aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2008-07-12 08:12:46 +0000
committerDoug Barton <dougb@FreeBSD.org>2008-07-12 08:12:46 +0000
commitcba78608de638f8cc6d1d48a2b3072e82386b70d (patch)
tree2857dd6ab984105d7ac37bbcfc816607c48ccc1d
parentf16b9a8f9e30675de8048c5832ffbb3f50f2fdc4 (diff)
downloadsrc-cba78608de638f8cc6d1d48a2b3072e82386b70d.tar.gz
src-cba78608de638f8cc6d1d48a2b3072e82386b70d.zip
Vendor import of BIND 9.3.5vendor/bind9/9.3.5
Notes
Notes: svn path=/vendor/bind9/dist-9.3/; revision=180470 svn path=/vendor/bind9/9.3.5/; revision=180471; tag=vendor/bind9/9.3.5
-rw-r--r--CHANGES426
-rw-r--r--COPYRIGHT6
-rw-r--r--FAQ841
-rw-r--r--FAQ.xml1078
-rw-r--r--Makefile.in8
-rw-r--r--README8
-rw-r--r--bin/check/check-tool.c10
-rw-r--r--bin/check/check-tool.h8
-rw-r--r--bin/check/named-checkconf.838
-rw-r--r--bin/check/named-checkconf.c8
-rw-r--r--bin/check/named-checkconf.docbook21
-rw-r--r--bin/check/named-checkconf.html25
-rw-r--r--bin/check/named-checkzone.868
-rw-r--r--bin/check/named-checkzone.docbook19
-rw-r--r--bin/check/named-checkzone.html23
-rw-r--r--bin/dig/Makefile.in8
-rw-r--r--bin/dig/dig.1209
-rw-r--r--bin/dig/dig.c117
-rw-r--r--bin/dig/dig.docbook41
-rw-r--r--bin/dig/dig.html52
-rw-r--r--bin/dig/dighost.c150
-rw-r--r--bin/dig/host.117
-rw-r--r--bin/dig/host.c12
-rw-r--r--bin/dig/host.docbook18
-rw-r--r--bin/dig/host.html20
-rw-r--r--bin/dig/include/dig/dig.h11
-rw-r--r--bin/dig/nslookup.1141
-rw-r--r--bin/dig/nslookup.c11
-rw-r--r--bin/dig/nslookup.docbook23
-rw-r--r--bin/dig/nslookup.html32
-rw-r--r--bin/dnssec/Makefile.in8
-rw-r--r--bin/dnssec/dnssec-keygen.885
-rw-r--r--bin/dnssec/dnssec-keygen.c8
-rw-r--r--bin/dnssec/dnssec-keygen.docbook21
-rw-r--r--bin/dnssec/dnssec-keygen.html30
-rw-r--r--bin/dnssec/dnssec-signzone.8130
-rw-r--r--bin/dnssec/dnssec-signzone.c69
-rw-r--r--bin/dnssec/dnssec-signzone.docbook58
-rw-r--r--bin/dnssec/dnssec-signzone.html65
-rw-r--r--bin/named/Makefile.in8
-rw-r--r--bin/named/aclconf.c8
-rw-r--r--bin/named/client.c35
-rw-r--r--bin/named/config.c10
-rw-r--r--bin/named/control.c8
-rw-r--r--bin/named/controlconf.c91
-rw-r--r--bin/named/include/named/builtin.h8
-rw-r--r--bin/named/include/named/config.h8
-rw-r--r--bin/named/include/named/interfacemgr.h8
-rw-r--r--bin/named/include/named/log.h8
-rw-r--r--bin/named/include/named/main.h8
-rw-r--r--bin/named/include/named/query.h8
-rw-r--r--bin/named/include/named/zoneconf.h8
-rw-r--r--bin/named/interfacemgr.c8
-rw-r--r--bin/named/log.c8
-rw-r--r--bin/named/logconf.c8
-rw-r--r--bin/named/lwaddr.c8
-rw-r--r--bin/named/lwdclient.c8
-rw-r--r--bin/named/lwdgabn.c8
-rw-r--r--bin/named/lwdgnba.c10
-rw-r--r--bin/named/lwdgrbn.c4
-rw-r--r--bin/named/lwdnoop.c23
-rw-r--r--bin/named/lwresd.8120
-rw-r--r--bin/named/lwresd.docbook122
-rw-r--r--bin/named/lwresd.html93
-rw-r--r--bin/named/named.8102
-rw-r--r--bin/named/named.conf.534
-rw-r--r--bin/named/named.conf.docbook40
-rw-r--r--bin/named/named.conf.html45
-rw-r--r--bin/named/named.docbook44
-rw-r--r--bin/named/named.html45
-rw-r--r--bin/named/query.c110
-rw-r--r--bin/named/server.c143
-rw-r--r--bin/named/sortlist.c8
-rw-r--r--bin/named/tsigconf.c8
-rw-r--r--bin/named/unix/Makefile.in8
-rw-r--r--bin/named/unix/include/named/os.h8
-rw-r--r--bin/named/unix/os.c24
-rw-r--r--bin/named/update.c33
-rw-r--r--bin/nsupdate/Makefile.in8
-rw-r--r--bin/nsupdate/nsupdate.8133
-rw-r--r--bin/nsupdate/nsupdate.c97
-rw-r--r--bin/nsupdate/nsupdate.docbook60
-rw-r--r--bin/nsupdate/nsupdate.html97
-rw-r--r--bin/rndc/Makefile.in10
-rw-r--r--bin/rndc/rndc-confgen.851
-rw-r--r--bin/rndc/rndc-confgen.docbook11
-rw-r--r--bin/rndc/rndc-confgen.html18
-rw-r--r--bin/rndc/rndc.853
-rw-r--r--bin/rndc/rndc.conf.515
-rw-r--r--bin/rndc/rndc.conf.docbook13
-rw-r--r--bin/rndc/rndc.conf.html20
-rw-r--r--bin/rndc/rndc.docbook42
-rw-r--r--bin/rndc/rndc.html46
-rw-r--r--bin/rndc/unix/Makefile.in8
-rw-r--r--configure.in76
-rw-r--r--doc/arm/Bv9ARM-book.xml177
-rw-r--r--doc/arm/Bv9ARM.ch01.html62
-rw-r--r--doc/arm/Bv9ARM.ch02.html28
-rw-r--r--doc/arm/Bv9ARM.ch03.html40
-rw-r--r--doc/arm/Bv9ARM.ch04.html84
-rw-r--r--doc/arm/Bv9ARM.ch05.html10
-rw-r--r--doc/arm/Bv9ARM.ch06.html217
-rw-r--r--doc/arm/Bv9ARM.ch07.html20
-rw-r--r--doc/arm/Bv9ARM.ch08.html44
-rw-r--r--doc/arm/Bv9ARM.ch09.html123
-rw-r--r--doc/arm/Bv9ARM.html153
-rw-r--r--[-rwxr-xr-x]doc/arm/Bv9ARM.pdf9291
-rw-r--r--doc/arm/Makefile.in20
-rw-r--r--doc/misc/Makefile.in28
-rw-r--r--doc/misc/dnssec6
-rw-r--r--doc/misc/format-options.pl29
-rw-r--r--doc/misc/migration12
-rw-r--r--doc/misc/options521
-rwxr-xr-xdoc/misc/sort-options.pl50
-rw-r--r--doc/rfc/index11
-rw-r--r--doc/rfc/rfc4193.txt899
-rw-r--r--doc/rfc/rfc4255.txt507
-rw-r--r--doc/rfc/rfc4343.txt563
-rw-r--r--doc/rfc/rfc4367.txt955
-rw-r--r--doc/rfc/rfc4398.txt955
-rw-r--r--doc/rfc/rfc4408.txt2691
-rw-r--r--doc/rfc/rfc4431.txt227
-rw-r--r--doc/rfc/rfc4470.txt451
-rw-r--r--doc/rfc/rfc4634.txt6051
-rw-r--r--doc/rfc/rfc4641.txt1963
-rw-r--r--lib/Makefile.in8
-rw-r--r--lib/bind/api2
-rw-r--r--lib/bind/configure.in50
-rw-r--r--lib/bind/dst/dst_api.c5
-rw-r--r--lib/bind/dst/hmac_link.c26
-rw-r--r--lib/bind/include/Makefile.in8
-rw-r--r--lib/bind/include/isc/eventlib.h4
-rw-r--r--lib/bind/include/isc/platform.h.in36
-rw-r--r--lib/bind/inet/inet_network.c4
-rw-r--r--lib/bind/irs/dns_ho.c6
-rw-r--r--lib/bind/irs/gai_strerror.c4
-rw-r--r--lib/bind/irs/irp_ng.c6
-rw-r--r--lib/bind/irs/irs_data.c6
-rw-r--r--lib/bind/isc/ctl_clnt.c15
-rw-r--r--lib/bind/isc/ctl_srvr.c6
-rw-r--r--lib/bind/make/rules.in8
-rw-r--r--lib/bind/nameser/ns_parse.c4
-rw-r--r--lib/bind/port_after.h.in7
-rw-r--r--lib/bind/port_before.h.in10
-rw-r--r--lib/bind/resolv/res_data.c8
-rw-r--r--lib/bind/resolv/res_init.c41
-rw-r--r--lib/bind/resolv/res_send.c28
-rw-r--r--lib/bind9/Makefile.in8
-rw-r--r--lib/bind9/api2
-rw-r--r--lib/bind9/check.c19
-rw-r--r--lib/bind9/getaddresses.c8
-rw-r--r--lib/bind9/include/Makefile.in8
-rw-r--r--lib/bind9/include/bind9/Makefile.in8
-rw-r--r--lib/bind9/include/bind9/check.h8
-rw-r--r--lib/bind9/include/bind9/getaddresses.h8
-rw-r--r--lib/bind9/include/bind9/version.h8
-rw-r--r--lib/bind9/version.c8
-rw-r--r--lib/dns/acl.c8
-rw-r--r--lib/dns/adb.c12
-rw-r--r--lib/dns/api6
-rw-r--r--lib/dns/dbtable.c8
-rw-r--r--lib/dns/dispatch.c511
-rw-r--r--lib/dns/dnssec.c40
-rw-r--r--lib/dns/dst_parse.c8
-rw-r--r--lib/dns/gen-unix.h8
-rw-r--r--lib/dns/include/dns/acl.h8
-rw-r--r--lib/dns/include/dns/cache.h8
-rw-r--r--lib/dns/include/dns/callbacks.h8
-rw-r--r--lib/dns/include/dns/compress.h8
-rw-r--r--lib/dns/include/dns/db.h8
-rw-r--r--lib/dns/include/dns/diff.h8
-rw-r--r--lib/dns/include/dns/dispatch.h13
-rw-r--r--lib/dns/include/dns/dnssec.h8
-rw-r--r--lib/dns/include/dns/events.h8
-rw-r--r--lib/dns/include/dns/journal.h8
-rw-r--r--lib/dns/include/dns/lib.h8
-rw-r--r--lib/dns/include/dns/master.h8
-rw-r--r--lib/dns/include/dns/masterdump.h8
-rw-r--r--lib/dns/include/dns/ncache.h8
-rw-r--r--lib/dns/include/dns/opcode.h8
-rw-r--r--lib/dns/include/dns/order.h8
-rw-r--r--lib/dns/include/dns/rbt.h8
-rw-r--r--lib/dns/include/dns/rdataslab.h8
-rw-r--r--lib/dns/include/dns/request.h8
-rw-r--r--lib/dns/include/dns/sdb.h8
-rw-r--r--lib/dns/include/dns/time.h8
-rw-r--r--lib/dns/include/dns/tsig.h8
-rw-r--r--lib/dns/include/dns/validator.h19
-rw-r--r--lib/dns/include/dns/version.h8
-rw-r--r--lib/dns/include/dns/zt.h8
-rw-r--r--lib/dns/journal.c172
-rw-r--r--lib/dns/keytable.c8
-rw-r--r--lib/dns/lib.c8
-rw-r--r--lib/dns/lookup.c32
-rw-r--r--lib/dns/master.c52
-rw-r--r--lib/dns/message.c21
-rw-r--r--lib/dns/name.c20
-rw-r--r--lib/dns/openssl_link.c12
-rw-r--r--lib/dns/openssldh_link.c99
-rw-r--r--lib/dns/openssldsa_link.c103
-rw-r--r--lib/dns/order.c8
-rw-r--r--lib/dns/rbt.c25
-rw-r--r--lib/dns/rbtdb.c78
-rw-r--r--lib/dns/rdata/generic/dlv_32769.c40
-rw-r--r--lib/dns/rdata/generic/ds_43.c40
-rw-r--r--lib/dns/rdata/generic/gpos_27.c8
-rw-r--r--lib/dns/rdata/generic/hinfo_13.c8
-rw-r--r--lib/dns/rdata/generic/isdn_20.c8
-rw-r--r--lib/dns/rdata/generic/minfo_14.c8
-rw-r--r--lib/dns/rdata/generic/null_10.c8
-rw-r--r--lib/dns/rdata/generic/nxt_30.h8
-rw-r--r--lib/dns/rdata/generic/opt_41.c8
-rw-r--r--lib/dns/rdata/generic/proforma.c8
-rw-r--r--lib/dns/rdata/generic/rp_17.c8
-rw-r--r--lib/dns/rdata/generic/soa_6.c8
-rw-r--r--lib/dns/rdata/generic/txt_16.c8
-rw-r--r--lib/dns/rdata/generic/unspec_103.c8
-rw-r--r--lib/dns/rdata/generic/x25_19.c8
-rw-r--r--lib/dns/rdata/hs_4/a_1.c8
-rw-r--r--lib/dns/rdata/in_1/a_1.c8
-rw-r--r--lib/dns/rdata/in_1/aaaa_28.c8
-rw-r--r--lib/dns/rdata/in_1/apl_42.c69
-rw-r--r--lib/dns/rdata/in_1/apl_42.h8
-rw-r--r--lib/dns/rdata/in_1/nsap_22.c8
-rw-r--r--lib/dns/rdata/in_1/wks_11.c8
-rw-r--r--lib/dns/request.c8
-rw-r--r--lib/dns/resolver.c222
-rw-r--r--lib/dns/rootns.c26
-rw-r--r--lib/dns/sdb.c26
-rw-r--r--lib/dns/tkey.c14
-rw-r--r--lib/dns/tsig.c20
-rw-r--r--lib/dns/ttl.c8
-rw-r--r--lib/dns/validator.c203
-rw-r--r--lib/dns/version.c8
-rw-r--r--lib/dns/view.c7
-rw-r--r--lib/dns/xfrin.c17
-rw-r--r--lib/dns/zone.c186
-rw-r--r--lib/dns/zt.c8
-rw-r--r--lib/isc/api2
-rw-r--r--lib/isc/buffer.c8
-rw-r--r--lib/isc/event.c8
-rw-r--r--lib/isc/heap.c8
-rw-r--r--lib/isc/hmacmd5.c8
-rw-r--r--lib/isc/include/isc/buffer.h8
-rw-r--r--lib/isc/include/isc/entropy.h8
-rw-r--r--lib/isc/include/isc/event.h8
-rw-r--r--lib/isc/include/isc/file.h8
-rw-r--r--lib/isc/include/isc/ipv6.h8
-rw-r--r--lib/isc/include/isc/lex.h8
-rw-r--r--lib/isc/include/isc/lib.h8
-rw-r--r--lib/isc/include/isc/list.h8
-rw-r--r--lib/isc/include/isc/log.h8
-rw-r--r--lib/isc/include/isc/mem.h8
-rw-r--r--lib/isc/include/isc/netaddr.h8
-rw-r--r--lib/isc/include/isc/netscope.h8
-rw-r--r--lib/isc/include/isc/parseint.h8
-rw-r--r--lib/isc/include/isc/platform.h.in11
-rw-r--r--lib/isc/include/isc/quota.h8
-rw-r--r--lib/isc/include/isc/ratelimiter.h8
-rw-r--r--lib/isc/include/isc/region.h8
-rw-r--r--lib/isc/include/isc/result.h8
-rw-r--r--lib/isc/include/isc/socket.h8
-rw-r--r--lib/isc/include/isc/string.h14
-rw-r--r--lib/isc/include/isc/timer.h8
-rw-r--r--lib/isc/include/isc/util.h8
-rw-r--r--lib/isc/include/isc/version.h8
-rw-r--r--lib/isc/inet_aton.c8
-rw-r--r--lib/isc/inet_ntop.c8
-rw-r--r--lib/isc/lfsr.c8
-rw-r--r--lib/isc/lib.c8
-rw-r--r--lib/isc/mem.c33
-rw-r--r--lib/isc/mutexblock.c8
-rw-r--r--lib/isc/netaddr.c8
-rw-r--r--lib/isc/netscope.c8
-rw-r--r--lib/isc/nls/msgcat.c8
-rw-r--r--lib/isc/nothreads/condition.c8
-rw-r--r--lib/isc/nothreads/mutex.c8
-rw-r--r--lib/isc/pthreads/condition.c8
-rw-r--r--lib/isc/pthreads/include/isc/mutex.h8
-rw-r--r--lib/isc/pthreads/mutex.c8
-rw-r--r--lib/isc/quota.c8
-rw-r--r--lib/isc/ratelimiter.c8
-rw-r--r--lib/isc/region.c8
-rw-r--r--lib/isc/result.c8
-rw-r--r--lib/isc/symtab.c8
-rw-r--r--lib/isc/taskpool.c8
-rw-r--r--lib/isc/timer.c51
-rw-r--r--lib/isc/timer_p.h8
-rw-r--r--lib/isc/unix/Makefile.in8
-rw-r--r--lib/isc/unix/app.c20
-rw-r--r--lib/isc/unix/dir.c8
-rw-r--r--lib/isc/unix/entropy.c7
-rw-r--r--lib/isc/unix/errno2result.c8
-rw-r--r--lib/isc/unix/file.c8
-rw-r--r--lib/isc/unix/ifiter_getifaddrs.c10
-rw-r--r--lib/isc/unix/ifiter_ioctl.c13
-rw-r--r--lib/isc/unix/include/isc/dir.h8
-rw-r--r--lib/isc/unix/include/isc/strerror.h8
-rw-r--r--lib/isc/unix/include/isc/time.h8
-rw-r--r--lib/isc/unix/keyboard.c8
-rw-r--r--lib/isc/unix/net.c29
-rw-r--r--lib/isc/unix/os.c8
-rw-r--r--lib/isc/unix/resource.c77
-rw-r--r--lib/isc/unix/socket.c99
-rw-r--r--lib/isc/unix/stdtime.c8
-rw-r--r--lib/isc/unix/strerror.c8
-rw-r--r--lib/isc/unix/syslog.c10
-rw-r--r--lib/isc/version.c8
-rw-r--r--lib/isccc/api2
-rw-r--r--lib/isccc/cc.c19
-rw-r--r--lib/isccc/include/isccc/Makefile.in8
-rw-r--r--lib/isccc/include/isccc/lib.h8
-rw-r--r--lib/isccc/include/isccc/version.h8
-rw-r--r--lib/isccc/lib.c8
-rw-r--r--lib/isccc/sexpr.c8
-rw-r--r--lib/isccc/symtab.c10
-rw-r--r--lib/isccc/version.c8
-rw-r--r--lib/isccfg/api2
-rw-r--r--lib/isccfg/include/isccfg/Makefile.in8
-rw-r--r--lib/isccfg/include/isccfg/cfg.h8
-rw-r--r--lib/isccfg/include/isccfg/log.h8
-rw-r--r--lib/isccfg/include/isccfg/namedconf.h8
-rw-r--r--lib/isccfg/include/isccfg/version.h8
-rw-r--r--lib/isccfg/log.c8
-rw-r--r--lib/isccfg/namedconf.c56
-rw-r--r--lib/isccfg/version.c8
-rw-r--r--lib/lwres/Makefile.in8
-rw-r--r--lib/lwres/api6
-rw-r--r--lib/lwres/context.c28
-rw-r--r--lib/lwres/gai_strerror.c8
-rw-r--r--lib/lwres/getaddrinfo.c9
-rw-r--r--lib/lwres/getipnode.c22
-rw-r--r--lib/lwres/include/lwres/Makefile.in8
-rw-r--r--lib/lwres/include/lwres/lwres.h8
-rw-r--r--lib/lwres/include/lwres/platform.h.in8
-rw-r--r--lib/lwres/include/lwres/version.h8
-rw-r--r--lib/lwres/lwres_gabn.c8
-rw-r--r--lib/lwres/lwres_gnba.c9
-rw-r--r--lib/lwres/lwres_grbn.c8
-rw-r--r--lib/lwres/man/lwres.311
-rw-r--r--lib/lwres/man/lwres.docbook11
-rw-r--r--lib/lwres/man/lwres.html18
-rw-r--r--lib/lwres/man/lwres_buffer.313
-rw-r--r--lib/lwres/man/lwres_buffer.docbook11
-rw-r--r--lib/lwres/man/lwres_buffer.html132
-rw-r--r--lib/lwres/man/lwres_config.311
-rw-r--r--lib/lwres/man/lwres_config.docbook11
-rw-r--r--lib/lwres/man/lwres_config.html62
-rw-r--r--lib/lwres/man/lwres_context.311
-rw-r--r--lib/lwres/man/lwres_context.docbook11
-rw-r--r--lib/lwres/man/lwres_context.html63
-rw-r--r--lib/lwres/man/lwres_gabn.313
-rw-r--r--lib/lwres/man/lwres_gabn.docbook11
-rw-r--r--lib/lwres/man/lwres_gabn.html44
-rw-r--r--lib/lwres/man/lwres_gai_strerror.355
-rw-r--r--lib/lwres/man/lwres_gai_strerror.docbook11
-rw-r--r--lib/lwres/man/lwres_gai_strerror.html21
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.329
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.docbook11
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.html31
-rw-r--r--lib/lwres/man/lwres_gethostent.349
-rw-r--r--lib/lwres/man/lwres_gethostent.docbook11
-rw-r--r--lib/lwres/man/lwres_gethostent.html98
-rw-r--r--lib/lwres/man/lwres_getipnode.365
-rw-r--r--lib/lwres/man/lwres_getipnode.docbook11
-rw-r--r--lib/lwres/man/lwres_getipnode.html36
-rw-r--r--lib/lwres/man/lwres_getnameinfo.331
