recvlist, length, task,
recv_done, query);
check_result(result, "isc_socket_recvv");
@@ -2339,8 +2333,7 @@ connect_done(isc_task_t *task, isc_event_t *event) {
debug("unsuccessful connection: %s",
isc_result_totext(sevent->result));
- isc_sockaddr_format(&query->sockaddr, sockstr,
- sizeof(sockstr));
+ isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
if (sevent->result != ISC_R_CANCELED)
printf(";; Connection to %s(%s) for %s failed: "
"%s.\n", sockstr,
@@ -2430,8 +2423,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
if ((!query->first_soa_rcvd) &&
(rdata.type != dns_rdatatype_soa)) {
puts("; Transfer failed. "
- "Didn't start with "
- "SOA answer.");
+ "Didn't start with SOA answer.");
return (ISC_TRUE);
}
if ((!query->second_rr_rcvd) &&
@@ -2608,7 +2600,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
char buf2[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t any;
- if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
+ if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
isc_sockaddr_any(&any);
else
isc_sockaddr_any6(&any);
@@ -2629,7 +2621,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
else
#endif
/*
- * We don't expect a match above when the packet is
+ * We don't expect a match above when the packet is
* sent to 0.0.0.0, :: or to a multicast addresses.
* XXXMPA broadcast needs to be handled here as well.
*/
@@ -2843,9 +2835,6 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
if (!l->doing_xfr || l->xfr_q == query) {
-#ifdef DIG_SIGCHASE
- int count = 0;
-#endif
if (msg->rcode != dns_rcode_noerror && l->origin != NULL) {
if (!next_origin(msg, query)) {
printmessage(query, msg, ISC_TRUE);
@@ -2858,11 +2847,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
printmessage(query, msg, ISC_TRUE);
} else if (l->trace) {
int n = 0;
-#ifdef DIG_SIGCHASE
- count = msg->counts[DNS_SECTION_ANSWER];
-#else
int count = msg->counts[DNS_SECTION_ANSWER];
-#endif
debug("in TRACE code");
if (!l->ns_search_only)
@@ -2885,7 +2870,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (l->trace_root) {
/*
- * This is the initial NS query.
+ * This is the initial NS query.
*/
int n;
@@ -2900,9 +2885,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (!do_sigchase)
#endif
printmessage(query, msg, ISC_TRUE);
- }
+ }
#ifdef DIG_SIGCHASE
- if ( do_sigchase) {
+ if (do_sigchase) {
chase_msg = isc_mem_allocate(mctx,
sizeof(dig_message_t));
if (chase_msg == NULL) {
@@ -2916,16 +2901,16 @@ recv_done(isc_task_t *task, isc_event_t *event) {
fatal("dns_message_create in %s:%d",
__FILE__, __LINE__);
}
-
+
isc_buffer_usedregion(b, &r);
result = isc_buffer_allocate(mctx, &buf, r.length);
-
+
check_result(result, "isc_buffer_allocate");
result = isc_buffer_copyregion(buf, &r);
check_result(result, "isc_buffer_copyregion");
-
+
result = dns_message_parse(msg_temp, buf, 0);
-
+
isc_buffer_free(&buf);
chase_msg->msg = msg_temp;
@@ -2942,9 +2927,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
#endif
}
-
+
#ifdef DIG_SIGCHASE
- if (l->sigchase && ISC_LIST_EMPTY(lookup_list) ) {
+ if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
sigchase(msg_temp);
}
#endif
@@ -3101,7 +3086,7 @@ cancel_all(void) {
*/
void
destroy_libs(void) {
-#ifdef DIG_SIGCHASE
+#ifdef DIG_SIGCHASE
void * ptr;
dig_message_t *chase_msg;
#endif
@@ -3171,7 +3156,7 @@ destroy_libs(void) {
debug("Destroy the messages kept for sigchase");
/* Destroy the messages kept for sigchase */
- chase_msg = ISC_LIST_HEAD(chase_message_list);
+ chase_msg = ISC_LIST_HEAD(chase_message_list);
while (chase_msg != NULL) {
INSIST(chase_msg->msg != NULL);
@@ -3191,16 +3176,16 @@ destroy_libs(void) {
isc_mem_free(mctx, ptr);
}
if (dns_name_dynamic(&chase_name))
- dns_name_free(&chase_name, mctx);
+ free_name(&chase_name, mctx);
#if DIG_SIGCHASE_TD
if (dns_name_dynamic(&chase_current_name))
- dns_name_free(&chase_current_name, mctx);
+ free_name(&chase_current_name, mctx);
if (dns_name_dynamic(&chase_authority_name))
- dns_name_free(&chase_authority_name, mctx);
+ free_name(&chase_authority_name, mctx);
#endif
#if DIG_SIGCHASE_BU
if (dns_name_dynamic(&chase_signame))
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_signame, mctx);
#endif
debug("Destroy memory");
@@ -3212,7 +3197,7 @@ destroy_libs(void) {
isc_mem_destroy(&mctx);
}
-
+
#ifdef DIG_SIGCHASE
@@ -3222,32 +3207,31 @@ print_type(dns_rdatatype_t type)
isc_buffer_t * b = NULL;
isc_result_t result;
isc_region_t r;
-
+
result = isc_buffer_allocate(mctx, &b, 4000);
check_result(result, "isc_buffer_allocate");
result = dns_rdatatype_totext(type, b);
check_result(result, "print_type");
-
+
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
-
+
printf("%s", r.base);
isc_buffer_free(&b);
}
-
void
-dump_database_section( dns_message_t *msg, int section)
+dump_database_section(dns_message_t *msg, int section)
{
dns_name_t *msg_name=NULL;
-
+
dns_rdataset_t *rdataset;
do {
dns_message_currentname(msg, section, &msg_name);
-
+
for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
dns_name_print(msg_name, stdout);
@@ -3256,35 +3240,32 @@ dump_database_section( dns_message_t *msg, int section)
printf("end\n");
}
msg_name = NULL;
- } while ( dns_message_nextname(msg, section) == ISC_R_SUCCESS);
+ } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
}
-
-void dump_database(void)
-{
+void
+dump_database(void) {
dig_message_t * msg;
for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ANSWER);
-
+
if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
}
}
-dns_rdataset_t * search_type(dns_name_t *name,
- dns_rdatatype_t type,
- dns_rdatatype_t covers)
-{
+dns_rdataset_t *
+search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
dns_rdataset_t *rdataset;
dns_rdata_sig_t siginfo;
dns_rdata_t sigrdata;
@@ -3294,10 +3275,9 @@ dns_rdataset_t * search_type(dns_name_t *name,
rdataset = ISC_LIST_NEXT(rdataset, link)) {
if (type == dns_rdatatype_any) {
if (rdataset->type != dns_rdatatype_rrsig)
- return rdataset;
- }
- else if ((type == dns_rdatatype_rrsig) &&
- (rdataset->type == dns_rdatatype_rrsig)) {
+ return (rdataset);
+ } else if ((type == dns_rdatatype_rrsig) &&
+ (rdataset->type == dns_rdatatype_rrsig)) {
dns_rdata_init(&sigrdata);
result = dns_rdataset_first(rdataset);
check_result(result, "empty rdataset");
@@ -3309,38 +3289,35 @@ dns_rdataset_t * search_type(dns_name_t *name,
(covers == dns_rdatatype_any)) {
dns_rdata_reset(&sigrdata);
dns_rdata_freestruct(&siginfo);
- return rdataset;
+ return (rdataset);
}
dns_rdata_reset(&sigrdata);
dns_rdata_freestruct(&siginfo);
- }
- else if (rdataset->type == type)
- return rdataset;
+ } else if (rdataset->type == type)
+ return (rdataset);
}
- return NULL;
+ return (NULL);
}
dns_rdataset_t *
-chase_scanname_section(dns_message_t *msg,
- dns_name_t *name,
- dns_rdatatype_t type,
- dns_rdatatype_t covers,
+chase_scanname_section(dns_message_t *msg, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers,
int section)
{
dns_rdataset_t *rdataset;
dns_name_t *msg_name = NULL;
-
+
do {
dns_message_currentname(msg, section, &msg_name);
if (dns_name_compare(msg_name, name) == 0) {
rdataset = search_type(msg_name, type, covers);
- if ( rdataset != NULL)
- return rdataset;
+ if (rdataset != NULL)
+ return (rdataset);
}
msg_name = NULL;
- } while ( dns_message_nextname(msg, section) == ISC_R_SUCCESS);
-
- return(NULL);
+ } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
+
+ return (NULL);
}
@@ -3349,7 +3326,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
{
dns_rdataset_t *rdataset = NULL;
dig_message_t * msg;
-
+
for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
@@ -3358,7 +3335,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
type, covers,
DNS_SECTION_ANSWER);
if (rdataset != NULL)
- return rdataset;
+ return (rdataset);
if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
== ISC_R_SUCCESS)
rdataset =
@@ -3366,7 +3343,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
type, covers,
DNS_SECTION_AUTHORITY);
if (rdataset != NULL)
- return rdataset;
+ return (rdataset);
if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
== ISC_R_SUCCESS)
rdataset =
@@ -3374,16 +3351,15 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
covers,
DNS_SECTION_ADDITIONAL);
if (rdataset != NULL)
- return rdataset;
+ return (rdataset);
}
- return NULL;
+ return (NULL);
}
dns_rdataset_t *
sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
- isc_boolean_t * lookedup,
- dns_name_t *rdata_name )
+ isc_boolean_t * lookedup, dns_name_t *rdata_name)
{
dig_lookup_t *lookup;
isc_buffer_t *b = NULL;
@@ -3392,18 +3368,17 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
dns_rdataset_t * temp;
dns_rdatatype_t querytype;
- if ((temp=chase_scanname(rdata_name, type, covers))!=NULL) {
- return(temp);
- }
+ temp = chase_scanname(rdata_name, type, covers);
+ if (temp != NULL)
+ return (temp);
- if (*lookedup == ISC_TRUE) {
- return(NULL);
- }
+ if (*lookedup == ISC_TRUE)
+ return (NULL);
lookup = clone_lookup(current_lookup, ISC_TRUE);
lookup->trace_root = ISC_FALSE;
lookup->new_search = ISC_TRUE;
-
+
result = isc_buffer_allocate(mctx, &b, BUFSIZE);
check_result(result, "isc_buffer_allocate");
result = dns_name_totext(rdata_name, ISC_FALSE, b);
@@ -3417,9 +3392,10 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
querytype = covers;
else
querytype = type;
+
if (querytype == 0 || querytype == 255) {
printf("Error in the queried type: %d\n", querytype);
- return(NULL);
+ return (NULL);
}
lookup->rdtype = querytype;
@@ -3431,11 +3407,11 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
printf("\n\nLaunch a query to find a RRset of type ");
print_type(type);
printf(" for zone: %s\n", lookup->textname);
- return(NULL);
+ return (NULL);
}
void
-insert_trustedkey(dst_key_t * key)
+insert_trustedkey(dst_key_t * key)
{
if (key == NULL)
return;
@@ -3443,7 +3419,7 @@ insert_trustedkey(dst_key_t * key)
return;
tk_list.key[tk_list.nb_tk++] = key;
- return;
+ return;
}
void
@@ -3455,8 +3431,7 @@ clean_trustedkey()
if (tk_list.key[i] != NULL) {
dst_key_free(&tk_list.key[i]);
tk_list.key[i] = NULL;
- }
- else
+ } else
break;
}
tk_list.nb_tk = 0;
@@ -3467,36 +3442,36 @@ char alphnum[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
isc_result_t
-removetmpkey(isc_mem_t *mctx, const char *file)
+removetmpkey(isc_mem_t *mctx, const char *file)
{
char *tempnamekey = NULL;
int tempnamekeylen;
isc_result_t result;
-
+
tempnamekeylen = strlen(file)+10;
-
+
tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
if (tempnamekey == NULL)
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
-
+
strcat(tempnamekey, file);
strcat(tempnamekey,".key");
isc_file_remove(tempnamekey);
result = isc_file_remove(tempnamekey);
isc_mem_free(mctx, tempnamekey);
- return(result);
+ return (result);
}
isc_result_t
opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
- FILE *f = NULL;
- isc_result_t result;
- char *tempname = NULL;
+ FILE *f = NULL;
+ isc_result_t result;
+ char *tempname = NULL;
char *tempnamekey = NULL;
- int tempnamelen;
+ int tempnamelen;
int tempnamekeylen;
char *x;
char *cp;
@@ -3520,14 +3495,14 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
isc_mem_free(mctx, tempname);
return (ISC_R_FAILURE);
}
-
+
x = cp--;
while (cp >= tempname && *cp == 'X') {
isc_random_get(&which);
*cp = alphnum[which % (sizeof(alphnum) - 1)];
x = cp--;
}
-
+
tempnamekeylen = tempnamelen+5;
tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
if (tempnamekey == NULL)
@@ -3537,7 +3512,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
strncpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
-
+
if (isc_file_exists(tempnamekey)) {
isc_mem_free(mctx, tempnamekey);
isc_mem_free(mctx, tempname);
@@ -3547,19 +3522,19 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
if ((f = fopen(tempnamekey, "w")) == NULL) {
printf("get_trusted_key(): trusted key not found %s\n",
tempnamekey);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
break;
}
isc_mem_free(mctx, tempnamekey);
- *tempp = tempname;
- *fp = f;
- return (ISC_R_SUCCESS);
+ *tempp = tempname;
+ *fp = f;
+ return (ISC_R_SUCCESS);
cleanup:
- isc_mem_free(mctx, tempname);
+ isc_mem_free(mctx, tempname);
- return (result);
+ return (result);
}
@@ -3567,57 +3542,55 @@ isc_result_t
get_trusted_key(isc_mem_t *mctx)
{
isc_result_t result;
- const char * filename = NULL;
- char * filetemp =NULL;
+ const char *filename = NULL;
+ char *filetemp = NULL;
char buf[1500];
- FILE *fp , *fptemp;
- dst_key_t * key = NULL;
-
- result = isc_file_exists(trustedkey);
+ FILE *fp, *fptemp;
+ dst_key_t *key = NULL;
+
+ result = isc_file_exists(trustedkey);
if (result != ISC_TRUE) {
- result = isc_file_exists("/etc/trusted-key.key");
+ result = isc_file_exists("/etc/trusted-key.key");
if (result != ISC_TRUE) {
- result = isc_file_exists("./trusted-key.key");
+ result = isc_file_exists("./trusted-key.key");
if (result != ISC_TRUE)
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
else
filename = "./trusted-key.key";
- }
- else
+ } else
filename = "/etc/trusted-key.key";
- }
- else
+ } else
filename = trustedkey;
if (filename == NULL) {
printf("No trusted key\n");
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
if ((fp = fopen(filename, "r")) == NULL) {
printf("get_trusted_key(): trusted key not found %s\n",
filename);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
while (fgets(buf, 1500, fp) != NULL) {
result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
if (result != ISC_R_SUCCESS) {
fclose(fp);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
- if (fputs(buf, fptemp)<0) {
+ if (fputs(buf, fptemp) < 0) {
fclose(fp);
fclose(fptemp);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
fclose(fptemp);
result = dst_key_fromnamedfile(filetemp, DST_TYPE_PUBLIC,
mctx, &key);
removetmpkey(mctx, filetemp);
isc_mem_free(mctx, filetemp);
- if (result != ISC_R_SUCCESS ) {
+ if (result != ISC_R_SUCCESS) {
fclose(fp);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
insert_trustedkey(key);
#if 0
@@ -3625,7 +3598,7 @@ get_trusted_key(isc_mem_t *mctx)
#endif
key = NULL;
}
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
@@ -3648,19 +3621,19 @@ nameFromString(const char *str, dns_name_t *p_ret) {
check_result(result, "nameFromString");
if (dns_name_dynamic(p_ret))
- dns_name_free(p_ret, mctx);
-
+ free_name(p_ret, mctx);
+
result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
check_result(result, "nameFromString");
-}
+}
#if DIG_SIGCHASE_TD
-isc_result_t
+isc_result_t
prepare_lookup(dns_name_t *name)
{
- isc_result_t result;
- dig_lookup_t * lookup = NULL;
+ isc_result_t result;
+ dig_lookup_t *lookup = NULL;
dig_server_t *s;
void *ptr;
@@ -3674,7 +3647,7 @@ prepare_lookup(dns_name_t *name)
lookup->rdtype = lookup->rdtype_sigchase;
lookup->rdtypeset = ISC_TRUE;
lookup->qrdtype = lookup->qrdtype_sigchase;
-
+
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p",
@@ -3685,7 +3658,7 @@ prepare_lookup(dns_name_t *name)
(dig_server_t *)ptr, link);
isc_mem_free(mctx, ptr);
}
-
+
for (result = dns_rdataset_first(chase_nsrdataset);
result == ISC_R_SUCCESS;
@@ -3694,13 +3667,13 @@ prepare_lookup(dns_name_t *name)
dns_rdata_ns_t ns;
dns_rdata_t rdata = DNS_RDATA_INIT;
dig_server_t * srv = NULL;
-#define __FOLLOW_GLUE__
+#define __FOLLOW_GLUE__
#ifdef __FOLLOW_GLUE__
- isc_buffer_t * b = NULL;
+ isc_buffer_t *b = NULL;
isc_result_t result;
isc_region_t r;
- dns_rdataset_t * rdataset =NULL;
- isc_boolean_t true = ISC_TRUE;
+ dns_rdataset_t *rdataset = NULL;
+ isc_boolean_t true = ISC_TRUE;
#endif
memset(namestr, 0, DNS_NAME_FORMATSIZE);
@@ -3708,11 +3681,11 @@ prepare_lookup(dns_name_t *name)
dns_rdataset_current(chase_nsrdataset, &rdata);
(void)dns_rdata_tostruct(&rdata, &ns, NULL);
-
-
-
+
+
+
#ifdef __FOLLOW_GLUE__
-
+
result = advanced_rrsearch(&rdataset, &ns.name,
dns_rdatatype_aaaa,
dns_rdatatype_any, &true);
@@ -3736,12 +3709,12 @@ prepare_lookup(dns_name_t *name)
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
-
+
rdataset = NULL;
result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
dns_rdatatype_any, &true);
@@ -3763,28 +3736,28 @@ prepare_lookup(dns_name_t *name)
isc_buffer_free(&b);
dns_rdata_reset(&a);
printf("ns name: %s\n", namestr);
-
+
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
#else
-
+
dns_name_format(&ns.name, namestr, sizeof(namestr));
printf("ns name: ");
dns_name_print(&ns.name, stdout);
printf("\n");
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
-#endif
+#endif
dns_rdata_freestruct(&ns);
dns_rdata_reset(&rdata);
-
+
}
ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -3794,7 +3767,7 @@ prepare_lookup(dns_name_t *name)
printf(" with nameservers:");
printf("\n");
print_rdataset(name, chase_nsrdataset, mctx);
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
@@ -3807,15 +3780,14 @@ child_of_zone(dns_name_t * name, dns_name_t * zone_name,
unsigned int nlabelsp;
name_reln = dns_name_fullcompare(name, zone_name, &orderp, &nlabelsp);
- if ( (name_reln != dns_namereln_subdomain) ||
- (dns_name_countlabels(name) <=
- dns_name_countlabels(zone_name) +1)) {
+ if (name_reln != dns_namereln_subdomain ||
+ dns_name_countlabels(name) <= dns_name_countlabels(zone_name) + 1) {
printf("\n;; ERROR : ");
dns_name_print(name, stdout);
printf(" is not a subdomain of: ");
dns_name_print(zone_name, stdout);
printf(" FAILED\n\n");
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
dns_name_getlabelsequence(name,
@@ -3823,11 +3795,11 @@ child_of_zone(dns_name_t * name, dns_name_t * zone_name,
dns_name_countlabels(zone_name) -1,
dns_name_countlabels(zone_name) +1,
child_name);
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
isc_result_t
-grandfather_pb_test(dns_name_t * zone_name, dns_rdataset_t * sigrdataset)
+grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
{
isc_result_t result;
dns_rdata_t sigrdata;
@@ -3836,31 +3808,31 @@ grandfather_pb_test(dns_name_t * zone_name, dns_rdataset_t * sigrdataset)
result = dns_rdataset_first(sigrdataset);
check_result(result, "empty RRSIG dataset");
dns_rdata_init(&sigrdata);
-
+
do {
dns_rdataset_current(sigrdataset, &sigrdata);
-
+
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
-
+
if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
dns_rdata_freestruct(&siginfo);
-
+
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
isc_result_t
-initialization(dns_name_t * name)
+initialization(dns_name_t *name)
{
isc_result_t result;
isc_boolean_t true = ISC_TRUE;
@@ -3871,21 +3843,21 @@ initialization(dns_name_t * name)
if (result != ISC_R_SUCCESS) {
printf("\n;; NS RRset is missing to continue validation:"
" FAILED\n\n");
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
INSIST(chase_nsrdataset != NULL);
prepare_lookup(name);
dup_name(name, &chase_current_name, mctx);
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
-#endif
+#endif
void
-print_rdataset(dns_name_t * name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
+print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
{
- isc_buffer_t * b = NULL;
+ isc_buffer_t *b = NULL;
isc_result_t result;
isc_region_t r;
@@ -3904,16 +3876,22 @@ print_rdataset(dns_name_t * name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
}
-void
+void
dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
- isc_result_t result;
-
+ isc_result_t result;
+
if (dns_name_dynamic(target))
- dns_name_free(target, mctx);
+ free_name(target, mctx);
result = dns_name_dup(source, mctx, target);
check_result(result, "dns_name_dup");
}
+void
+free_name(dns_name_t *name, isc_mem_t *mctx) {
+ dns_name_free(name, mctx);
+ dns_name_init(name, NULL);
+}
+
/*
*
* take a DNSKEY RRset and the RRSIG RRset corresponding in parameter
@@ -3931,13 +3909,12 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
{
isc_result_t result;
dns_rdata_t rdata;
- dst_key_t * trustedKey = NULL;
- dst_key_t * dnsseckey = NULL;
+ dst_key_t *trustedKey = NULL;
+ dst_key_t *dnsseckey = NULL;
int i;
-
- if (name == NULL || rdataset == NULL) {
- return ISC_R_FAILURE;
- }
+
+ if (name == NULL || rdataset == NULL)
+ return (ISC_R_FAILURE);
result = dns_rdataset_first(rdataset);
check_result(result, "empty rdataset");
@@ -3946,13 +3923,13 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(rdataset, &rdata);
INSIST(rdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &rdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
-
- for (i = 0; i< tk_list.nb_tk; i++) {
+
+ for (i = 0; i < tk_list.nb_tk; i++) {
if (dst_key_compare(tk_list.key[i], dnsseckey)
== ISC_TRUE) {
dns_rdata_reset(&rdata);
@@ -3967,11 +3944,11 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
== ISC_R_SUCCESS) {
dst_key_free(&dnsseckey);
dnsseckey = NULL;
- return ISC_R_SUCCESS;
+ return (ISC_R_SUCCESS);
}
}
}
-
+
dns_rdata_reset(&rdata);
if (dnsseckey != NULL)
dst_key_free(&dnsseckey);
@@ -3980,8 +3957,8 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
if (trustedKey != NULL)
dst_key_free(&trustedKey);
trustedKey = NULL;
-
- return ISC_R_NOTFOUND;
+
+ return (ISC_R_NOTFOUND);
}
isc_result_t
@@ -3992,7 +3969,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
{
isc_result_t result;
dns_rdata_t keyrdata;
- dst_key_t * dnsseckey = NULL;
+ dst_key_t *dnsseckey = NULL;
result = dns_rdataset_first(keyrdataset);
check_result(result, "empty DNSKEY dataset");
@@ -4001,7 +3978,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4011,20 +3988,20 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
if (result == ISC_R_SUCCESS) {
dns_rdata_reset(&keyrdata);
dst_key_free(&dnsseckey);
- return(ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
}
dst_key_free(&dnsseckey);
} while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
-
+
dns_rdata_reset(&keyrdata);
-
- return ISC_R_NOTFOUND;
+
+ return (ISC_R_NOTFOUND);
}
isc_result_t
sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
- dst_key_t* dnsseckey,
- dns_rdataset_t *sigrdataset, isc_mem_t *mctx)
+ dst_key_t *dnsseckey, dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx)
{
isc_result_t result;
dns_rdata_t sigrdata;
@@ -4033,22 +4010,22 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
result = dns_rdataset_first(sigrdataset);
check_result(result, "empty RRSIG dataset");
dns_rdata_init(&sigrdata);
-
+
do {
dns_rdataset_current(sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
-
+
/*
* Test if the id of the DNSKEY is
* the id of the DNSKEY signer's
*/
if (siginfo.keyid == dst_key_id(dnsseckey)) {
-
+
result = dns_rdataset_first(rdataset);
check_result(result, "empty DS dataset");
-
+
result = dns_dnssec_verify(name, rdataset, dnsseckey,
ISC_FALSE, mctx, &sigrdata);
@@ -4058,19 +4035,19 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
dns_name_print(name, stdout);
printf(" with DNSKEY:%d: %s\n", dst_key_id(dnsseckey),
isc_result_totext(result));
-
+
if (result == ISC_R_SUCCESS) {
dns_rdata_reset(&sigrdata);
- return result;
+ return (result);
}
}
dns_rdata_freestruct(&siginfo);
-
+
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
- return ISC_R_NOTFOUND;
+ return (ISC_R_NOTFOUND);
}
@@ -4083,7 +4060,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_t newdsrdata;
dns_rdata_t dsrdata;
dns_rdata_ds_t dsinfo;
- dst_key_t* dnsseckey = NULL;
+ dst_key_t *dnsseckey = NULL;
unsigned char dsbuf[DNS_DS_BUFFERSIZE];
result = dns_rdataset_first(dsrdataset);
@@ -4091,18 +4068,18 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_init(&dsrdata);
do {
dns_rdataset_current(dsrdataset, &dsrdata);
-
+
result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
check_result(result, "dns_rdata_tostruct for DS");
-
+
result = dns_rdataset_first(keyrdataset);
check_result(result, "empty KEY dataset");
- dns_rdata_init(&keyrdata);
+ dns_rdata_init(&keyrdata);
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4117,17 +4094,17 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
result = dns_ds_buildrdata(name, &keyrdata,
dsinfo.digest_type,
dsbuf, &newdsrdata);
- dns_rdata_freestruct(&dsinfo);
+ dns_rdata_freestruct(&dsinfo);
if (result != ISC_R_SUCCESS) {
dns_rdata_reset(&keyrdata);
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
- dns_rdata_freestruct(&dsinfo);
+ dns_rdata_freestruct(&dsinfo);
printf("Oops: impossible to build"
" new DS rdata\n");
- return result;
+ return (result);
}
@@ -4138,7 +4115,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
printf(";; Now verify that this"
" DNSKEY validates the "
"DNSKEY RRset\n");
-
+
result = sigchase_verify_sig_key(name,
keyrdataset,
dnsseckey,
@@ -4149,11 +4126,10 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
-
- return result;
+
+ return (result);
}
- }
- else {
+ } else {
printf(";; This DS is NOT the DS for"
" the chasing KEY: FAILED\n");
}
@@ -4164,13 +4140,13 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dnsseckey = NULL;
} while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&keyrdata);
-
+
} while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
#if 0
dns_rdata_reset(&dsrdata); WARNING
#endif
-
- return ISC_R_NOTFOUND;
+
+ return (ISC_R_NOTFOUND);
}
/*
@@ -4182,20 +4158,19 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
* ISC_R_SUCCESS: if we found the rrset
* ISC_R_NOTFOUND: we do not found the rrset in cache
* and we do a query on the net
- * ISC_R_FAILURE: rrset not found
+ * ISC_R_FAILURE: rrset not found
*/
isc_result_t
-advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t * name,
- dns_rdatatype_t type,
- dns_rdatatype_t covers,
+advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers,
isc_boolean_t *lookedup)
-{
+{
isc_boolean_t tmplookedup;
INSIST(rdataset != NULL);
if (*rdataset != NULL)
- return(ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
tmplookedup = *lookedup;
if ((*rdataset = sigchase_scanname(type, covers,
@@ -4205,20 +4180,19 @@ advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t * name,
return (ISC_R_NOTFOUND);
}
*lookedup = ISC_FALSE;
- return(ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
}
#if DIG_SIGCHASE_TD
void
-sigchase_td(dns_message_t * msg)
+sigchase_td(dns_message_t *msg)
{
- isc_result_t result;
- dns_name_t * name = NULL;
- isc_boolean_t have_answer = ISC_FALSE;
-
- isc_boolean_t true = ISC_TRUE;
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ isc_boolean_t have_answer = ISC_FALSE;
+ isc_boolean_t true = ISC_TRUE;
if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
== ISC_R_SUCCESS) {
@@ -4228,8 +4202,7 @@ sigchase_td(dns_message_t * msg)
return;
}
have_answer = true;
- }
- else {
+ } else {
if (!current_lookup->trace_root_sigchase) {
result = dns_message_firstname(msg,
DNS_SECTION_AUTHORITY);
@@ -4249,8 +4222,7 @@ sigchase_td(dns_message_t * msg)
" in authority section:");
dns_name_print(name, stdout);
printf("\n");
- }
- else {
+ } else {
printf("no response and no delegation in "
"authority section but a reference"
" to: ");
@@ -4258,17 +4230,16 @@ sigchase_td(dns_message_t * msg)
printf("\n");
error_message = msg;
}
- }
- else {
+ } else {
printf(";; NO ANSWERS: %s\n",
isc_result_totext(result));
- dns_name_free(&chase_name, mctx);
+ free_name(&chase_name, mctx);
clean_trustedkey();
return;
}
}
-
+
if (have_answer) {
chase_rdataset
= chase_scanname_section(msg, &chase_name,
@@ -4320,8 +4291,7 @@ sigchase_td(dns_message_t * msg)
chase_keyrdataset,
chase_sigkeyrdataset,
mctx);
- }
- else {
+ } else {
INSIST(chase_dsrdataset != NULL);
INSIST(chase_sigdsrdataset != NULL);
result = sigchase_verify_ds(&chase_current_name,
@@ -4329,13 +4299,12 @@ sigchase_td(dns_message_t * msg)
chase_dsrdataset,
mctx);
}
-
+
if (result != ISC_R_SUCCESS) {
printf("\n;; chain of trust can't be validated:"
" FAILED\n\n");
goto cleanandgo;
- }
- else {
+ } else {
chase_dsrdataset = NULL;
chase_sigdsrdataset = NULL;
}
@@ -4357,9 +4326,8 @@ sigchase_td(dns_message_t * msg)
" FAILED\n\n");
goto cleanandgo;
}
-
- }
- else {
+
+ } else {
result = advanced_rrsearch(&chase_sigrdataset,
&chase_authority_name,
dns_rdatatype_rrsig,
@@ -4383,20 +4351,19 @@ sigchase_td(dns_message_t * msg)
chase_sigrdataset = NULL;
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
-
+
dns_name_init(&tmp_name, NULL);
result = child_of_zone(&chase_name, &chase_current_name,
&tmp_name);
if (dns_name_dynamic(&chase_authority_name))
- dns_name_free( &chase_authority_name, mctx);
+ free_name(&chase_authority_name, mctx);
dup_name(&tmp_name, &chase_authority_name, mctx);
printf(";; and we try to continue chain of trust"
" validation of the zone: ");
dns_name_print(&chase_authority_name, stdout);
printf("\n");
have_delegation_ns = ISC_TRUE;
- }
- else {
+ } else {
if (have_response)
goto finalstep;
else
@@ -4420,7 +4387,7 @@ sigchase_td(dns_message_t * msg)
return;
}
INSIST(chase_nsrdataset != NULL);
-
+
result = advanced_rrsearch(&chase_dsrdataset,
&chase_authority_name,
dns_rdatatype_ds,
@@ -4463,8 +4430,8 @@ sigchase_td(dns_message_t * msg)
}
chase_keyrdataset = NULL;
chase_sigkeyrdataset = NULL;
-
-
+
+
prepare_lookup(&chase_authority_name);
have_response = ISC_FALSE;
@@ -4472,24 +4439,24 @@ sigchase_td(dns_message_t * msg)
delegation_follow = ISC_TRUE;
error_message = NULL;
dup_name(&chase_authority_name, &chase_current_name, mctx);
- dns_name_free(&chase_authority_name, mctx);
+ free_name(&chase_authority_name, mctx);
return;
}
-
+
if (error_message != NULL) {
- dns_rdataset_t * rdataset;
- dns_rdataset_t * sigrdataset;
- dns_name_t rdata_name;
- isc_result_t ret = ISC_R_FAILURE;
+ dns_rdataset_t *rdataset;
+ dns_rdataset_t *sigrdataset;
+ dns_name_t rdata_name;
+ isc_result_t ret = ISC_R_FAILURE;
dns_name_init(&rdata_name, NULL);
result = prove_nx(error_message, &chase_name,
current_lookup->rdclass_sigchase,
current_lookup->rdtype_sigchase, &rdata_name,
&rdataset, &sigrdataset);
- if (&rdata_name == NULL || rdataset == NULL ||
- sigrdataset == NULL) {
+ if (rdataset == NULL || sigrdataset == NULL ||
+ dns_name_countlabels(&rdata_name) == 0) {
printf("\n;; Impossible to verify the non-existence,"
" the NSEC RRset can't be validated:"
" FAILED\n\n");
@@ -4499,18 +4466,17 @@ sigchase_td(dns_message_t * msg)
chase_keyrdataset,
sigrdataset, mctx);
if (ret != ISC_R_SUCCESS) {
- dns_name_free(&rdata_name, mctx);
+ free_name(&rdata_name, mctx);
printf("\n;; Impossible to verify the NSEC RR to prove"
" the non-existence : FAILED\n\n");
goto cleanandgo;
}
- dns_name_free(&rdata_name, mctx);
+ free_name(&rdata_name, mctx);
if (result != ISC_R_SUCCESS) {
printf("\n;; Impossible to verify the non-existence:"
" FAILED\n\n");
goto cleanandgo;
- }
- else {
+ } else {
printf("\n;; OK the query doesn't have response but"
" we have validate this fact : SUCCESS\n\n");
goto cleanandgo;
@@ -4520,9 +4486,9 @@ sigchase_td(dns_message_t * msg)
cleanandgo:
printf(";; cleanandgo \n");
if (dns_name_dynamic(&chase_current_name))
- dns_name_free(&chase_current_name, mctx);
+ free_name(&chase_current_name, mctx);
if (dns_name_dynamic(&chase_authority_name))
- dns_name_free(&chase_authority_name, mctx);
+ free_name(&chase_authority_name, mctx);
clean_trustedkey();
return;
@@ -4551,8 +4517,7 @@ sigchase_td(dns_message_t * msg)
printf("\n");
*/
goto cleanandgo;
- }
- else {
+ } else {
printf("\n;; The Answer:\n");
print_rdataset(&chase_name , chase_rdataset, mctx);
@@ -4562,7 +4527,7 @@ sigchase_td(dns_message_t * msg)
}
}
-#endif
+#endif
#if DIG_SIGCHASE_BU
@@ -4579,12 +4544,10 @@ getneededrr(dns_message_t *msg)
if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
!= ISC_R_SUCCESS) {
printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
-
- if (chase_name.ndata == NULL) {
- return ISC_R_ADDRNOTAVAIL;
- }
- }
- else {
+
+ if (chase_name.ndata == NULL)
+ return (ISC_R_ADDRNOTAVAIL);
+ } else {
dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
}
@@ -4595,7 +4558,7 @@ getneededrr(dns_message_t *msg)
dns_rdatatype_any, &true);
if (result != ISC_R_SUCCESS) {
printf("\n;; No Answers: Validation FAILED\n\n");
- return ISC_R_NOTFOUND;
+ return (ISC_R_NOTFOUND);
}
dup_name(name, &chase_name, mctx);
printf(";; RRset to chase:\n");
@@ -4613,18 +4576,18 @@ getneededrr(dns_message_t *msg)
printf("\n;; RRSIG is missing for continue validation:"
" FAILED\n\n");
if (dns_name_dynamic(&chase_name))
- dns_name_free(&chase_name, mctx);
- return ISC_R_NOTFOUND;
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
- return(ISC_R_NOTFOUND);
+ return (ISC_R_NOTFOUND);
}
printf("\n;; RRSIG of the RRset to chase:\n");
print_rdataset(&chase_name, chase_sigrdataset, mctx);
}
INSIST(chase_sigrdataset != NULL);
-
+
/* first find the DNSKEY name */
result = dns_rdataset_first(chase_sigrdataset);
check_result(result, "empty RRSIG dataset");
@@ -4635,7 +4598,7 @@ getneededrr(dns_message_t *msg)
dup_name(&siginfo.signer, &chase_signame, mctx);
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
-
+
/* Do we have a key? */
if (chase_keyrdataset == NULL) {
result = advanced_rrsearch(&chase_keyrdataset,
@@ -4646,14 +4609,14 @@ getneededrr(dns_message_t *msg)
if (result == ISC_R_FAILURE) {
printf("\n;; DNSKEY is missing to continue validation:"
" FAILED\n\n");
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_signame, mctx);
if (dns_name_dynamic(&chase_name))
- dns_name_free(&chase_name, mctx);
- return ISC_R_NOTFOUND;
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
- dns_name_free(&chase_signame, mctx);
- return(ISC_R_NOTFOUND);
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
}
printf("\n;; DNSKEYset that signs the RRset to chase:\n");
print_rdataset(&chase_signame, chase_keyrdataset, mctx);
@@ -4669,14 +4632,14 @@ getneededrr(dns_message_t *msg)
if (result == ISC_R_FAILURE) {
printf("\n;; RRSIG for DNSKEY is missing to continue"
" validation : FAILED\n\n");
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_signame, mctx);
if (dns_name_dynamic(&chase_name))
- dns_name_free(&chase_name, mctx);
- return ISC_R_NOTFOUND;
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
- dns_name_free(&chase_signame, mctx);
- return(ISC_R_NOTFOUND);
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
}
printf("\n;; RRSIG of the DNSKEYset that signs the "
"RRset to chase:\n");
@@ -4696,15 +4659,15 @@ getneededrr(dns_message_t *msg)
printf("\n");
}
if (result == ISC_R_NOTFOUND) {
- dns_name_free(&chase_signame, mctx);
- return(ISC_R_NOTFOUND);
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
}
if (chase_dsrdataset != NULL) {
printf("\n;; DSset of the DNSKEYset\n");
print_rdataset(&chase_signame, chase_dsrdataset, mctx);
}
}
-
+
if (chase_dsrdataset != NULL) {
/*
* if there is no RRSIG of DS,
@@ -4722,14 +4685,13 @@ getneededrr(dns_message_t *msg)
* because the DNSKEY could be a Trusted Key.
*/
chase_dsrdataset = NULL;
- }
- else {
+ } else {
printf("\n;; RRSIG of the DSset of the DNSKEYset\n");
print_rdataset(&chase_signame, chase_sigdsrdataset,
mctx);
}
}
- return(1);
+ return (1);
}
@@ -4748,28 +4710,29 @@ sigchase_bu(dns_message_t *msg)
}
}
-
+
ret = getneededrr(msg);
if (ret == ISC_R_NOTFOUND)
return;
if (ret == ISC_R_ADDRNOTAVAIL) {
/* We have no response */
- dns_rdataset_t * rdataset;
- dns_rdataset_t * sigrdataset;
- dns_name_t rdata_name;
- dns_name_t query_name;
+ dns_rdataset_t *rdataset;
+ dns_rdataset_t *sigrdataset;
+ dns_name_t rdata_name;
+ dns_name_t query_name;
dns_name_init(&query_name, NULL);
+ dns_name_init(&rdata_name, NULL);
nameFromString(current_lookup->textname, &query_name);
-
+
result = prove_nx(msg, &query_name, current_lookup->rdclass,
current_lookup->rdtype, &rdata_name,
&rdataset, &sigrdataset);
- dns_name_free(&query_name, mctx);
- if (&rdata_name == NULL || rdataset == NULL ||
- sigrdataset == NULL) {
+ free_name(&query_name, mctx);
+ if (rdataset == NULL || sigrdataset == NULL ||
+ dns_name_countlabels(&rdata_name) == 0) {
printf("\n;; Impossible to verify the Non-existence,"
" the NSEC RRset can't be validated: "
"FAILED\n\n");
@@ -4787,7 +4750,7 @@ sigchase_bu(dns_message_t *msg)
" Now we want validate this NSEC\n");
dup_name(&rdata_name, &chase_name, mctx);
- dns_name_free(&rdata_name, mctx);
+ free_name(&rdata_name, mctx);
chase_rdataset = rdataset;
chase_sigrdataset = sigrdataset;
chase_keyrdataset = NULL;
@@ -4802,7 +4765,7 @@ sigchase_bu(dns_message_t *msg)
clean_trustedkey();
return;
}
-
+
printf("\n\n\n;; WE HAVE MATERIAL, WE NOW DO VALIDATION\n");
@@ -4810,8 +4773,8 @@ sigchase_bu(dns_message_t *msg)
chase_keyrdataset,
chase_sigrdataset, mctx);
if (result != ISC_R_SUCCESS) {
- dns_name_free(&chase_name, mctx);
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
printf(";; No DNSKEY is valid to check the RRSIG"
" of the RRset: FAILED\n");
clean_trustedkey();
@@ -4822,8 +4785,8 @@ sigchase_bu(dns_message_t *msg)
result = contains_trusted_key(&chase_signame, chase_keyrdataset,
chase_sigkeyrdataset, mctx);
if (result == ISC_R_SUCCESS) {
- dns_name_free(&chase_name, mctx);
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
printf("\n;; Ok this DNSKEY is a Trusted Key,"
" DNSSEC validation is ok: SUCCESS\n\n");
clean_trustedkey();
@@ -4833,8 +4796,8 @@ sigchase_bu(dns_message_t *msg)
printf(";; Now, we are going to validate this DNSKEY by the DS\n");
if (chase_dsrdataset == NULL) {
- dns_name_free(&chase_name, mctx);
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
printf(";; the DNSKEY isn't trusted-key and there isn't"
" DS to validate the DNSKEY: FAILED\n");
clean_trustedkey();
@@ -4844,21 +4807,20 @@ sigchase_bu(dns_message_t *msg)
result = sigchase_verify_ds(&chase_signame, chase_keyrdataset,
chase_dsrdataset, mctx);
if (result != ISC_R_SUCCESS) {
- dns_name_free(&chase_signame, mctx);
- dns_name_free(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
+ free_name(&chase_name, mctx);
printf(";; ERROR no DS validates a DNSKEY in the"
" DNSKEY RRset: FAILED\n");
clean_trustedkey();
return;
- }
- else
+ } else
printf(";; OK this DNSKEY (validated by the DS) validates"
" the RRset of the DNSKEYs, thus the DNSKEY validates"
" the RRset\n");
INSIST(chase_sigdsrdataset != NULL);
dup_name(&chase_signame, &chase_name, mctx);
- dns_name_free(&chase_signame, mctx);
+ free_name(&chase_signame, mctx);
chase_rdataset = chase_dsrdataset;
chase_sigrdataset = chase_sigdsrdataset;
chase_keyrdataset = NULL;
@@ -4867,7 +4829,7 @@ sigchase_bu(dns_message_t *msg)
chase_sigdsrdataset = NULL;
chase_siglookedup = chase_keylookedup = ISC_FALSE;
chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
-
+
printf(";; Now, we want to validate the DS : recursive call\n");
sigchase(msg);
return;
@@ -4875,8 +4837,7 @@ sigchase_bu(dns_message_t *msg)
#endif
void
-sigchase(dns_message_t * msg)
-{
+sigchase(dns_message_t *msg) {
#if DIG_SIGCHASE_TD
if (current_lookup->do_topdown) {
sigchase_td(msg);
@@ -4892,12 +4853,12 @@ sigchase(dns_message_t * msg)
/*
* return 1 if name1 < name2
- * 0 if name1 == name2
- * -1 if name1 > name2
+ * 0 if name1 == name2
+ * -1 if name1 > name2
* and -2 if problem
*/
int
-inf_name(dns_name_t * name1, dns_name_t * name2)
+inf_name(dns_name_t *name1, dns_name_t *name2)
{
dns_label_t label1;
dns_label_t label2;
@@ -4920,19 +4881,19 @@ inf_name(dns_name_t * name1, dns_name_t * name2)
dns_name_getlabel(name1, nblabel1 -1 - i, &label1);
dns_name_getlabel(name2, nblabel2 -1 - i, &label2);
if ((ret = isc_region_compare(&label1, &label2)) != 0) {
- if (ret <0 )
- return -1;
- else if (ret >0 )
- return 1;
+ if (ret < 0)
+ return (-1);
+ else if (ret > 0)
+ return (1);
}
}
if (nblabel1 == nblabel2)
- return 0;
+ return (0);
if (nblabel1 < nblabel2)
- return -1;
+ return (-1);
else
- return 1;
+ return (1);
}
/**
@@ -4944,24 +4905,24 @@ isc_result_t
prove_nx_domain(dns_message_t *msg,
dns_name_t *name,
dns_name_t *rdata_name,
- dns_rdataset_t ** rdataset,
+ dns_rdataset_t **rdataset,
dns_rdataset_t **sigrdataset)
{
- isc_result_t ret = ISC_R_FAILURE;
- isc_result_t result = ISC_R_NOTFOUND;
- dns_rdataset_t * nsecset = NULL;
- dns_rdataset_t * signsecset = NULL ;
- dns_rdata_t nsec = DNS_RDATA_INIT;
- dns_name_t * nsecname;
- dns_rdata_nsec_t nsecstruct;
-
+ isc_result_t ret = ISC_R_FAILURE;
+ isc_result_t result = ISC_R_NOTFOUND;
+ dns_rdataset_t *nsecset = NULL;
+ dns_rdataset_t *signsecset = NULL ;
+ dns_rdata_t nsec = DNS_RDATA_INIT;
+ dns_name_t *nsecname;
+ dns_rdata_nsec_t nsecstruct;
+
if ((result = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
!= ISC_R_SUCCESS) {
printf(";; nothing in authority section : impossible to"
" validate the non-existence : FAILED\n");
- return(ISC_R_FAILURE);
+ return (ISC_R_FAILURE);
}
-
+
do {
nsecname = NULL;
dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
@@ -4989,7 +4950,7 @@ prove_nx_domain(dns_message_t *msg,
printf(";; no RRSIG NSEC in authority section:"
" impossible to validate the "
"non-existence: FAILED\n");
- return(ISC_R_FAILURE);
+ return (ISC_R_FAILURE);
}
ret = dns_rdata_tostruct(&nsec, &nsecstruct, NULL);
@@ -5003,8 +4964,8 @@ prove_nx_domain(dns_message_t *msg,
*rdataset = nsecset;
*sigrdataset = signsecset;
dup_name(nsecname, rdata_name, mctx);
-
- return ISC_R_SUCCESS;
+
+ return (ISC_R_SUCCESS);
}
dns_rdata_freestruct(&nsecstruct);
@@ -5015,7 +4976,7 @@ prove_nx_domain(dns_message_t *msg,
*rdataset = NULL;
*sigrdataset = NULL;
rdata_name = NULL;
- return(ISC_R_FAILURE);
+ return (ISC_R_FAILURE);
}
/**
@@ -5026,27 +4987,22 @@ prove_nx_domain(dns_message_t *msg,
*
*/
isc_result_t
-prove_nx_type(dns_message_t * msg,
- dns_name_t *name,
- dns_rdataset_t *nsecset,
- dns_rdataclass_t class,
- dns_rdatatype_t type,
- dns_name_t * rdata_name,
- dns_rdataset_t ** rdataset,
- dns_rdataset_t ** sigrdataset)
+prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
+ dns_rdataclass_t class, dns_rdatatype_t type,
+ dns_name_t *rdata_name, dns_rdataset_t **rdataset,
+ dns_rdataset_t **sigrdataset)
{
- isc_result_t ret;
- dns_rdataset_t * signsecset;
- dns_rdata_t nsec = DNS_RDATA_INIT;
+ isc_result_t ret;
+ dns_rdataset_t *signsecset;
+ dns_rdata_t nsec = DNS_RDATA_INIT;
UNUSED(class);
- UNUSED(rdata_name);
-
+
ret = dns_rdataset_first(nsecset);
check_result(ret,"dns_rdataset_first");
dns_rdataset_current(nsecset, &nsec);
-
+
ret = dns_nsec_typepresent(&nsec, type);
if (ret == ISC_R_SUCCESS)
printf("OK the NSEC said that the type doesn't exist \n");
@@ -5057,8 +5013,9 @@ prove_nx_type(dns_message_t * msg,
DNS_SECTION_AUTHORITY);
if (signsecset == NULL) {
printf("There isn't RRSIG NSEC for the zone \n");
- return ISC_R_FAILURE;
+ return (ISC_R_FAILURE);
}
+ dup_name(name, rdata_name, mctx);
*rdataset = nsecset;
*sigrdataset = signsecset;
@@ -5072,17 +5029,12 @@ prove_nx_type(dns_message_t * msg,
*
*/
isc_result_t
-prove_nx(dns_message_t * msg,
- dns_name_t * name,
- dns_rdataclass_t class,
- dns_rdatatype_t type,
- dns_name_t * rdata_name,
- dns_rdataset_t ** rdataset,
- dns_rdataset_t ** sigrdataset)
+prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class,
+ dns_rdatatype_t type, dns_name_t *rdata_name,
+ dns_rdataset_t **rdataset, dns_rdataset_t **sigrdataset)
{
isc_result_t ret;
- dns_rdataset_t * nsecset = NULL;
-
+ dns_rdataset_t *nsecset = NULL;
printf("We want to prove the non-existance of a type of rdata %d"
" or of the zone: \n", type);
@@ -5091,7 +5043,7 @@ prove_nx(dns_message_t * msg,
!= ISC_R_SUCCESS) {
printf(";; nothing in authority section : impossible to"
" validate the non-existence : FAILED\n");
- return(ISC_R_FAILURE);
+ return (ISC_R_FAILURE);
}
nsecset = chase_scanname_section(msg, name, dns_rdatatype_nsec,
@@ -5104,18 +5056,17 @@ prove_nx(dns_message_t * msg,
sigrdataset);
if (ret != ISC_R_SUCCESS) {
printf("prove_nx: ERROR type exist\n");
- return(ret);
+ return (ret);
} else {
printf("prove_nx: OK type does not exist\n");
- return(ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
}
} else {
printf("there is no NSEC for this zone: validating "
"that the zone doesn't exist\n");
ret = prove_nx_domain(msg, name, rdata_name,
rdataset, sigrdataset);
- return(ret);
+ return (ret);
}
- /* Never get here */
}
#endif
diff --git a/contrib/bind9/bin/dig/host.1 b/contrib/bind9/bin/dig/host.1
index c93ab184b57b..cf44a5c3f35c 100644
--- a/contrib/bind9/bin/dig/host.1
+++ b/contrib/bind9/bin/dig/host.1
@@ -1,132 +1,181 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.11.2.1.4.4 2004/04/13 04:11:03 marka Exp $
+.\" $Id: host.1,v 1.11.2.1.4.7 2005/10/13 02:33:43 marka Exp $
.\"
-.TH "HOST" "1" "Jun 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
host \- DNS lookup utility
-.SH SYNOPSIS
-.sp
-\fBhost\fR [ \fB-aCdlnrTwv\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-N \fIndots\fB\fR ] [ \fB-R \fInumber\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-W \fIwait\fB\fR ] [ \fB-4\fR ] [ \fB-6\fR ] \fBname\fR [ \fBserver\fR ]
+.SH "SYNOPSIS"
+.HP 5
+\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
.SH "DESCRIPTION"
.PP
\fBhost\fR
-is a simple utility for performing DNS lookups.