-rw-r--r--lib/lwres/man/lwres_getnameinfo.docbook11
-rw-r--r--lib/lwres/man/lwres_getnameinfo.html21
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.337
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.docbook11
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.html31
-rw-r--r--lib/lwres/man/lwres_gnba.313
-rw-r--r--lib/lwres/man/lwres_gnba.docbook11
-rw-r--r--lib/lwres/man/lwres_gnba.html53
-rw-r--r--lib/lwres/man/lwres_hstrerror.331
-rw-r--r--lib/lwres/man/lwres_hstrerror.docbook11
-rw-r--r--lib/lwres/man/lwres_hstrerror.html32
-rw-r--r--lib/lwres/man/lwres_inetntop.311
-rw-r--r--lib/lwres/man/lwres_inetntop.docbook11
-rw-r--r--lib/lwres/man/lwres_inetntop.html19
-rw-r--r--lib/lwres/man/lwres_noop.313
-rw-r--r--lib/lwres/man/lwres_noop.docbook11
-rw-r--r--lib/lwres/man/lwres_noop.html44
-rw-r--r--lib/lwres/man/lwres_packet.361
-rw-r--r--lib/lwres/man/lwres_packet.docbook11
-rw-r--r--lib/lwres/man/lwres_packet.html22
-rw-r--r--lib/lwres/man/lwres_resutil.313
-rw-r--r--lib/lwres/man/lwres_resutil.docbook11
-rw-r--r--lib/lwres/man/lwres_resutil.html34
-rw-r--r--lib/lwres/unix/include/lwres/net.h8
-rw-r--r--lib/lwres/version.c8
-rw-r--r--make/includes.in8
-rw-r--r--make/rules.in10
-rw-r--r--version4
395 files changed, 27783 insertions, 9876 deletions
diff --git a/CHANGES b/CHANGES
index acf2817b5b75..d76e389248c5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,419 @@
+ --- 9.3.5 released ---
+
+ --- 9.3.5rc2 released ---
+
+2338. [bug] check_ds() could be called with a non DS rdataset.
+ [RT #17598]
+
+2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
+
+ --- 9.3.5rc1 released ---
+
+2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
+ F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
+ J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
+ M.ROOT-SERVERS.NET.
+
+2323. [port] tru64: namespace clash. [RT #17547]
+
+2322. [port] MacOS: work around the limitation of setrlimit()
+ for RLIMIT_NOFILE. [RT #17526]
+
+2321. [bug] Silence Coverity warnings in lib/dns/master.c,
+ lib/dns/rbtdb.c, lib/isccfg/namedconf.c,
+ lib/dns/tsig.c and bin/dnssec/dnssec-signzone.c.
+
+2319. [bug] Silence Coverity warnings in
+ lib/dns/rdata/in_1/apl_42.c. [RT #17469]
+
+2318. [port] sunos fixes for libbind. [RT #17514]
+
+2314. [bug] Uninitialized memory use on error path in
+ bin/named/lwdnoop.c. [RT #17476]
+
+2313. [cleanup] Silence Coverity warnings. Handle private stacks.
+ [RT #17447] [RT #17478]
+
+2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
+ [RT #17458]
+
+2311. [func] Update ACL regression test. [RT #17462]
+
+2310. [bug] dig, host, nslookup: flush stdout before emitting
+ debug/fatal messages. [RT #17501]
+
+2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
+ [RT #17495]
+
+2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
+
+2305. [security] inet_network() buffer overflow. CVE-2008-0122.
+
+2304. [bug] Check returns from all dns_rdata_tostruct() calls.
+ [RT #17460]
+
+2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
+ [RT #17471]
+
+2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
+
+2301. [bug] Remove resource leak and fix error messages in
+ bin/tests/system/lwresd/lwtest.c. [RT #17474]
+
+2300. [bug] Fixed failure to close open file in
+ bin/tests/names/t_names.c. [RT #17473]
+
+2299. [bug] Remove unnecessary NULL check in
+ bin/nsupdate/nsupdate.c. [RT #17475]
+
+2298. [bug] isc_mutex_lock() failure not caught in
+ bin/tests/timers/t_timers.c. [RT #17468]
+
+2297. [bug] isc_entropy_createfilesource() failure not caught in
+ bin/tests/dst/t_dst.c. [RT #17467]
+
+2296. [port] Allow docbook stylesheet location to be specified to
+ configure. [RT #17457]
+
+2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
+ [RT #17459]
+
+2293. [func] Add ACL regression test. [RT #17375]
+
+2292. [bug] Log if the working directory is not writable.
+ [RT #17312]
+
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+ failure to set PR_SET_DUMPABLE. [RT #17312]
+
+2290. [bug] Let AD in the query signal that the client wants AD
+ set in the response. [RT #17301]
+
+2288. [port] win32: mark service as running when we have finished
+ loading. [RT #17441]
+
+2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
+
+2284. [bug] Memory leak in UPDATE prerequisite processing.
+ [RT #17377]
+
+2283. [bug] TSIG keys were not attaching to the memory
+ context. TSIG keys should use the rings
+ memory context rather than the clients memory
+ context. [RT #17377]
+
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+ to protect applications from receiving spurious
+ SIGPIPE signals when using the resolver.
+
+2277. [bug] Empty zone names were not correctly being caught at
+ in the post parse checks. [RT #17357]
+
+ --- 9.3.5b1 released ---
+
+2273. [bug] Adjust log level to WARNING when saving inconsistant
+ stub/slave master and journal files. [RT# 17279]
+
+2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
+ [RT #17262]
+
+2270. [bug] dns_db_closeversion() version->writer could be reset
+ before it is tested. [RT #17290]
+
+2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
+
+2265. [bug] Test that the memory context's basic_table is non NULL
+ before freeing. [RT #17265]
+
+2262. [bug] Error status from all but the last view could be
+ lost. [RT #17292]
+
+2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
+ [RT #17241]
+
+2257. [bug] win32: Use the full path to vcredist_x86.exe when
+ calling it. [RT #17222]
+
+2256. [bug] win32: Correctly register the installation location of
+ bindevt.dll. [RT #17159]
+
+2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
+
+2254. [bug] timer.c:dispatch() failed to lock timer->lock
+ when reading timer->idle allowing it to see
+ intermediate values as timer->idle was reset by
+ isc_timer_touch(). [RT #17243]
+
+2251. [doc] Update memstatistics-file documentation to reflect
+ reality. Note there is behaviour change for BIND 9.5.
+ [RT #17113]
+
+2249. [bug] Only set Authentic Data bit if client requested
+ DNSSEC, per RFC 3655 [RT #17175]
+
+2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+
+2247. [doc] Sort doc/misc/options. [RT #17067]
+
+2246. [bug] Make the startup of test servers (ans.pl) more
+ robust. [RT #17147]
+
+2245. [bug] Validating lack of DS records at trust anchors wasn't
+ working. [RT #17151]
+
+2238. [bug] It was possible to trigger a REQUIRE when a
+ validation was cancelled. [RT #17106]
+
+2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
+
+2236. [bug] dnssec-signzone failed to preserve the case of
+ of wildcard owner names. [RT #17085]
+
+2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+
+2229. [bug] Null pointer dereference on query pool creation
+ failure. [RT #17133]
+
+2232. [bug] dns_adb_findaddrinfo() could fail and return
+ ISC_R_SUCCESS. [RT #17137]
+
+2230. [bug] We could INSIST reading a corrupted journal.
+ [RT #17132]
+
+2228. [contrib] contrib: Change 2188 was incomplete.
+
+2227. [cleanup] Tidied up the FAQ. [RT #17121]
+
+2226. [bug] Fix build error. [RT #17124]
+
+2225. [bug] More support for systems with no IPv4 addresses.
+ [RT #17111]
+
+2224. [bug] Defer journal compaction if a xfrin is in progress.
+ [RT #17119]
+
+2223. [bug] Make a new journal when compacting. [RT #17119]
+
+2221. [bug] Set the event result code to reflect the actual
+ record returned to caller when a cache update is
+ rejected due to a more credible answer existing.
+ [RT #17017]
+
+2220. [bug] win32: Address a race condition in final shutdown of
+ the Windows socket code. [RT #17028]
+
+2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
+ [RT #16976]
+
+2216. [cleanup] Fix a number of errors reported by Coverity.
+ [RT #17094]
+
+2214. [bug] Deregister OpenSSL lock callback when cleaning
+ up. [RT #17098]
+
+2213. [bug] SIG0 diagnostic failure messages were looking at the
+ wrong status code. [RT #17101]
+
+2210. [bug] Deleting class specific records via UPDATE could
+ fail. [RT #17074]
+
+2209. [port] osx: linking against user supplied static OpenSSL
+ libraries failed as the system ones were still being
+ found. [RT #17078]
+
+2208. [port] win32: make sure both build methods produce the
+ same output. [RT #17058]
+
+2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
+
+2200. [bug] The search for cached NSEC records was stopping to
+ early leading to excessive DLV queries. [RT #16930]
+
+2199. [bug] win32: don't call WSAStartup() while loading dlls.
+ [RT #16911]
+
+2198. [bug] win32: RegCloseKey() could be called when
+ RegOpenKeyEx() failed. [RT #16911]
+
+2197. [bug] Add INSIST to catch negative responses which are
+ not setting the event result code appropriately.
+ [RT #16909]
+
+2196. [port] win32: yield processor while waiting for once to
+ to complete. [RT #16958]
+
+2194. [bug] Close journal before calling 'done' in xfrin.c.
+
+2189. [bug] Handle socket() returning EINTR. [RT #15949]
+
+2188. [contrib] queryperf: autoconf changes to make the search for
+ libresolv or libbind more robust. [RT #16299]
+
+2187. [bug] query_addds(), query_addwildcardproof() and
+ query_addnxrrsetnsec() should take a version
+ arguement. [RT #16368]
+
+2186. [port] cygwin: libbind: check for struct sockaddr_storage
+ independently of IPv6. [RT #16482]
+
+2185. [port] sunos: libbind: check for ssize_t, memmove() and
+ memchr(). [RT #16463]
+
+2183. [bug] dnssec-signzone didn't handle offline private keys
+ well. [RT #16832]
+
+2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
+ could return ISC_R_SUCCESS when they ran out of
+ memory. [RT #16365]
+
+2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
+
+2180. [cleanup] Remove bit test from 'compress_test' as they
+ are no longer needed. [RT #16497]
+
+2178. [bug] 'rndc reload' of a slave or stub zone resulted in
+ a reference leak. [RT #16867]
+
+2177. [bug] Array bounds overrun on read (rcodetext) at
+ debug level 10+. [RT #16798]
+
+2176. [contrib] dbus update to handle race condition during
+ initialisation (Bugzilla 235809). [RT #16842]
+
+2175. [bug] win32: windows broadcast condition variable support
+ was broken. [RT #16592]
+
+2174. [bug] I/O errors should always be fatal when reading
+ master files. [RT #16825]
+
+2173. [port] win32: When compiling with MSVS 2005 SP1 we also
+ need to ship Microsoft.VC80.MFCLOC.
+
+2172. [bug] query_addsoa() was being called with a non zone db.
+ [RT #16834]
+
+2171. [bug] Handle breaks in DNSSEC trust chains where the parent
+ servers are not DS aware (DS queries to the parent
+ return a referral to the child).
+
+2169. [bug] host, nslookup: when reporting NXDOMAIN report the
+ given name and not the last name searched for.
+ [RT #16763]
+
+2168. [bug] nsupdate: in non-interactive mode treat syntax errors
+ as fatal errors. [RT #16785]
+
+2166. [bug] When running in batch mode, dig could misinterpret
+ a server address as a name to be looked up, causing
+ unexpected output. [RT #16743]
+
+2161. [bug] 'rndc flush' could report a false success. [RT #16698]
+
+2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
+ from getifaddrs(). [RT #16708]
+
+2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
+ resolver.c:validated() and resolver.c:cache_name().
+ Fix a memory leak in rbtdb.c:free_noqname().
+ Make lookup.c:lookup_find() robust against
+ event leaks. [RT #16685]
+
+2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
+ [RT #16694]
+
+2152. [cleanup] Use sizeof(buf) instead of fixed number in
+ dighost.c:get_trusted_key(). [RT #16678]
+
+2151. [bug] Missing newline in usage message for journalprint.
+ [RT #16679]
+
+2150. [bug] 'rrset-order cyclic' uniformly distribute the
+ starting point for the first response for a given
+ RRset. [RT #16655]
+
+2147. [bug] libbind: remove potential buffer overflow from
+ hmac_link.c. [RT #16437]
+
+2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
+ SO_BSDCOMPAT" message. [RT #16641]
+
+2145. [bug] Check DS/DLV digest lengths for known digests.
+ [RT #16622]
+
+2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
+ [RT #16619]
+
+2143. [bug] We failed to restart the IPv6 client when the
+ kernel failed to return the destination the
+ packet was sent to. [RT #16613]
+
+2142. [bug] Handle master files with a modification time that
+ matches the epoch. [RT# 16612]
+
+2140. [bug] libbind: missing unlock on pthread_key_create()
+ failures. [RT #16654]
+
+2139. [bug] dns_view_find() was being called with wrong type
+ in adb.c. [RT #16670]
+
+2136. [bug] nslookup/host looped if there was no search list
+ and the host didn't exist. [RT #16657]
+
+2132. [bug] Missing unlock on out of memory in
+ dns_dispatchmgr_setudp().
+
+2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
+
+2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
+
+2120. [doc] Fix markup on nsupdate man page. [RT #16556]
+
+2119. [compat] libbind: allow res_init() to succeed enough to
+ return the default domain even if it was unable
+ to allocate memory.
+
+2118. [bug] Handle response with long chains of domain name
+ compression pointers which point to other compression
+ pointers. [RT #16427]
+
+2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
+ which could lead to validation failures. named didn't
+ handle negative DS responses that were in the process
+ of being validated. Check CNAME bit before accepting
+ NODATA proof. To be able to ignore a child NSEC there
+ must be SOA (and NS) set in the bitmap. [RT #16399]
+
+2116. [bug] 'rndc reload' could cause the cache to continually
+ be cleaned. [RT #16401]
+
+2115. [bug] 'rndc reconfig' could trigger a INSIST if the
+ number of masters for a zone was reduced. [RT #16444]
+
+2114. [bug] dig/host/nslookup: searches for names with multiple
+ labels were failing. [RT #16447]
+
+2113. [bug] nsupdate: if a zone is specified it should be used
+ for server discover. [RT# 16455]
+
+2111. [bug] Fix a number of errors reported by Coverity.