-It is normally used to convert names to IP addresses and vice versa.
-When no arguments or options are given,
+is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
\fBhost\fR
prints a short summary of its command line arguments and options.
.PP
-\fIname\fR is the domain name that is to be looked
-up. It can also be a dotted-decimal IPv4 address or a colon-delimited
-IPv6 address, in which case \fBhost\fR will by default
-perform a reverse lookup for that address.
-\fIserver\fR is an optional argument which is either
-the name or IP address of the name server that \fBhost\fR
+\fIname\fR
+is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
+\fBhost\fR
+will by default perform a reverse lookup for that address.
+\fIserver\fR
+is an optional argument which is either the name or IP address of the name server that
+\fBhost\fR
should query instead of the server or servers listed in
\fI/etc/resolv.conf\fR.
.PP
-The \fB-a\fR (all) option is equivalent to setting the
-\fB-v\fR option and asking \fBhost\fR to make
-a query of type ANY.
+The
+\fB\-a\fR
+(all) option is equivalent to setting the
+\fB\-v\fR
+option and asking
+\fBhost\fR
+to make a query of type ANY.
.PP
-When the \fB-C\fR option is used, \fBhost\fR
+When the
+\fB\-C\fR
+option is used,
+\fBhost\fR
will attempt to display the SOA records for zone
-\fIname\fR from all the listed authoritative name
-servers for that zone. The list of name servers is defined by the NS
-records that are found for the zone.
-.PP
-The \fB-c\fR option instructs to make a DNS query of class
-\fIclass\fR. This can be used to lookup Hesiod or
-Chaosnet class resource records. The default class is IN (Internet).
-.PP
-Verbose output is generated by \fBhost\fR when the
-\fB-d\fR or \fB-v\fR option is used. The two
-options are equivalent. They have been provided for backwards
-compatibility. In previous versions, the \fB-d\fR option
-switched on debugging traces and \fB-v\fR enabled verbose
-output.
-.PP
-List mode is selected by the \fB-l\fR option. This makes
-\fBhost\fR perform a zone transfer for zone
-\fIname\fR. Transfer the zone printing out the NS, PTR
-and address records (A/AAAA). If combined with \fB-a\fR
-all records will be printed.
-.PP
-The \fB-i\fR
-option specifies that reverse lookups of IPv6 addresses should
-use the IP6.INT domain as defined in RFC1886.
-The default is to use IP6.ARPA.
-.PP
-The \fB-N\fR option sets the number of dots that have to be
-in \fIname\fR for it to be considered absolute. The
-default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is
-present. Names with fewer dots are interpreted as relative names and
-will be searched for in the domains listed in the \fBsearch\fR
-or \fBdomain\fR directive in
+\fIname\fR
+from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
+.PP
+The
+\fB\-c\fR
+option instructs to make a DNS query of class
+\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
+.PP
+Verbose output is generated by
+\fBhost\fR
+when the
+\fB\-d\fR
+or
+\fB\-v\fR
+option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
+\fB\-d\fR
+option switched on debugging traces and
+\fB\-v\fR
+enabled verbose output.
+.PP
+List mode is selected by the
+\fB\-l\fR
+option. This makes
+\fBhost\fR
+perform a zone transfer for zone
+\fIname\fR. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with
+\fB\-a\fR
+all records will be printed.
+.PP
+The
+\fB\-i\fR
+option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
+.PP
+The
+\fB\-N\fR
+option sets the number of dots that have to be in
+\fIname\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
\fI/etc/resolv.conf\fR.
.PP
The number of UDP retries for a lookup can be changed with the
-\fB-R\fR option. \fInumber\fR indicates
-how many times \fBhost\fR will repeat a query that does
-not get answered. The default number of retries is 1. If
-\fInumber\fR is negative or zero, the number of
-retries will default to 1.
-.PP
-Non-recursive queries can be made via the \fB-r\fR option.
-Setting this option clears the \fBRD\fR \(em recursion
-desired \(em bit in the query which \fBhost\fR makes.
-This should mean that the name server receiving the query will not
-attempt to resolve \fIname\fR. The
-\fB-r\fR option enables \fBhost\fR to mimic
-the behaviour of a name server by making non-recursive queries and
-expecting to receive answers to those queries that are usually
-referrals to other name servers.
-.PP
-By default \fBhost\fR uses UDP when making queries. The
-\fB-T\fR option makes it use a TCP connection when querying
-the name server. TCP will be automatically selected for queries that
-require it, such as zone transfer (AXFR) requests.
-.PP
-The \fB-4\fR option forces \fBhost\fR to only
-use IPv4 query transport. The \fB-6\fR option forces
-\fBhost\fR to only use IPv6 query transport.
-.PP
-The \fB-t\fR option is used to select the query type.
-\fItype\fR can be any recognised query type: CNAME,
-NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
-\fBhost\fR automatically selects an appropriate query
-type. By default it looks for A records, but if the
-\fB-C\fR option was given, queries will be made for SOA
-records, and if \fIname\fR is a dotted-decimal IPv4
-address or colon-delimited IPv6 address, \fBhost\fR will
-query for PTR records. If a query type of IXFR is chosen the starting
-serial number can be specified by appending an equal followed by the
-starting serial number (e.g. -t IXFR=12345678).
+\fB\-R\fR
+option.
+\fInumber\fR
+indicates how many times
+\fBhost\fR
+will repeat a query that does not get answered. The default number of retries is 1. If
+\fInumber\fR
+is negative or zero, the number of retries will default to 1.
+.PP
+Non\-recursive queries can be made via the
+\fB\-r\fR
+option. Setting this option clears the
+\fBRD\fR
+\(em recursion desired \(em bit in the query which
+\fBhost\fR
+makes. This should mean that the name server receiving the query will not attempt to resolve
+\fIname\fR. The
+\fB\-r\fR
+option enables
+\fBhost\fR
+to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+.PP
+By default
+\fBhost\fR
+uses UDP when making queries. The
+\fB\-T\fR
+option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
+.PP
+The
+\fB\-4\fR
+option forces
+\fBhost\fR
+to only use IPv4 query transport. The
+\fB\-6\fR
+option forces
+\fBhost\fR
+to only use IPv6 query transport.
+.PP
+The
+\fB\-t\fR
+option is used to select the query type.
+\fItype\fR
+can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+\fBhost\fR
+automatically selects an appropriate query type. By default it looks for A records, but if the
+\fB\-C\fR
+option was given, queries will be made for SOA records, and if
+\fIname\fR
+is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
+\fBhost\fR
+will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. \-t IXFR=12345678).
.PP
The time to wait for a reply can be controlled through the
-\fB-W\fR and \fB-w\fR options. The
-\fB-W\fR option makes \fBhost\fR wait for
-\fIwait\fR seconds. If \fIwait\fR
+\fB\-W\fR
+and
+\fB\-w\fR
+options. The
+\fB\-W\fR
+option makes
+\fBhost\fR
+wait for
+\fIwait\fR
+seconds. If
+\fIwait\fR
is less than one, the wait interval is set to one second. When the
-\fB-w\fR option is used, \fBhost\fR will
-effectively wait forever for a reply. The time to wait for a response
-will be set to the number of seconds given by the hardware's maximum
-value for an integer quantity.
+\fB\-w\fR
+option is used,
+\fBhost\fR
+will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
diff --git a/contrib/bind9/bin/dig/host.c b/contrib/bind9/bin/dig/host.c
index b8f2d9379339..468d53bf944e 100644
--- a/contrib/bind9/bin/dig/host.c
+++ b/contrib/bind9/bin/dig/host.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.76.2.5.2.10 2004/09/06 01:33:05 marka Exp $ */
+/* $Id: host.c,v 1.76.2.5.2.13 2005/07/04 03:29:45 marka Exp $ */
#include <config.h>
#include <limits.h>
@@ -40,21 +40,6 @@
#include <dig/dig.h>
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern dig_serverlist_t server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
-extern isc_boolean_t have_ipv4, have_ipv6;
-extern isc_boolean_t usesearch;
-extern isc_boolean_t debugging;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern int ndots;
-extern int tries;
-extern char *progname;
-extern isc_task_t *global_task;
-extern int fatalexit;
-
static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
static isc_boolean_t default_lookups = ISC_TRUE;
static int seen_error = -1;
@@ -604,6 +589,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
} else
list_type = rdtype;
list_addresses = ISC_FALSE;
+ default_lookups = ISC_FALSE;
break;
case 'c':
tr.base = isc_commandline_argument;
diff --git a/contrib/bind9/bin/dig/host.docbook b/contrib/bind9/bin/dig/host.docbook
index 561f7c4397d2..2b6e92b76d46 100644
--- a/contrib/bind9/bin/dig/host.docbook
+++ b/contrib/bind9/bin/dig/host.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.docbook,v 1.2.2.2.4.5 2004/04/13 01:26:26 marka Exp $ -->
+<!-- $Id: host.docbook,v 1.2.2.2.4.7 2005/05/13 01:22:32 marka Exp $ -->
<refentry>
@@ -30,6 +32,20 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname>host</refname>
<refpurpose>DNS lookup utility</refpurpose>
@@ -46,8 +62,8 @@
<arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
<arg><option>-4</option></arg>
<arg><option>-6</option></arg>
- <arg choice=req>name</arg>
- <arg choice=opt>server</arg>
+ <arg choice="req">name</arg>
+ <arg choice="opt">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
diff --git a/contrib/bind9/bin/dig/host.html b/contrib/bind9/bin/dig/host.html
index fb011c033b9e..7670868ceed8 100644
--- a/contrib/bind9/bin/dig/host.html
+++ b/contrib/bind9/bin/dig/host.html
@@ -1,434 +1,171 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: host.html,v 1.4.2.1.4.6 2004/08/22 23:38:58 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->host</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
->host</H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Name</H2
->host&nbsp;--&nbsp;DNS lookup utility</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN11"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->host</B
-> [<VAR
-CLASS="OPTION"
->-aCdlnrTwv</VAR
->] [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-N <VAR
-CLASS="REPLACEABLE"
->ndots</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-R <VAR
-CLASS="REPLACEABLE"
->number</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->type</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-W <VAR
-CLASS="REPLACEABLE"
->wait</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-4</VAR
->] [<VAR
-CLASS="OPTION"
->-6</VAR
->] {name} [server]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN37"
-></A
-><H2
->DESCRIPTION</H2
-><P
-><B
-CLASS="COMMAND"
->host</B
->
+<!-- $Id: host.html,v 1.4.2.1.4.12 2005/10/13 02:33:44 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>host</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>host &#8212; DNS lookup utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525901"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
When no arguments or options are given,
-<B
-CLASS="COMMAND"
->host</B
->
-prints a short summary of its command line arguments and options.</P
-><P
-><VAR
-CLASS="PARAMETER"
->name</VAR
-> is the domain name that is to be looked
+<span><strong class="command">host</strong></span>
+prints a short summary of its command line arguments and options.
+</p>
+<p>
+<em class="parameter"><code>name</code></em> is the domain name that is to be looked
up. It can also be a dotted-decimal IPv4 address or a colon-delimited
-IPv6 address, in which case <B
-CLASS="COMMAND"
->host</B
-> will by default
+IPv6 address, in which case <span><strong class="command">host</strong></span> will by default
perform a reverse lookup for that address.
-<VAR
-CLASS="PARAMETER"
->server</VAR
-> is an optional argument which is either
-the name or IP address of the name server that <B
-CLASS="COMMAND"
->host</B
->
+<em class="parameter"><code>server</code></em> is an optional argument which is either
+the name or IP address of the name server that <span><strong class="command">host</strong></span>
should query instead of the server or servers listed in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-><P
->The <VAR
-CLASS="OPTION"
->-a</VAR
-> (all) option is equivalent to setting the
-<VAR
-CLASS="OPTION"
->-v</VAR
-> option and asking <B
-CLASS="COMMAND"
->host</B
-> to make
-a query of type ANY.</P
-><P
->When the <VAR
-CLASS="OPTION"
->-C</VAR
-> option is used, <B
-CLASS="COMMAND"
->host</B
->
+<code class="filename">/etc/resolv.conf</code>.
+</p>
+<p>
+The <code class="option">-a</code> (all) option is equivalent to setting the
+<code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
+a query of type ANY.
+</p>
+<p>
+When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
will attempt to display the SOA records for zone
-<VAR
-CLASS="PARAMETER"
->name</VAR
-> from all the listed authoritative name
+<em class="parameter"><code>name</code></em> from all the listed authoritative name
servers for that zone. The list of name servers is defined by the NS
-records that are found for the zone.</P
-><P
->The <VAR
-CLASS="OPTION"
->-c</VAR
-> option instructs to make a DNS query of class
-<VAR
-CLASS="PARAMETER"
->class</VAR
->. This can be used to lookup Hesiod or
-Chaosnet class resource records. The default class is IN (Internet).</P
-><P
->Verbose output is generated by <B
-CLASS="COMMAND"
->host</B
-> when the
-<VAR
-CLASS="OPTION"
->-d</VAR
-> or <VAR
-CLASS="OPTION"
->-v</VAR
-> option is used. The two
+records that are found for the zone.
+</p>
+<p>
+The <code class="option">-c</code> option instructs to make a DNS query of class
+<em class="parameter"><code>class</code></em>. This can be used to lookup Hesiod or
+Chaosnet class resource records. The default class is IN (Internet).
+</p>
+<p>
+Verbose output is generated by <span><strong class="command">host</strong></span> when the
+<code class="option">-d</code> or <code class="option">-v</code> option is used. The two
options are equivalent. They have been provided for backwards
-compatibility. In previous versions, the <VAR
-CLASS="OPTION"
->-d</VAR
-> option
-switched on debugging traces and <VAR
-CLASS="OPTION"
->-v</VAR
-> enabled verbose
-output.</P
-><P
->List mode is selected by the <VAR
-CLASS="OPTION"
->-l</VAR
-> option. This makes
-<B
-CLASS="COMMAND"
->host</B
-> perform a zone transfer for zone
-<VAR
-CLASS="PARAMETER"
->name</VAR
->. Transfer the zone printing out the NS, PTR
-and address records (A/AAAA). If combined with <VAR
-CLASS="OPTION"
->-a</VAR
->
-all records will be printed. </P
-><P
->The <VAR
-CLASS="OPTION"
->-i</VAR
->
+compatibility. In previous versions, the <code class="option">-d</code> option
+switched on debugging traces and <code class="option">-v</code> enabled verbose
+output.
+</p>
+<p>
+List mode is selected by the <code class="option">-l</code> option. This makes
+<span><strong class="command">host</strong></span> perform a zone transfer for zone
+<em class="parameter"><code>name</code></em>. Transfer the zone printing out the NS, PTR
+and address records (A/AAAA). If combined with <code class="option">-a</code>
+all records will be printed.
+</p>
+<p>
+The <code class="option">-i</code>
option specifies that reverse lookups of IPv6 addresses should
use the IP6.INT domain as defined in RFC1886.
-The default is to use IP6.ARPA.</P
-><P
->The <VAR
-CLASS="OPTION"
->-N</VAR
-> option sets the number of dots that have to be
-in <VAR
-CLASS="PARAMETER"
->name</VAR
-> for it to be considered absolute. The
+The default is to use IP6.ARPA.
+</p>
+<p>
+The <code class="option">-N</code> option sets the number of dots that have to be
+in <em class="parameter"><code>name</code></em> for it to be considered absolute. The
default value is that defined using the ndots statement in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->, or 1 if no ndots statement is
+<code class="filename">/etc/resolv.conf</code>, or 1 if no ndots statement is
present. Names with fewer dots are interpreted as relative names and
-will be searched for in the domains listed in the <SPAN
-CLASS="TYPE"
->search</SPAN
->
-or <SPAN
-CLASS="TYPE"
->domain</SPAN
-> directive in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-><P
->The number of UDP retries for a lookup can be changed with the
-<VAR
-CLASS="OPTION"
->-R</VAR
-> option. <VAR
-CLASS="PARAMETER"
->number</VAR
-> indicates
-how many times <B
-CLASS="COMMAND"
->host</B
-> will repeat a query that does
+will be searched for in the domains listed in the <span class="type">search</span>
+or <span class="type">domain</span> directive in
+<code class="filename">/etc/resolv.conf</code>.
+</p>
+<p>
+The number of UDP retries for a lookup can be changed with the
+<code class="option">-R</code> option. <em class="parameter"><code>number</code></em> indicates
+how many times <span><strong class="command">host</strong></span> will repeat a query that does
not get answered. The default number of retries is 1. If
-<VAR
-CLASS="PARAMETER"
->number</VAR
-> is negative or zero, the number of
-retries will default to 1.</P
-><P
->Non-recursive queries can be made via the <VAR
-CLASS="OPTION"
->-r</VAR
-> option.
-Setting this option clears the <SPAN
-CLASS="TYPE"
->RD</SPAN
-> &mdash; recursion
-desired &mdash; bit in the query which <B
-CLASS="COMMAND"
->host</B
-> makes.
+<em class="parameter"><code>number</code></em> is negative or zero, the number of
+retries will default to 1.
+</p>
+<p>
+Non-recursive queries can be made via the <code class="option">-r</code> option.
+Setting this option clears the <span class="type">RD</span> &#8212; recursion
+desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
This should mean that the name server receiving the query will not
-attempt to resolve <VAR
-CLASS="PARAMETER"
->name</VAR
->. The
-<VAR
-CLASS="OPTION"
->-r</VAR
-> option enables <B
-CLASS="COMMAND"
->host</B
-> to mimic
+attempt to resolve <em class="parameter"><code>name</code></em>. The
+<code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic
the behaviour of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
-referrals to other name servers.</P
-><P
->By default <B
-CLASS="COMMAND"
->host</B
-> uses UDP when making queries. The
-<VAR
-CLASS="OPTION"
->-T</VAR
-> option makes it use a TCP connection when querying
+referrals to other name servers.
+</p>
+<p>
+By default <span><strong class="command">host</strong></span> uses UDP when making queries. The
+<code class="option">-T</code> option makes it use a TCP connection when querying
the name server. TCP will be automatically selected for queries that
-require it, such as zone transfer (AXFR) requests.</P
-><P
->The <VAR
-CLASS="OPTION"
->-4</VAR
-> option forces <B
-CLASS="COMMAND"
->host</B
-> to only
-use IPv4 query transport. The <VAR
-CLASS="OPTION"
->-6</VAR
-> option forces
-<B
-CLASS="COMMAND"
->host</B
-> to only use IPv6 query transport.</P
-><P
->The <VAR
-CLASS="OPTION"
->-t</VAR
-> option is used to select the query type.
-<VAR
-CLASS="PARAMETER"
->type</VAR
-> can be any recognised query type: CNAME,
+require it, such as zone transfer (AXFR) requests.
+</p>
+<p>
+The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
+use IPv4 query transport. The <code class="option">-6</code> option forces
+<span><strong class="command">host</strong></span> to only use IPv6 query transport.
+</p>
+<p>
+The <code class="option">-t</code> option is used to select the query type.
+<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
-<B
-CLASS="COMMAND"
->host</B
-> automatically selects an appropriate query
+<span><strong class="command">host</strong></span> automatically selects an appropriate query
type. By default it looks for A records, but if the
-<VAR
-CLASS="OPTION"
->-C</VAR
-> option was given, queries will be made for SOA
-records, and if <VAR
-CLASS="PARAMETER"
->name</VAR
-> is a dotted-decimal IPv4
-address or colon-delimited IPv6 address, <B
-CLASS="COMMAND"
->host</B
-> will
+<code class="option">-C</code> option was given, queries will be made for SOA
+records, and if <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
+address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
query for PTR records. If a query type of IXFR is chosen the starting
serial number can be specified by appending an equal followed by the
-starting serial number (e.g. -t IXFR=12345678).</P
-><P
->The time to wait for a reply can be controlled through the
-<VAR
-CLASS="OPTION"
->-W</VAR
-> and <VAR
-CLASS="OPTION"
->-w</VAR
-> options. The
-<VAR
-CLASS="OPTION"
->-W</VAR
-> option makes <B
-CLASS="COMMAND"
->host</B
-> wait for
-<VAR
-CLASS="PARAMETER"
->wait</VAR
-> seconds. If <VAR
-CLASS="PARAMETER"
->wait</VAR
->
+starting serial number (e.g. -t IXFR=12345678).
+</p>
+<p>
+The time to wait for a reply can be controlled through the
+<code class="option">-W</code> and <code class="option">-w</code> options. The
+<code class="option">-W</code> option makes <span><strong class="command">host</strong></span> wait for
+<em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
is less than one, the wait interval is set to one second. When the
-<VAR
-CLASS="OPTION"
->-w</VAR
-> option is used, <B
-CLASS="COMMAND"
->host</B
-> will
+<code class="option">-w</code> option is used, <span><strong class="command">host</strong></span> will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
-value for an integer quantity.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN115"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN119"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dig</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->.</P
-></DIV
-></BODY
-></HTML
->
+value for an integer quantity.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526241"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526253"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+</p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dig/include/dig/dig.h b/contrib/bind9/bin/dig/include/dig/dig.h
index 4e88b15336ee..431d109cf081 100644
--- a/contrib/bind9/bin/dig/include/dig/dig.h
+++ b/contrib/bind9/bin/dig/include/dig/dig.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.71.2.6.2.7 2004/09/06 01:33:06 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.6.2.11 2005/07/04 03:29:45 marka Exp $ */
#ifndef DIG_H
#define DIG_H
@@ -35,7 +35,7 @@
#include <isc/sockaddr.h>
#include <isc/socket.h>
-#define MXSERV 6
+#define MXSERV 20
#define MXNAME (DNS_NAME_MAXTEXT+1)
#define MXRD 32
#define BUFSIZE 512
@@ -66,14 +66,6 @@
* in a tight loop of constant lookups. It's value is arbitrary.
*/
-#define ROOTNS 1
-/*
- * Set the number of root servers to ask for information when running in
- * trace mode.
- * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
- * be 1.
- */
-
/*
* Defaults for the sigchase suboptions. Consolidated here because
* these control the layout of dig_lookup_t (among other things).
@@ -224,6 +216,46 @@ struct dig_message {
ISC_LINK(dig_message_t) link;
};
#endif
+
+typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
+typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
+
+/*
+ * Externals from dighost.c
+ */
+
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
+extern dig_searchlistlist_t search_list;
+
+extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
+ usesearch, qr;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern dns_messageid_t id;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
+#ifdef DIG_SIGCHASE
+extern char trustedkey[MXNAME];
+#endif
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, memdebugging;
+
+extern char *progname;
+extern int tries;
+extern int fatalexit;
+
/*
* Routines in dighost.c.
*/
diff --git a/contrib/bind9/bin/dig/nslookup.1 b/contrib/bind9/bin/dig/nslookup.1
index 71aa8a131e4a..3de04ca4f912 100644
--- a/contrib/bind9/bin/dig/nslookup.1
+++ b/contrib/bind9/bin/dig/nslookup.1
@@ -1,76 +1,72 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.1.6.2 2004/08/20 02:29:39 marka Exp $
+.\" $Id: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $
.\"
-.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
nslookup \- query Internet name servers interactively
-.SH SYNOPSIS
-.sp
-\fBnslookup\fR [ \fB-option\fR ] [ \fBname | -\fR ] [ \fBserver\fR ]
+.SH "SYNOPSIS"
+.HP 9
+\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
.SH "DESCRIPTION"
.PP
\fBNslookup\fR
-is a program to query Internet domain name servers. \fBNslookup\fR
-has two modes: interactive and non-interactive. Interactive mode allows
-the user to query name servers for information about various hosts and
-domains or to print a list of hosts in a domain. Non-interactive mode is
-used to print just the name and requested information for a host or
-domain.
+is a program to query Internet domain name servers.
+\fBNslookup\fR
+has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
.SH "ARGUMENTS"
.PP
Interactive mode is entered in the following cases:
-.IP 1.
+.TP 3
+1.
when no arguments are given (the default name server will be used)
-.IP 2.
-when the first argument is a hyphen (-) and the second argument is
-the host name or Internet address of a name server.
-.PP
-Non-interactive mode is used when the name or Internet address of the
-host to be looked up is given as the first argument. The optional second
-argument specifies the host name or address of a name server.
+.TP
+2.
+when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
.PP
-Options can also be specified on the command line if they precede the
-arguments and are prefixed with a hyphen. For example, to
-change the default query type to host information, and the initial timeout to 10 seconds, type:
+Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
.PP
-.sp
-.nf
-nslookup -query=hinfo -timeout=10
-.sp
-.fi
+Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
+.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi
.SH "INTERACTIVE COMMANDS"
.TP
-\fBhost [server]\fR
-Look up information for host using the current default server or
-using server, if specified. If host is an Internet address and
-the query type is A or PTR, the name of the host is returned.
-If host is a name and does not have a trailing period, the
-search list is used to qualify the name.
-
-To look up a host not in the current domain, append a period to
-the name.
-.TP
-\fBserver \fIdomain\fB\fR
-.TP
-\fBlserver \fIdomain\fB\fR
-Change the default server to \fIdomain\fR; lserver uses the initial
-server to look up information about \fIdomain\fR, while server uses
-the current default server. If an authoritative answer can't be
-found, the names of servers that might have the answer are
-returned.
+host [server]
+Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
+.sp
+To look up a host not in the current domain, append a period to the name.
+.TP
+\fBserver\fR \fIdomain\fR
+.TP
+\fBlserver\fR \fIdomain\fR
+Change the default server to
+\fIdomain\fR;
+\fBlserver\fR
+uses the initial server to look up information about
+\fIdomain\fR, while
+\fBserver\fR
+uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
.TP
\fBroot\fR
not implemented
@@ -93,17 +89,15 @@ not implemented
\fBexit\fR
Exits the program.
.TP
-\fBset \fIkeyword[=value]\fB\fR
-This command is used to change state information that affects
-the lookups. Valid keywords are:
+\fBset\fR \fIkeyword\fR\fI[=value]\fR
+This command is used to change state information that affects the lookups. Valid keywords are:
.RS
.TP
\fBall\fR
-Prints the current values of the frequently used
-options to \fBset\fR. Information about the current default
-server and host is also printed.
+Prints the current values of the frequently used options to
+\fBset\fR. Information about the current default server and host is also printed.
.TP
-\fBclass=\fIvalue\fB\fR
+\fBclass=\fR\fIvalue\fR
Change the query class to one of:
.RS
.TP
@@ -119,66 +113,61 @@ the Hesiod class
\fBANY\fR
wildcard
.RE
-.PP
+.IP
The class specifies the protocol group of the information.
-
+.sp
(Default = IN; abbreviation = cl)
.TP
-\fB\fI[no]\fBdebug\fR
-Turn debugging mode on. A lot more information is
-printed about the packet sent to the server and the
-resulting answer.
-
-(Default = nodebug; abbreviation = [no]deb)
-.TP
-\fB\fI[no]\fBd2\fR
-Turn debugging mode on. A lot more information is
-printed about the packet sent to the server and the
-resulting answer.
-
+\fB\fI[no]\fR\fR\fBdebug\fR
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.sp
+(Default = nodebug; abbreviation =
+[no]deb)
+.TP
+\fB\fI[no]\fR\fR\fBd2\fR
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.sp
(Default = nod2)
.TP
-\fBdomain=\fIname\fB\fR
-Sets the search list to \fIname\fR.
+\fBdomain=\fR\fIname\fR
+Sets the search list to
+\fIname\fR.
.TP
-\fB\fI[no]\fBsearch\fR
-If the lookup request contains at least one period but
-doesn't end with a trailing period, append the domain
-names in the domain search list to the request until an
-answer is received.
-
+\fB\fI[no]\fR\fR\fBsearch\fR
+If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
+.sp
(Default = search)
.TP
-\fBport=\fIvalue\fB\fR
-Change the default TCP/UDP name server port to \fIvalue\fR.
-
+\fBport=\fR\fIvalue\fR
+Change the default TCP/UDP name server port to
+\fIvalue\fR.
+.sp
(Default = 53; abbreviation = po)
.TP
-\fBquerytype=\fIvalue\fB\fR
+\fBquerytype=\fR\fIvalue\fR
.TP
-\fBtype=\fIvalue\fB\fR
+\fBtype=\fR\fIvalue\fR
Change the top of the information query.
-
+.sp
(Default = A; abbreviations = q, ty)
.TP
-\fB\fI[no]\fBrecurse\fR
-Tell the name server to query other servers if it does not have the
-information.
-
+\fB\fI[no]\fR\fR\fBrecurse\fR
+Tell the name server to query other servers if it does not have the information.
+.sp
(Default = recurse; abbreviation = [no]rec)
.TP
-\fBretry=\fInumber\fB\fR
+\fBretry=\fR\fInumber\fR
Set the number of retries to number.
.TP
-\fBtimeout=\fInumber\fB\fR
-Change the initial timeout interval for waiting for a
-reply to number seconds.
+\fBtimeout=\fR\fInumber\fR
+Change the initial timeout interval for waiting for a reply to number seconds.
.TP
-\fB\fI[no]\fBvc\fR
+\fB\fI[no]\fR\fR\fBvc\fR
Always use a virtual circuit when sending requests to the server.
-
+.sp
(Default = novc)
.RE
+.IP
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
diff --git a/contrib/bind9/bin/dig/nslookup.c b/contrib/bind9/bin/dig/nslookup.c
index b26c605142e6..ab9ed68764c8 100644
--- a/contrib/bind9/bin/dig/nslookup.c
+++ b/contrib/bind9/bin/dig/nslookup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.90.2.4.2.8 2004/09/06 01:33:05 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.4.2.10 2005/07/12 05:47:42 marka Exp $ */
#include <config.h>
@@ -44,19 +44,6 @@
#include <dig/dig.h>
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern dig_serverlist_t server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
-extern isc_boolean_t usesearch, debugging;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern int tries;
-extern int lookup_counter;
-extern isc_task_t *global_task;
-extern char *progname;
-
static isc_boolean_t short_form = ISC_TRUE,
tcpmode = ISC_FALSE,
identify = ISC_FALSE, stats = ISC_TRUE,
diff --git a/contrib/bind9/bin/dig/nslookup.docbook b/contrib/bind9/bin/dig/nslookup.docbook
index 134e5b32ec41..189fabe85073 100644
--- a/contrib/bind9/bin/dig/nslookup.docbook
+++ b/contrib/bind9/bin/dig/nslookup.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.docbook,v 1.3.6.3 2004/08/30 00:50:11 marka Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.3.6.5 2005/05/13 01:22:33 marka Exp $ -->
<!--
- Copyright (c) 1985, 1989
@@ -62,6 +64,14 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname>nslookup</refname>
<refpurpose>query Internet name servers interactively</refpurpose>
@@ -71,8 +81,8 @@
<cmdsynopsis>
<command>nslookup</command>
<arg><option>-option</option></arg>
- <arg choice=opt>name | -</arg>
- <arg choice=opt>server</arg>
+ <arg choice="opt">name | -</arg>
+ <arg choice="opt">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -93,19 +103,19 @@ domain.
<title>ARGUMENTS</title>
<para>
Interactive mode is entered in the following cases:
-<OrderedList Numeration=Loweralpha>
-<Listitem>
+<orderedlist numeration="loweralpha">
+<listitem>
<para>
when no arguments are given (the default name server will be used)
</para>
-</Listitem>
-<Listitem>
+</listitem>
+<listitem>
<para>
when the first argument is a hyphen (-) and the second argument is
the host name or Internet address of a name server.
</para>
-</Listitem>
-</OrderedList>
+</listitem>
+</orderedlist>
</para>
<para>
@@ -118,11 +128,11 @@ argument specifies the host name or address of a name server.
Options can also be specified on the command line if they precede the
arguments and are prefixed with a hyphen. For example, to
change the default query type to host information, and the initial timeout to 10 seconds, type:
-<InformalExample>
-<PROGRAMLISTING>
+<informalexample>
+<programlisting>
nslookup -query=hinfo -timeout=10
-</PROGRAMLISTING>
-</InformalExample>
+</programlisting>
+</informalexample>
</para>
</refsect1>
diff --git a/contrib/bind9/bin/dig/nslookup.html b/contrib/bind9/bin/dig/nslookup.html
index e353377e8f03..fc2e4e80d723 100644
--- a/contrib/bind9/bin/dig/nslookup.html
+++ b/contrib/bind9/bin/dig/nslookup.html
@@ -1,617 +1,264 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: nslookup.html,v 1.1.6.3 2004/08/22 23:38:58 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->nslookup</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
->nslookup</H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Name</H2
->nslookup&nbsp;--&nbsp;query Internet name servers interactively</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN11"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->nslookup</B
-> [<VAR
-CLASS="OPTION"
->-option</VAR
->] [name | -] [server]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN18"
-></A
-><H2
->DESCRIPTION</H2
-><P
-><B
-CLASS="COMMAND"
->Nslookup</B
->
-is a program to query Internet domain name servers. <B
-CLASS="COMMAND"
->Nslookup</B
->
+<!-- $Id: nslookup.html,v 1.1.6.9 2005/10/13 02:33:44 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nslookup</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463728"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>nslookup &#8212; query Internet name servers interactively</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525973"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">Nslookup</strong></span>
+is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
has two modes: interactive and non-interactive. Interactive mode allows
the user to query name servers for information about various hosts and
domains or to print a list of hosts in a domain. Non-interactive mode is
used to print just the name and requested information for a host or
-domain.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN23"
-></A
-><H2
->ARGUMENTS</H2
-><P
->Interactive mode is entered in the following cases:
-<P
-></P
-><OL
-TYPE="a"
-><LI
-><P
->when no arguments are given (the default name server will be used)</P
-></LI
-><LI
-><P
->when the first argument is a hyphen (-) and the second argument is
-the host name or Internet address of a name server.</P
-></LI
-></OL
-></P
-><P
->Non-interactive mode is used when the name or Internet address of the
+domain.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525990"></a><h2>ARGUMENTS</h2>
+<p>
+Interactive mode is entered in the following cases:
+</p>
+<div class="orderedlist"><ol type="a">
+<li><p>
+when no arguments are given (the default name server will be used)
+</p></li>
+<li><p>
+when the first argument is a hyphen (-) and the second argument is
+the host name or Internet address of a name server.
+</p></li>
+</ol></div>
+<p>
+</p>
+<p>
+Non-interactive mode is used when the name or Internet address of the
host to be looked up is given as the first argument. The optional second
-argument specifies the host name or address of a name server.</P
-><P
->Options can also be specified on the command line if they precede the
+argument specifies the host name or address of a name server.
+</p>
+<p>
+Options can also be specified on the command line if they precede the
arguments and are prefixed with a hyphen. For example, to
change the default query type to host information, and the initial timeout to 10 seconds, type:
-<DIV
-CLASS="INFORMALEXAMPLE"
-><P
-></P
-><A
-NAME="AEN33"
-></A
-><PRE
-CLASS="PROGRAMLISTING"
->nslookup -query=hinfo -timeout=10</PRE
-><P
-></P
-></DIV
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN35"
-></A
-><H2
->INTERACTIVE COMMANDS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->host [<SPAN
-CLASS="OPTIONAL"
->server</SPAN
->]</DT
-><DD
-><P
->Look up information for host using the current default server or
+</p>
+<div class="informalexample"><pre class="programlisting">
+nslookup -query=hinfo -timeout=10
+</pre></div>
+<p>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526033"></a><h2>INTERACTIVE COMMANDS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dd>
+<p>
+Look up information for host using the current default server or
using server, if specified. If host is an Internet address and
the query type is A or PTR, the name of the host is returned.
If host is a name and does not have a trailing period, the
-search list is used to qualify the name.</P
-><P
->To look up a host not in the current domain, append a period to
-the name.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->server</CODE
-> <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></DT
-><DD
-><P
-></P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->lserver</CODE
-> <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></DT
-><DD
-><P
->Change the default server to <VAR
-CLASS="REPLACEABLE"
->domain</VAR
->; <CODE
-CLASS="CONSTANT"
->lserver</CODE
-> uses the initial
-server to look up information about <VAR
-CLASS="REPLACEABLE"
->domain</VAR
->, while <CODE
-CLASS="CONSTANT"
->server</CODE
-> uses
+search list is used to qualify the name.
+</p>
+<p>
+To look up a host not in the current domain, append a period to
+the name.
+</p>
+</dd>
+<dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
+server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
the current default server. If an authoritative answer can't be
found, the names of servers that might have the answer are
-returned.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->root</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->finger</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->ls</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->view</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->help</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->?</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->exit</CODE
-></DT
-><DD
-><P
->Exits the program.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->set</CODE
-> <VAR
-CLASS="REPLACEABLE"
->keyword[<SPAN
-CLASS="OPTIONAL"
->=value</SPAN
->]</VAR
-></DT
-><DD
-><P
->This command is used to change state information that affects
+returned.
+</p></dd>
+<dt><span class="term"><code class="constant">root</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">finger</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">ls</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">view</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">help</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">?</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">exit</code></span></dt>
+<dd><p>Exits the program.</p></dd>
+<dt><span class="term"><code class="constant">set</code> <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
+<dd>
+<p>This command is used to change state information that affects
the lookups. Valid keywords are:
- <P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><CODE
-CLASS="CONSTANT"
->all</CODE
-></DT
-><DD
-><P
->Prints the current values of the frequently used
- options to <B
-CLASS="COMMAND"
->set</B
->. Information about the current default
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">all</code></span></dt>
+<dd><p>Prints the current values of the frequently used
+ options to <span><strong class="command">set</strong></span>. Information about the current default
server and host is also printed.
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->class=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
-> Change the query class to one of:
- <P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><CODE
-CLASS="CONSTANT"
->IN</CODE
-></DT
-><DD
-><P
->the Internet class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->CH</CODE
-></DT
-><DD
-><P
->the Chaos class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->HS</CODE
-></DT
-><DD
-><P
->the Hesiod class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->ANY</CODE
-></DT
-><DD
-><P
->wildcard</P
-></DD
-></DL
-></DIV
->
+ </p></dd>
+<dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the query class to one of:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">IN</code></span></dt>
+<dd><p>the Internet class</p></dd>
+<dt><span class="term"><code class="constant">CH</code></span></dt>
+<dd><p>the Chaos class</p></dd>
+<dt><span class="term"><code class="constant">HS</code></span></dt>
+<dd><p>the Hesiod class</p></dd>
+<dt><span class="term"><code class="constant">ANY</code></span></dt>
+<dd><p>wildcard</p></dd>
+</dl></div>
+<p>
The class specifies the protocol group of the information.
- </P
-><P
-> (Default = IN; abbreviation = cl)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->debug</CODE
-></DT
-><DD
-><P
-> Turn debugging mode on. A lot more information is
+ </p>
+<p>
+ (Default = IN; abbreviation = cl)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+<dd>
+<p>
+ Turn debugging mode on. A lot more information is
printed about the packet sent to the server and the
resulting answer.
- </P
-><P
-> (Default = nodebug; abbreviation = [<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]deb)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->d2</CODE
-></DT
-><DD
-><P
-> Turn debugging mode on. A lot more information is
+ </p>
+<p>
+ (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+<dd>
+<p>
+ Turn debugging mode on. A lot more information is
printed about the packet sent to the server and the
resulting answer.
- </P
-><P
-> (Default = nod2)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->domain=</CODE
-><VAR
-CLASS="REPLACEABLE"
->name</VAR
-></DT
-><DD
-><P
-> Sets the search list to <VAR
-CLASS="REPLACEABLE"
->name</VAR
->.
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->search</CODE
-></DT
-><DD
-><P
-> If the lookup request contains at least one period but
+ </p>
+<p>
+ (Default = nod2)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
+<dd><p>
+ Sets the search list to <em class="replaceable"><code>name</code></em>.
+ </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+<p>
+ If the lookup request contains at least one period but
doesn't end with a trailing period, append the domain
names in the domain search list to the request until an
answer is received.
- </P
-><P
-> (Default = search)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->port=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
-> Change the default TCP/UDP name server port to <VAR
-CLASS="REPLACEABLE"
->value</VAR
->.
- </P
-><P
-> (Default = 53; abbreviation = po)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->querytype=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
-></P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->type=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
-> Change the top of the information query.
- </P
-><P
-> (Default = A; abbreviations = q, ty)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->recurse</CODE
-></DT
-><DD
-><P
-> Tell the name server to query other servers if it does not have the
+ </p>
+<p>
+ (Default = search)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
+ </p>
+<p>
+ (Default = 53; abbreviation = po)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the top of the information query.
+ </p>
+<p>
+ (Default = A; abbreviations = q, ty)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+<dd>
+<p>
+ Tell the name server to query other servers if it does not have the
information.
- </P
-><P
-> (Default = recurse; abbreviation = [no]rec)
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->retry=</CODE
-><VAR
-CLASS="REPLACEABLE"
->number</VAR
-></DT
-><DD
-><P
-> Set the number of retries to number.
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->timeout=</CODE
-><VAR
-CLASS="REPLACEABLE"
->number</VAR
-></DT
-><DD
-><P
-> Change the initial timeout interval for waiting for a
+ </p>
+<p>
+ (Default = recurse; abbreviation = [no]rec)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+ Set the number of retries to number.
+ </p></dd>
+<dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+ Change the initial timeout interval for waiting for a
reply to number seconds.
- </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->vc</CODE
-></DT
-><DD
-><P
-> Always use a virtual circuit when sending requests to the server.
- </P
-><P
-> (Default = novc)
- </P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN218"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN222"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dig</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->host</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN234"
-></A
-><H2
->Author</H2
-><P
->Andrew Cherenson</P
-></DIV
-></BODY
-></HTML
->
+ </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+<dd>
+<p>
+ Always use a virtual circuit when sending requests to the server.
+ </p>
+<p>
+ (Default = novc)
+ </p>
+</dd>
+</dl></div>
+<p>
+</p>
+</dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526490"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526503"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526538"></a><h2>Author</h2>
+<p>
+Andrew Cherenson
+</p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dnssec/Makefile.in b/contrib/bind9/bin/dnssec/Makefile.in
index 993c54e4067f..b9b7bea37c26 100644
--- a/contrib/bind9/bin/dnssec/Makefile.in
+++ b/contrib/bind9/bin/dnssec/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.19.12.9 2004/07/20 07:01:48 marka Exp $
+# $Id: Makefile.in,v 1.19.12.12 2005/05/02 00:25:54 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -58,7 +58,8 @@ dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
dnssec-keygen.@O@ ${OBJS} ${LIBS}
dnssec-signzone.@O@: dnssec-signzone.c
- ${LIBTOOL_MODE_COMPILE} ${PURIFY} ${CC} ${ALL_CFLAGS} -c $<
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/dnssec-signzone.c
dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.8 b/contrib/bind9/bin/dnssec/dnssec-keygen.8
index 235c26ea32f9..0f8f003de426 100644
--- a/contrib/bind9/bin/dnssec/dnssec-keygen.8
+++ b/contrib/bind9/bin/dnssec/dnssec-keygen.8
@@ -1,174 +1,164 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.19.12.5 2004/06/11 02:32:45 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $
.\"
-.TH "DNSSEC-KEYGEN" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-keygen \- DNSSEC key generation tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ] [ \fB-e\fR ] [ \fB-f \fIflag\fB\fR ] [ \fB-g \fIgenerator\fB\fR ] [ \fB-h\fR ] [ \fB-k\fR ] [ \fB-p \fIprotocol\fB\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstrength\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBname\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keygen \- DNSSEC key generation tool
+.SH "SYNOPSIS"
+.HP 14
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
.SH "DESCRIPTION"
.PP
-\fBdnssec-keygen\fR generates keys for DNSSEC
-(Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate
-keys for use with TSIG (Transaction Signatures), as
-defined in RFC 2845.
+\fBdnssec\-keygen\fR
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.SH "OPTIONS"
.TP
-\fB-a \fIalgorithm\fB\fR
+\-a \fIalgorithm\fR
Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1,
-DSA, DH (Diffie Hellman), or HMAC-MD5. These values
-are case insensitive.
-
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
-and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
-
-Note 2: HMAC-MD5 and DH automatically set the -k flag.
-.TP
-\fB-b \fIkeysize\fB\fR
-Specifies the number of bits in the key. The choice of key
-size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
-512 and 2048 bits. Diffie Hellman keys must be between
-128 and 4096 bits. DSA keys must be between 512 and 1024
-bits and an exact multiple of 64. HMAC-MD5 keys must be
-between 1 and 512 bits.
-.TP
-\fB-n \fInametype\fB\fR
+\fBalgorithm\fR
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+.sp
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
+.sp
+Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
+.TP
+\-b \fIkeysize\fR
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.TP
+\-n \fInametype\fR
Specifies the owner type of the key. The value of
-\fBnametype\fR must either be ZONE (for a DNSSEC
-zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
-USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
-case insensitive.
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
.TP
-\fB-c \fIclass\fB\fR
-Indicates that the DNS record containing the key should have
-the specified class. If not specified, class IN is used.
+\-c \fIclass\fR
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
.TP
-\fB-e\fR
+\-e
If generating an RSAMD5/RSASHA1 key, use a large exponent.
.TP
-\fB-f \fIflag\fB\fR
-Set the specified flag in the flag field of the KEY/DNSKEY record.
-The only recognized flag is KSK (Key Signing Key) DNSKEY.
+\-f \fIflag\fR
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
.TP
-\fB-g \fIgenerator\fB\fR
-If generating a Diffie Hellman key, use this generator.