+ [RT #16507]
+
+2110. [bug] "minimal-response yes;" interacted badly with BIND 8
+ priming queries. [RT #16491]
+
+2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
+
+ --- 9.3.4-P1 released ---
+
+2203. [security] Query id generation was cryptographically weak.
+ [RT # 16915]
+
+2193. [port] win32: BINDInstall.exe is now linked statically.
+ [RT #16906]
+
+2192. [port] win32: use vcredist_x86.exe to install Visual
+ Studio's redistributable dlls if building with
+ Visual Stdio 2005 or later.
--- 9.3.4 released ---
@@ -264,7 +680,7 @@
hex strings with comments. [RT #15814]
1974. [doc] List each of the zone types and associated zone
- options seperately in the ARM.
+ options separately in the ARM.
1972. [contrib] DBUS dynamic forwarders integation from
Jason Vas Dias <jvdias@redhat.com>.
@@ -1241,7 +1657,7 @@
1568. [bug] nsupdate now reports that the update failed in
interactive mode. [RT# 10236]
-1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
+1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
This also solved the problem that match-destinations
@@ -1284,7 +1700,7 @@
[RT #6427]
1555. [func] 'rrset-order cyclic' no longer has a random starting
- point. [RT #7572]
+ point per query. [RT #7572]
1554. [bug] dig, host, nslookup failed when no nameservers
were specified in /etc/resolv.conf. [RT #8232]
@@ -2184,7 +2600,7 @@
1399. [bug] Use serial number arithmetic when testing SIG
timestamps. [RT #4268]
-1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
+1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1389. [bug] named could fail to rotate long log files. [RT #3666]
@@ -5732,7 +6148,7 @@
and has been removed.
170. [cleanup] Remove inter server consistancy checks from zone,
- these should return as a seperate module in 9.1.
+ these should return as a separate module in 9.1.
dns_zone_checkservers(), dns_zone_checkparents(),
dns_zone_checkchildren(), dns_zone_checkglue().
diff --git a/COPYRIGHT b/COPYRIGHT
index 8bbcf244d658..552a5e26e046 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -1,7 +1,7 @@
-Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
-Permission to use, copy, modify, and distribute this software for any
+Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.6.2.2.8.4 2006/01/04 00:37:22 marka Exp $
+$Id: COPYRIGHT,v 1.6.2.2.8.7 2008/01/02 23:45:32 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
diff --git a/FAQ b/FAQ
index ba87de21652d..e6b2ff27cefa 100644
--- a/FAQ
+++ b/FAQ
@@ -1,100 +1,74 @@
Frequently Asked Questions about BIND 9
-Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright © 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
--------------------------------------------------------------------------------
+-----------------------------------------------------------------------
-Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
+1. Compilation and Installation Questions
-A: Linux threads do not fully implement the Posix threads (pthreads) standard. In
- particular, setuid() operates only on the current thread, not the full process.
- Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on
- all other supported platforms. setuid() cannot be called before creating
- threads, since the server does not start listening on reserved ports until
- after threads have started.
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not
+ being found. Why?
- In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
- capabilities across a setuid() call is present. This allows BIND 9 to call
- setuid() early, while retaining the ability to bind reserved ports. This is a
- Linux-specific hack.
+A: Using a parallel or distributed "make" to build BIND 9 is not
+ supported, and doesn't work. If you are using one of these, use normal
+ make or gmake instead.
- On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of
- a security risk than a root process that has not dropped privileges.
+Q: Isn't "make install" supposed to generate a default named.conf?
- If Linux threads ever work correctly, this restriction will go away.
+A: Short Answer: No.
- Configuring BIND9 with the --disable-threads option (the default) causes a
- non-threaded version to be built, which will allow -u to be used.
+ Long Answer: There really isn't a default configuration which fits any
+ site perfectly. There are lots of decisions that need to be made and
+ there is no consensus on what the defaults should be. For example
+ FreeBSD uses /etc/namedb as the location where the configuration files
+ for named are stored. Others use /var/named.
-Q: Why do I get the following errors:
+ What addresses to listen on? For a laptop on the move a lot you may
+ only want to listen on the loop back interfaces.
- general: errno2result.c:109: unexpected error:
- general: unable to convert errno to isc_result: 14: Bad address
- client: UDP client handler shutting down due to fatal receive error: unexpected error
+ Who do you offer recursive service to? Is there are firewall to
+ consider? If so is it stateless or stateful. Are you directly on the
+ Internet? Are you on a private network? Are you on a NAT'd network? The
+ answers to all these questions change how you configure even a caching
+ name server.
-A: This is the result of a Linux kernel bug.
-
- See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+2. Configuration and Setup Questions
-Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
- instead"?
+Q: Why does named log the warning message "no TTL specified - using SOA
+ MINTTL instead"?
-A: Your zone file is illegal according to RFC1035. It must either have a line
- like:
+A: Your zone file is illegal according to RFC1035. It must either have a
+ line like:
$TTL 86400
- at the beginning, or the first record in it must have a TTL field, like the
- "84600" in this example:
+ at the beginning, or the first record in it must have a TTL field, like
+ the "84600" in this example:
example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
-Q: Why do I see 5 (or more) copies of named on Linux?
-
-A: Linux threads each show up as a process under ps. The approximate number of
- threads running is n+4, where n is the number of CPUs. Note that the amount of
- memory used is not cumulative; if each process is using 10M of memory, only a
- total of 10M is used.
-
- Newer versions of Linux's ps command hide the individual threads and require -L
- to display them.
-
-Q: Why does BIND 9 log "permission denied" errors accessing its configuration
- files or zones on my Linux system even though it is running as root?
-
-A: On Linux, BIND 9 drops most of its root privileges on startup. This including
- the privilege to open files owned by other users. Therefore, if the server is
- running as root, the configuration files and zone files should also be owned by
- root.
-
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar:
- ran out of space"?
-
-A: This is often caused by TXT records with missing close quotes. Check that all
- TXT records containing quoted strings have both open and close quotes.
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master
+ file bar: ran out of space"?
-Q: How do I produce a usable core file from a multithreaded named on Linux?
-
-A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
- (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
- apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
- kernel. This patch will cause multithreaded programs to dump the correct
- thread.
+A: This is often caused by TXT records with missing close quotes. Check
+ that all TXT records containing quoted strings have both open and close
+ quotes.
Q: How do I restrict people from looking up the server version?
-A: Put a "version" option containing something other than the real version in the
- "options" section of named.conf. Note doing this will not prevent attacks and
- may impede people trying to diagnose problems with your server. Also it is
- possible to "fingerprint" nameservers to determine their version.
+A: Put a "version" option containing something other than the real version
+ in the "options" section of named.conf. Note doing this will not
+ prevent attacks and may impede people trying to diagnose problems with
+ your server. Also it is possible to "fingerprint" nameservers to
+ determine their version.
Q: How do I restrict only remote users from looking up the server version?
-A: The following view statement will intercept lookups as the internal view that
- holds the version information will be matched last. The caveats of the previous
- answer still apply, of course.
+A: The following view statement will intercept lookups as the internal
+ view that holds the version information will be matched last. The
+ caveats of the previous answer still apply, of course.
view "chaos" chaos {
match-clients { <those to be refused>; };
@@ -105,120 +79,46 @@ A: The following view statement will intercept lookups as the internal view that
};
};
-Q: What do "no source of entropy found" or "could not open entropy source foo"
- mean?
-
-A: The server requires a source of entropy to perform certain operations, mostly
- DNSSEC related. These messages indicate that you have no source of entropy. On
- systems with /dev/random or an equivalent, it is used by default. A source of
- entropy can also be defined using the random-device option in named.conf.
-
-Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
-
-A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
- under /usr. Check that the correct named is running.
-
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm
- sure I have the keys set up correctly, but the server is rejecting the TSIG.
- Why?
-
-A: This may be a clock skew problem. Check that the the clocks on the client and
- server are properly synchronised (e.g., using ntp).
-
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
- found. Why?
-
-A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
- doesn't work. If you are using one of these, use normal make or gmake instead.
-
-Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error
- messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's
- wrong?
-
-A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND
- 8.2.4. It can be safely ignored - the notify has been acted on by the slave
- despite the error message.
-
-Q: I keep getting log messages like the following. Why?
-
- Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
- failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
+Q: What do "no source of entropy found" or "could not open entropy source
+ foo" mean?
-A: DNS updates allow the update request to test to see if certain conditions are
- met prior to proceeding with the update. The message above is saying that
- conditions were not met and the update is not proceeding. See doc/rfc/
- rfc2136.txt for more details on prerequisites.
+A: The server requires a source of entropy to perform certain operations,
+ mostly DNSSEC related. These messages indicate that you have no source
+ of entropy. On systems with /dev/random or an equivalent, it is used by
+ default. A source of entropy can also be defined using the
+ random-device option in named.conf.
-Q: I keep getting log messages like the following. Why?
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone
+ transfers. I'm sure I have the keys set up correctly, but the server is
+ rejecting the TSIG. Why?
- Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
-
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
- protocol. Windows 2000 machines have a habit of sending dynamic update requests
- to DNS servers without being specifically configured to do so. If the update
- requests are coming from a Windows 2000 machine, see http://
- support.microsoft.com/support/kb/articles/q246/8/04.asp for information about
- how to turn them off.
+A: This may be a clock skew problem. Check that the the clocks on the
+ client and server are properly synchronised (e.g., using ntp).
Q: I see a log message like the following. Why?
couldn't open pid file '/var/run/named.pid': Permission denied
-A: You are most likely running named as a non-root user, and that user does not
- have permission to write in /var/run. The common ways of fixing this are to
- create a /var/run/named directory owned by the named user and set pid-file to "
- /var/run/named/named.pid", or set pid-file to "named.pid", which will put the
- file in the directory specified by the directory option (which, in this case,
- must be writable by the named user).
-
-Q: When I do a "dig . ns", many of the A records for the root servers are missing.
- Why?
-
-A: This is normal and harmless. It is a somewhat confusing side effect of the way
- BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid
- promoting glue into answers.
-
- When BIND 9 first starts up and primes its cache, it receives the root server
- addresses as additional data in an authoritative response from a root server,
- and these records are eligible for inclusion as additional data in responses.
- Subsequently it receives a subset of the root server addresses as additional
- data in a non-authoritative (referral) response from a root server. This causes
- the addresses to now be considered non-authoritative (glue) data, which is not
- eligible for inclusion in responses.
+A: You are most likely running named as a non-root user, and that user
+ does not have permission to write in /var/run. The common ways of
+ fixing this are to create a /var/run/named directory owned by the named
+ user and set pid-file to "/var/run/named/named.pid", or set pid-file to
+ "named.pid", which will put the file in the directory specified by the
+ directory option (which, in this case, must be writable by the named
+ user).
- The server does have a complete set of root server addresses cached at all
- times, it just may not include all of them as additional data, depending on
- whether they were last received as answers or as glue. You can always look up
- the addresses with explicit queries like "dig a.root-servers.net A".
+Q: I can query the nameserver from the nameserver but not from other
+ machines. Why?
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
+A: This is usually the result of the firewall configuration stopping the
+ queries and / or the replies.
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages
- larger than 16K are not handled properly. This can be worked around by setting
- the option "transfer-format one-answer;". Also check whether your zone contains
- domain names with embedded spaces or other special characters, like "John\
- 032Doe\213s\032Computer", since such names have been known to cause Windows
- 2000 slaves to incorrectly reject the zone.
-
-Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
-
-A: A zone can be updated either by editing zone files and reloading the server or
- by dynamic update, but not both. If you have enabled dynamic update for a zone
- using the "allow-update" option, you are not supposed to edit the zone file by
- hand, and the server will not attempt to reload it.
-
-Q: I can query the nameserver from the nameserver but not from other machines.
- Why?
+Q: How can I make a server a slave for both an internal and an external
+ view at the same time? When I tried, both views on the slave were
+ transferred from the same view on the master.
-A: This is usually the result of the firewall configuration stopping the queries
- and / or the replies.
-
-Q: How can I make a server a slave for both an internal and an external view at
- the same time? When I tried, both views on the slave were transferred from the
- same view on the master.
-
-A: You will need to give the master and slave multiple IP addresses and use those
- to make sure you reach the correct view on the other machine.
+A: You will need to give the master and slave multiple IP addresses and
+ use those to make sure you reach the correct view on the other machine.
Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
internal:
@@ -246,8 +146,8 @@ A: You will need to give the master and slave multiple IP addresses and use thos
transfer-source 10.0.1.4;
query-source address 10.0.1.4;
- You put the external address on the alias so that all the other dns clients on
- these boxes see the internal view by default.
+ You put the external address on the alias so that all the other dns
+ clients on these boxes see the internal view by default.
A: BIND 9.3 and later: Use TSIG to select the appropriate view.
@@ -283,64 +183,38 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view.
...
};
-Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
- certain interrupts as a source of random events. You can make this permanent by
- setting rand_irqs in /etc/rc.conf.
-
- /etc/rc.conf
- rand_irqs="3 14 15"
-
- See also http://people.freebsd.org/~dougb/randomness.html
-
-Q: Why is named listening on UDP port other than 53?
-
-A: Named uses a system selected port to make queries of other nameservers. This
- behaviour can be overridden by using query-source to lock down the port and/or
- address. See also notify-source and transfer-source.
-
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other
- data" when transferring a zone. What does this mean?
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME
+ and other data" when transferring a zone. What does this mean?
-A: These indicate a malformed master zone. You can identify the exact records
- involved by transferring the zone using dig then running named-checkzone on it.
+A: These indicate a malformed master zone. You can identify the exact
+ records involved by transferring the zone using dig then running
+ named-checkzone on it.
dig axfr example.com @master-server > tmp
named-checkzone example.com tmp
- A CNAME record cannot exist with the same name as another record except for the
- DNSSEC records which prove its existance (NSEC).
+ A CNAME record cannot exist with the same name as another record except
+ for the DNSSEC records which prove its existence (NSEC).
- RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
- should be present; this ensures that the data for a canonical name and its
- aliases cannot be different. This rule also insures that a cached CNAME can be
- used without checking with an authoritative server for other RR types."
+ RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other
+ data should be present; this ensures that the data for a canonical name
+ and its aliases cannot be different. This rule also insures that a
+ cached CNAME can be used without checking with an authoritative server
+ for other RR types."
-Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is
- the last line of named.conf.
+Q: I get error messages like "named.conf:99: unexpected end of input"
+ where 99 is the last line of named.conf.
-A: Some text editors (notepad and wordpad) fail to put a line title indication
- (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a
- blank line to the end of the file. Named expects to see EOF immediately after
- EOL and treats text files where this is not met as truncated.
-
-Q: I get warning messages like "zone example.com/IN: refresh: failure trying
- master 1.2.3.4#53: timed out".
-
-A: Check that you can make UDP queries from the slave to the master
-
- dig +norec example.com soa @1.2.3.4
-
- You could be generating queries faster than the slave can cope with. Lower the
- serial query rate.
-
- serial-query-rate 5; // default 20
+A: Some text editors (notepad and wordpad) fail to put a line title
+ indication (e.g. CR/LF) on the last line of a text file. This can be
+ fixed by "adding" a blank line to the end of the file. Named expects to
+ see EOF immediately after EOL and treats text files where this is not
+ met as truncated.
Q: How do I share a dynamic zone between multiple views?
-A: You choose one view to be master and the second a slave and transfer the zone
- between views.
+A: You choose one view to be master and the second a slave and transfer
+ the zone between views.
Master 10.0.1.1:
key "external" {
@@ -354,7 +228,7 @@ A: You choose one view to be master and the second a slave and transfer the zone
};
view "internal" {
- match-clients { !external; 10.0.1/24; };
+ match-clients { !key external; 10.0.1/24; };
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external; };
@@ -368,7 +242,7 @@ A: You choose one view to be master and the second a slave and transfer the zone
};
view "external" {
- match-clients { external; any; };
+ match-clients { key external; any; };
zone "example.com" {
type slave;
file "external/example.db";
@@ -379,18 +253,19 @@ A: You choose one view to be master and the second a slave and transfer the zone
};
};
-Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
- file primaries/wireless.ietf56.ietf.org: no owner".
+Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading
+ master file primaries/wireless.ietf56.ietf.org: no owner".
-A: This error is produced when a line in the master file contains leading white
- space (tab/space) but the is no current record owner name to inherit the name
- from. Usually this is the result of putting white space before a comment.
- Forgeting the "@" for the SOA record or indenting the master file.
+A: This error is produced when a line in the master file contains leading
+ white space (tab/space) but the is no current record owner name to
+ inherit the name from. Usually this is the result of putting white
+ space before a comment, forgetting the "@" for the SOA record, or
+ indenting the master file.
Q: Why are my logs in GMT (UTC).
-A: You are running chrooted (-t) and have not supplied local timzone information
- in the chroot area.
+A: You are running chrooted (-t) and have not supplied local timezone
+ information in the chroot area.
FreeBSD: /etc/localtime
Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
@@ -398,71 +273,51 @@ A: You are running chrooted (-t) and have not supplied local timzone information
See also tzset(3) and zic(8).
-Q: I get the error message "named: capset failed: Operation not permitted" when
- starting named.
-
-A: The capability module, part of "Linux Security Modules/LSM", has not been
- loaded into the kernel. See insmod(8).
-
-Q: I get "rndc: connect failed: connection refused" when I try to run rndc.
+Q: I get "rndc: connect failed: connection refused" when I try to run
+ rndc.
A: This is usually a configuration error.
- First ensure that named is running and no errors are being reported at startup
- (/var/log/messages or equivalent). Running "named -g <usual arguments>" from a
- title can help at this point.
-
- Secondly ensure that named is configured to use rndc either by "rndc-confgen
- -a", rndc-confgen or manually. The Administrators Reference manual has details
- on how to do this.
+ First ensure that named is running and no errors are being reported at
+ startup (/var/log/messages or equivalent). Running "named -g <usual
+ arguments>" from a title can help at this point.
- Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
- rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
- the default server listed in /etc/rndc.conf matches the addresses used in
- named.conf. "localhost" has two address (127.0.0.1 and ::1).
+ Secondly ensure that named is configured to use rndc either by
+ "rndc-confgen -a", rndc-confgen or manually. The Administrators
+ Reference manual has details on how to do this.
- If you use "rndc-confgen -a" and named is running with -t or -u ensure that /
- etc/rndc.conf has the correct ownership and that a copy is in the chroot area.
- You can do this by re-running "rndc-confgen -a" with appropriate -t and -u
- arguments.
+ Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /
+ etc/rndc.conf for the default server. Update /etc/rndc.conf if
+ necessary so that the default server listed in /etc/rndc.conf matches
+ the addresses used in named.conf. "localhost" has two address
+ (127.0.0.1 and ::1).
-Q: I don't get RRSIG's returned when I use "dig +dnssec".
-
-A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
-
-Q: I get "Error 1067" when starting named under Windows.
-
-A: This is the service manager saying that named exited. You need to examine the
- Application log in the EventViewer to find out why.
-
- Common causes are that you failed to create "named.conf" (usually "C:\windows\
- dns\etc\named.conf") or failed to specify the directory in named.conf.
-
- options {
- Directory "C:\windows\dns\etc";
- };
+ If you use "rndc-confgen -a" and named is running with -t or -u ensure
+ that /etc/rndc.conf has the correct ownership and that a copy is in the
+ chroot area. You can do this by re-running "rndc-confgen -a" with
+ appropriate -t and -u arguments.
Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
receiving responses: permission denied" error messages.
-A: These indicate a filesystem permission error preventing named creating /
- renaming the temporary file. These will usually also have other associated
- error messages like
+A: These indicate a filesystem permission error preventing named creating
+ / renaming the temporary file. These will usually also have other
+ associated error messages like
"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
- Named needs write permission on the directory containing the file. Named writes
- the new cache file to a temporary file then renames it to the name specified in
- named.conf to ensure that the contents are always complete. This is to prevent
- named loading a partial zone in the event of power failure or similar
- interrupting the write of the master file.
+ Named needs write permission on the directory containing the file.
+ Named writes the new cache file to a temporary file then renames it to
+ the name specified in named.conf to ensure that the contents are always
+ complete. This is to prevent named loading a partial zone in the event
+ of power failure or similar interrupting the write of the master file.
- Note file names are relative to the directory specified in options and any
- chroot directory ([<chroot dir>/][<options dir>]).
+ Note file names are relative to the directory specified in options and
+ any chroot directory ([<chroot dir>/][<options dir>]).
- If named is invoked as "named -t /chroot/DNS" with the following named.conf
- then "/chroot/DNS/var/named/sl" needs to be writable by the user named is
- running as.
+ If named is invoked as "named -t /chroot/DNS" with the following
+ named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the
+ user named is running as.
options {
directory "/var/named";
@@ -474,35 +329,153 @@ A: These indicate a filesystem permission error preventing named creating /
masters { 192.168.4.12; };
};
-Q: How do I intergrate BIND 9 and Solaris SMF
+Q: I want to forward all DNS queries from my caching nameserver to another
+ server. But there are some domains which have to be served locally, via
+ rbldnsd.
-A: Sun has a blog entry describing how to do this.
+ How do I achieve this ?
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+A: options {
+ forward only;
+ forwarders { <ip.of.primary.nameserver>; };
+ };
+
+ zone "sbl-xbl.spamhaus.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+ zone "list.dsbl.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+
+Q: Can you help me understand how BIND 9 uses memory to store DNS zones?
+
+ Some times it seems to take several times the amount of memory it needs
+ to store the zone.
+
+A: When reloading a zone named my have multiple copies of the zone in
+ memory at one time. The zone it is serving and the one it is loading.
+ If reloads are ultra fast it can have more still.
+
+ e.g. Ones that are transferring out, the one that it is serving and the
+ one that is loading.
+
+ BIND 8 destroyed the zone before loading and also killed off outgoing
+ transfers of the zone.
+
+ The new strategy allows slaves to get copies of the new zone regardless
+ of how often the master is loaded compared to the transfer time. The
+ slave might skip some intermediate versions but the transfers will
+ complete and it will keep reasonably in sync with the master.
+
+ The new strategy also allows the master to recover from syntax and
+ other errors in the master file as it still has an in-core copy of the
+ old contents.
+
+3. General Questions
+
+Q: I keep getting log messages like the following. Why?
+
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
+ update failed: 'RRset exists (value dependent)' prerequisite not
+ satisfied (NXRRSET)
+
+A: DNS updates allow the update request to test to see if certain
+ conditions are met prior to proceeding with the update. The message
+ above is saying that conditions were not met and the update is not
+ proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
+
+Q: I keep getting log messages like the following. Why?
+
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+
+A: Someone is trying to update your DNS data using the RFC2136 Dynamic
+ Update protocol. Windows 2000 machines have a habit of sending dynamic
+ update requests to DNS servers without being specifically configured to
+ do so. If the update requests are coming from a Windows 2000 machine,
+ see http://support.microsoft.com/support/kb/articles/q246/8/04.asp for
+ information about how to turn them off.
+
+Q: When I do a "dig . ns", many of the A records for the root servers are
+ missing. Why?
+
+A: This is normal and harmless. It is a somewhat confusing side effect of
+ the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
+ makes to avoid promoting glue into answers.
+
+ When BIND 9 first starts up and primes its cache, it receives the root
+ server addresses as additional data in an authoritative response from a
+ root server, and these records are eligible for inclusion as additional
+ data in responses. Subsequently it receives a subset of the root server
+ addresses as additional data in a non-authoritative (referral) response
+ from a root server. This causes the addresses to now be considered
+ non-authoritative (glue) data, which is not eligible for inclusion in
+ responses.
+
+ The server does have a complete set of root server addresses cached at
+ all times, it just may not include all of them as additional data,
+ depending on whether they were last received as answers or as glue. You
+ can always look up the addresses with explicit queries like "dig
+ a.root-servers.net A".
+
+Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+
+A: A zone can be updated either by editing zone files and reloading the
+ server or by dynamic update, but not both. If you have enabled dynamic
+ update for a zone using the "allow-update" option, you are not supposed
+ to edit the zone file by hand, and the server will not attempt to
+ reload it.
+
+Q: Why is named listening on UDP port other than 53?
+
+A: Named uses a system selected port to make queries of other nameservers.
+ This behaviour can be overridden by using query-source to lock down the
+ port and/or address. See also notify-source and transfer-source.
+
+Q: I get warning messages like "zone example.com/IN: refresh: failure
+ trying master 1.2.3.4#53: timed out".
+
+A: Check that you can make UDP queries from the slave to the master
+
+ dig +norec example.com soa @1.2.3.4
+
+ You could be generating queries faster than the slave can cope with.
+ Lower the serial query rate.
+
+ serial-query-rate 5; // default 20
+
+Q: I don't get RRSIG's returned when I use "dig +dnssec".
+
+A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
Q: Can a NS record refer to a CNAME.
-A: No. The rules for glue (copies of the *address* records in the parent zones)
- and additional section processing do not allow it to work.
+A: No. The rules for glue (copies of the *address* records in the parent
+ zones) and additional section processing do not allow it to work.
- You would have to add both the CNAME and address records (A/AAAA) as glue to
- the parent zone and have CNAMEs be followed when doing additional section
- processing to make it work. No namesever implementation supports either of
- these requirements.
+ You would have to add both the CNAME and address records (A/AAAA) as
+ glue to the parent zone and have CNAMEs be followed when doing
+ additional section processing to make it work. No nameserver
+ implementation supports either of these requirements.
-Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
+Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA"
+ mean?
-A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
- using then you have failed to follow RFC 1918 usage rules and are leaking
- queries to the Internet. You should establish your own zones for these
- addresses to prevent you quering the Internet's name servers for these
- addresses. Please see http://as112.net/ for details of the problems you are
- causing and the counter measures that have had to be deployed.
+A: If the IN-ADDR.ARPA name covered refers to a internal address space you
+ are using then you have failed to follow RFC 1918 usage rules and are
+ leaking queries to the Internet. You should establish your own zones
+ for these addresses to prevent you querying the Internet's name servers
+ for these addresses. Please see http://as112.net/ for details of the
+ problems you are causing and the counter measures that have had to be
+ deployed.
- If you are not using these private addresses then a client has queried for
- them. You can just ignore the messages, get the offending client to stop
- sending you these messages as they are most probably leaking them or setup your
- own zones empty zones to serve answers to these queries.
+ If you are not using these private addresses then a client has queried
+ for them. You can just ignore the messages, get the offending client to
+ stop sending you these messages as they are most probably leaking them
+ or setup your own zones empty zones to serve answers to these queries.
zone "10.IN-ADDR.ARPA" {
type master;
@@ -535,42 +508,138 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
Future versions of named are likely to do this automatically.
+Q: Will named be affected by the 2007 changes to daylight savings rules in
+ the US.
+
+A: No, so long as the machines internal clock (as reported by "date -u")
+ remains at UTC. The only visible change if you fail to upgrade your OS,
+ if you are in a affected area, will be that log messages will be a hour
+ out during the period where the old rules do not match the new rules.
+
+ For most OS's this change just means that you need to update the
+ conversion rules from UTC to local time. Normally this involves
+ updating a file in /etc (which sets the default timezone for the
+ machine) and possibly a directory which has all the conversion rules
+ for the world (e.g. /usr/share/zoneinfo). When updating the OS do not
+ forget to update any chroot areas as well. See your OS's documentation
+ for more details.
+
+ The local timezone conversion rules can also be done on a individual
+ basis by setting the TZ environment variable appropriately. See your
+ OS's documentation for more details.
+
+Q: Is there a bugzilla (or other tool) database that mere mortals can have
+ (read-only) access to for bind?
+
+A: No. The BIND 9 bug database is kept closed for a number of reasons.
+ These include, but are not limited to, that the database contains
+ proprietory information from people reporting bugs. The database has in
+ the past and may in future contain unfixed bugs which are capable of
+ bringing down most of the Internet's DNS infrastructure.
+
+ The release pages for each version contain up to date lists of bugs
+ that have been fixed post release. That is as close as we can get to
+ providing a bug database.
+
+4. Operating-System Specific Questions
+
+4.1. HPUX
+
+Q: I get the following error trying to configure BIND:
+
+ checking if unistd.h or sys/types.h defines fd_set... no
+ configure: error: need either working unistd.h or sys/select.h
+
+A: You have attempted to configure BIND with the bundled C compiler. This
+ compiler does not meet the minimum compiler requirements to for
+ building BIND. You need to install a ANSI C compiler and / or teach
+ configure how to find the ANSI C compiler. The later can be done by
+ adjusting the PATH environment variable and / or specifying the
+ compiler via CC.
+
+ ./configure CC=<compiler> ...
+
+4.2. Linux
+
+Q: Why do I get the following errors:
+
+ general: errno2result.c:109: unexpected error:
+ general: unable to convert errno to isc_result: 14: Bad address
+ client: UDP client handler shutting down due to fatal receive error: unexpected error
+
+A: This is the result of a Linux kernel bug.
+
+ See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+
+Q: Why do I see 5 (or more) copies of named on Linux?
+
+A: Linux threads each show up as a process under ps. The approximate
+ number of threads running is n+4, where n is the number of CPUs. Note
+ that the amount of memory used is not cumulative; if each process is
+ using 10M of memory, only a total of 10M is used.
+
+ Newer versions of Linux's ps command hide the individual threads and
+ require -L to display them.
+
+Q: Why does BIND 9 log "permission denied" errors accessing its
+ configuration files or zones on my Linux system even though it is
+ running as root?
+
+A: On Linux, BIND 9 drops most of its root privileges on startup. This
+ including the privilege to open files owned by other users. Therefore,
+ if the server is running as root, the configuration files and zone
+ files should also be owned by root.
+
+Q: I get the error message "named: capset failed: Operation not permitted"
+ when starting named.
+
+A: The capability module, part of "Linux Security Modules/LSM", has not
+ been loaded into the kernel. See insmod(8), modprobe(8).
+
+ The relevant modules can be loaded by running:
+
+ modprobe commoncap
+ modprobe capability
+
Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
Why can't named update slave zone database files?
- Why can't named create DDNS journal files or update the master zones from
- journals?
+ Why can't named create DDNS journal files or update the master zones
+ from journals?
Why can't named create custom log files?
A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
- Red Hat have adopted the National Security Agency's SELinux security policy (
- see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
- are more secure than running named in a chroot and make use of the bind-chroot
- environment unecessary .
+ Red Hat have adopted the National Security Agency's SELinux security
+ policy ( see http://www.nsa.gov/selinux ) and recommendations for BIND
+ security , which are more secure than running named in a chroot and
+ make use of the bind-chroot environment unnecessary .
- By default, named is not allowed by the SELinux policy to write, create or
- delete any files EXCEPT in these directories:
+ By default, named is not allowed by the SELinux policy to write, create
+ or delete any files EXCEPT in these directories:
$ROOTDIR/var/named/slaves
$ROOTDIR/var/named/data
$ROOTDIR/var/tmp
- where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
+ where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is
+ installed.
- The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var
- /named directory, the default location for master zone database files.
+ The SELinux policy particularly does NOT allow named to modify the
+ $ROOTDIR/var/named directory, the default location for master zone
+ database files.
- SELinux policy overrules file access permissions - so even if all the files
- under /var/named have ownership named:named and mode rw-rw-r--, named will
- still not be able to write or create files except in the directories above,
- with SELinux in Enforcing mode.
+ SELinux policy overrules file access permissions - so even if all the
+ files under /var/named have ownership named:named and mode rw-rw-r--,
+ named will still not be able to write or create files except in the
+ directories above, with SELinux in Enforcing mode.
- So, to allow named to update slave or DDNS zone files, it is best to locate
- them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as:
+ So, to allow named to update slave or DDNS zone files, it is best to
+ locate them in $ROOTDIR/var/named/slaves, with named.conf zone
+ statements such as:
zone "slave.zone." IN {
type slave;
@@ -584,8 +653,8 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
};
- To allow named to create its cache dump and statistics files, for example, you
- could use named.conf options statements such as:
+ To allow named to create its cache dump and statistics files, for
+ example, you could use named.conf options statements such as:
options {
...
@@ -595,10 +664,11 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
};
- You can also tell SELinux to allow named to update any zone database files, by
- setting the SELinux tunable boolean parameter 'named_write_master_zones=1',
- using the system-config-securitylevel GUI, using the 'setsebool' command, or in
- /etc/selinux/targeted/booleans.
+ You can also tell SELinux to allow named to update any zone database
+ files, by setting the SELinux tunable boolean parameter
+ 'named_write_master_zones=1', using the system-config-securitylevel
+ GUI, using the 'setsebool' command, or in /etc/selinux/targeted/
+ booleans.
You can disable SELinux protection for named entirely by setting the
'named_disable_trans=1' SELinux tunable boolean parameter.
@@ -610,66 +680,119 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
- If you want to retain use of the SELinux policy for named, and put named files
- in different locations, you can do so by changing the context of the custom
- file locations .
+ If you want to retain use of the SELinux policy for named, and put
+ named files in different locations, you can do so by changing the
+ context of the custom file locations .
- To create a custom configuration file location, eg. '/root/named.conf', to use
- with the 'named -c' option, do:
+ To create a custom configuration file location, e.g. '/root/
+ named.conf', to use with the 'named -c' option, do:
# chcon system_u:object_r:named_conf_t /root/named.conf
- To create a custom modifiable named data location, eg. '/var/log/named' for a
- log file, do:
+ To create a custom modifiable named data location, e.g. '/var/log/
+ named' for a log file, do:
# chcon system_u:object_r:named_cache_t /var/log/named
- To create a custom zone file location, eg. /root/zones/, do:
+ To create a custom zone file location, e.g. /root/zones/, do:
# chcon system_u:object_r:named_zone_t /root/zones/{.,*}
- See these man-pages for more information : selinux(8), named_selinux(8), chcon
- (1), setsebool(8)
+ See these man-pages for more information : selinux(8), named_selinux
+ (8), chcon(1), setsebool(8)
-Q: I want to forward all DNS queries from my caching nameserver to another server.
- But there are some domains which have to be served locally, via rbldnsd.
+Q: Listening on individual IPv6 interfaces does not work.
- How do I achieve this ?
+A: This is usually due to "/proc/net/if_inet6" not being available in the
+ chroot file system. Mount another instance of "proc" in the chroot file
+ system.
-A: options {
- forward only;
- forwarders { <ip.of.primary.nameserver>; };
- };
+ This can be be made permanent by adding a second instance to /etc/
+ fstab.
- zone "sbl-xbl.spamhaus.org" {
- type forward; forward only;
- forwarders { <ip.of.rbldns.server> port 530; };
+ proc /proc proc defaults 0 0
+ proc /var/named/proc proc defaults 0 0
+
+4.3. Windows
+
+Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
+ Why?
+
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS
+ messages larger than 16K are not handled properly. This can be worked
+ around by setting the option "transfer-format one-answer;". Also check
+ whether your zone contains domain names with embedded spaces or other
+ special characters, like "John\032Doe\213s\032Computer", since such
+ names have been known to cause Windows 2000 slaves to incorrectly
+ reject the zone.
+
+Q: I get "Error 1067" when starting named under Windows.
+
+A: This is the service manager saying that named exited. You need to
+ examine the Application log in the EventViewer to find out why.
+
+ Common causes are that you failed to create "named.conf" (usually "C:\
+ windows\dns\etc\named.conf") or failed to specify the directory in
+ named.conf.
+
+ options {
+ Directory "C:\windows\dns\etc";
};
- zone "list.dsbl.org" {
- type forward; forward only;
- forwarders { <ip.of.rbldns.server> port 530; };
+4.4. FreeBSD
+
+Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
+
+A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
+ use certain interrupts as a source of random events. You can make this
+ permanent by setting rand_irqs in /etc/rc.conf.
+
+ /etc/rc.conf
+ rand_irqs="3 14 15"
+
+ See also http://people.freebsd.org/~dougb/randomness.html
+
+4.5. Solaris
+
+Q: How do I integrate BIND 9 and Solaris SMF
+
+A: Sun has a blog entry describing how to do this.
+
+ http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+
+4.6. Apple Mac OS X
+
+Q: How do I run BIND 9 on Apple Mac OS X?