-Allowed values are 2 and 5. If no generator
-is specified, a known prime from RFC 2539 will be used
-if possible; otherwise the default is 2.
+\-g \fIgenerator\fR
+If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
.TP
-\fB-h\fR
+\-h
Prints a short summary of the options and arguments to
-\fBdnssec-keygen\fR.
+\fBdnssec\-keygen\fR.
.TP
-\fB-k\fR
+\-k
Generate KEY records rather than DNSKEY records.
.TP
-\fB-p \fIprotocol\fB\fR
-Sets the protocol value for the generated key. The protocol
-is a number between 0 and 255. The default is 3 (DNSSEC).
-Other possible values for this argument are listed in
-RFC 2535 and its successors.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-s \fIstrength\fB\fR
-Specifies the strength value of the key. The strength is
-a number between 0 and 15, and currently has no defined
-purpose in DNSSEC.
-.TP
-\fB-t \fItype\fB\fR
-Indicates the use of the key. \fBtype\fR must be
-one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
-is AUTHCONF. AUTH refers to the ability to authenticate
-data, and CONF the ability to encrypt data.
-.TP
-\fB-v \fIlevel\fB\fR
+\-p \fIprotocol\fR
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+.TP
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.TP
+\-s \fIstrength\fR
+Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
+.TP
+\-t \fItype\fR
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+.TP
+\-v \fIlevel\fR
Sets the debugging level.
.SH "GENERATED KEYS"
.PP
-When \fBdnssec-keygen\fR completes successfully,
-it prints a string of the form \fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for
-the key it has generated. These strings can be used as arguments
-to \fBdnssec-makekeyset\fR.
-.TP 0.2i
+When
+\fBdnssec\-keygen\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key it has generated.
+.TP 3
\(bu
-\fInnnn\fR is the key name.
-.TP 0.2i
+\fInnnn\fR
+is the key name.
+.TP
\(bu
-\fIaaa\fR is the numeric representation of the
-algorithm.
-.TP 0.2i
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP
\(bu
-\fIiiiii\fR is the key identifier (or footprint).
+\fIiiiii\fR
+is the key identifier (or footprint).
.PP
-\fBdnssec-keygen\fR creates two file, with names based
-on the printed string. \fIKnnnn.+aaa+iiiii.key\fR
+\fBdnssec\-keygen\fR
+creates two file, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR contains the private
-key.
-.PP
-.PP
-The \fI.key\fR file contains a DNS KEY record that
-can be inserted into a zone file (directly or with a $INCLUDE
-statement).
-.PP
-.PP
-The \fI.private\fR file contains algorithm specific
-fields. For obvious security reasons, this file does not have
-general read permission.
-.PP
-.PP
-Both \fI.key\fR and \fI.private\fR
-files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
-.PP
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
+.PP
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+.PP
+The
+\fI.private\fR
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
+.PP
+Both
+\fI.key\fR
+and
+\fI.private\fR
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
.SH "EXAMPLE"
.PP
-To generate a 768-bit DSA key for the domain
-\fBexample.com\fR, the following command would be
-issued:
+To generate a 768\-bit DSA key for the domain
+\fBexample.com\fR, the following command would be issued:
.PP
-\fBdnssec-keygen -a DSA -b 768 -n ZONE example.com\fR
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
.PP
The command would print a string of the form:
.PP
\fBKexample.com.+003+26160\fR
.PP
-In this example, \fBdnssec-keygen\fR creates
-the files \fIKexample.com.+003+26160.key\fR and
+In this example,
+\fBdnssec\-keygen\fR
+creates the files
+\fIKexample.com.+003+26160.key\fR
+and
\fIKexample.com.+003+26160.private\fR
.SH "SEE ALSO"
.PP
-\fBdnssec-signzone\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR,
-\fIRFC 2845\fR,
-\fIRFC 2539\fR.
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535,
+RFC 2845,
+RFC 2539.
.SH "AUTHOR"
.PP
Internet Systems Consortium
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.docbook b/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
index a2034d9e8049..e1eee228ee65 100644
--- a/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
+++ b/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001-2003 Internet Software Consortium.
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.3.12.6 2004/06/11 01:17:34 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -29,6 +31,21 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><application>dnssec-keygen</application></refname>
<refpurpose>DNSSEC key generation tool</refpurpose>
@@ -244,8 +261,7 @@
When <command>dnssec-keygen</command> completes successfully,
it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
to the standard output. This is an identification string for
- the key it has generated. These strings can be used as arguments
- to <command>dnssec-makekeyset</command>.
+ the key it has generated.
</para>
<itemizedlist>
<listitem>
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.html b/contrib/bind9/bin/dnssec/dnssec-keygen.html
index 734c914ba617..00271faadf46 100644
--- a/contrib/bind9/bin/dnssec/dnssec-keygen.html
+++ b/contrib/bind9/bin/dnssec/dnssec-keygen.html
@@ -1,544 +1,228 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001-2003 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.6 2004/08/22 23:38:58 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->dnssec-keygen</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
->&nbsp;--&nbsp;DNSSEC key generation tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-keygen</B
-> {-a <VAR
-CLASS="REPLACEABLE"
->algorithm</VAR
->} {-b <VAR
-CLASS="REPLACEABLE"
->keysize</VAR
->} {-n <VAR
-CLASS="REPLACEABLE"
->nametype</VAR
->} [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-e</VAR
->] [<VAR
-CLASS="OPTION"
->-f <VAR
-CLASS="REPLACEABLE"
->flag</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-g <VAR
-CLASS="REPLACEABLE"
->generator</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-h</VAR
->] [<VAR
-CLASS="OPTION"
->-k</VAR
->] [<VAR
-CLASS="OPTION"
->-p <VAR
-CLASS="REPLACEABLE"
->protocol</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-r <VAR
-CLASS="REPLACEABLE"
->randomdev</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-s <VAR
-CLASS="REPLACEABLE"
->strength</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->type</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-v <VAR
-CLASS="REPLACEABLE"
->level</VAR
-></VAR
->] {name}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN53"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> generates keys for DNSSEC
+<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.13 2005/10/13 02:33:45 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-keygen</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525956"></a><h2>DESCRIPTION</h2>
+<p>
+ <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
(Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN57"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a <VAR
-CLASS="REPLACEABLE"
->algorithm</VAR
-></DT
-><DD
-><P
-> Selects the cryptographic algorithm. The value of
- <VAR
-CLASS="OPTION"
->algorithm</VAR
-> must be one of RSAMD5 (RSA) or RSASHA1,
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525969"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
+<dd>
+<p>
+ Selects the cryptographic algorithm. The value of
+ <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, DH (Diffie Hellman), or HMAC-MD5. These values
are case insensitive.
- </P
-><P
-> Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
+ </p>
+<p>
+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
- </P
-><P
-> Note 2: HMAC-MD5 and DH automatically set the -k flag.
- </P
-></DD
-><DT
->-b <VAR
-CLASS="REPLACEABLE"
->keysize</VAR
-></DT
-><DD
-><P
-> Specifies the number of bits in the key. The choice of key
+ </p>
+<p>
+ Note 2: HMAC-MD5 and DH automatically set the -k flag.
+ </p>
+</dd>
+<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
+<dd><p>
+ Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
between 1 and 512 bits.
- </P
-></DD
-><DT
->-n <VAR
-CLASS="REPLACEABLE"
->nametype</VAR
-></DT
-><DD
-><P
-> Specifies the owner type of the key. The value of
- <VAR
-CLASS="OPTION"
->nametype</VAR
-> must either be ZONE (for a DNSSEC
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
+<dd><p>
+ Specifies the owner type of the key. The value of
+ <code class="option">nametype</code> must either be ZONE (for a DNSSEC
zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
case insensitive.
- </P
-></DD
-><DT
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></DT
-><DD
-><P
-> Indicates that the DNS record containing the key should have
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Indicates that the DNS record containing the key should have
the specified class. If not specified, class IN is used.
- </P
-></DD
-><DT
->-e</DT
-><DD
-><P
-> If generating an RSAMD5/RSASHA1 key, use a large exponent.
- </P
-></DD
-><DT
->-f <VAR
-CLASS="REPLACEABLE"
->flag</VAR
-></DT
-><DD
-><P
-> Set the specified flag in the flag field of the KEY/DNSKEY record.
+ </p></dd>
+<dt><span class="term">-e</span></dt>
+<dd><p>
+ If generating an RSAMD5/RSASHA1 key, use a large exponent.
+ </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Set the specified flag in the flag field of the KEY/DNSKEY record.
The only recognized flag is KSK (Key Signing Key) DNSKEY.
- </P
-></DD
-><DT
->-g <VAR
-CLASS="REPLACEABLE"
->generator</VAR
-></DT
-><DD
-><P
-> If generating a Diffie Hellman key, use this generator.
+ </p></dd>
+<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
+<dd><p>
+ If generating a Diffie Hellman key, use this generator.
Allowed values are 2 and 5. If no generator
is specified, a known prime from RFC 2539 will be used
if possible; otherwise the default is 2.
- </P
-></DD
-><DT
->-h</DT
-><DD
-><P
-> Prints a short summary of the options and arguments to
- <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.
- </P
-></DD
-><DT
->-k</DT
-><DD
-><P
-> Generate KEY records rather than DNSKEY records.
- </P
-></DD
-><DT
->-p <VAR
-CLASS="REPLACEABLE"
->protocol</VAR
-></DT
-><DD
-><P
-> Sets the protocol value for the generated key. The protocol
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">dnssec-keygen</strong></span>.
+ </p></dd>
+<dt><span class="term">-k</span></dt>
+<dd><p>
+ Generate KEY records rather than DNSKEY records.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
+<dd><p>
+ Sets the protocol value for the generated key. The protocol
is a number between 0 and 255. The default is 3 (DNSSEC).
Other possible values for this argument are listed in
RFC 2535 and its successors.
- </P
-></DD
-><DT
->-r <VAR
-CLASS="REPLACEABLE"
->randomdev</VAR
-></DT
-><DD
-><P
-> Specifies the source of randomness. If the operating
- system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+ </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+ Specifies the source of randomness. If the operating
+ system does not provide a <code class="filename">/dev/random</code>
or equivalent device, the default source of randomness
- is keyboard input. <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+ is keyboard input. <code class="filename">randomdev</code> specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
- <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+ <code class="filename">keyboard</code> indicates that keyboard
input should be used.
- </P
-></DD
-><DT
->-s <VAR
-CLASS="REPLACEABLE"
->strength</VAR
-></DT
-><DD
-><P
-> Specifies the strength value of the key. The strength is
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
+<dd><p>
+ Specifies the strength value of the key. The strength is
a number between 0 and 15, and currently has no defined
purpose in DNSSEC.
- </P
-></DD
-><DT
->-t <VAR
-CLASS="REPLACEABLE"
->type</VAR
-></DT
-><DD
-><P
-> Indicates the use of the key. <VAR
-CLASS="OPTION"
->type</VAR
-> must be
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
+<dd><p>
+ Indicates the use of the key. <code class="option">type</code> must be
one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
is AUTHCONF. AUTH refers to the ability to authenticate
data, and CONF the ability to encrypt data.
- </P
-></DD
-><DT
->-v <VAR
-CLASS="REPLACEABLE"
->level</VAR
-></DT
-><DD
-><P
-> Sets the debugging level.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN136"
-></A
-><H2
->GENERATED KEYS</H2
-><P
-> When <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> completes successfully,
- it prints a string of the form <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii</TT
->
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526306"></a><h2>GENERATED KEYS</h2>
+<p>
+ When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
+ it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
to the standard output. This is an identification string for
- the key it has generated. These strings can be used as arguments
- to <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.
- </P
-><P
-></P
-><UL
-><LI
-><P
-> <TT
-CLASS="FILENAME"
->nnnn</TT
-> is the key name.
- </P
-></LI
-><LI
-><P
-> <TT
-CLASS="FILENAME"
->aaa</TT
-> is the numeric representation of the
+ the key it has generated.
+ </p>
+<div class="itemizedlist"><ul type="disc">
+<li><p>
+ <code class="filename">nnnn</code> is the key name.
+ </p></li>
+<li><p>
+ <code class="filename">aaa</code> is the numeric representation of the
algorithm.
- </P
-></LI
-><LI
-><P
-> <TT
-CLASS="FILENAME"
->iiiii</TT
-> is the key identifier (or footprint).
- </P
-></LI
-></UL
-><P
-> <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates two file, with names based
- on the printed string. <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.key</TT
->
+ </p></li>
+<li><p>
+ <code class="filename">iiiii</code> is the key identifier (or footprint).
+ </p></li>
+</ul></div>
+<p>
+ <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based
+ on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
- <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.private</TT
-> contains the private
+ <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private
key.
- </P
-><P
-> The <TT
-CLASS="FILENAME"
->.key</TT
-> file contains a DNS KEY record that
+ </p>
+<p>
+ The <code class="filename">.key</code> file contains a DNS KEY record that
can be inserted into a zone file (directly or with a $INCLUDE
statement).
- </P
-><P
-> The <TT
-CLASS="FILENAME"
->.private</TT
-> file contains algorithm specific
+ </p>
+<p>
+ The <code class="filename">.private</code> file contains algorithm specific
fields. For obvious security reasons, this file does not have
general read permission.
- </P
-><P
-> Both <TT
-CLASS="FILENAME"
->.key</TT
-> and <TT
-CLASS="FILENAME"
->.private</TT
->
+ </p>
+<p>
+ Both <code class="filename">.key</code> and <code class="filename">.private</code>
files are generated for symmetric encryption algorithm such as
HMAC-MD5, even though the public and private key are equivalent.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN163"
-></A
-><H2
->EXAMPLE</H2
-><P
-> To generate a 768-bit DSA key for the domain
- <KBD
-CLASS="USERINPUT"
->example.com</KBD
->, the following command would be
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526394"></a><h2>EXAMPLE</h2>
+<p>
+ To generate a 768-bit DSA key for the domain
+ <strong class="userinput"><code>example.com</code></strong>, the following command would be
issued:
- </P
-><P
-> <KBD
-CLASS="USERINPUT"
->dnssec-keygen -a DSA -b 768 -n ZONE example.com</KBD
->
- </P
-><P
-> The command would print a string of the form:
- </P
-><P
-> <KBD
-CLASS="USERINPUT"
->Kexample.com.+003+26160</KBD
->
- </P
-><P
-> In this example, <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates
- the files <TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.key</TT
-> and
- <TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.private</TT
->
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN176"
-></A
-><H2
->SEE ALSO</H2
-><P
-> <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signzone</SPAN
->(8)</SPAN
->,
- <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
- <I
-CLASS="CITETITLE"
->RFC 2535</I
->,
- <I
-CLASS="CITETITLE"
->RFC 2845</I
->,
- <I
-CLASS="CITETITLE"
->RFC 2539</I
->.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN186"
-></A
-><H2
->AUTHOR</H2
-><P
-> Internet Systems Consortium
- </P
-></DIV
-></BODY
-></HTML
->
+ </p>
+<p>
+ <strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
+ </p>
+<p>
+ The command would print a string of the form:
+ </p>
+<p>
+ <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+ </p>
+<p>
+ In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
+ the files <code class="filename">Kexample.com.+003+26160.key</code> and
+ <code class="filename">Kexample.com.+003+26160.private</code>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526440"></a><h2>SEE ALSO</h2>
+<p>
+ <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 2535</em>,
+ <em class="citetitle">RFC 2845</em>,
+ <em class="citetitle">RFC 2539</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526473"></a><h2>AUTHOR</h2>
+<p>
+ <span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.8 b/contrib/bind9/bin/dnssec/dnssec-signzone.8
index a1795b8001a2..63ffadba644f 100644
--- a/contrib/bind9/bin/dnssec/dnssec-signzone.8
+++ b/contrib/bind9/bin/dnssec/dnssec-signzone.8
@@ -1,167 +1,157 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.6 2004/06/11 02:32:46 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.10 2005/10/13 02:33:45 marka Exp $
.\"
-.TH "DNSSEC-SIGNZONE" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-signzone \- DNSSEC zone signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-signzone\fR [ \fB-a\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-d \fIdirectory\fB\fR ] [ \fB-e \fIend-time\fB\fR ] [ \fB-f \fIoutput-file\fB\fR ] [ \fB-g\fR ] [ \fB-h\fR ] [ \fB-k \fIkey\fB\fR ] [ \fB-l \fIdomain\fB\fR ] [ \fB-i \fIinterval\fB\fR ] [ \fB-n \fInthreads\fB\fR ] [ \fB-o \fIorigin\fB\fR ] [ \fB-p\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstart-time\fB\fR ] [ \fB-t\fR ] [ \fB-v \fIlevel\fB\fR ] [ \fB-z\fR ] \fBzonefile\fR [ \fBkey\fR\fI...\fR ]
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signzone \- DNSSEC zone signing tool
+.SH "SYNOPSIS"
+.HP 16
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-n\ \fR\fB\fInthreads\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
-\fBdnssec-signzone\fR signs a zone. It generates
-NSEC and RRSIG records and produces a signed version of the
-zone. The security status of delegations from the signed zone
-(that is, whether the child zones are secure or not) is
-determined by the presence or absence of a
-\fIkeyset\fR file for each child zone.
+\fBdnssec\-signzone\fR
+signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+\fIkeyset\fR
+file for each child zone.
.SH "OPTIONS"
.TP
-\fB-a\fR
+\-a
Verify all generated signatures.
.TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
Specifies the DNS class of the zone.
.TP
-\fB-k \fIkey\fB\fR
-Treat specified key as a key signing key ignoring any
-key flags. This option may be specified multiple times.
-.TP
-\fB-l \fIdomain\fB\fR
-Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-The domain is appended to the name of the records.
-.TP
-\fB-d \fIdirectory\fB\fR
-Look for \fIkeyset\fR files in
-\fBdirectory\fR as the directory
-.TP
-\fB-g\fR
-Generate DS records for child zones from keyset files.
-Existing DS records will be removed.
-.TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated RRSIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time minus 1 hour (to allow for clock skew) is used.
-.TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated RRSIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time relative to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
-.TP
-\fB-f \fIoutput-file\fB\fR
-The name of the output file containing the signed zone. The
-default is to append \fI.signed\fR to the
-input file.
-.TP
-\fB-h\fR
+\-k \fIkey\fR
+Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
+.TP
+\-l \fIdomain\fR
+Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
+.TP
+\-d \fIdirectory\fR
+Look for
+\fIkeyset\fR
+files in
+\fBdirectory\fR
+as the directory
+.TP
+\-g
+Generate DS records for child zones from keyset files. Existing DS records will be removed.
+.TP
+\-s \fIstart\-time\fR
+Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time minus 1 hour (to allow for clock skew) is used.
+.TP
+\-e \fIend\-time\fR
+Specify the date and time when the generated RRSIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
+.TP
+\-f \fIoutput\-file\fR
+The name of the output file containing the signed zone. The default is to append
+\fI.signed\fR
+to the input file.
+.TP
+\-h
Prints a short summary of the options and arguments to
-\fBdnssec-signzone\fR.
-.TP
-\fB-i \fIinterval\fB\fR
-When a previously signed zone is passed as input, records
-may be resigned. The \fBinterval\fR option
-specifies the cycle interval as an offset from the current
-time (in seconds). If a RRSIG record expires after the
-cycle interval, it is retained. Otherwise, it is considered
-to be expiring soon, and it will be replaced.
-
-The default cycle interval is one quarter of the difference
-between the signature end and start times. So if neither
-\fBend-time\fR or \fBstart-time\fR
-are specified, \fBdnssec-signzone\fR generates
-signatures that are valid for 30 days, with a cycle
-interval of 7.5 days. Therefore, if any existing RRSIG records
-are due to expire in less than 7.5 days, they would be
-replaced.
-.TP
-\fB-n \fIncpus\fB\fR
-Specifies the number of threads to use. By default, one
-thread is started for each detected CPU.
-.TP
-\fB-o \fIorigin\fB\fR
-The zone origin. If not specified, the name of the zone file
-is assumed to be the origin.
-.TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-t\fR
+\fBdnssec\-signzone\fR.
+.TP
+\-i \fIinterval\fR
+When a previously signed zone is passed as input, records may be resigned. The
+\fBinterval\fR
+option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
+.sp
+The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
+\fBend\-time\fR
+or
+\fBstart\-time\fR
+are specified,
+\fBdnssec\-signzone\fR
+generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
+.TP
+\-n \fIncpus\fR
+Specifies the number of threads to use. By default, one thread is started for each detected CPU.
+.TP
+\-o \fIorigin\fR
+The zone origin. If not specified, the name of the zone file is assumed to be the origin.
+.TP
+\-p
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+.TP
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.TP
+\-t
Print statistics at completion.
.TP
-\fB-v \fIlevel\fB\fR
+\-v \fIlevel\fR
Sets the debugging level.
.TP
-\fB-z\fR
+\-z
Ignore KSK flag on key when determining what to sign.
.TP
-\fBzonefile\fR
+zonefile
The file containing the zone to be signed.
-Sets the debugging level.
.TP
-\fBkey\fR
-The keys used to sign the zone. If no keys are specified, the
-default all zone keys that have private key files in the
-current directory.
+key
+The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
.SH "EXAMPLE"
.PP
-The following command signs the \fBexample.com\fR
-zone with the DSA key generated in the \fBdnssec-keygen\fR
+The following command signs the
+\fBexample.com\fR
+zone with the DSA key generated in the
+\fBdnssec\-keygen\fR
man page. The zone's keys must be in the zone. If there are
-\fIkeyset\fR files associated with child zones,
-they must be in the current directory.
-\fBexample.com\fR, the following command would be
-issued:
+\fIkeyset\fR
+files associated with child zones, they must be in the current directory.
+\fBexample.com\fR, the following command would be issued:
.PP
-\fBdnssec-signzone -o example.com db.example.com Kexample.com.+003+26160\fR
+\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
.PP
The command would print a string of the form:
.PP
-In this example, \fBdnssec-signzone\fR creates
-the file \fIdb.example.com.signed\fR. This file
-should be referenced in a zone statement in a
-\fInamed.conf\fR file.
+In this example,
+\fBdnssec\-signzone\fR
+creates the file
+\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
+\fInamed.conf\fR
+file.
.SH "SEE ALSO"
.PP
-\fBdnssec-keygen\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR.
+\fBdnssec\-keygen\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535.
.SH "AUTHOR"
.PP
Internet Systems Consortium
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.c b/contrib/bind9/bin/dnssec/dnssec-signzone.c
index c2c33f8c812a..93caf497e266 100644
--- a/contrib/bind9/bin/dnssec/dnssec-signzone.c
+++ b/contrib/bind9/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.139.2.2.4.17 2004/10/25 01:36:06 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.139.2.2.4.21 2005/10/14 01:38:41 marka Exp $ */
#include <config.h>
@@ -787,7 +787,6 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
dns_rdatasetiter_t *rdsiter;
isc_boolean_t isdelegation = ISC_FALSE;
isc_boolean_t hasds = ISC_FALSE;
- isc_boolean_t atorigin;
isc_boolean_t changed = ISC_FALSE;
dns_diff_t del, add;
char namestr[DNS_NAME_FORMATSIZE];
@@ -795,8 +794,6 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
dns_name_format(name, namestr, sizeof(namestr));
- atorigin = dns_name_equal(name, gorigin);
-
/*
* Determine if this is a delegation point.
*/
@@ -931,13 +928,16 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
static inline isc_boolean_t
active_node(dns_dbnode_t *node) {
- dns_rdatasetiter_t *rdsiter;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdatasetiter_t *rdsiter2 = NULL;
isc_boolean_t active = ISC_FALSE;
isc_result_t result;
dns_rdataset_t rdataset;
+ dns_rdatatype_t type;
+ dns_rdatatype_t covers;
+ isc_boolean_t found;
dns_rdataset_init(&rdataset);
- rdsiter = NULL;
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets()");
result = dns_rdatasetiter_first(rdsiter);
@@ -958,36 +958,63 @@ active_node(dns_dbnode_t *node) {
if (!active) {
/*
- * Make sure there is no NSEC / RRSIG records for
- * this node.
+ * The node is empty of everything but NSEC / RRSIG records.
*/
- result = dns_db_deleterdataset(gdb, node, gversion,
- dns_rdatatype_nsec, 0);
- if (result == DNS_R_UNCHANGED)
- result = ISC_R_SUCCESS;
- check_result(result, "dns_db_deleterdataset(nsec)");
-
- result = dns_rdatasetiter_first(rdsiter);
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
dns_rdatasetiter_current(rdsiter, &rdataset);
- if (rdataset.type == dns_rdatatype_rrsig) {
- dns_rdatatype_t type = rdataset.type;
- dns_rdatatype_t covers = rdataset.covers;
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ rdataset.type,
+ rdataset.covers);
+ check_result(result, "dns_db_deleterdataset()");
+ dns_rdataset_disassociate(&rdataset);
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ } else {
+ /*
+ * Delete RRSIGs for types that no longer exist.
+ */
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+ if (type != dns_rdatatype_rrsig)
+ continue;
+ found = ISC_FALSE;
+ for (result = dns_rdatasetiter_first(rdsiter2);
+ !found && result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter2)) {
+ dns_rdatasetiter_current(rdsiter2, &rdataset);
+ if (rdataset.type == covers)
+ found = ISC_TRUE;
+ dns_rdataset_disassociate(&rdataset);
+ }
+ if (!found) {
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
result = dns_db_deleterdataset(gdb, node,
gversion, type,
covers);
- if (result == DNS_R_UNCHANGED)
- result = ISC_R_SUCCESS;
check_result(result,
"dns_db_deleterdataset(rrsig)");
- }
- dns_rdataset_disassociate(&rdataset);
+ } else if (result != ISC_R_NOMORE &&
+ result != ISC_R_SUCCESS)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
}
if (result != ISC_R_NOMORE)
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
+ dns_rdatasetiter_destroy(&rdsiter2);
}
dns_rdatasetiter_destroy(&rdsiter);
@@ -1423,7 +1450,6 @@ warnifallksk(dns_db_t *db) {
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
- dst_key_t *pubkey;
isc_result_t result;
dns_rdata_key_t key;
isc_boolean_t have_non_ksk = ISC_FALSE;
@@ -1444,7 +1470,6 @@ warnifallksk(dns_db_t *db) {
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");
while (result == ISC_R_SUCCESS) {
- pubkey = NULL;
dns_rdata_reset(&rdata);
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &key, NULL);
@@ -1615,9 +1640,9 @@ usage(void) {
fprintf(stderr, "\t\tdirectory to find keyset files (.)\n");
fprintf(stderr, "\t-g:\t");
fprintf(stderr, "generate DS records from keyset files\n");
- fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+ fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n");
- fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+ fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
fprintf(stderr, "\t\tRRSIG end time - absolute|from start|from now "
"(now + 30 days)\n");
fprintf(stderr, "\t-i interval:\n");
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.docbook b/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
index 2b85102a0b54..35f35cc7339d 100644
--- a/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
+++ b/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001-2003 Internet Software Consortium.
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.8 2004/06/11 01:17:35 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.11 2005/06/24 00:18:15 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -29,6 +31,21 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><application>dnssec-signzone</application></refname>
<refpurpose>DNSSEC zone signing tool</refpurpose>
@@ -290,7 +307,6 @@
<listitem>
<para>
The file containing the zone to be signed.
- Sets the debugging level.
</para>
</listitem>
</varlistentry>
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.html b/contrib/bind9/bin/dnssec/dnssec-signzone.html
index 221099fbdbec..5cc8c0747cc8 100644
--- a/contrib/bind9/bin/dnssec/dnssec-signzone.html
+++ b/contrib/bind9/bin/dnssec/dnssec-signzone.html
@@ -1,553 +1,220 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001-2003 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.7 2004/08/22 23:38:58 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->dnssec-signzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
->&nbsp;--&nbsp;DNSSEC zone signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-signzone</B
-> [<VAR
-CLASS="OPTION"
->-a</VAR
->] [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-d <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-e <VAR
-CLASS="REPLACEABLE"
->end-time</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-f <VAR
-CLASS="REPLACEABLE"
->output-file</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-g</VAR
->] [<VAR
-CLASS="OPTION"
->-h</VAR
->] [<VAR
-CLASS="OPTION"
->-k <VAR
-CLASS="REPLACEABLE"
->key</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-l <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-i <VAR
-CLASS="REPLACEABLE"
->interval</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-n <VAR
-CLASS="REPLACEABLE"
->nthreads</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-o <VAR
-CLASS="REPLACEABLE"
->origin</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-p</VAR
->] [<VAR
-CLASS="OPTION"
->-r <VAR
-CLASS="REPLACEABLE"
->randomdev</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-s <VAR
-CLASS="REPLACEABLE"
->start-time</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t</VAR
->] [<VAR
-CLASS="OPTION"
->-v <VAR
-CLASS="REPLACEABLE"
->level</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-z</VAR
->] {zonefile} [key...]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN66"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> signs a zone. It generates
+<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.14 2005/10/13 02:33:46 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-signzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525979"></a><h2>DESCRIPTION</h2>
+<p>
+ <span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
(that is, whether the child zones are secure or not) is
determined by the presence or absence of a
- <TT
-CLASS="FILENAME"
->keyset</TT
-> file for each child zone.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN71"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
-> Verify all generated signatures.
- </P
-></DD
-><DT
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></DT
-><DD
-><P
-> Specifies the DNS class of the zone.
- </P
-></DD
-><DT
->-k <VAR
-CLASS="REPLACEABLE"
->key</VAR
-></DT
-><DD
-><P
-> Treat specified key as a key signing key ignoring any
+ <code class="filename">keyset</code> file for each child zone.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525995"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+ Verify all generated signatures.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Specifies the DNS class of the zone.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
+<dd><p>
+ Treat specified key as a key signing key ignoring any
key flags. This option may be specified multiple times.
- </P
-></DD
-><DT
->-l <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></DT
-><DD
-><P
-> Generate a DLV set in addition to the key (DNSKEY) and DS sets.
+ </p></dd>
+<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+ Generate a DLV set in addition to the key (DNSKEY) and DS sets.
The domain is appended to the name of the records.
- </P
-></DD
-><DT
->-d <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
-> Look for <TT
-CLASS="FILENAME"
->keyset</TT
-> files in
- <VAR
-CLASS="OPTION"
->directory</VAR
-> as the directory
- </P
-></DD
-><DT
->-g</DT
-><DD
-><P
-> Generate DS records for child zones from keyset files.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Look for <code class="filename">keyset</code> files in
+ <code class="option">directory</code> as the directory
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Generate DS records for child zones from keyset files.
Existing DS records will be removed.
- </P
-></DD
-><DT
->-s <VAR
-CLASS="REPLACEABLE"
->start-time</VAR
-></DT
-><DD
-><P
-> Specify the date and time when the generated RRSIG records
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+ Specify the date and time when the generated RRSIG records
become valid. This can be either an absolute or relative
time. An absolute start time is indicated by a number
in YYYYMMDDHHMMSS notation; 20000530144500 denotes
14:45:00 UTC on May 30th, 2000. A relative start time is
indicated by +N, which is N seconds from the current time.
- If no <VAR
-CLASS="OPTION"
->start-time</VAR
-> is specified, the current
+ If no <code class="option">start-time</code> is specified, the current
time minus 1 hour (to allow for clock skew) is used.
- </P
-></DD
-><DT
->-e <VAR
-CLASS="REPLACEABLE"
->end-time</VAR
-></DT
-><DD
-><P
-> Specify the date and time when the generated RRSIG records
- expire. As with <VAR
-CLASS="OPTION"
->start-time</VAR
->, an absolute
+ </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+ Specify the date and time when the generated RRSIG records
+ expire. As with <code class="option">start-time</code>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is
- indicated with now+N. If no <VAR
-CLASS="OPTION"
->end-time</VAR
-> is
+ indicated with now+N. If no <code class="option">end-time</code> is
specified, 30 days from the start time is used as a default.
- </P
-></DD
-><DT
->-f <VAR
-CLASS="REPLACEABLE"
->output-file</VAR
-></DT
-><DD
-><P
-> The name of the output file containing the signed zone. The
- default is to append <TT
-CLASS="FILENAME"
->.signed</TT
-> to the
+ </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
+<dd><p>
+ The name of the output file containing the signed zone. The
+ default is to append <code class="filename">.signed</code> to the
input file.
- </P
-></DD
-><DT
->-h</DT
-><DD
-><P
-> Prints a short summary of the options and arguments to
- <B
-CLASS="COMMAND"
->dnssec-signzone</B
->.
- </P
-></DD
-><DT
->-i <VAR
-CLASS="REPLACEABLE"
->interval</VAR
-></DT
-><DD
-><P
-> When a previously signed zone is passed as input, records
- may be resigned. The <VAR
-CLASS="OPTION"
->interval</VAR
-> option
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">dnssec-signzone</strong></span>.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+ When a previously signed zone is passed as input, records
+ may be resigned. The <code class="option">interval</code> option
specifies the cycle interval as an offset from the current
time (in seconds). If a RRSIG record expires after the
cycle interval, it is retained. Otherwise, it is considered
to be expiring soon, and it will be replaced.
- </P
-><P
-> The default cycle interval is one quarter of the difference
+ </p>
+<p>
+ The default cycle interval is one quarter of the difference
between the signature end and start times. So if neither
- <VAR
-CLASS="OPTION"
->end-time</VAR
-> or <VAR
-CLASS="OPTION"
->start-time</VAR
->
- are specified, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> generates
+ <code class="option">end-time</code> or <code class="option">start-time</code>
+ are specified, <span><strong class="command">dnssec-signzone</strong></span> generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing RRSIG records
are due to expire in less than 7.5 days, they would be
replaced.
- </P
-></DD
-><DT
->-n <VAR
-CLASS="REPLACEABLE"
->ncpus</VAR
-></DT
-><DD
-><P
-> Specifies the number of threads to use. By default, one
+ </p>
+</dd>
+<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
+<dd><p>
+ Specifies the number of threads to use. By default, one
thread is started for each detected CPU.
- </P
-></DD
-><DT
->-o <VAR
-CLASS="REPLACEABLE"
->origin</VAR
-></DT
-><DD
-><P
-> The zone origin. If not specified, the name of the zone file
+ </p></dd>
+<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
+<dd><p>
+ The zone origin. If not specified, the name of the zone file
is assumed to be the origin.
- </P
-></DD
-><DT
->-p</DT
-><DD
-><P
-> Use pseudo-random data when signing the zone. This is faster,
+ </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+ Use pseudo-random data when signing the zone. This is faster,
but less secure, than using real random data. This option
may be useful when signing large zones or when the entropy
source is limited.
- </P
-></DD
-><DT
->-r <VAR
-CLASS="REPLACEABLE"
->randomdev</VAR
-></DT
-><DD
-><P
-> Specifies the source of randomness. If the operating
- system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+ </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+ Specifies the source of randomness. If the operating
+ system does not provide a <code class="filename">/dev/random</code>
or equivalent device, the default source of randomness
- is keyboard input. <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+ is keyboard input. <code class="filename">randomdev</code> specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
- <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+ <code class="filename">keyboard</code> indicates that keyboard
input should be used.
- </P
-></DD
-><DT
->-t</DT
-><DD
-><P
-> Print statistics at completion.
- </P
-></DD
-><DT
->-v <VAR
-CLASS="REPLACEABLE"
->level</VAR
-></DT
-><DD
-><P
-> Sets the debugging level.
- </P
-></DD
-><DT
->-z</DT
-><DD
-><P
-> Ignore KSK flag on key when determining what to sign.
- </P
-></DD
-><DT
->zonefile</DT
-><DD
-><P
-> The file containing the zone to be signed.
+ </p></dd>
+<dt><span class="term">-t</span></dt>
+<dd><p>
+ Print statistics at completion.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
Sets the debugging level.
- </P
-></DD
-><DT
->key</DT
-><DD
-><P
-> The keys used to sign the zone. If no keys are specified, the
+ </p></dd>
+<dt><span class="term">-z</span></dt>
+<dd><p>
+ Ignore KSK flag on key when determining what to sign.
+ </p></dd>
+<dt><span class="term">zonefile</span></dt>
+<dd><p>
+ The file containing the zone to be signed.
+ </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+ The keys used to sign the zone. If no keys are specified, the
default all zone keys that have private key files in the
current directory.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN181"
-></A
-><H2
->EXAMPLE</H2
-><P
-> The following command signs the <KBD
-CLASS="USERINPUT"
->example.com</KBD
->
- zone with the DSA key generated in the <B
-CLASS="COMMAND"
->dnssec-keygen</B
->
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526435"></a><h2>EXAMPLE</h2>
+<p>
+ The following command signs the <strong class="userinput"><code>example.com</code></strong>
+ zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
man page. The zone's keys must be in the zone. If there are
- <TT
-CLASS="FILENAME"
->keyset</TT
-> files associated with child zones,
+ <code class="filename">keyset</code> files associated with child zones,
they must be in the current directory.
- <KBD
-CLASS="USERINPUT"
->example.com</KBD
->, the following command would be
+ <strong class="userinput"><code>example.com</code></strong>, the following command would be
issued:
- </P
-><P
-> <KBD
-CLASS="USERINPUT"
->dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</KBD
->
- </P
-><P
-> The command would print a string of the form:
- </P
-><P
-> In this example, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> creates
- the file <TT
-CLASS="FILENAME"
->db.example.com.signed</TT
->. This file
+ </p>
+<p>
+ <strong class="userinput"><code>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</code></strong>
+ </p>
+<p>
+ The command would print a string of the form:
+ </p>
+<p>
+ In this example, <span><strong class="command">dnssec-signzone</strong></span> creates
+ the file <code class="filename">db.example.com.signed</code>. This file
should be referenced in a zone statement in a
- <TT
-CLASS="FILENAME"
->named.conf</TT
-> file.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN195"
-></A
-><H2
->SEE ALSO</H2
-><P
-> <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
- <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
- <I
-CLASS="CITETITLE"
->RFC 2535</I
->.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN203"
-></A
-><H2
->AUTHOR</H2
-><P
-> Internet Systems Consortium
- </P
-></DIV
-></BODY
-></HTML
->
+ <code class="filename">named.conf</code> file.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526485"></a><h2>SEE ALSO</h2>
+<p>
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 2535</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526512"></a><h2>AUTHOR</h2>
+<p>
+ <span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/dnssec/dnssectool.c b/contrib/bind9/bin/dnssec/dnssectool.c
index 1b84de8f48aa..83ba76d91288 100644
--- a/contrib/bind9/bin/dnssec/dnssectool.c
+++ b/contrib/bind9/bin/dnssec/dnssectool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssectool.c,v 1.31.2.3.2.4 2004/03/08 02:07:38 marka Exp $ */
+/* $Id: dnssectool.c,v 1.31.2.3.2.6 2005/07/02 02:42:43 marka Exp $ */
#include <config.h>
@@ -145,6 +145,8 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
isc_log_t *log = NULL;
int level;
+ if (verbose < 0)
+ verbose = 0;
switch (verbose) {
case 0:
/*
diff --git a/contrib/bind9/bin/named/aclconf.c b/contrib/bind9/bin/named/aclconf.c
index ef36c5681f48..8b6d0c767d4f 100644
--- a/contrib/bind9/bin/named/aclconf.c
+++ b/contrib/bind9/bin/named/aclconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.c,v 1.27.12.3 2004/03/08 04:04:18 marka Exp $ */
+/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */
#include <config.h>
@@ -31,6 +31,8 @@
#include <named/aclconf.h>
+#define LOOP_MAGIC ISC_MAGIC('L','O','O','P')
+
void
ns_aclconfctx_init(ns_aclconfctx_t *ctx) {
ISC_LIST_INIT(ctx->named_acl_cache);
@@ -81,6 +83,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
isc_result_t result;
cfg_obj_t *cacl = NULL;
dns_acl_t *dacl;
+ dns_acl_t loop;
char *aclname = cfg_obj_asstring(nameobj);
/* Look for an already-converted version. */
@@ -89,6 +92,11 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
dacl = ISC_LIST_NEXT(dacl, nextincache))
{
if (strcasecmp(aclname, dacl->name) == 0) {
+ if (ISC_MAGIC_VALID(dacl, LOOP_MAGIC)) {
+ cfg_obj_log(nameobj, dns_lctx, ISC_LOG_ERROR,
+ "acl loop detected: %s", aclname);
+ return (ISC_R_FAILURE);
+ }
dns_acl_attach(dacl, target);
return (ISC_R_SUCCESS);
}
@@ -100,7 +108,18 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
"undefined ACL '%s'", aclname);
return (result);
}
+ /*
+ * Add a loop detection element.
+ */
+ memset(&loop, 0, sizeof(loop));
+ ISC_LINK_INIT(&loop, nextincache);
+ loop.name = aclname;
+ loop.magic = LOOP_MAGIC;
+ ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache);
result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl);
+ ISC_LIST_UNLINK(ctx->named_acl_cache, &loop, nextincache);
+ loop.magic = 0;
+ loop.name = NULL;
if (result != ISC_R_SUCCESS)
return (result);
dacl->name = isc_mem_strdup(dacl->mctx, aclname);
diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c
index 259f8d9dc299..baecc2345cb9 100644
--- a/contrib/bind9/bin/named/client.c
+++ b/contrib/bind9/bin/named/client.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.13.4.23 2004/09/26 22:37:43 marka Exp $ */
+/* $Id: client.c,v 1.176.2.13.4.26 2005/07/27 02:53:14 marka Exp $ */
#include <config.h>
@@ -177,20 +177,10 @@ static void client_request(isc_task_t *task, isc_event_t *event);
static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
void
-ns_client_recursing(ns_client_t *client, isc_boolean_t killoldest) {
- ns_client_t *oldest;
+ns_client_recursing(ns_client_t *client) {
REQUIRE(NS_CLIENT_VALID(client));
LOCK(&client->manager->lock);
- if (killoldest) {
- oldest = ISC_LIST_HEAD(client->manager->recursing);
- if (oldest != NULL) {
- ns_query_cancel(oldest);
- ISC_LIST_UNLINK(*oldest->list, oldest, link);
- ISC_LIST_APPEND(client->manager->active, oldest, link);
- oldest->list = &client->manager->active;
- }
- }
ISC_LIST_UNLINK(*client->list, client, link);
ISC_LIST_APPEND(client->manager->recursing, client, link);
client->list = &client->manager->recursing;
@@ -198,6 +188,22 @@ ns_client_recursing(ns_client_t *client, isc_boolean_t killoldest) {
}
void
+ns_client_killoldestquery(ns_client_t *client) {
+ ns_client_t *oldest;
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ LOCK(&client->manager->lock);
+ oldest = ISC_LIST_HEAD(client->manager->recursing);
+ if (oldest != NULL) {
+ ns_query_cancel(oldest);
+ ISC_LIST_UNLINK(*oldest->list, oldest, link);
+ ISC_LIST_APPEND(client->manager->active, oldest, link);
+ oldest->list = &client->manager->active;
+ }
+ UNLOCK(&client->manager->lock);
+}
+
+void
ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
isc_result_t result;
isc_interval_t interval;
@@ -1603,8 +1609,7 @@ client_timeout(isc_task_t *task, isc_event_t *event) {
}
static isc_result_t
-client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
-{
+client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
ns_client_t *client;
isc_result_t result;
diff --git a/contrib/bind9/bin/named/control.c b/contrib/bind9/bin/named/control.c
index b6ff6fe2cbc8..c9d17abe0276 100644
--- a/contrib/bind9/bin/named/control.c
+++ b/contrib/bind9/bin/named/control.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.c,v 1.7.2.2.2.11 2004/09/03 03:43:31 marka Exp $ */
+/* $Id: control.c,v 1.7.2.2.2.14 2005/04/29 01:04:47 marka Exp $ */
#include <config.h>
@@ -37,6 +37,9 @@
#include <named/log.h>
#include <named/os.h>
#include <named/server.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
static isc_boolean_t
command_compare(const char *text, const char *command) {
@@ -58,6 +61,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
isccc_sexpr_t *data;
char *command;
isc_result_t result;
+#ifdef HAVE_LIBSCF
+ ns_smf_want_disable = 0;
+#endif
data = isccc_alist_lookup(message, "_data");
if (data == NULL) {
@@ -92,11 +98,41 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_RETRANSFER)) {
result = ns_server_retransfercommand(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_HALT)) {
+#ifdef HAVE_LIBSCF
+ /*
+ * If we are managed by smf(5), AND in chroot, then
+ * we cannot connect to the smf repository, so just
+ * return with an appropriate message back to rndc.
+ */
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+ result = ns_smf_add_message(text);
+ return (result);
+ }
+ /*
+ * If we are managed by smf(5) but not in chroot,
+ * try to disable ourselves the smf way.
+ */
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
+ ns_smf_want_disable = 1;
+ /*
+ * If ns_smf_got_instance = 0, ns_smf_chroot
+ * is not relevant and we fall through to
+ * isc_app_shutdown below.
+ */
+#endif
ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
ns_os_shutdownmsg(command, text);
isc_app_shutdown();
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_STOP)) {
+#ifdef HAVE_LIBSCF
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+ result = ns_smf_add_message(text);
+ return (result);
+ }
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
+ ns_smf_want_disable = 1;
+#endif
ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
ns_os_shutdownmsg(command, text);
isc_app_shutdown();
diff --git a/contrib/bind9/bin/named/include/named/client.h b/contrib/bind9/bin/named/include/named/client.h
index 97951a41683c..7097a3bb05b5 100644
--- a/contrib/bind9/bin/named/include/named/client.h
+++ b/contrib/bind9/bin/named/include/named/client.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.h,v 1.60.2.2.10.8 2004/07/23 02:56:52 marka Exp $ */
+/* $Id: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
@@ -322,13 +322,19 @@ ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
void
-ns_client_recursing(ns_client_t *client, isc_boolean_t killoldest);
-/*
+ns_client_recursing(ns_client_t *client);
+/*%
* Add client to end of recursing list. If 'killoldest' is true
* kill the oldest recursive client (list head).
*/
void
+ns_client_killoldestquery(ns_client_t *client);
+/*%
+ * Kill the oldest recursive query (recursing list head).
+ */
+
+void
ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
/*
* Dump the outstanding recursive queries to 'f'.
diff --git a/contrib/bind9/bin/named/include/named/ns_smf_globals.h b/contrib/bind9/bin/named/include/named/ns_smf_globals.h
new file mode 100644
index 000000000000..49aa31dc5c06
--- /dev/null
+++ b/contrib/bind9/bin/named/include/named/ns_smf_globals.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ns_smf_globals.h,v 1.2.4.4 2005/05/13 01:22:33 marka Exp $ */
+
+#ifndef NS_SMF_GLOBALS_H
+#define NS_SMF_GLOBALS_H 1
+
+#include <libscf.h>
+
+#undef EXTERN
+#undef INIT
+#ifdef NS_MAIN
+#define EXTERN
+#define INIT(v) = (v)
+#else
+#define EXTERN extern
+#define INIT(v)
+#endif
+
+EXTERN unsigned int ns_smf_got_instance INIT(0);
+EXTERN unsigned int ns_smf_chroot INIT(0);
+EXTERN unsigned int ns_smf_want_disable INIT(0);
+
+isc_result_t ns_smf_add_message(isc_buffer_t *text);
+isc_result_t ns_smf_get_instance(char **name, int debug, isc_mem_t *mctx);
+
+#undef EXTERN
+#undef INIT
+
+#endif /* NS_SMF_GLOBALS_H */
diff --git a/contrib/bind9/bin/named/log.c b/contrib/bind9/bin/named/log.c
index 31af4bdd13c7..9032af795d4f 100644
--- a/contrib/bind9/bin/named/log.c
+++ b/contrib/bind9/bin/named/log.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.33.2.1.10.4 2004/03/08 09:04:14 marka Exp $ */
+/* $Id: log.c,v 1.33.2.1.10.6 2005/05/24 23:58:17 marka Exp $ */
#include <config.h>
@@ -154,6 +154,9 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
isc_result_t
ns_log_setsafechannels(isc_logconfig_t *lcfg) {
isc_result_t result;
+#if ISC_FACILITY != LOG_DAEMON
+ isc_logdestination_t destination;
+#endif
if (! ns_g_logstderr) {
result = isc_log_createchannel(lcfg, "default_debug",
@@ -172,6 +175,15 @@ ns_log_setsafechannels(isc_logconfig_t *lcfg) {
isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
}
+#if ISC_FACILITY != LOG_DAEMON
+ destination.facility = ISC_FACILITY;
+ result = isc_log_createchannel(lcfg, "default_syslog",
+ ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
+ &destination, 0);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+#endif
+
result = ISC_R_SUCCESS;
cleanup:
diff --git a/contrib/bind9/bin/named/lwresd.8 b/contrib/bind9/bin/named/lwresd.8
index bbc177d0ff69..58f24b062374 100644
--- a/contrib/bind9/bin/named/lwresd.8
+++ b/contrib/bind9/bin/named/lwresd.8
@@ -1,135 +1,135 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.13.208.2 2004/06/03 05:35:47 marka Exp $
+.\" $Id: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $
.\"
-.TH "LWRESD" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
lwresd \- lightweight resolver daemon
-.SH SYNOPSIS
-.sp
-\fBlwresd\fR [ \fB-C \fIconfig-file\fB\fR ] [ \fB-d \fIdebug-level\fB\fR ] [ \fB-f\fR ] [ \fB-g\fR ] [ \fB-i \fIpid-file\fB\fR ] [ \fB-n \fI#cpus\fB\fR ] [ \fB-P \fIport\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-s\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-u \fIuser\fB\fR ] [ \fB-v\fR ]
+.SH "SYNOPSIS"
+.HP 7
+\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
.SH "DESCRIPTION"
.PP
-\fBlwresd\fR is the daemon providing name lookup
-services to clients that use the BIND 9 lightweight resolver
-library. It is essentially a stripped-down, caching-only name
-server that answers queries using the BIND 9 lightweight
-resolver protocol rather than the DNS protocol.