+
+A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
+
+ % sudo rndc-confgen > /etc/rndc.conf
+
+ Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
+
+ key "rndc-key" {
+ algorithm hmac-md5;
+ secret "uvceheVuqf17ZwIcTydddw==";
};
+ Then start the relevant service:
-Q: Will named be affected by the 2007 changes to daylight savings rules in the US.
+ % sudo service org.isc.named start
-A: No, so long as the machines internal clock (as reported by "date -u") remains
- at UTC. The only visible change if you fail to upgrade your OS, if you are in a
- affected area, will be that log messages will be a hour out during the period
- where the old rules do not match the new rules.
+ This is persistent upon a reboot, so you will have to do it only once.
- For most OS's this change just means that you need to update the conversion
- rules from UTC to local time. Normally this involves updating a file in /etc
- (which sets the default timezone for the machine) and possibly a directory
- which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
- When updating the OS do not forget to update any chroot areas as well. See your
- OS's documetation for more details.
+A: Alternatively you can just generate /etc/rndc.key by running:
- The local timezone conversion rules can also be done on a individual basis by
- setting the TZ envirionment variable appropriately. See your OS's documentation
- for more details.
+ % sudo rndc-confgen -a
+
+ Then start the relevant service:
+
+ % sudo service org.isc.named start
+
+ Named will look for /etc/rndc.key when it starts if it doesn't have a
+ controls section or the existing controls are missing keys sub-clauses.
+ This is persistent upon a reboot, so you will have to do it only once.
diff --git a/FAQ.xml b/FAQ.xml
index f67f723b9f4c..818390b5a801 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,10 +1,10 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.4.6.5.6.1 2007/01/12 02:28:00 marka Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.6.20 2008/02/25 05:07:58 marka Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@@ -27,6 +27,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -38,69 +39,63 @@
</copyright>
</articleinfo>
<qandaset defaultlabel='qanda'>
+
+ <qandadiv><title>Compilation and Installation Questions</title>
+
<qandaentry>
<question>
<para>
- Why doesn't -u work on Linux 2.2.x when I build with
- --enable-threads?
+ I'm trying to compile BIND 9, and "make" is failing due to
+ files not being found. Why?
</para>
</question>
<answer>
<para>
- Linux threads do not fully implement the Posix threads
- (pthreads) standard. In particular, setuid() operates only
- on the current thread, not the full process. Because of
- this limitation, BIND 9 cannot use setuid() on Linux as it
- can on all other supported platforms. setuid() cannot be
- called before creating threads, since the server does not
- start listening on reserved ports until after threads have
- started.
- </para>
- <para>
- In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability
- to preserve capabilities across a setuid() call is present.
- This allows BIND 9 to call setuid() early, while retaining
- the ability to bind reserved ports. This is a Linux-specific
- hack.
- </para>
- <para>
- On a 2.2 kernel, BIND 9 does drop many root privileges, so
- it should be less of a security risk than a root process
- that has not dropped privileges.
- </para>
- <para>
- If Linux threads ever work correctly, this restriction will
- go away.
- </para>
- <para>
- Configuring BIND9 with the --disable-threads option (the
- default) causes a non-threaded version to be built, which
- will allow -u to be used.
+ Using a parallel or distributed "make" to build BIND 9 is
+ not supported, and doesn't work. If you are using one of
+ these, use normal make or gmake instead.
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
- Why do I get the following errors:
-<programlisting>general: errno2result.c:109: unexpected error:
-general: unable to convert errno to isc_result: 14: Bad address
-client: UDP client handler shutting down due to fatal receive error: unexpected error</programlisting>
+ Isn't "make install" supposed to generate a default named.conf?
</para>
</question>
<answer>
<para>
- This is the result of a Linux kernel bug.
+ Short Answer: No.
</para>
<para>
- See:
- <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2</ulink>
+ Long Answer: There really isn't a default configuration which fits
+ any site perfectly. There are lots of decisions that need to
+ be made and there is no consensus on what the defaults should be.
+ For example FreeBSD uses /etc/namedb as the location where the
+ configuration files for named are stored. Others use /var/named.
+ </para>
+ <para>
+ What addresses to listen on? For a laptop on the move a lot
+ you may only want to listen on the loop back interfaces.
+ </para>
+ <para>
+ Who do you offer recursive service to? Is there are firewall
+ to consider? If so is it stateless or stateful. Are you
+ directly on the Internet? Are you on a private network? Are
+ you on a NAT'd network? The answers
+ to all these questions change how you configure even a
+ caching name server.
</para>
</answer>
</qandaentry>
+
+ </qandadiv> <!-- Compilation and Installation Questions -->
+
+ <qandadiv><title>Configuration and Setup Questions</title>
<qandaentry>
+ <!-- configuration, log -->
<question>
<para>
Why does named log the warning message <quote>no TTL specified -
@@ -126,48 +121,9 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
</informalexample>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why do I see 5 (or more) copies of named on Linux?
- </para>
- </question>
- <answer>
- <para>
- Linux threads each show up as a process under ps. The
- approximate number of threads running is n+4, where n is
- the number of CPUs. Note that the amount of memory used
- is not cumulative; if each process is using 10M of memory,
- only a total of 10M is used.
- </para>
- <para>
- Newer versions of Linux's ps command hide the individual threads
- and require -L to display them.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why does BIND 9 log <quote>permission denied</quote> errors accessing
- its configuration files or zones on my Linux system even
- though it is running as root?
- </para>
- </question>
- <answer>
- <para>
- On Linux, BIND 9 drops most of its root privileges on
- startup. This including the privilege to open files owned
- by other users. Therefore, if the server is running as
- root, the configuration files and zone files should also
- be owned by root.
- </para>
- </answer>
- </qandaentry>
-
+
<qandaentry>
+ <!-- configuration -->
<question>
<para>
Why do I get errors like <quote>dns_zone_load: zone foo/IN: loading
@@ -184,25 +140,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
</qandaentry>
<qandaentry>
- <question>
- <para>
- How do I produce a usable core file from a multithreaded
- named on Linux?
- </para>
- </question>
- <answer>
- <para>
- If the Linux kernel is 2.4.7 or newer, multithreaded core
- dumps are usable (that is, the correct thread is dumped).
- Otherwise, if using a 2.2 kernel, apply the kernel patch
- found in contrib/linux/coredump-patch and rebuild the kernel.
- This patch will cause multithreaded programs to dump the
- correct thread.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
+ <!-- security -->
<question>
<para>
How do I restrict people from looking up the server version?
@@ -221,6 +159,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
</qandaentry>
<qandaentry>
+ <!-- security -->
<question>
<para>
How do I restrict only remote users from looking up the
@@ -249,6 +188,7 @@ view "chaos" chaos {
</qandaentry>
<qandaentry>
+ <!-- configuration -->
<question>
<para>
What do <quote>no source of entropy found</quote> or <quote>could not
@@ -268,21 +208,7 @@ view "chaos" chaos {
</qandaentry>
<qandaentry>
- <question>
- <para>
- I installed BIND 9 and restarted named, but it's still BIND 8. Why?
- </para>
- </question>
- <answer>
- <para>
- BIND 9 is installed under /usr/local by default. BIND 8
- is often installed under /usr. Check that the correct named
- is running.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
+ <!-- configuration -->
<question>
<para>
I'm trying to use TSIG to authenticate dynamic updates or
@@ -302,87 +228,6 @@ view "chaos" chaos {
<qandaentry>
<question>
<para>
- I'm trying to compile BIND 9, and "make" is failing due to
- files not being found. Why?
- </para>
- </question>
- <answer>
- <para>
- Using a parallel or distributed "make" to build BIND 9 is
- not supported, and doesn't work. If you are using one of
- these, use normal make or gmake instead.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I have a BIND 9 master and a BIND 8.2.3 slave, and the
- master is logging error messages like <quote>notify to 10.0.0.1#53
- failed: unexpected end of input</quote>. What's wrong?
- </para>
- </question>
- <answer>
- <para>
- This error message is caused by a known bug in BIND 8.2.3
- and is fixed in BIND 8.2.4. It can be safely ignored - the
- notify has been acted on by the slave despite the error
- message.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I keep getting log messages like the following. Why?
- </para>
- <para>
- Dec 4 23:47:59 client 10.0.0.1#1355: updating zone
- 'example.com/IN': update failed: 'RRset exists (value
- dependent)' prerequisite not satisfied (NXRRSET)
- </para>
- </question>
- <answer>
- <para>
- DNS updates allow the update request to test to see if
- certain conditions are met prior to proceeding with the
- update. The message above is saying that conditions were
- not met and the update is not proceeding. See doc/rfc/rfc2136.txt
- for more details on prerequisites.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I keep getting log messages like the following. Why?
- </para>
- <para>
- Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
- </para>
- </question>
- <answer>
- <para>
- Someone is trying to update your DNS data using the RFC2136
- Dynamic Update protocol. Windows 2000 machines have a habit
- of sending dynamic update requests to DNS servers without
- being specifically configured to do so. If the update
- requests are coming from a Windows 2000 machine, see
- <ulink
- url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
- http://support.microsoft.com/support/kb/articles/q246/8/04.asp
- </ulink>
- for information about how to turn them off.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
I see a log message like the following. Why?
</para>
<para>
@@ -402,81 +247,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- When I do a "dig . ns", many of the A records for the root
- servers are missing. Why?
- </para>
- </question>
- <answer>
- <para>
- This is normal and harmless. It is a somewhat confusing
- side effect of the way BIND 9 does RFC2181 trust ranking
- and of the efforts BIND 9 makes to avoid promoting glue
- into answers.
- </para>
- <para>
- When BIND 9 first starts up and primes its cache, it receives
- the root server addresses as additional data in an authoritative
- response from a root server, and these records are eligible
- for inclusion as additional data in responses. Subsequently
- it receives a subset of the root server addresses as
- additional data in a non-authoritative (referral) response
- from a root server. This causes the addresses to now be
- considered non-authoritative (glue) data, which is not
- eligible for inclusion in responses.
- </para>
- <para>
- The server does have a complete set of root server addresses
- cached at all times, it just may not include all of them
- as additional data, depending on whether they were last
- received as answers or as glue. You can always look up the
- addresses with explicit queries like "dig a.root-servers.net A".
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Zone transfers from my BIND 9 master to my Windows 2000
- slave fail. Why?
- </para>
- </question>
- <answer>
- <para>
- This may be caused by a bug in the Windows 2000 DNS server
- where DNS messages larger than 16K are not handled properly.
- This can be worked around by setting the option "transfer-format
- one-answer;". Also check whether your zone contains domain
- names with embedded spaces or other special characters,
- like "John\032Doe\213s\032Computer", since such names have
- been known to cause Windows 2000 slaves to incorrectly
- reject the zone.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why don't my zones reload when I do an "rndc reload" or SIGHUP?
- </para>
- </question>
- <answer>
- <para>
- A zone can be updated either by editing zone files and
- reloading the server or by dynamic update, but not both.
- If you have enabled dynamic update for a zone using the
- "allow-update" option, you are not supposed to edit the
- zone file by hand, and the server will not attempt to reload
- it.
- </para>
- </answer>
- </qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -491,7 +262,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -579,50 +350,7 @@ Slave 10.0.1.2:
</informalexample>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
- </para>
- </question>
- <answer>
- <para>
- /dev/random is not configured. Use rndcontrol(8) to tell
- the kernel to use certain interrupts as a source of random
- events. You can make this permanent by setting rand_irqs
- in /etc/rc.conf.
- </para>
- <informalexample>
- <programlisting>
-/etc/rc.conf
-rand_irqs="3 14 15"</programlisting>
- </informalexample>
- <para>
- See also
- <ulink url="http://people.freebsd.org/~dougb/randomness.html">
- http://people.freebsd.org/~dougb/randomness.html
- </ulink>
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why is named listening on UDP port other than 53?
- </para>
- </question>
- <answer>
- <para>
- Named uses a system selected port to make queries of other
- nameservers. This behaviour can be overridden by using
- query-source to lock down the port and/or address. See
- also notify-source and transfer-source.
- </para>
- </answer>
- </qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -644,7 +372,7 @@ named-checkzone example.com tmp</programlisting>
</informalexample>
<para>
A CNAME record cannot exist with the same name as another record
- except for the DNSSEC records which prove its existance (NSEC).
+ except for the DNSSEC records which prove its existence (NSEC).
</para>
<para>
RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
@@ -655,7 +383,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -674,33 +402,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get warning messages like <quote>zone example.com/IN: refresh:
- failure trying master 1.2.3.4#53: timed out</quote>.
- </para>
- </question>
- <answer>
- <para>
- Check that you can make UDP queries from the slave to the master
- </para>
- <informalexample>
- <programlisting>
-dig +norec example.com soa @1.2.3.4</programlisting>
- </informalexample>
- <para>
- You could be generating queries faster than the slave can
- cope with. Lower the serial query rate.
- </para>
- <informalexample>
- <programlisting>
-serial-query-rate 5; // default 20</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -726,7 +428,7 @@ Master 10.0.1.1:
};
view "internal" {
- match-clients { !external; 10.0.1/24; };
+ match-clients { !key external; 10.0.1/24; };
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external; };
@@ -740,7 +442,7 @@ Master 10.0.1.1:
};
view "external" {
- match-clients { external; any; };
+ match-clients { key external; any; };
zone "example.com" {
type slave;
file "external/example.db";
@@ -767,8 +469,8 @@ Master 10.0.1.1:
This error is produced when a line in the master file
contains leading white space (tab/space) but the is no
current record owner name to inherit the name from. Usually
- this is the result of putting white space before a comment.
- Forgeting the "@" for the SOA record or indenting the master
+ this is the result of putting white space before a comment,
+ forgetting the "@" for the SOA record, or indenting the master
file.
</para>
</answer>
@@ -782,7 +484,7 @@ Master 10.0.1.1:
</question>
<answer>
<para>
- You are running chrooted (-t) and have not supplied local timzone
+ You are running chrooted (-t) and have not supplied local timezone
information in the chroot area.
</para>
<simplelist>
@@ -795,22 +497,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get the error message <quote>named: capset failed: Operation
- not permitted</quote> when starting named.
- </para>
- </question>
- <answer>
- <para>
- The capability module, part of "Linux Security Modules/LSM",
- has not been loaded into the kernel. See insmod(8).
- </para>
- </answer>
- </qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -850,46 +537,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I don't get RRSIG's returned when I use "dig +dnssec".
- </para>
- </question>
- <answer>
- <para>
- You need to ensure DNSSEC is enabled (dnssec-enable yes;).
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get <quote>Error 1067</quote> when starting named under Windows.
- </para>
- </question>
- <answer>
- <para>
- This is the service manager saying that named exited. You
- need to examine the Application log in the EventViewer to
- find out why.
- </para>
- <para>
- Common causes are that you failed to create "named.conf"
- (usually "C:\windows\dns\etc\named.conf") or failed to
- specify the directory in named.conf.
- </para>
- <informalexample>
- <programlisting>
-options {
- Directory "C:\windows\dns\etc";
-};</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -941,26 +589,238 @@ zone "example.net" {
</informalexample>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I want to forward all DNS queries from my caching nameserver to
+ another server. But there are some domains which have to be
+ served locally, via rbldnsd.
+ </para>
+ <para>
+ How do I achieve this ?
+ </para>
+ </question>
+ <answer>
+ <programlisting>
+options {
+ forward only;
+ forwarders { &lt;ip.of.primary.nameserver&gt;; };
+};
+
+zone "sbl-xbl.spamhaus.org" {
+ type forward; forward only;
+ forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
+};
+
+zone "list.dsbl.org" {
+ type forward; forward only;
+ forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
+};
+ </programlisting>
+ </answer>
+ </qandaentry>
<qandaentry>
<question>
<para>
- How do I intergrate BIND 9 and Solaris SMF
+ Can you help me understand how BIND 9 uses memory to store
+ DNS zones?
+ </para>
+ <para>
+ Some times it seems to take several times the amount of
+ memory it needs to store the zone.
</para>
</question>
<answer>
<para>
- Sun has a blog entry describing how to do this.
+ When reloading a zone named my have multiple copies of
+ the zone in memory at one time. The zone it is serving
+ and the one it is loading. If reloads are ultra fast it
+ can have more still.
+ </para>
+ <para>
+ e.g. Ones that are transferring out, the one that it is
+ serving and the one that is loading.
+ </para>
+ <para>
+ BIND 8 destroyed the zone before loading and also killed
+ off outgoing transfers of the zone.
+ </para>
+ <para>
+ The new strategy allows slaves to get copies of the new
+ zone regardless of how often the master is loaded compared
+ to the transfer time. The slave might skip some intermediate
+ versions but the transfers will complete and it will keep
+ reasonably in sync with the master.
</para>
<para>
+ The new strategy also allows the master to recover from
+ syntax and other errors in the master file as it still
+ has an in-core copy of the old contents.
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- Configuration and Setup Questions -->
+
+ <qandadiv><title>General Questions</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ I keep getting log messages like the following. Why?
+ </para>
+ <para>
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone
+ 'example.com/IN': update failed: 'RRset exists (value
+ dependent)' prerequisite not satisfied (NXRRSET)
+ </para>
+ </question>
+ <answer>
+ <para>
+ DNS updates allow the update request to test to see if
+ certain conditions are met prior to proceeding with the
+ update. The message above is saying that conditions were
+ not met and the update is not proceeding. See doc/rfc/rfc2136.txt
+ for more details on prerequisites.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I keep getting log messages like the following. Why?
+ </para>
+ <para>
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+ </para>
+ </question>
+ <answer>
+ <para>
+ Someone is trying to update your DNS data using the RFC2136
+ Dynamic Update protocol. Windows 2000 machines have a habit
+ of sending dynamic update requests to DNS servers without
+ being specifically configured to do so. If the update
+ requests are coming from a Windows 2000 machine, see
<ulink
- url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
+ http://support.microsoft.com/support/kb/articles/q246/8/04.asp
</ulink>
+ for information about how to turn them off.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ When I do a "dig . ns", many of the A records for the root
+ servers are missing. Why?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is normal and harmless. It is a somewhat confusing
+ side effect of the way BIND 9 does RFC2181 trust ranking
+ and of the efforts BIND 9 makes to avoid promoting glue
+ into answers.