+\fBlwresd\fR
+is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
.PP
-\fBlwresd\fR listens for resolver queries on a
-UDP port on the IPv4 loopback interface, 127.0.0.1. This
-means that \fBlwresd\fR can only be used by
-processes running on the local machine. By default UDP port
-number 921 is used for lightweight resolver requests and
-responses.
+\fBlwresd\fR
+listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that
+\fBlwresd\fR
+can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses.
.PP
-Incoming lightweight resolver requests are decoded by the
-server which then resolves them using the DNS protocol. When
-the DNS lookup completes, \fBlwresd\fR encodes
-the answers in the lightweight resolver format and returns
-them to the client that made the request.
+Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes,
+\fBlwresd\fR
+encodes the answers in the lightweight resolver format and returns them to the client that made the request.
.PP
-If \fI/etc/resolv.conf\fR contains any
-\fBnameserver\fR entries, \fBlwresd\fR
-sends recursive DNS queries to those servers. This is similar
-to the use of forwarders in a caching name server. If no
-\fBnameserver\fR entries are present, or if
-forwarding fails, \fBlwresd\fR resolves the
-queries autonomously starting at the root name servers, using
-a built-in list of root server hints.
+If
+\fI/etc/resolv.conf\fR
+contains any
+\fBnameserver\fR
+entries,
+\fBlwresd\fR
+sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no
+\fBnameserver\fR
+entries are present, or if forwarding fails,
+\fBlwresd\fR
+resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
.SH "OPTIONS"
.TP
-\fB-C \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
+\-C \fIconfig\-file\fR
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
.TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBlwresd\fR become
-more verbose as the debug level increases.
+\-d \fIdebug\-level\fR
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBlwresd\fR
+become more verbose as the debug level increases.
.TP
-\fB-f\fR
+\-f
Run the server in the foreground (i.e. do not daemonize).
.TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
+\-g
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
.TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBlwresd\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
+\-n \fI#cpus\fR
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBlwresd\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
.TP
-\fB-P \fIport\fB\fR
+\-P \fIport\fR
Listen for lightweight resolver queries on port
-\fIport\fR. If
-not specified, the default is port 921.
+\fIport\fR. If not specified, the default is port 921.
.TP
-\fB-p \fIport\fB\fR
-Send DNS lookups to port \fIport\fR. If not
-specified, the default is port 53. This provides a
-way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard
-port number.
+\-p \fIport\fR
+Send DNS lookups to port
+\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
.TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR
+\-s
+Write memory usage statistics to
+\fIstdout\fR
on exit.
-.sp
.RS
.B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.sp
.TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
+\-t \fIdirectory\fR
+\fBchroot()\fR
+to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
.RS
.B "Warning:"
This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot()\fR
+is defined allows a process with root privileges to escape a chroot jail.
.RE
-.sp
.TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
+\-u \fIuser\fR
+\fBsetuid()\fR
+to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
.TP
-\fB-v\fR
+\-v
Report the version number and exit.
.SH "FILES"
.TP
-\fB\fI/etc/resolv.conf\fB\fR
+\fI/etc/resolv.conf\fR
The default configuration file.
.TP
-\fB\fI/var/run/lwresd.pid\fB\fR
-The default process-id file.
+\fI/var/run/lwresd.pid\fR
+The default process\-id file.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
diff --git a/contrib/bind9/bin/named/lwresd.docbook b/contrib/bind9/bin/named/lwresd.docbook
index 46314c2614ea..c1f500bb8300 100644
--- a/contrib/bind9/bin/named/lwresd.docbook
+++ b/contrib/bind9/bin/named/lwresd.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.docbook,v 1.6.208.2 2004/06/03 02:24:57 marka Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.6.208.4 2005/05/13 01:22:33 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -29,6 +31,19 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><application>lwresd</application></refname>
<refpurpose>lightweight resolver daemon</refpurpose>
diff --git a/contrib/bind9/bin/named/lwresd.html b/contrib/bind9/bin/named/lwresd.html
index afe7af22f480..439153aa826a 100644
--- a/contrib/bind9/bin/named/lwresd.html
+++ b/contrib/bind9/bin/named/lwresd.html
@@ -1,497 +1,189 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000, 2001 Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: lwresd.html,v 1.4.2.1.4.3 2004/08/22 23:38:59 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->lwresd</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
->&nbsp;--&nbsp;lightweight resolver daemon</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->lwresd</B
-> [<VAR
-CLASS="OPTION"
->-C <VAR
-CLASS="REPLACEABLE"
->config-file</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-d <VAR
-CLASS="REPLACEABLE"
->debug-level</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-f</VAR
->] [<VAR
-CLASS="OPTION"
->-g</VAR
->] [<VAR
-CLASS="OPTION"
->-i <VAR
-CLASS="REPLACEABLE"
->pid-file</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-n <VAR
-CLASS="REPLACEABLE"
->#cpus</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-P <VAR
-CLASS="REPLACEABLE"
->port</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-p <VAR
-CLASS="REPLACEABLE"
->port</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-s</VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-u <VAR
-CLASS="REPLACEABLE"
->user</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-v</VAR
->]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <B
-CLASS="COMMAND"
->lwresd</B
-> is the daemon providing name lookup
+<!-- $Id: lwresd.html,v 1.4.2.1.4.8 2005/10/13 02:33:47 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>lwresd</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525920"></a><h2>DESCRIPTION</h2>
+<p>
+ <span><strong class="command">lwresd</strong></span> is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
library. It is essentially a stripped-down, caching-only name
server that answers queries using the BIND 9 lightweight
resolver protocol rather than the DNS protocol.
- </P
-><P
-> <B
-CLASS="COMMAND"
->lwresd</B
-> listens for resolver queries on a
+ </p>
+<p>
+ <span><strong class="command">lwresd</strong></span> listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
- means that <B
-CLASS="COMMAND"
->lwresd</B
-> can only be used by
+ means that <span><strong class="command">lwresd</strong></span> can only be used by
processes running on the local machine. By default UDP port
number 921 is used for lightweight resolver requests and
responses.
- </P
-><P
-> Incoming lightweight resolver requests are decoded by the
+ </p>
+<p>
+ Incoming lightweight resolver requests are decoded by the
server which then resolves them using the DNS protocol. When
- the DNS lookup completes, <B
-CLASS="COMMAND"
->lwresd</B
-> encodes
+ the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes
the answers in the lightweight resolver format and returns
them to the client that made the request.
- </P
-><P
-> If <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-> contains any
- <VAR
-CLASS="OPTION"
->nameserver</VAR
-> entries, <B
-CLASS="COMMAND"
->lwresd</B
->
+ </p>
+<p>
+ If <code class="filename">/etc/resolv.conf</code> contains any
+ <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span>
sends recursive DNS queries to those servers. This is similar
to the use of forwarders in a caching name server. If no
- <VAR
-CLASS="OPTION"
->nameserver</VAR
-> entries are present, or if
- forwarding fails, <B
-CLASS="COMMAND"
->lwresd</B
-> resolves the
+ <code class="option">nameserver</code> entries are present, or if
+ forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the
queries autonomously starting at the root name servers, using
a built-in list of root server hints.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN63"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-C <VAR
-CLASS="REPLACEABLE"
->config-file</VAR
-></DT
-><DD
-><P
-> Use <VAR
-CLASS="REPLACEABLE"
->config-file</VAR
-> as the
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525969"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
configuration file instead of the default,
- <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.
- </P
-></DD
-><DT
->-d <VAR
-CLASS="REPLACEABLE"
->debug-level</VAR
-></DT
-><DD
-><P
-> Set the daemon's debug level to <VAR
-CLASS="REPLACEABLE"
->debug-level</VAR
->.
- Debugging traces from <B
-CLASS="COMMAND"
->lwresd</B
-> become
+ <code class="filename">/etc/resolv.conf</code>.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
+<dd><p>
+ Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
+ Debugging traces from <span><strong class="command">lwresd</strong></span> become
more verbose as the debug level increases.
- </P
-></DD
-><DT
->-f</DT
-><DD
-><P
-> Run the server in the foreground (i.e. do not daemonize).
- </P
-></DD
-><DT
->-g</DT
-><DD
-><P
-> Run the server in the foreground and force all logging
- to <TT
-CLASS="FILENAME"
->stderr</TT
->.
- </P
-></DD
-><DT
->-n <VAR
-CLASS="REPLACEABLE"
->#cpus</VAR
-></DT
-><DD
-><P
-> Create <VAR
-CLASS="REPLACEABLE"
->#cpus</VAR
-> worker threads
+ </p></dd>
+<dt><span class="term">-f</span></dt>
+<dd><p>
+ Run the server in the foreground (i.e. do not daemonize).
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Run the server in the foreground and force all logging
+ to <code class="filename">stderr</code>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
+<dd><p>
+ Create <em class="replaceable"><code>#cpus</code></em> worker threads
to take advantage of multiple CPUs. If not specified,
- <B
-CLASS="COMMAND"
->lwresd</B
-> will try to determine the
+ <span><strong class="command">lwresd</strong></span> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
- </P
-></DD
-><DT
->-P <VAR
-CLASS="REPLACEABLE"
->port</VAR
-></DT
-><DD
-><P
-> Listen for lightweight resolver queries on port
- <VAR
-CLASS="REPLACEABLE"
->port</VAR
->. If
+ </p></dd>
+<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Listen for lightweight resolver queries on port
+ <em class="replaceable"><code>port</code></em>. If
not specified, the default is port 921.
- </P
-></DD
-><DT
->-p <VAR
-CLASS="REPLACEABLE"
->port</VAR
-></DT
-><DD
-><P
-> Send DNS lookups to port <VAR
-CLASS="REPLACEABLE"
->port</VAR
->. If not
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
specified, the default is port 53. This provides a
way of testing the lightweight resolver daemon with a
name server that listens for queries on a non-standard
port number.
- </P
-></DD
-><DT
->-s</DT
-><DD
-><P
-> Write memory usage statistics to <TT
-CLASS="FILENAME"
->stdout</TT
->
+ </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd>
+<p>
+ Write memory usage statistics to <code class="filename">stdout</code>
on exit.
- </P
-><DIV
-CLASS="NOTE"
-><BLOCKQUOTE
-CLASS="NOTE"
-><P
-><B
->Note: </B
-> This option is mainly of interest to BIND 9 developers
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ This option is mainly of interest to BIND 9 developers
and may be removed or changed in a future release.
- </P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
-> <CODE
-CLASS="FUNCTION"
->chroot()</CODE
-> to <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-> after
+ </p>
+</div>
+</dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+<p>
+ <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
- </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
-> This option should be used in conjunction with the
- <VAR
-CLASS="OPTION"
->-u</VAR
-> option, as chrooting a process
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be used in conjunction with the
+ <code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <CODE
-CLASS="FUNCTION"
->chroot()</CODE
-> is
+ systems; the way <code class="function">chroot()</code> is
defined allows a process with root privileges to
escape a chroot jail.
- </P
-></TD
-></TR
-></TABLE
-></DIV
-></DD
-><DT
->-u <VAR
-CLASS="REPLACEABLE"
->user</VAR
-></DT
-><DD
-><P
-> <CODE
-CLASS="FUNCTION"
->setuid()</CODE
-> to <VAR
-CLASS="REPLACEABLE"
->user</VAR
-> after completing
+ </p>
+</div>
+</dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>
+ <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
- </P
-></DD
-><DT
->-v</DT
-><DD
-><P
-> Report the version number and exit.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN137"
-></A
-><H2
->FILES</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></DT
-><DD
-><P
-> The default configuration file.
- </P
-></DD
-><DT
-><TT
-CLASS="FILENAME"
->/var/run/lwresd.pid</TT
-></DT
-><DD
-><P
-> The default process-id file.
- </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN150"
-></A
-><H2
->SEE ALSO</H2
-><P
-> <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->lwres</SPAN
->(3)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->resolver</SPAN
->(5)</SPAN
->.
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN162"
-></A
-><H2
->AUTHOR</H2
-><P
-> Internet Systems Consortium
- </P
-></DIV
-></BODY
-></HTML
->
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Report the version number and exit.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526237"></a><h2>FILES</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
+<dd><p>
+ The default configuration file.
+ </p></dd>
+<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
+<dd><p>
+ The default process-id file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526277"></a><h2>SEE ALSO</h2>
+<p>
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
+ <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526315"></a><h2>AUTHOR</h2>
+<p>
+ <span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/contrib/bind9/bin/named/main.c b/contrib/bind9/bin/named/main.c
index f78ea247c8a7..c155291d6ca6 100644
--- a/contrib/bind9/bin/named/main.c
+++ b/contrib/bind9/bin/named/main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.119.2.3.2.17 2004/10/25 00:42:54 marka Exp $ */
+/* $Id: main.c,v 1.119.2.3.2.22 2005/04/29 01:04:47 marka Exp $ */
#include <config.h>
@@ -47,10 +47,6 @@
#include <dst/result.h>
-#ifdef HAVE_LIBSCF
-#include <libscf.h>
-#endif
-
/*
* Defining NS_MAIN provides storage declarations (rather than extern)
* for variables in named/globals.h.
@@ -66,6 +62,9 @@
#include <named/server.h>
#include <named/lwresd.h>
#include <named/main.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
/*
* Include header files for database drivers here.
@@ -540,6 +539,9 @@ destroy_managers(void) {
static void
setup(void) {
isc_result_t result;
+#ifdef HAVE_LIBSCF
+ char *instance = NULL;
+#endif
/*
* Get the user and group information before changing the root
@@ -555,6 +557,18 @@ setup(void) {
ns_os_opendevnull();
+#ifdef HAVE_LIBSCF
+ /* Check if named is under smf control, before chroot. */
+ result = ns_smf_get_instance(&instance, 0, ns_g_mctx);
+ /* We don't care about instance, just check if we got one. */
+ if (result == ISC_R_SUCCESS)
+ ns_smf_got_instance = 1;
+ else
+ ns_smf_got_instance = 0;
+ if (instance != NULL)
+ isc_mem_free(ns_g_mctx, instance);
+#endif /* HAVE_LIBSCF */
+
#ifdef PATH_RANDOMDEV
/*
* Initialize system's random device as fallback entropy source
@@ -699,92 +713,73 @@ ns_main_setmemstats(const char *filename) {
#ifdef HAVE_LIBSCF
/*
- * Get FMRI for the current named process
+ * Get FMRI for the named process.
*/
-static char *
-scf_get_ins_name(void) {
+isc_result_t
+ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) {
scf_handle_t *h = NULL;
int namelen;
- char *ins_name;
+ char *instance;
+
+ REQUIRE(ins_name != NULL && *ins_name == NULL);
if ((h = scf_handle_create(SCF_VERSION)) == NULL) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "scf_handle_create() failed: %s",
- scf_strerror(scf_error()));
- return (NULL);
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_handle_create() failed: %s",
+ scf_strerror(scf_error()));
+ return (ISC_R_FAILURE);
}
if (scf_handle_bind(h) == -1) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "scf_handle_bind() failed: %s",
- scf_strerror(scf_error()));
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_handle_bind() failed: %s",
+ scf_strerror(scf_error()));
scf_handle_destroy(h);
- return (NULL);
+ return (ISC_R_FAILURE);
}
if ((namelen = scf_myname(h, NULL, 0)) == -1) {
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_MAIN, ISC_LOG_INFO,
- "scf_myname() failed: %s",
- scf_strerror(scf_error()));
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_myname() failed: %s",
+ scf_strerror(scf_error()));
scf_handle_destroy(h);
- return (NULL);
+ return (ISC_R_FAILURE);
}
- if ((ins_name = malloc(namelen + 1)) == NULL) {
+ if ((instance = isc_mem_allocate(mctx, namelen + 1)) == NULL) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
- "scf_get_ins_named() memory "
+ "ns_smf_get_instance memory "
"allocation failed: %s",
isc_result_totext(ISC_R_NOMEMORY));
scf_handle_destroy(h);
- return (NULL);
+ return (ISC_R_FAILURE);
}
- if (scf_myname(h, ins_name, namelen + 1) == -1) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "scf_myname() failed: %s",
- scf_strerror(scf_error()));
+ if (scf_myname(h, instance, namelen + 1) == -1) {
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_myname() failed: %s",
+ scf_strerror(scf_error()));
scf_handle_destroy(h);
- free(ins_name);
- return (NULL);
+ isc_mem_free(mctx, instance);
+ return (ISC_R_FAILURE);
}
scf_handle_destroy(h);
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
- ISC_LOG_INFO, "instance name:%s", ins_name);
-
- return (ins_name);
-}
-
-static void
-scf_cleanup(void) {
- char *s;
- char *ins_name;
-
- if ((ins_name = scf_get_ins_name()) != NULL) {
- if ((s = smf_get_state(ins_name)) != NULL) {
- if ((strcmp(SCF_STATE_STRING_ONLINE, s) == 0) ||
- (strcmp(SCF_STATE_STRING_DEGRADED, s) == 0)) {
- if (smf_disable_instance(ins_name, 0) != 0) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "smf_disable_instance() failed: %s",
- scf_strerror(scf_error()));
- }
- }
- free(s);
- } else {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "smf_get_state() failed: %s",
- scf_strerror(scf_error()));
- }
- free(ins_name);
- }
+ *ins_name = instance;
+ return (ISC_R_SUCCESS);
}
-#endif
+#endif /* HAVE_LIBSCF */
int
main(int argc, char *argv[]) {
isc_result_t result;
+#ifdef HAVE_LIBSCF
+ char *instance = NULL;
+#endif
/*
* Record version in core image.
@@ -856,8 +851,20 @@ main(int argc, char *argv[]) {
} while (result != ISC_R_SUCCESS);
#ifdef HAVE_LIBSCF
- scf_cleanup();
-#endif
+ if (ns_smf_want_disable == 1) {
+ result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+ if (result == ISC_R_SUCCESS && instance != NULL) {
+ if (smf_disable_instance(instance, 0) != 0)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "smf_disable_instance() ",
+ "failed for %s : %s",
+ instance,
+ scf_strerror(scf_error()));
+ }
+ if (instance != NULL)
+ isc_mem_free(ns_g_mctx, instance);
+ }
+#endif /* HAVE_LIBSCF */
cleanup();
diff --git a/contrib/bind9/bin/named/named.8 b/contrib/bind9/bin/named/named.8
index cd120ddc6f63..e072c169be3e 100644
--- a/contrib/bind9/bin/named/named.8
+++ b/contrib/bind9/bin/named/named.8
@@ -1,177 +1,182 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.17.208.3 2004/06/03 05:35:47 marka Exp $
+.\" $Id: named.8,v 1.17.208.6 2005/10/13 02:33:46 marka Exp $
.\"
-.TH "NAMED" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
named \- Internet domain name server
-.SH SYNOPSIS
-.sp
-\fBnamed\fR [ \fB-4\fR ] [ \fB-6\fR ] [ \fB-c \fIconfig-file\fB\fR ] [ \fB-d \fIdebug-level\fB\fR ] [ \fB-f\fR ] [ \fB-g\fR ] [ \fB-n \fI#cpus\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-s\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-u \fIuser\fB\fR ] [ \fB-v\fR ] [ \fB-x \fIcache-file\fB\fR ]
+.SH "SYNOPSIS"
+.HP 6
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
-\fBnamed\fR is a Domain Name System (DNS) server,
-part of the BIND 9 distribution from ISC. For more
-information on the DNS, see RFCs 1033, 1034, and 1035.
+\fBnamed\fR
+is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035.
.PP
-When invoked without arguments, \fBnamed\fR will
-read the default configuration file
-\fI/etc/named.conf\fR, read any initial
-data, and listen for queries.
+When invoked without arguments,
+\fBnamed\fR
+will read the default configuration file
+\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
.TP
-\fB-4\fR
+\-4
Use IPv4 only even if the host machine is capable of IPv6.
-\fB-4\fR and \fB-6\fR are mutually
-exclusive.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
.TP
-\fB-6\fR
+\-6
Use IPv6 only even if the host machine is capable of IPv4.
-\fB-4\fR and \fB-6\fR are mutually
-exclusive.
-.TP
-\fB-c \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
-\fI/etc/named.conf\fR. To
-ensure that reloading the configuration file continues
-to work after the server has changed its working
-directory due to to a possible
-\fBdirectory\fR option in the configuration
-file, \fIconfig-file\fR should be
-an absolute pathname.
-.TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBnamed\fR become
-more verbose as the debug level increases.
-.TP
-\fB-f\fR
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.TP
+\-c \fIconfig\-file\fR
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fBdirectory\fR
+option in the configuration file,
+\fIconfig\-file\fR
+should be an absolute pathname.
+.TP
+\-d \fIdebug\-level\fR
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBnamed\fR
+become more verbose as the debug level increases.
+.TP
+\-f
Run the server in the foreground (i.e. do not daemonize).
.TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
-.TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBnamed\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
-.TP
-\fB-p \fIport\fB\fR
-Listen for queries on port \fIport\fR. If not
-specified, the default is port 53.
-.TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR on exit.
-.sp
+\-g
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
+.TP
+\-n \fI#cpus\fR
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBnamed\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
+.TP
+\-p \fIport\fR
+Listen for queries on port
+\fIport\fR. If not specified, the default is port 53.
+.TP
+\-s
+Write memory usage statistics to
+\fIstdout\fR
+on exit.
.RS
.B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.sp
.TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
+\-t \fIdirectory\fR
+\fBchroot()\fR
+to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
.RS
.B "Warning:"
This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot()\fR
+is defined allows a process with root privileges to escape a chroot jail.
.RE
-.sp
.TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
-.sp
+\-u \fIuser\fR
+\fBsetuid()\fR
+to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
.RS
.B "Note:"
-On Linux, \fBnamed\fR uses the kernel's
-capability mechanism to drop all root privileges
-except the ability to \fBbind()\fR to a
-privileged port and set process resource limits.
-Unfortunately, this means that the \fB-u\fR
-option only works when \fBnamed\fR is run
-on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
-later, since previous kernels did not allow privileges
-to be retained after \fBsetuid()\fR.
+On Linux,
+\fBnamed\fR
+uses the kernel's capability mechanism to drop all root privileges except the ability to
+\fBbind()\fR
+to a privileged port and set process resource limits. Unfortunately, this means that the
+\fB\-u\fR
+option only works when
+\fBnamed\fR
+is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
+\fBsetuid()\fR.
.RE
-.sp
.TP
-\fB-v\fR
+\-v
Report the version number and exit.
.TP
-\fB-x \fIcache-file\fB\fR
-Load data from \fIcache-file\fR into the
-cache of the default view.
-.sp
+\-x \fIcache\-file\fR
+Load data from
+\fIcache\-file\fR
+into the cache of the default view.
.RS
.B "Warning:"
-This option must not be used. It is only of interest
-to BIND 9 developers and may be removed or changed in a
-future release.
+This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.sp
.SH "SIGNALS"
.PP
-In routine operation, signals should not be used to control
-the nameserver; \fBrndc\fR should be used
-instead.
+In routine operation, signals should not be used to control the nameserver;
+\fBrndc\fR
+should be used instead.
.TP
-\fBSIGHUP\fR
+SIGHUP
Force a reload of the server.
.TP
-\fBSIGINT, SIGTERM\fR
+SIGINT, SIGTERM
Shut down the server.
.PP
The result of sending any other signals to the server is undefined.
-.PP
.SH "CONFIGURATION"
.PP
-The \fBnamed\fR configuration file is too complex
-to describe in detail here. A complete description is
-provided in the \fIBIND 9 Administrator Reference
-Manual\fR.
+The
+\fBnamed\fR
+configuration file is too complex to describe in detail here. A complete description is provided in the
+BIND 9 Administrator Reference Manual.
.SH "FILES"
.TP
-\fB\fI/etc/named.conf\fB\fR
+\fI/etc/named.conf\fR
The default configuration file.
.TP
-\fB\fI/var/run/named.pid\fB\fR
-The default process-id file.
+\fI/var/run/named.pid\fR
+The default process\-id file.
.SH "SEE ALSO"
.PP
-\fIRFC 1033\fR,
-\fIRFC 1034\fR,
-\fIRFC 1035\fR,
+RFC 1033,
+RFC 1034,
+RFC 1035,
\fBrndc\fR(8),
\fBlwresd\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
diff --git a/contrib/bind9/bin/named/named.conf.5 b/contrib/bind9/bin/named/named.conf.5
index 2b7387b9555c..d0b690b1b5a0 100644
--- a/contrib/bind9/bin/named/named.conf.5
+++ b/contrib/bind9/bin/named/named.conf.5
@@ -1,32 +1,40 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.4.3 2004/10/18 02:33:06 marka Exp $
+.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $
.\"
-.TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
named.conf \- configuration file for named
-.SH SYNOPSIS
-.sp
+.SH "SYNOPSIS"
+.HP 11
\fBnamed.conf\fR
.SH "DESCRIPTION"
.PP
-\fInamed.conf\fR is the configuration file for
-\fBnamed\fR. Statements are enclosed
-in braces and terminated with a semi-colon. Clauses in
-the statements are also semi-colon terminated. The usual
-comment styles are supported:
+\fInamed.conf\fR
+is the configuration file for
+\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
.PP
C style: /* */
.PP
@@ -37,7 +45,6 @@ Unix style: # to end of line
.sp
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
-.sp
.fi
.SH "KEY"
.sp
@@ -46,7 +53,6 @@ key \fIdomain_name\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
-.sp
.fi
.SH "MASTERS"
.sp
@@ -55,7 +61,6 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
};
-.sp
.fi
.SH "SERVER"
.sp
@@ -63,27 +68,24 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
bogus \fIboolean\fR;
edns \fIboolean\fR;
- provide-ixfr \fIboolean\fR;
- request-ixfr \fIboolean\fR;
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
keys \fIserver_key\fR;
transfers \fIinteger\fR;
- transfer-format ( many-answers | one-answer );
- transfer-source ( \fIipv4_address\fR | * )
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- transfer-source-v6 ( \fIipv6_address\fR | * )
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
-
- support-ixfr \fIboolean\fR; // obsolete
+ support\-ixfr \fIboolean\fR; // obsolete
};
-.sp
.fi
-.SH "TRUSTED-KEYS"
+.SH "TRUSTED\-KEYS"
.sp
.nf
-trusted-keys {
+trusted\-keys {
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
};
-.sp
.fi
.SH "CONTROLS"
.sp
@@ -95,7 +97,6 @@ controls {
[ keys { \fIstring\fR; ... } ];
unix \fIunsupported\fR; // not implemented
};
-.sp
.fi
.SH "LOGGING"
.sp
@@ -107,363 +108,325 @@ logging {
null;
stderr;
severity \fIlog_severity\fR;
- print-time \fIboolean\fR;
- print-severity \fIboolean\fR;
- print-category \fIboolean\fR;
+ print\-time \fIboolean\fR;
+ print\-severity \fIboolean\fR;
+ print\-category \fIboolean\fR;
};
category \fIstring\fR { \fIstring\fR; ... };
};
-.sp
.fi
.SH "LWRES"
.sp
.nf
lwres {
- listen-on [ port \fIinteger\fR ] {
+ listen\-on [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
view \fIstring\fR \fIoptional_class\fR;
search { \fIstring\fR; ... };
ndots \fIinteger\fR;
};
-.sp
.fi
.SH "OPTIONS"
.sp
.nf
options {
- avoid-v4-udp-ports { \fIport\fR; ... };
- avoid-v6-udp-ports { \fIport\fR; ... };
+ avoid\-v4\-udp\-ports { \fIport\fR; ... };
+ avoid\-v6\-udp\-ports { \fIport\fR; ... };
blackhole { \fIaddress_match_element\fR; ... };
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
- dump-file \fIquoted_string\fR;
+ dump\-file \fIquoted_string\fR;
files \fIsize\fR;
- heartbeat-interval \fIinteger\fR;
- host-statistics \fIboolean\fR; // not implemented
- host-statistics-max \fInumber\fR; // not implemented
+ heartbeat\-interval \fIinteger\fR;
+ host\-statistics \fIboolean\fR; // not implemented
+ host\-statistics\-max \fInumber\fR; // not implemented
hostname ( \fIquoted_string\fR | none );
- interface-interval \fIinteger\fR;
- listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
- listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
- match-mapped-addresses \fIboolean\fR;
- memstatistics-file \fIquoted_string\fR;
- pid-file ( \fIquoted_string\fR | none );
+ interface\-interval \fIinteger\fR;
+ listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+ listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+ match\-mapped\-addresses \fIboolean\fR;
+ memstatistics\-file \fIquoted_string\fR;
+ pid\-file ( \fIquoted_string\fR | none );
port \fIinteger\fR;
querylog \fIboolean\fR;
- recursing-file \fIquoted_string\fR;
- random-device \fIquoted_string\fR;
- recursive-clients \fIinteger\fR;
- serial-query-rate \fIinteger\fR;
- server-id ( \fIquoted_string\fR | none |;
+ recursing\-file \fIquoted_string\fR;
+ random\-device \fIquoted_string\fR;
+ recursive\-clients \fIinteger\fR;
+ serial\-query\-rate \fIinteger\fR;
+ server\-id ( \fIquoted_string\fR | none |;
stacksize \fIsize\fR;
- statistics-file \fIquoted_string\fR;
- statistics-interval \fIinteger\fR; // not yet implemented
- tcp-clients \fIinteger\fR;
- tcp-listen-queue \fIinteger\fR;
- tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
- tkey-gssapi-credential \fIquoted_string\fR;
- tkey-domain \fIquoted_string\fR;
- transfers-per-ns \fIinteger\fR;
- transfers-in \fIinteger\fR;
- transfers-out \fIinteger\fR;
- use-ixfr \fIboolean\fR;
+ statistics\-file \fIquoted_string\fR;
+ statistics\-interval \fIinteger\fR; // not yet implemented
+ tcp\-clients \fIinteger\fR;
+ tcp\-listen\-queue \fIinteger\fR;
+ tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
+ tkey\-gssapi\-credential \fIquoted_string\fR;
+ tkey\-domain \fIquoted_string\fR;
+ transfers\-per\-ns \fIinteger\fR;
+ transfers\-in \fIinteger\fR;
+ transfers\-out \fIinteger\fR;
+ use\-ixfr \fIboolean\fR;
version ( \fIquoted_string\fR | none );
- allow-recursion { \fIaddress_match_element\fR; ... };
+ allow\-recursion { \fIaddress_match_element\fR; ... };
sortlist { \fIaddress_match_element\fR; ... };
topology { \fIaddress_match_element\fR; ... }; // not implemented
- auth-nxdomain \fIboolean\fR; // default changed
- minimal-responses \fIboolean\fR;
+ auth\-nxdomain \fIboolean\fR; // default changed
+ minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
- rrset-order {
+ rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
};
- provide-ixfr \fIboolean\fR;
- request-ixfr \fIboolean\fR;
- rfc2308-type1 \fIboolean\fR; // not yet implemented
- additional-from-auth \fIboolean\fR;
- additional-from-cache \fIboolean\fR;
- query-source \fIquerysource4\fR;
- query-source-v6 \fIquerysource6\fR;
- cleaning-interval \fIinteger\fR;
- min-roots \fIinteger\fR; // not implemented
- lame-ttl \fIinteger\fR;
- max-ncache-ttl \fIinteger\fR;
- max-cache-ttl \fIinteger\fR;
- transfer-format ( many-answers | one-answer );
- max-cache-size \fIsize_no_default\fR;
- check-names ( master | slave | response )
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ rfc2308\-type1 \fIboolean\fR; // not yet implemented
+ additional\-from\-auth \fIboolean\fR;
+ additional\-from\-cache \fIboolean\fR;
+ query\-source \fIquerysource4\fR;
+ query\-source\-v6 \fIquerysource6\fR;
+ cleaning\-interval \fIinteger\fR;
+ min\-roots \fIinteger\fR; // not implemented
+ lame\-ttl \fIinteger\fR;
+ max\-ncache\-ttl \fIinteger\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ max\-cache\-size \fIsize_no_default\fR;
+ check\-names ( master | slave | response )
( fail | warn | ignore );
- cache-file \fIquoted_string\fR;
- suppress-initial-notify \fIboolean\fR; // not yet implemented
- preferred-glue \fIstring\fR;
- dual-stack-servers [ port \fIinteger\fR ] {
+ cache\-file \fIquoted_string\fR;
+ suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+ preferred\-glue \fIstring\fR;
+ dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ); ...
}
- edns-udp-size \fIinteger\fR;
- root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
- disable-algorithms \fIstring\fR { \fIstring\fR; ... };
- dnssec-enable \fIboolean\fR;
- dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
- dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
-
+ edns\-udp\-size \fIinteger\fR;
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dialup \fIdialuptype\fR;
- ixfr-from-differences \fIixfrdiff\fR;
-
- allow-query { \fIaddress_match_element\fR; ... };
- allow-transfer { \fIaddress_match_element\fR; ... };
- allow-update-forwarding { \fIaddress_match_element\fR; ... };
-
+ ixfr\-from\-differences \fIixfrdiff\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
notify \fInotifytype\fR;
- notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
- allow-notify { \fIaddress_match_element\fR; ... };
-
+ allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
-
- max-journal-size \fIsize_no_default\fR;
- max-transfer-time-in \fIinteger\fR;
- max-transfer-time-out \fIinteger\fR;
- max-transfer-idle-in \fIinteger\fR;
- max-transfer-idle-out \fIinteger\fR;
- max-retry-time \fIinteger\fR;
- min-retry-time \fIinteger\fR;
- max-refresh-time \fIinteger\fR;
- min-refresh-time \fIinteger\fR;
- multi-master \fIboolean\fR;
- sig-validity-interval \fIinteger\fR;
-
- transfer-source ( \fIipv4_address\fR | * )
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- transfer-source-v6 ( \fIipv6_address\fR | * )
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
-
- alt-transfer-source ( \fIipv4_address\fR | * )
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- use-alt-transfer-source \fIboolean\fR;
-
- zone-statistics \fIboolean\fR;
- key-directory \fIquoted_string\fR;
-
- allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
- deallocate-on-exit \fIboolean\fR; // obsolete
- fake-iquery \fIboolean\fR; // obsolete
- fetch-glue \fIboolean\fR; // obsolete
- has-old-clients \fIboolean\fR; // obsolete
- maintain-ixfr-base \fIboolean\fR; // obsolete
- max-ixfr-log-size \fIsize\fR; // obsolete
- multiple-cnames \fIboolean\fR; // obsolete
- named-xfer \fIquoted_string\fR; // obsolete
- serial-queries \fIinteger\fR; // obsolete
- treat-cr-as-space \fIboolean\fR; // obsolete
- use-id-pool \fIboolean\fR; // obsolete
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ deallocate\-on\-exit \fIboolean\fR; // obsolete
+ fake\-iquery \fIboolean\fR; // obsolete
+ fetch\-glue \fIboolean\fR; // obsolete
+ has\-old\-clients \fIboolean\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
+ multiple\-cnames \fIboolean\fR; // obsolete
+ named\-xfer \fIquoted_string\fR; // obsolete
+ serial\-queries \fIinteger\fR; // obsolete
+ treat\-cr\-as\-space \fIboolean\fR; // obsolete
+ use\-id\-pool \fIboolean\fR; // obsolete
};
-.sp
.fi
.SH "VIEW"
.sp
.nf
view \fIstring\fR \fIoptional_class\fR {
- match-clients { \fIaddress_match_element\fR; ... };
- match-destinations { \fIaddress_match_element\fR; ... };
- match-recursive-only \fIboolean\fR;
-
+ match\-clients { \fIaddress_match_element\fR; ... };
+ match\-destinations { \fIaddress_match_element\fR; ... };
+ match\-recursive\-only \fIboolean\fR;
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
-
zone \fIstring\fR \fIoptional_class\fR {
...
};
-
server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
...
};
-
- trusted-keys {
+ trusted\-keys {
\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
};
-
- allow-recursion { \fIaddress_match_element\fR; ... };
+ allow\-recursion { \fIaddress_match_element\fR; ... };
sortlist { \fIaddress_match_element\fR; ... };
topology { \fIaddress_match_element\fR; ... }; // not implemented
- auth-nxdomain \fIboolean\fR; // default changed
- minimal-responses \fIboolean\fR;
+ auth\-nxdomain \fIboolean\fR; // default changed
+ minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
- rrset-order {
+ rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
};
- provide-ixfr \fIboolean\fR;
- request-ixfr \fIboolean\fR;
- rfc2308-type1 \fIboolean\fR; // not yet implemented
- additional-from-auth \fIboolean\fR;
- additional-from-cache \fIboolean\fR;
- query-source \fIquerysource4\fR;
- query-source-v6 \fIquerysource6\fR;
- cleaning-interval \fIinteger\fR;
- min-roots \fIinteger\fR; // not implemented
- lame-ttl \fIinteger\fR;
- max-ncache-ttl \fIinteger\fR;
- max-cache-ttl \fIinteger\fR;
- transfer-format ( many-answers | one-answer );
- max-cache-size \fIsize_no_default\fR;
- check-names ( master | slave | response )
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ rfc2308\-type1 \fIboolean\fR; // not yet implemented
+ additional\-from\-auth \fIboolean\fR;
+ additional\-from\-cache \fIboolean\fR;
+ query\-source \fIquerysource4\fR;
+ query\-source\-v6 \fIquerysource6\fR;
+ cleaning\-interval \fIinteger\fR;
+ min\-roots \fIinteger\fR; // not implemented
+ lame\-ttl \fIinteger\fR;
+ max\-ncache\-ttl \fIinteger\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ max\-cache\-size \fIsize_no_default\fR;
+ check\-names ( master | slave | response )
( fail | warn | ignore );
- cache-file \fIquoted_string\fR;
- suppress-initial-notify \fIboolean\fR; // not yet implemented
- preferred-glue \fIstring\fR;
- dual-stack-servers [ port \fIinteger\fR ] {
+ cache\-file \fIquoted_string\fR;
+ suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+ preferred\-glue \fIstring\fR;
+ dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ); ...
};
- edns-udp-size \fIinteger\fR;
- root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
- disable-algorithms \fIstring\fR { \fIstring\fR; ... };
- dnssec-enable \fIboolean\fR;
- dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
-
- dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
+ edns\-udp\-size \fIinteger\fR;
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dialup \fIdialuptype\fR;
- ixfr-from-differences \fIixfrdiff\fR;
-
- allow-query { \fIaddress_match_element\fR; ... };
- allow-transfer { \fIaddress_match_element\fR; ... };
- allow-update-forwarding { \fIaddress_match_element\fR; ... };
-
+ ixfr\-from\-differences \fIixfrdiff\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
notify \fInotifytype\fR;
- notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
- allow-notify { \fIaddress_match_element\fR; ... };
-
+ allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
-
- max-journal-size \fIsize_no_default\fR;
- max-transfer-time-in \fIinteger\fR;
- max-transfer-time-out \fIinteger\fR;
- max-transfer-idle-in \fIinteger\fR;
- max-transfer-idle-out \fIinteger\fR;
- max-retry-time \fIinteger\fR;
- min-retry-time \fIinteger\fR;
- max-refresh-time \fIinteger\fR;
- min-refresh-time \fIinteger\fR;
- multi-master \fIboolean\fR;
- sig-validity-interval \fIinteger\fR;
-
- transfer-source ( \fIipv4_address\fR | * )
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- transfer-source-v6 ( \fIipv6_address\fR | * )
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
-
- alt-transfer-source ( \fIipv4_address\fR | * )
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- use-alt-transfer-source \fIboolean\fR;
-
- zone-statistics \fIboolean\fR;
- key-directory \fIquoted_string\fR;
-
- allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
- fetch-glue \fIboolean\fR; // obsolete
- maintain-ixfr-base \fIboolean\fR; // obsolete
- max-ixfr-log-size \fIsize\fR; // obsolete
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ fetch\-glue \fIboolean\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
};
-.sp
.fi
.SH "ZONE"
.sp
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint |
- forward | delegation-only );
+ forward | delegation\-only );
file \fIquoted_string\fR;
-
masters [ port \fIinteger\fR ] {
( \fImasters\fR |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
};
-
database \fIstring\fR;
- delegation-only \fIboolean\fR;
- check-names ( fail | warn | ignore );
+ delegation\-only \fIboolean\fR;
+ check\-names ( fail | warn | ignore );
dialup \fIdialuptype\fR;
- ixfr-from-differences \fIboolean\fR;
-
- allow-query { \fIaddress_match_element\fR; ... };
- allow-transfer { \fIaddress_match_element\fR; ... };
- allow-update { \fIaddress_match_element\fR; ... };
- allow-update-forwarding { \fIaddress_match_element\fR; ... };
- update-policy {
+ ixfr\-from\-differences \fIboolean\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ update\-policy {
( grant | deny ) \fIstring\fR
( name | subdomain | wildcard | self ) \fIstring\fR
\fIrrtypelist\fR; ...
};
-
notify \fInotifytype\fR;
- notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
- allow-notify { \fIaddress_match_element\fR; ... };
-
+ allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
-
- max-journal-size \fIsize_no_default\fR;
- max-transfer-time-in \fIinteger\fR;
- max-transfer-time-out \fIinteger\fR;
- max-transfer-idle-in \fIinteger\fR;
- max-transfer-idle-out \fIinteger\fR;
- max-retry-time \fIinteger\fR;
- min-retry-time \fIinteger\fR;
- max-refresh-time \fIinteger\fR;
- min-refresh-time \fIinteger\fR;
- multi-master \fIboolean\fR;
- sig-validity-interval \fIinteger\fR;
-
- transfer-source ( \fIipv4_address\fR | * )
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- transfer-source-v6 ( \fIipv6_address\fR | * )
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
-
- alt-transfer-source ( \fIipv4_address\fR | * )
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
- use-alt-transfer-source \fIboolean\fR;
-
- zone-statistics \fIboolean\fR;
- key-directory \fIquoted_string\fR;
-
- ixfr-base \fIquoted_string\fR; // obsolete
- ixfr-tmp-file \fIquoted_string\fR; // obsolete
- maintain-ixfr-base \fIboolean\fR; // obsolete
- max-ixfr-log-size \fIsize\fR; // obsolete
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ ixfr\-base \fIquoted_string\fR; // obsolete
+ ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
};
-.sp
.fi
.SH "FILES"
.PP
@@ -472,4 +435,4 @@ zone \fIstring\fR \fIoptional_class\fR {
.PP
\fBnamed\fR(8),
\fBrndc\fR(8),
-\fBBIND 9 Adminstrators Reference Manual\fR.
+\fBBIND 9 Adminstrators Reference Manual\fR().
diff --git a/contrib/bind9/bin/named/named.conf.docbook b/contrib/bind9/bin/named/named.conf.docbook
index b5a71dcf1b3c..4ba10844cc32 100644
--- a/contrib/bind9/bin/named/named.conf.docbook
+++ b/contrib/bind9/bin/named/named.conf.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.docbook,v 1.1.4.2 2004/10/17 23:19:49 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.1.4.4 2005/05/13 01:22:33 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -28,6 +30,14 @@
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
<refnamediv>
<refname><filename>named.conf</filename></refname>
<refpurpose>configuration file for named</refpurpose>
@@ -61,35 +71,35 @@
<refsect1>
<title>ACL</title>
-<LITERALLAYOUT>
+<literallayout>
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>KEY</title>
-<LITERALLAYOUT>
+<literallayout>
key <replaceable>domain_name</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>MASTERS</title>
-<LITERALLAYOUT>
+<literallayout>
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>SERVER</title>
-<LITERALLAYOUT>
+<literallayout>
server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) {
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
@@ -105,21 +115,21 @@ server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</re
support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>TRUSTED-KEYS</title>
-<LITERALLAYOUT>
+<literallayout>
trusted-keys {
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>CONTROLS</title>
-<LITERALLAYOUT>
+<literallayout>
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
@@ -127,12 +137,12 @@ controls {
<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
unix <replaceable>unsupported</replaceable>; // not implemented
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>LOGGING</title>
-<LITERALLAYOUT>
+<literallayout>
logging {
channel <replaceable>string</replaceable> {
file <replaceable>log_file</replaceable>;
@@ -146,12 +156,12 @@ logging {
};
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>LWRES</title>
-<LITERALLAYOUT>
+<literallayout>
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
@@ -160,12 +170,12 @@ lwres {
search { <replaceable>string</replaceable>; ... };
ndots <replaceable>integer</replaceable>;
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>OPTIONS</title>
-<LITERALLAYOUT>
+<literallayout>
options {
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
@@ -304,12 +314,12 @@ options {
treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
use-id-pool <replaceable>boolean</replaceable>; // obsolete
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>VIEW</title>
-<LITERALLAYOUT>
+<literallayout>
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
match-clients { <replaceable>address_match_element</replaceable>; ... };
match-destinations { <replaceable>address_match_element</replaceable>; ... };
@@ -423,12 +433,12 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
<title>ZONE</title>
-<LITERALLAYOUT>
+<literallayout>
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
type ( master | slave | stub | hint |
forward | delegation-only );
@@ -500,7 +510,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
};
-</LITERALLAYOUT>
+</literallayout>
</refsect1>
<refsect1>
diff --git a/contrib/bind9/bin/named/named.conf.html b/contrib/bind9/bin/named/named.conf.html
index 7f8bb2ec61f3..8b3b517d7d73 100644
--- a/contrib/bind9/bin/named/named.conf.html
+++ b/contrib/bind9/bin/named/named.conf.html
@@ -1,1897 +1,500 @@
<!--
- - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id: named.conf.html,v 1.1.4.4 2004/10/18 02:33:06 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->named.conf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><TT
-CLASS="FILENAME"
->named.conf</TT
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><TT
-CLASS="FILENAME"
->named.conf</TT
->&nbsp;--&nbsp;configuration file for named</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named.conf</B
-> </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN16"
-></A
-><H2
->DESCRIPTION</H2
-><P
-> <TT
-CLASS="FILENAME"
->named.conf</TT
-> is the configuration file for
- <B
-CLASS="COMMAND"
->named</B
->. Statements are enclosed
+<!-- $Id: named.conf.html,v 1.1.4.10 2005/10/13 02:33:48 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525889"></a><h2>DESCRIPTION</h2>
+<p>
+ <code class="filename">named.conf</code> is the configuration file for
+ <span><strong class="command">named</strong></span>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
- </P
-><P
-> C style: /* */
- </P
-><P
-> C++ style: // to end of line
- </P
-><P
-> Unix style: # to end of line
- </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN24"
-></A
-><H2
->ACL</H2
-><P
-CLASS="LITERALLAYOUT"
->acl&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>&#13;</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN29"
-></A
-><H2
->KEY</H2
-><P
-CLASS="LITERALLAYOUT"
->key&nbsp;<VAR
-CLASS="REPLACEABLE"
->domain_name</VAR
->&nbsp;{<br>
- algorithm&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
- secret&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN35"
-></A
-><H2
->MASTERS</H2
-><P
-CLASS="LITERALLAYOUT"
->masters&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
- (&nbsp;<VAR
-CLASS="REPLACEABLE"
->masters</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
- <VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> key <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->];&nbsp;...<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN50"
-></A
-><H2
->SERVER</H2
-><P
-CLASS="LITERALLAYOUT"
->server&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;{<br>
- bogus&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
- edns&nbsp;<VAR
-CLASS="REPLA