+ </para>
+ <para>
+ When BIND 9 first starts up and primes its cache, it receives
+ the root server addresses as additional data in an authoritative
+ response from a root server, and these records are eligible
+ for inclusion as additional data in responses. Subsequently
+ it receives a subset of the root server addresses as
+ additional data in a non-authoritative (referral) response
+ from a root server. This causes the addresses to now be
+ considered non-authoritative (glue) data, which is not
+ eligible for inclusion in responses.
+ </para>
+ <para>
+ The server does have a complete set of root server addresses
+ cached at all times, it just may not include all of them
+ as additional data, depending on whether they were last
+ received as answers or as glue. You can always look up the
+ addresses with explicit queries like "dig a.root-servers.net A".
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+ </para>
+ </question>
+ <answer>
+ <para>
+ A zone can be updated either by editing zone files and
+ reloading the server or by dynamic update, but not both.
+ If you have enabled dynamic update for a zone using the
+ "allow-update" option, you are not supposed to edit the
+ zone file by hand, and the server will not attempt to reload
+ it.
</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why is named listening on UDP port other than 53?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Named uses a system selected port to make queries of other
+ nameservers. This behaviour can be overridden by using
+ query-source to lock down the port and/or address. See
+ also notify-source and transfer-source.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get warning messages like <quote>zone example.com/IN: refresh:
+ failure trying master 1.2.3.4#53: timed out</quote>.
+ </para>
+ </question>
+ <answer>
+ <para>
+ Check that you can make UDP queries from the slave to the master
+ </para>
+ <informalexample>
+ <programlisting>
+dig +norec example.com soa @1.2.3.4</programlisting>
+ </informalexample>
+ <para>
+ You could be generating queries faster than the slave can
+ cope with. Lower the serial query rate.
+ </para>
+ <informalexample>
+ <programlisting>
+serial-query-rate 5; // default 20</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+ <qandaentry>
+ <question>
+ <para>
+ I don't get RRSIG's returned when I use "dig +dnssec".
+ </para>
+ </question>
+ <answer>
+ <para>
+ You need to ensure DNSSEC is enabled (dnssec-enable yes;).
+ </para>
+ </answer>
+ </qandaentry>
+
<qandaentry>
<question>
<para>
@@ -977,7 +837,7 @@ zone "example.net" {
You would have to add both the CNAME and address records
(A/AAAA) as glue to the parent zone and have CNAMEs be
followed when doing additional section processing to make
- it work. No namesever implementation supports either of
+ it work. No nameserver implementation supports either of
these requirements.
</para>
</answer>
@@ -996,7 +856,7 @@ zone "example.net" {
space you are using then you have failed to follow RFC 1918
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
- you quering the Internet's name servers for these addresses.
+ you querying the Internet's name servers for these addresses.
Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
for details of the problems you are causing and the counter
measures that have had to be deployed.
@@ -1044,10 +904,181 @@ empty:
</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Will named be affected by the 2007 changes to daylight savings
+ rules in the US.
+ </para>
+ </question>
+ <answer>
+ <para>
+ No, so long as the machines internal clock (as reported
+ by "date -u") remains at UTC. The only visible change
+ if you fail to upgrade your OS, if you are in a affected
+ area, will be that log messages will be a hour out during
+ the period where the old rules do not match the new rules.
+ </para>
+ <para>
+ For most OS's this change just means that you need to
+ update the conversion rules from UTC to local time.
+ Normally this involves updating a file in /etc (which
+ sets the default timezone for the machine) and possibly
+ a directory which has all the conversion rules for the
+ world (e.g. /usr/share/zoneinfo). When updating the OS
+ do not forget to update any chroot areas as well.
+ See your OS's documentation for more details.
+ </para>
+ <para>
+ The local timezone conversion rules can also be done on
+ a individual basis by setting the TZ environment variable
+ appropriately. See your OS's documentation for more
+ details.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Is there a bugzilla (or other tool) database that mere
+ mortals can have (read-only) access to for bind?
+ </para>
+ </question>
+ <answer>
+ <para>
+ No. The BIND 9 bug database is kept closed for a number
+ of reasons. These include, but are not limited to, that
+ the database contains proprietory information from people
+ reporting bugs. The database has in the past and may in
+ future contain unfixed bugs which are capable of bringing
+ down most of the Internet's DNS infrastructure.
+ </para>
+ <para>
+ The release pages for each version contain up to date
+ lists of bugs that have been fixed post release. That
+ is as close as we can get to providing a bug database.
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- General Questions -->
+
+ <qandadiv><title>Operating-System Specific Questions</title>
+
+ <qandadiv><title>HPUX</title>
+
+ <qandaentry>
+ <question>
+ <para>I get the following error trying to configure BIND:
+<programlisting>checking if unistd.h or sys/types.h defines fd_set... no
+configure: error: need either working unistd.h or sys/select.h</programlisting>
+ </para>
+ </question>
+ <answer>
+ <para>
+ You have attempted to configure BIND with the bundled C compiler.
+ This compiler does not meet the minimum compiler requirements to
+ for building BIND. You need to install a ANSI C compiler and / or
+ teach configure how to find the ANSI C compiler. The later can
+ be done by adjusting the PATH environment variable and / or
+ specifying the compiler via CC.
+ </para>
+ <informalexample>
+ <programlisting>./configure CC=&lt;compiler&gt; ...</programlisting>
+ </informalexample>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- HPUX -->
+
+ <qandadiv><title>Linux</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why do I get the following errors:
+<programlisting>general: errno2result.c:109: unexpected error:
+general: unable to convert errno to isc_result: 14: Bad address
+client: UDP client handler shutting down due to fatal receive error: unexpected error</programlisting>
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is the result of a Linux kernel bug.
+ </para>
+ <para>
+ See:
+ <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2</ulink>
+ </para>
+ </answer>
+ </qandaentry>
<qandaentry>
<question>
<para>
+ Why do I see 5 (or more) copies of named on Linux?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Linux threads each show up as a process under ps. The
+ approximate number of threads running is n+4, where n is
+ the number of CPUs. Note that the amount of memory used
+ is not cumulative; if each process is using 10M of memory,
+ only a total of 10M is used.
+ </para>
+ <para>
+ Newer versions of Linux's ps command hide the individual threads
+ and require -L to display them.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why does BIND 9 log <quote>permission denied</quote> errors accessing
+ its configuration files or zones on my Linux system even
+ though it is running as root?
+ </para>
+ </question>
+ <answer>
+ <para>
+ On Linux, BIND 9 drops most of its root privileges on
+ startup. This including the privilege to open files owned
+ by other users. Therefore, if the server is running as
+ root, the configuration files and zone files should also
+ be owned by root.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get the error message <quote>named: capset failed: Operation
+ not permitted</quote> when starting named.
+ </para>
+ </question>
+ <answer>
+ <para>
+ The capability module, part of "Linux Security Modules/LSM",
+ has not been loaded into the kernel. See insmod(8), modprobe(8).
+ </para>
+ <para>
+ The relevant modules can be loaded by running:
+<programlisting>
+modprobe commoncap
+modprobe capability</programlisting>
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
</para>
<para>
@@ -1073,7 +1104,7 @@ empty:
SELinux security policy ( see http://www.nsa.gov/selinux
) and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
- the bind-chroot environment unecessary .
+ the bind-chroot environment unnecessary .
</para>
<para>
@@ -1174,7 +1205,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom configuration file location, eg.
+ To create a custom configuration file location, e.g.
'/root/named.conf', to use with the 'named -c' option,
do:
<informalexample>
@@ -1185,7 +1216,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom modifiable named data location, eg.
+ To create a custom modifiable named data location, e.g.
'/var/log/named' for a log file, do:
<informalexample>
<programlisting>
@@ -1195,7 +1226,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom zone file location, eg. /root/zones/, do:
+ To create a custom zone file location, e.g. /root/zones/, do:
<informalexample>
<programlisting>
# chcon system_u:object_r:named_zone_t /root/zones/{.,*}
@@ -1209,68 +1240,203 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
</answer>
</qandaentry>
+
<qandaentry>
<question>
<para>
- I want to forward all DNS queries from my caching nameserver to
- another server. But there are some domains which have to be
- served locally, via rbldnsd.
+ Listening on individual IPv6 interfaces does not work.
</para>
+ </question>
+ <answer>
<para>
- How do I achieve this ?
+ This is usually due to "/proc/net/if_inet6" not being available
+ in the chroot file system. Mount another instance of "proc"
+ in the chroot file system.
+ </para>
+ <para>
+ This can be be made permanent by adding a second instance to
+ /etc/fstab.
+ <informalexample>
+ <programlisting>
+proc /proc proc defaults 0 0
+proc /var/named/proc proc defaults 0 0</programlisting>
+ </informalexample>
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- Linux -->
+
+ <qandadiv><title>Windows</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ Zone transfers from my BIND 9 master to my Windows 2000
+ slave fail. Why?
</para>
</question>
<answer>
- <programlisting>
+ <para>
+ This may be caused by a bug in the Windows 2000 DNS server
+ where DNS messages larger than 16K are not handled properly.
+ This can be worked around by setting the option "transfer-format
+ one-answer;". Also check whether your zone contains domain
+ names with embedded spaces or other special characters,
+ like "John\032Doe\213s\032Computer", since such names have
+ been known to cause Windows 2000 slaves to incorrectly
+ reject the zone.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I get <quote>Error 1067</quote> when starting named under Windows.
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is the service manager saying that named exited. You
+ need to examine the Application log in the EventViewer to
+ find out why.
+ </para>
+ <para>
+ Common causes are that you failed to create "named.conf"
+ (usually "C:\windows\dns\etc\named.conf") or failed to
+ specify the directory in named.conf.
+ </para>
+ <informalexample>
+ <programlisting>
options {
- forward only;
- forwarders { &lt;ip.of.primary.nameserver&gt;; };
-};
-
-zone "sbl-xbl.spamhaus.org" {
- type forward; forward only;
- forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
-
-zone "list.dsbl.org" {
- type forward; forward only;
- forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
- </programlisting>
+ Directory "C:\windows\dns\etc";
+};</programlisting>
+ </informalexample>
</answer>
</qandaentry>
+
+ </qandadiv> <!-- Windows -->
+
+ <qandadiv><title>FreeBSD</title>
+
<qandaentry>
<question>
<para>
- Will named be affected by the 2007 changes to daylight savings
- rules in the US.
+ I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
</para>
</question>
<answer>
<para>
- No, so long as the machines internal clock (as reported
- by "date -u") remains at UTC. The only visible change
- if you fail to upgrade your OS, if you are in a affected
- area, will be that log messages will be a hour out during
- the period where the old rules do not match the new rules.
+ /dev/random is not configured. Use rndcontrol(8) to tell
+ the kernel to use certain interrupts as a source of random
+ events. You can make this permanent by setting rand_irqs
+ in /etc/rc.conf.
</para>
+ <informalexample>
+ <programlisting>
+/etc/rc.conf
+rand_irqs="3 14 15"</programlisting>
+ </informalexample>
<para>
- For most OS's this change just means that you need to
- update the conversion rules from UTC to local time.
- Normally this involves updating a file in /etc (which
- sets the default timezone for the machine) and possibly
- a directory which has all the conversion rules for the
- world (e.g. /usr/share/zoneinfo). When updating the OS
- do not forget to update any chroot areas as well.
- See your OS's documetation for more details.
+ See also
+ <ulink url="http://people.freebsd.org/~dougb/randomness.html">
+ http://people.freebsd.org/~dougb/randomness.html
+ </ulink>
</para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- FreeBSD -->
+
+ <qandadiv><title>Solaris</title>
+
+ <qandaentry>
+ <question>
<para>
- The local timezone conversion rules can also be done on
- a individual basis by setting the TZ envirionment variable
- appropriately. See your OS's documentation for more
- details.
+ How do I integrate BIND 9 and Solaris SMF
+ </para>
+ </question>
+ <answer>
+ <para>
+ Sun has a blog entry describing how to do this.
+ </para>
+ <para>
+ <ulink
+ url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
+ http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ </ulink>
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv>
+
+ <qandadiv><title>Apple Mac OS X</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I run BIND 9 on Apple Mac OS X?
+ </para>
+ </question>
+ <answer>
+ <para>
+ If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo rndc-confgen > /etc/rndc.conf</programlisting>
+ </informalexample>
+ <para>
+ Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
+ </para>
+ <informalexample>
+ <programlisting>
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "uvceheVuqf17ZwIcTydddw==";
+};</programlisting>
+ </informalexample>
+ <para>
+ Then start the relevant service:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo service org.isc.named start</programlisting>
+ </informalexample>
+ <para>
+ This is persistent upon a reboot, so you will have to do it only once.
+ </para>
+ </answer>
+
+ <answer>
+ <para>
+ Alternatively you can just generate /etc/rndc.key by running:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo rndc-confgen -a</programlisting>
+ </informalexample>
+ <para>
+ Then start the relevant service:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo service org.isc.named start</programlisting>
+ </informalexample>
+ <para>
+ Named will look for /etc/rndc.key when it starts if it
+ doesn't have a controls section or the existing controls are
+ missing keys sub-clauses. This is persistent upon a
+ reboot, so you will have to do it only once.
</para>
</answer>
</qandaentry>
+
+ </qandadiv>
+
+ </qandadiv> <!-- Operating-System Specific Questions -->
+
</qandaset>
</article>
diff --git a/Makefile.in b/Makefile.in
index 7f3a6888baa0..eb1a36acfe67 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.41.2.2.2.4 2006/05/19 00:04:00 marka Exp $
+# $Id: Makefile.in,v 1.41.2.2.2.7 2007/08/28 07:19:07 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/README b/README
index 4763e53b8943..709df1267ae4 100644
--- a/README
+++ b/README
@@ -42,14 +42,6 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
-BIND 9.3.4
-
- BIND 9.3.4 is a security release.
-
-BIND 9.3.3
-
- BIND 9.3.3 is a maintenance release, containing fixes for
- a number of bugs in 9.3.2.
BIND 9.3.2
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
index 1b67ca88596f..f4d573db916a 100644
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,12 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.c,v 1.4.12.7 2004/11/30 01:15:40 marka Exp $ */
+/* $Id: check-tool.c,v 1.4.12.11 2007/09/13 05:18:07 each Exp $ */
#include <config.h>
#include <stdio.h>
-#include <string.h>
#include "check-tool.h"
#include <isc/util.h>
@@ -29,6 +28,7 @@
#include <isc/log.h>
#include <isc/region.h>
#include <isc/stdio.h>
+#include <isc/string.h>
#include <isc/types.h>
#include <dns/fixedname.h>
diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h
index 105cd258ca3d..cbe18afa25b0 100644
--- a/bin/check/check-tool.h
+++ b/bin/check/check-tool.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.h,v 1.2.12.5 2004/03/08 04:04:13 marka Exp $ */
+/* $Id: check-tool.h,v 1.2.12.8 2007/08/28 07:19:07 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index 7d0633582dbf..148e6c59d5df 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $
+.\" $Id: named-checkconf.8,v 1.11.12.13 2007/06/20 02:26:23 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named\-checkconf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 14, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -39,27 +39,37 @@ named\-checkconf \- named configuration file syntax checking tool
\fBnamed\-checkconf\fR
checks the syntax, but not the semantics, of a named configuration file.
.SH "OPTIONS"
-.TP 3n
+.PP
\-t \fIdirectory\fR
-chroot to
+.RS 4
+Chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Print the version of the
\fBnamed\-checkconf\fR
program and exit.
-.TP 3n
+.RE
+.PP
\-z
-Perform a check load the master zonefiles found in
+.RS 4
+Perform a test load of all master zones found in
\fInamed.conf\fR.
-.TP 3n
+.RE
+.PP
\-j
+.RS 4
When loading a zonefile read the journal if it exists.
-.TP 3n
+.RE
+.PP
filename
+.RS 4
The name of the configuration file to be checked. If not specified, it defaults to
\fI/etc/named.conf\fR.
+.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkconf\fR
@@ -67,9 +77,13 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkzone\fR(8),
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index f50461d79256..cc0101c31e60 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.12.12.14 2007/08/28 07:19:07 tbox Exp $ */
#include <config.h>
diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook
index c2529f642fe0..b955becd8091 100644
--- a/bin/check/named-checkconf.docbook
+++ b/bin/check/named-checkconf.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.7 2005/05/12 21:35:56 sra Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.13 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,12 +35,14 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
+ <year>2003</year>
<holder>Internet Software Consortium.</holder>
</copyright>
</docinfo>
@@ -77,7 +79,7 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- chroot to <filename>directory</filename> so that include
+ Chroot to <filename>directory</filename> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</para>
@@ -98,7 +100,7 @@
<term>-z</term>
<listitem>
<para>
- Perform a check load the master zonefiles found in
+ Perform a test load of all master zones found in
<filename>named.conf</filename>.
</para>
</listitem>
@@ -142,6 +144,9 @@
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsect1>
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 2283c5162615..0617e0bbc64f 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -1,6 +1,6 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.5.2.1.4.21 2007/06/20 02:26:23 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
@@ -32,18 +32,18 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549430"></a><h2>DESCRIPTION</h2>
+<a name="id2543374"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
the semantics, of a named configuration file.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549443"></a><h2>OPTIONS</h2>
+<a name="id2543387"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
- chroot to <code class="filename">directory</code> so that include
+ Chroot to <code class="filename">directory</code> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</p></dd>
@@ -54,7 +54,7 @@
</p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
- Perform a check load the master zonefiles found in
+ Perform a test load of all master zones found in
<code class="filename">named.conf</code>.
</p></dd>
<dt><span class="term">-j</span></dt>
@@ -69,21 +69,22 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549534"></a><h2>RETURN VALUES</h2>
+<a name="id2543479"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549547"></a><h2>SEE ALSO</h2>
+<a name="id2543492"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549639"></a><h2>AUTHOR</h2>
+<a name="id2543524"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index f50085c78456..b6402626dc7a 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.1.8.16 2007/06/20 02:26:23 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named\-checkzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 13, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,25 +43,36 @@ does when loading a zone. This makes
\fBnamed\-checkzone\fR
useful for checking zone files before configuring them into a name server.
.SH "OPTIONS"
-.TP 3n
+.PP
\-d
+.RS 4
Enable debugging.
-.TP 3n
+.RE
+.PP
\-q
+.RS 4
Quiet mode \- exit code only.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Print the version of the
\fBnamed\-checkzone\fR
program and exit.
-.TP 3n
+.RE
+.PP
\-j
+.RS 4
When loading the zone file read the journal if it exists.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Specify the class of the zone. If not specified "IN" is assumed.
-.TP 3n
+.RE
+.PP
\-k \fImode\fR
+.RS 4
Perform
\fB"check\-names"\fR
checks with the specified failure mode. Possible modes are
@@ -69,37 +80,52 @@ checks with the specified failure mode. Possible modes are
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
-.TP 3n
+.RE
+.PP
\-n \fImode\fR
+.RS 4
Specify whether NS records should be checked to see if they are addresses. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
-.TP 3n
+.RE
+.PP
\-o \fIfilename\fR
+.RS 4
Write zone output to
\fIfilename\fR.
-.TP 3n
+.RE
+.PP
\-t \fIdirectory\fR
-chroot to
+.RS 4
+Chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.TP 3n
+.RE
+.PP
\-w \fIdirectory\fR
+.RS 4
chdir to
\fIdirectory\fR
so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
\fInamed.conf\fR.
-.TP 3n
+.RE
+.PP
\-D
+.RS 4
Dump zone file in canonical format.
-.TP 3n
+.RE
+.PP
zonename
+.RS 4
The domain name of the zone being checked.
-.TP 3n
+.RE
+.PP
filename
+.RS 4
The name of the zone file.
+.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkzone\fR
@@ -107,10 +133,14 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
RFC 1035,
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index a24e92b49963..9ea37e19c7e3 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.13 2006/09/30 23:58:36 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.19 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -36,12 +36,14 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
+ <year>2003</year>
<holder>Internet Software Consortium.</holder>
</copyright>
</docinfo>
@@ -168,7 +170,7 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- chroot to <filename>directory</filename> so that include
+ Chroot to <filename>directory</filename> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</para>
@@ -233,6 +235,9 @@
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
<citetitle>RFC 1035</citetitle>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 8f5195a6d8f8..295da1362673 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,6 +1,6 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.html,v 1.5.2.2.4.17 2006/10/05 02:50:17 marka Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.5.2.2.4.23 2007/06/20 02:26:23 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549490"></a><h2>DESCRIPTION</h2>
+<a name="id2543434"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
a zone file. It performs the same checks as <span><strong class="command">named</strong></span>
@@ -42,7 +42,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549510"></a><h2>OPTIONS</h2>
+<a name="id2543454"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -85,7 +85,7 @@
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
- chroot to <code class="filename">directory</code> so that include
+ Chroot to <code class="filename">directory</code> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</p></dd>
@@ -111,22 +111,23 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549824"></a><h2>RETURN VALUES</h2>
+<a name="id2543700"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549836"></a><h2>SEE ALSO</h2>
+<a name="id2543713"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549863"></a><h2>AUTHOR</h2>
+<a name="id2543748"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 65c14ce88222..c68e6d8f316b 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.25.12.12 2004/08/18 23:25:57 marka Exp $
+# $Id: Makefile.in,v 1.25.12.15 2007/08/28 07:19:07 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 735f31c2a570..a5f5ff3c04a3 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $
+.\" $Id: dig.1,v 1.14.2.4.2.18 2007/05/16 06:10:54 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dig
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -50,7 +50,7 @@ Although
\fBdig\fR
is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
\fB\-h\fR
-option is given. Unlike earlier versions, the BIND9 implementation of
+option is given. Unlike earlier versions, the BIND 9 implementation of
\fBdig\fR
allows multiple lookups to be issued from the command line.
.PP
@@ -65,21 +65,28 @@ It is possible to set per\-user defaults for
\fBdig\fR
via
\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
+.PP
+The IN and CH class names overlap with the IN and CH top level domains names. Either use the
+\fB\-t\fR
+and
+\fB\-c\fR
+options to specify the type and class or use "IN." and "CH." when looking up these top level domains.
.SH "SIMPLE USAGE"
.PP
A typical invocation of
\fBdig\fR
looks like:
.sp
-.RS 3n
+.RS 4
.nf
dig @server name type
.fi
.RE
.sp
where:
-.TP 3n
+.PP
\fBserver\fR
+.RS 4
is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
\fIserver\fR
argument is a hostname,
@@ -91,11 +98,15 @@ argument is provided,
consults
\fI/etc/resolv.conf\fR
and queries the name servers listed there. The reply from the name server that responds is displayed.
-.TP 3n
+.RE
+.PP
\fBname\fR
+.RS 4
is the name of the resource record that is to be looked up.
-.TP 3n
+.RE
+.PP
\fBtype\fR
+.RS 4
indicates what type of query is required \(em ANY, A, MX, SIG, etc.
\fItype\fR
can be any valid query type. If no
@@ -103,6 +114,7 @@ can be any valid query type. If no
argument is supplied,
\fBdig\fR
will perform a lookup for an A record.
+.RE
.SH "OPTIONS"
.PP
The
@@ -114,14 +126,14 @@ The default query class (IN for internet) is overridden by the
\fB\-c\fR
option.
\fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
+is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
.PP
The
\fB\-f\fR
option makes
\fBdig \fR
operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
using the command\-line interface.
.PP
@@ -146,7 +158,7 @@ to only use IPv6 query transport.
The
\fB\-t\fR
option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
\fItype\fR
@@ -154,7 +166,7 @@ is set to
ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
\fIN\fR.
.PP
-Reverse lookups \- mapping addresses to names \- are simplified by the
+Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
option.
\fIaddr\fR
@@ -202,19 +214,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k
no
to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
\fB+keyword=value\fR. The query options are:
-.TP 3n
+.PP
\fB+[no]tcp\fR
-Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.TP 3n
+.RS 4
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.RE
+.PP
\fB+[no]vc\fR
+.RS 4
Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.TP 3n
+.RE
+.PP
\fB+[no]ignore\fR
+.RS 4
Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.TP 3n
+.RE
+.PP
\fB+domain=somename\fR
+.RS 4
Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fBdomain\fR
@@ -222,36 +241,54 @@ directive in
\fI/etc/resolv.conf\fR, and enable search list processing as if the
\fI+search\fR
option were given.
-.TP 3n
+.RE
+.PP
\fB+[no]search\fR
+.RS 4
Use [do not use] the search list defined by the searchlist or domain directive in
\fIresolv.conf\fR
(if any). The search list is not used by default.
-.TP 3n
+.RE
+.PP
\fB+[no]defname\fR
+.RS 4
Deprecated, treated as a synonym for
\fI+[no]search\fR
-.TP 3n
+.RE
+.PP
\fB+[no]aaonly\fR
+.RS 4
Sets the "aa" flag in the query.
-.TP 3n
+.RE
+.PP
\fB+[no]aaflag\fR
+.RS 4
A synonym for
\fI+[no]aaonly\fR.
-.TP 3n
+.RE
+.PP
\fB+[no]adflag\fR
+.RS 4
Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
-.TP 3n
+.RE
+.PP
\fB+[no]cdflag\fR
+.RS 4
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.TP 3n
+.RE
+.PP
\fB+[no]cl\fR
+.RS 4
Display [do not display] the CLASS when printing the record.
-.TP 3n
+.RE
+.PP
\fB+[no]ttlid\fR
+.RS 4
Display [do not display] the TTL when printing the record.
-.TP 3n
+.RE
+.PP
\fB+[no]recurse\fR
+.RS 4
Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
\fBdig\fR
normally sends recursive queries. Recursion is automatically disabled when the
@@ -259,75 +296,109 @@ normally sends recursive queries. Recursion is automatically disabled when the
or
\fI+trace\fR
query options are used.
-.TP 3n
+.RE
+.PP
\fB+[no]nssearch\fR
+.RS 4
When this option is set,
\fBdig\fR
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.TP 3n
+.RE
+.PP
\fB+[no]trace\fR
+.RS 4
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.TP 3n
+.RE
+.PP
\fB+[no]cmd\fR
-toggles the printing of the initial comment in the output identifying the version of
+.RS 4
+Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
and the query options that have been applied. This comment is printed by default.
-.TP 3n
+.RE
+.PP
\fB+[no]short\fR
+.RS 4
Provide a terse answer. The default is to print the answer in a verbose form.
-.TP 3n
+.RE
+.PP
\fB+[no]identify\fR
+.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.TP 3n
+.RE
+.PP
\fB+[no]comments\fR
+.RS 4
Toggle the display of comment lines in the output. The default is to print comments.
-.TP 3n
+.RE
+.PP
\fB+[no]stats\fR
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
-.TP 3n
+.RS 4
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+.RE
+.PP
\fB+[no]qr\fR
+.RS 4
Print [do not print] the query as it is sent. By default, the query is not printed.
-.TP 3n
+.RE
+.PP
\fB+[no]question\fR
+.RS 4
Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.TP 3n
+.RE
+.PP
\fB+[no]answer\fR
+.RS 4
Display [do not display] the answer section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]authority\fR
+.RS 4
Display [do not display] the authority section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]additional\fR
+.RS 4
Display [do not display] the additional section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]all\fR
+.RS 4
Set or clear all display flags.
-.TP 3n
+.RE
+.PP
\fB+time=T\fR
+.RS 4
Sets the timeout for a query to
\fIT\fR
-seconds. The default time out is 5 seconds. An attempt to set
+seconds. The default timeout is 5 seconds. An attempt to set
\fIT\fR
to less than 1 will result in a query timeout of 1 second being applied.
-.TP 3n
+.RE
+.PP
\fB+tries=T\fR
+.RS 4
Sets the number of times to try UDP queries to server to
\fIT\fR
instead of the default, 3. If
\fIT\fR
is less than or equal to zero, the number of tries is silently rounded up to 1.
-.TP 3n
+.RE
+.PP
\fB+retry=T\fR
+.RS 4
Sets the number of times to retry UDP queries to server to
\fIT\fR
instead of the default, 2. Unlike
\fI+tries\fR, this does not include the initial query.
-.TP 3n
+.RE
+.PP
\fB+ndots=D\fR
+.RS 4
Set the number of dots that have to appear in
\fIname\fR
to
@@ -339,30 +410,44 @@ or
\fBdomain\fR
directive in
\fI/etc/resolv.conf\fR.
-.TP 3n
+.RE
+.PP
\fB+bufsize=B\fR
+.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
-.TP 3n
+.RE
+.PP
\fB+[no]multiline\fR
+.RS 4
Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
output.
-.TP 3n
+.RE
+.PP
\fB+[no]fail\fR
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
-.TP 3n
+.RS 4
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+.RE
+.PP
\fB+[no]besteffort\fR
+.RS 4
Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.TP 3n
+.RE
+.PP
\fB+[no]dnssec\fR
+.RS 4
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.TP 3n
+.RE
+.PP
\fB+[no]sigchase\fR
+.RS 4
Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.TP 3n
+.RE
+.PP
\fB+trusted\-key=####\fR
+.RS 4
Specifies a file containing trusted keys to be used with
\fB+sigchase\fR. Each DNSKEY record must be on its own line.
.sp
@@ -375,9 +460,12 @@ then
in the current directory.
.sp
Requires dig be compiled with \-DDIG_SIGCHASE.
-.TP 3n
+.RE
+.PP
\fB+[no]topdown\fR
-When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+.RS 4
+When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+.RE
.SH "MULTIPLE QUERIES"
.PP
The BIND 9 implementation of
@@ -394,7 +482,7 @@ A global set of query options, which should be applied to all queries, can also
\fB+[no]cmd\fR
option) can be overridden by a query\-specific set of query options. For example:
.sp
-.RS 3n
+.RS 4
.nf
dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
.fi
@@ -425,8 +513,11 @@ isc.org.
\fBnamed\fR(8),
\fBdnssec\-keygen\fR(8),
RFC1035.
-.SH "BUGS "
+.SH "BUGS"
.PP
There are probably too many query options.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 619e0298064b..763613dfca79 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */
+/* $Id: dig.c,v 1.157.2.13.2.35 2007/08/28 07:19:07 tbox Exp $ */
#include <config.h>
#include <stdlib.h>
@@ -625,42 +625,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
}
}
-/*
- * Reorder an argument list so that server names all come at the end.
- * This is a bit of a hack, to allow batch-mode processing to properly
- * handle the server options.
- */
-static void
-reorder_args(int argc, char *argv[]) {
- int i, j;
- char *ptr;
- int end;
-
- debug("reorder_args()");
- end = argc - 1;
- while (argv[end][0] == '@') {
- end--;
- if (end == 0)
- return;
- }
- debug("arg[end]=%s", argv[end]);
- for (i = 1; i < end - 1; i++) {
- if (argv[i][0] == '@') {
- debug("arg[%d]=%s", i, argv[i]);
- ptr = argv[i];
- for (j = i + 1; j < end; j++) {
- debug("Moving %s to %d", argv[j], j - 1);
- argv[j - 1] = argv[j];
- }
- debug("moving %s to end, %d", ptr, end - 1);
- argv[end - 1] = ptr;
- end--;
- if (end < 1)
- return;
- }
- }
-}
-
static isc_uint32_t
parse_uint(char *arg, const char *desc, isc_uint32_t max) {
isc_result_t result;
@@ -1054,7 +1018,8 @@ static const char *single_dash_opts = "46dhimnv";
static const char *dash_opts = "46bcdfhikmnptvyx";
static isc_boolean_t
dash_option(char *option, char *next, dig_lookup_t **lookup,
- isc_boolean_t *open_type_class)
+ isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
+ int argc, char **argv, isc_boolean_t *firstarg)
{
char opt, *value, *ptr;
isc_result_t result;
@@ -1245,7 +1210,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
keysecret[sizeof(keysecret)-1]=0;
return (value_from_next);
case 'x':
- *lookup = clone_lookup(default_lookup, ISC_TRUE);
+ if (*need_clone)
+ *lookup = clone_lookup(default_lookup, ISC_TRUE);
+ *need_clone = ISC_TRUE;
if (get_reverse(textname, sizeof(textname), value,
ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
strncpy((*lookup)->textname, textname,
@@ -1259,6 +1226,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
if (!(*lookup)->rdclassset)
(*lookup)->rdclass = dns_rdataclass_in;
(*lookup)->new_search = ISC_TRUE;
+ if (*firstarg) {
+ printgreeting(argc, argv, *lookup);
+ *firstarg = ISC_FALSE;
+ }
ISC_LIST_APPEND(lookup_list, *lookup, link);
} else {
fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1349,6 +1320,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
char rcfile[256];
#endif
char *input;
+ int i;
+ isc_boolean_t need_clone = ISC_TRUE;
/*
* The semantics for parsing the args is a bit complex; if
@@ -1396,7 +1369,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
bargv[0] = argv[0];
argv0 = argv[0];
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug(".digrc argv %d: %s",
+ i, bargv[i]);
parse_args(ISC_TRUE, ISC_TRUE, bargc,
(char **)bargv);
}
@@ -1405,7 +1380,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
#endif
}
- lookup = default_lookup;
+ if (is_batchfile && !config_only) {
+ /* Processing '-f batchfile'. */
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_FALSE;
+ } else
+ lookup = default_lookup;
rc = argc;
rv = argv;
@@ -1421,13 +1401,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
} else if (rv[0][0] == '-') {
if (rc <= 1) {
if (dash_option(&rv[0][1], NULL,
- &lookup, &open_type_class)) {
+ &lookup, &open_type_class,
+ &need_clone, argc, argv,
+ &firstarg)) {
rc--;
rv++;
}
} else {
if (dash_option(&rv[0][1], rv[1],
- &lookup, &open_type_class)) {
+ &lookup, &open_type_class,
+ &need_clone, argc, argv,
+ &firstarg)) {
rc--;
rv++;
}
@@ -1495,21 +1479,29 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
continue;
}
}
+
if (!config_only) {
- lookup = clone_lookup(default_lookup,
- ISC_TRUE);
+ if (need_clone)
+ lookup = clone_lookup(default_lookup,
+ ISC_TRUE);
+ need_clone = ISC_TRUE;
strncpy(lookup->textname, rv[0],
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
+ if (firstarg) {
+ printgreeting(argc, argv, lookup);
+ firstarg = ISC_FALSE;
+ }
ISC_LIST_APPEND(lookup_list, lookup, link);
debug("looking up %s", lookup->textname);
}
/* XXX Error message */
}
}
+
/*
* If we have a batchfile, seed the lookup list with the
* first entry, then trust the callback in dighost_shutdown
@@ -1544,15 +1536,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
bargv[0] = argv[0];
argv0 = argv[0];
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
+ return;
}
+ return;
}
/*
* If no lookup specified, search for root
*/
if ((lookup_list.head == NULL) && !config_only) {
- lookup = clone_lookup(default_lookup, ISC_TRUE);
+ if (need_clone)
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_TRUE;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
@@ -1564,10 +1561,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, lookup, link);
- } else if (!config_only && firstarg) {
- printgreeting(argc, argv, lookup);
- firstarg = ISC_FALSE;
}
+ if (!need_clone)
+ destroy_lookup(lookup);
}
/*
@@ -1581,7 +1577,7 @@ dighost_shutdown(void) {
int bargc;
char *bargv[16];
char *input;
-
+ int i;
if (batchname == NULL) {
isc_app_shutdown();
@@ -1609,7 +1605,8 @@ dighost_shutdown(void) {
bargv[0] = argv0;
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
start_lookup();
} else {
@@ -1624,7 +1621,6 @@ dighost_shutdown(void) {
int
main(int argc, char **argv) {
isc_result_t result;
- dig_server_t *s, *s2;
ISC_LIST_INIT(lookup_list);
ISC_LIST_INIT(server_list);
@@ -1645,16 +1641,7 @@ main(int argc, char **argv) {
result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
check_result(result, "isc_app_onrun");
isc_app_run();
- s = ISC_LIST_HEAD(default_lookup->my_server_list);
- while (s != NULL) {
- debug("freeing server %p belonging to %p",
- s, default_lookup);
- s2 = s;
- s = ISC_LIST_NEXT(s, link);
- ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link);
- isc_mem_free(mctx, s2);
- }
- isc_mem_free(mctx, default_lookup);
+ destroy_lookup(default_lookup);
if (batchname != NULL) {
if (batchfp != stdin)
fclose(batchfp);
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 87c98ae7b1f0..82b2516cbbe6 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.4.2.7.4.12 2005/08/30 00:50:29 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.4.2.7.4.20 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
@@ -36,6 +36,8 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -101,7 +103,7 @@ Although <command>dig</command> is normally used with command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <option>-h</option> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
<command>dig</command> allows multiple lookups to be issued from the
command line.
</para>
@@ -123,6 +125,13 @@ It is possible to set per-user defaults for <command>dig</command> via
are applied before the command line arguments.
</para>
+ <para>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <option>-t</option> and
+ <option>-c</option> options to specify the type and class or
+ use "IN." and "CH." when looking up these top level domains.
+ </para>
+
</refsect1>
<refsect1>
@@ -179,14 +188,14 @@ may be specified by appending "#&lt;port&gt;"
<para>
The default query class (IN for internet) is overridden by the
<option>-c</option> option. <parameter>class</parameter> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
</para>
<para>
The <option>-f</option> option makes <command>dig </command> operate
in batch mode by reading a list of lookup requests to process from the
file <parameter>filename</parameter>. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
+queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
<command>dig</command> using the command-line interface.
</para>
@@ -209,7 +218,7 @@ use IPv4 query transport. The <option>-6</option> option forces
<para>
The <option>-t</option> option sets the query type to
<parameter>type</parameter>. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
+supported in BIND 9. The default query type is "A", unless the
<option>-x</option> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
@@ -220,7 +229,7 @@ since the serial number in the zone's SOA record was
</para>
<para>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
<option>-x</option> option. <parameter>addr</parameter> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
@@ -283,7 +292,7 @@ The query options are:
<varlistentry><term><option>+[no]tcp</option></term>
<listitem><para>
Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
</para></listitem></varlistentry>
@@ -384,7 +393,7 @@ resolve the lookup.
<varlistentry><term><option>+[no]cmd</option></term>
<listitem><para>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
the version of <command>dig</command> and the query options that have
been applied. This comment is printed by default.
</para></listitem></varlistentry>
@@ -412,7 +421,7 @@ print comments.
<varlistentry><term><option>+[no]stats</option></term>
<listitem><para>
This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
+was made, the size of the reply and so on. The default behavior is
to print the query statistics.
</para></listitem></varlistentry>
@@ -455,7 +464,7 @@ Set or clear all display flags.
<listitem><para>
Sets the timeout for a query to
-<parameter>T</parameter> seconds. The default time out is 5 seconds.
+<parameter>T</parameter> seconds. The default timeout is 5 seconds.
An attempt to set <parameter>T</parameter> to less than 1 will result
in a query timeout of 1 second being applied.
</para></listitem></varlistentry>
@@ -509,7 +518,7 @@ of the <command>dig</command> output.
<listitem><para>
Do not try the next server if you receive a SERVFAIL. The default is
to not try the next server which is the reverse of normal stub resolver
-behaviour.
+behavior.
</para></listitem></varlistentry>
<varlistentry><term><option>+[no]besteffort</option></term>
@@ -551,7 +560,7 @@ Chase DNSSEC signature chains. Requires dig be compiled with
<varlistentry><term><option>+[no]topdown</option></term>
<listitem><para>
-When chasing DNSSEC signature chains perform a top down validation.
+When chasing DNSSEC signature chains perform a top-down validation.
Requires dig be compiled with -DDIG_SIGCHASE.
</para></listitem></varlistentry>
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 06771b3a1c26..054c1974656b 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.6.2.4.2.15 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: dig.html,v 1.6.2.4.2.23 2007/05/16 06:10:54 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>dig &#8212; DNS lookup utility</p>
@@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549541"></a><h2>DESCRIPTION</h2>
+<a name="id2543485"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -49,7 +49,7 @@ Although <span><strong class="command">dig</strong></span> is normally used with
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <code class="option">-h</code> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
<span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the
command line.
</p>
@@ -67,9 +67,15 @@ It is possible to set per-user defaults for <span><strong class="command">dig</s
<code class="filename">${HOME}/.digrc</code>. This file is read and any options in it
are applied before the command line arguments.
</p>
+<p>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <code class="option">-t</code> and
+ <code class="option">-c</code> options to specify the type and class or
+ use "IN." and "CH." when looking up these top level domains.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549600"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543554"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -107,7 +113,7 @@ ANY, A, MX, SIG, etc.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549747"></a><h2>OPTIONS</h2>
+<a name="id2543633"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid address on
@@ -117,13 +123,13 @@ may be specified by appending "#&lt;port&gt;"
<p>
The default query class (IN for internet) is overridden by the
<code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
</p>
<p>
The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate
in batch mode by reading a list of lookup requests to process from the
file <em class="parameter"><code>filename</code></em>. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
+queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
@@ -143,7 +149,7 @@ use IPv4 query transport. The <code class="option">-6</code> option forces
<p>
The <code class="option">-t</code> option sets the query type to
<em class="parameter"><code>type</code></em>. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
+supported in BIND 9. The default query type is "A", unless the
<code class="option">-x</code> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
@@ -153,7 +159,7 @@ since the serial number in the zone's SOA record was
<em class="parameter"><code>N</code></em>.
</p>
<p>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
@@ -188,7 +194,7 @@ being used. In BIND, this is done by providing appropriate
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549998"></a><h2>QUERY OPTIONS</h2>
+<a name="id2543816"></a><h2>QUERY OPTIONS</h2>
<p>
<span><strong class="command">dig</strong></span> provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -209,7 +215,7 @@ The query options are:
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
</p></dd>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
@@ -295,7 +301,7 @@ resolve the lookup.
</p></dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
the version of <span><strong class="command">dig</strong></span> and the query options that have
been applied. This comment is printed by default.
</p></dd>
@@ -319,7 +325,7 @@ print comments.
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
+was made, the size of the reply and so on. The default behavior is
to print the query statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -355,7 +361,7 @@ Set or clear all display flags.
<dd><p>
Sets the timeout for a query to
-<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds.
+<em class="parameter"><code>T</code></em> seconds. The default timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
@@ -402,7 +408,7 @@ of the <span><strong class="command">dig</strong></span> output.
<dd><p>
Do not try the next server if you receive a SERVFAIL. The default is
to not try the next server which is the reverse of normal stub resolver
-behaviour.
+behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
@@ -437,7 +443,7 @@ Chase DNSSEC signature chains. Requires dig be compiled with
</dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
-When chasing DNSSEC signature chains perform a top down validation.
+When chasing DNSSEC signature chains perform a top-down validation.
Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
</dl></div>
@@ -446,7 +452,7 @@ Requires dig be compiled with -DDIG_SIGCHASE.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550666"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2544553"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
specifying multiple queries on the command line (in addition to
@@ -487,7 +493,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550725"></a><h2>FILES</h2>
+<a name="id2544612"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
@@ -496,7 +502,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550744"></a><h2>SEE ALSO</h2>
+<a name="id2544631"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -505,7 +511,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550782"></a><h2>BUGS </h2>
+<a name="id2544738"></a><h2>BUGS </h2>
<p>
There are probably too many query options.
</p>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 398711d4f1cd..f3b0d9954b96 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */
+/* $Id: dighost.c,v 1.221.2.19.2.46 2008/01/17 23:45:26 tbox Exp $ */
/*
* Notice to programmers: Do not use this code as an example of how to
@@ -462,6 +462,7 @@ void
fatal(const char *format, ...) {
va_list args;
+ fflush(stdout);
fprintf(stderr, "%s: ", progname);
va_start(args, format);
vfprintf(stderr, format, args);
@@ -479,6 +480,7 @@ debug(const char *format, ...) {
va_list args;
if (debugging) {
+ fflush(stdout);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
@@ -591,7 +593,7 @@ set_nameserver(char *opt) {
opt, isc_result_totext(result));
flush_server_list();
-
+
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
@@ -723,6 +725,8 @@ make_empty_lookup(void) {
looknew->section_authority = ISC_TRUE;
looknew->section_additional = ISC_TRUE;
looknew->new_search = ISC_FALSE;
+ looknew->done_as_is = ISC_FALSE;
+ looknew->need_search = ISC_FALSE;
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->my_server_list);
@@ -794,6 +798,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->section_additional = lookold->section_additional;
looknew->retries = lookold->retries;
looknew->tsigctx = NULL;
+ looknew->need_search = lookold->need_search;
+ looknew->done_as_is = lookold->done_as_is;
if (servers)
clone_server_list(lookold->my_server_list,
@@ -854,7 +860,7 @@ setup_text_key(void) {
result = isc_base64_decodestring(keysecret, &secretbuf);
if (result != ISC_R_SUCCESS)
goto failure;
-
+
secretsize = isc_buffer_usedlength(&secretbuf);
result = dns_name_fromtext(&keyname, namebuf,
@@ -964,7 +970,7 @@ setup_system(void) {
domain = NULL;
}
}
-
+
if (ndots == -1) {
ndots = lwconf->ndots;
debug("ndots is %d.", ndots);
@@ -1023,7 +1029,7 @@ clear_searchlist(void) {
void
set_search_domain(char *domain) {
dig_searchlist_t *search;
-
+
clear_searchlist();
search = make_searchlist_entry(domain);
ISC_LIST_APPEND(search_list, search, link);
@@ -1209,9 +1215,7 @@ clear_query(dig_query_t *query) {
*/
static isc_boolean_t
try_clear_lookup(dig_lookup_t *lookup) {
- dig_server_t *s;
dig_query_t *q;
- void *ptr;
REQUIRE(lookup != NULL);
@@ -1232,7 +1236,16 @@ try_clear_lookup(dig_lookup_t *lookup) {
* At this point, we know there are no queries on the lookup,
* so can make it go away also.
*/
- debug("cleared");
+ destroy_lookup(lookup);
+ return (ISC_TRUE);
+}
+
+void
+destroy_lookup(dig_lookup_t *lookup) {
+ dig_server_t *s;
+ void *ptr;
+
+ debug("destroy");
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p", s, lookup);
@@ -1257,7 +1270,6 @@ try_clear_lookup(dig_lookup_t *lookup) {
dst_context_destroy(&lookup->tsigctx);
isc_mem_free(mctx, lookup);
- return (ISC_TRUE);
}
/*
@@ -1336,7 +1348,7 @@ start_lookup(void) {
current_lookup->qrdtype_sigchase
= current_lookup->qrdtype;
current_lookup->qrdtype = dns_rdatatype_ns;
-
+
current_lookup->rdclass_sigchase
= current_lookup->rdclass;
current_lookup->rdclass_sigchaseset
@@ -1415,7 +1427,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
INSIST(!free_now);
debug("following up %s", query->lookup->textname);
-
+
for (result = dns_message_firstname(msg, section);
result == ISC_R_SUCCESS;
result = dns_message_nextname(msg, section)) {
@@ -1450,7 +1462,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
dns_rdataset_current(rdataset, &rdata);
query->lookup->nsfound++;
- (void)dns_rdata_tostruct(&rdata, &ns, NULL);
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
dns_name_format(&ns.name, namestr, sizeof(namestr));
dns_rdata_freestruct(&ns);
@@ -1499,6 +1512,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
static isc_boolean_t
next_origin(dns_message_t *msg, dig_query_t *query) {
dig_lookup_t *lookup;
+ dig_searchlist_t *search;
UNUSED(msg);
@@ -1513,13 +1527,22 @@ next_origin(dns_message_t *msg, dig_query_t *query) {
* about finding the next entry.
*/
return (ISC_FALSE);
- if (query->lookup->origin == NULL)
+ if (query->lookup->origin == NULL && !query->lookup->need_search)
/*
* Then we just did rootorg; there's nothing left.
*/
return (ISC_FALSE);
- lookup = requeue_lookup(query->lookup, ISC_TRUE);
- lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link);
+ if (query->lookup->origin == NULL && query->lookup->need_search) {
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ } else {
+ search = ISC_LIST_NEXT(query->lookup->origin, link);
+ if (search == NULL && query->lookup->done_as_is)
+ return (ISC_FALSE);
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = search;
+ }
cancel_lookup(query->lookup);
return (ISC_TRUE);
}
@@ -1641,11 +1664,16 @@ setup_lookup(dig_lookup_t *lookup) {
* take the first entry in the searchlist iff either usesearch
* is TRUE or we got a domain line in the resolv.conf file.
*/
- /* XXX New search here? */
- if ((count_dots(lookup->textname) >= ndots) || !usesearch)
- lookup->origin = NULL; /* Force abs lookup */
- else if (lookup->origin == NULL && lookup->new_search && usesearch)
- lookup->origin = ISC_LIST_HEAD(search_list);
+ if (lookup->new_search) {
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+ lookup->done_as_is = ISC_TRUE;
+ lookup->need_search = usesearch;
+ } else if (lookup->origin == NULL && usesearch) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
+ }
if (lookup->origin != NULL) {
debug("trying origin %s", lookup->origin->origin);
@@ -1891,7 +1919,7 @@ send_done(isc_task_t *_task, isc_event_t *event) {
for (b = ISC_LIST_HEAD(sevent->bufferlist);
b != NULL;
- b = ISC_LIST_HEAD(sevent->bufferlist))
+ b = ISC_LIST_HEAD(sevent->bufferlist))
ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
query = event->ev_arg;
@@ -1971,7 +1999,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) {
&l->interval, global_task, connect_timeout,
l, &l->timer);
check_result(result, "isc_timer_create");
-}
+}
static void
connect_done(isc_task_t *task, isc_event_t *event);
@@ -1993,7 +2021,7 @@ send_tcp_connect(dig_query_t *query) {
query->waiting_connect = ISC_TRUE;
query->lookup->current_query = query;
get_address(query->servname, port, &query->sockaddr);
-
+
if (specified_source &&
(isc_sockaddr_pf(&query->sockaddr) !=
isc_sockaddr_pf(&bind_address))) {
@@ -2462,7 +2490,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
goto next_rdata;
/* Now we have an SOA. Work with it. */
debug("got an SOA");
- (void)dns_rdata_tostruct(&rdata, &soa, NULL);
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
serial = soa.serial;
dns_rdata_freestruct(&soa);
if (!query->first_soa_rcvd) {
@@ -2660,7 +2689,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
}
- result = dns_message_peekheader(b, &id, &msgflags);
+ result = dns_message_peekheader(b, &id, &msgflags);
if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
match = ISC_FALSE;
if (l->tcp_mode) {
@@ -2774,7 +2803,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
check_next_lookup(l);
UNLOCK_LOOKUP;
return;
- }
+ }
if (msg->rcode == dns_rcode_servfail && !l->servfail_stops) {
dig_query_t *next = ISC_LIST_NEXT(query, link);
if (l->current_query == query)
@@ -2856,7 +2885,8 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
if (!l->doing_xfr || l->xfr_q == query) {
- if (msg->rcode != dns_rcode_noerror && l->origin != NULL) {
+ if (msg->rcode != dns_rcode_noerror &&
+ (l->origin != NULL || l->need_search)) {
if (!next_origin(msg, query)) {
printmessage(query, msg, ISC_TRUE);
received(b->used, &sevent->address, query);
@@ -2925,11 +2955,11 @@ recv_done(isc_task_t *task, isc_event_t *event) {
isc_buffer_usedregion(b, &r);
result = isc_buffer_allocate(mctx, &buf, r.length);
-
+
check_result(result, "isc_buffer_allocate");
result = isc_buffer_copyregion(buf, &r);
check_result(result, "isc_buffer_copyregion");
-
+
result = dns_message_parse(msg_temp, buf, 0);
isc_buffer_free(&buf);
@@ -2946,7 +2976,6 @@ recv_done(isc_task_t *task, isc_event_t *event) {
chase_msg2->msg = msg;
}
#endif
-
}
#ifdef DIG_SIGCHASE
@@ -3210,7 +3239,7 @@ destroy_libs(void) {
#endif
debug("Destroy memory");
-
+
#endif
if (memdebugging != 0)
isc_mem_stats(mctx, stderr);
@@ -3254,7 +3283,7 @@ dump_database_section(dns_message_t *msg, int section)
dns_message_currentname(msg, section, &msg_name);
for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
- rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
dns_name_print(msg_name, stdout);
printf("\n");
print_rdataset(msg_name, rdataset, mctx);
@@ -3277,7 +3306,7 @@ dump_database(void) {
if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
== ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
-
+
if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
== ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
@@ -3309,7 +3338,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
if ((siginfo.covered == covers) ||
(covers == dns_rdatatype_any)) {
dns_rdata_reset(&sigrdata);
- dns_rdata_freestruct(&siginfo);
+ dns_rdata_freestruct(&siginfo);
return (rdataset);
}
dns_rdata_reset(&sigrdata);
@@ -3516,7 +3545,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
isc_mem_free(mctx, tempname);
return (ISC_R_FAILURE);
}
-
+
x = cp--;
while (cp >= tempname && *cp == 'X') {
isc_random_get(&which);
@@ -3528,12 +3557,12 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
if (tempnamekey == NULL)
return (ISC_R_NOMEMORY);
-
+
memset(tempnamekey, 0, tempnamekeylen);
strncpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
-
+
if (isc_file_exists(tempnamekey)) {
isc_mem_free(mctx, tempnamekey);
isc_mem_free(mctx, tempname);
@@ -3554,7 +3583,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
cleanup:
isc_mem_free(mctx, tempname);
-
+
return (result);
}
@@ -3593,7 +3622,7 @@ get_trusted_key(isc_mem_t *mctx)
filename);
return (ISC_R_FAILURE);
}
- while (fgets(buf, 1500, fp) != NULL) {
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
if (result != ISC_R_SUCCESS) {
fclose(fp);
@@ -3701,9 +3730,8 @@ prepare_lookup(dns_name_t *name)
dns_rdataset_current(chase_nsrdataset, &rdata);
- (void)dns_rdata_tostruct(&rdata, &ns, NULL);
-
-
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
#ifdef __FOLLOW_GLUE__
@@ -3730,7 +3758,7 @@ prepare_lookup(dns_name_t *name)
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
@@ -3760,7 +3788,7 @@ prepare_lookup(dns_name_t *name)
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
@@ -3772,7 +3800,7 @@ prepare_lookup(dns_name_t *name)
dns_name_print(&ns.name, stdout);
printf("\n");
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
#endif
@@ -3919,7 +3947,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) {
* return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
* and the RRset is valid
* return ISC_R_NOTFOUND if not contains trusted key
- or if the RRset isn't valid
+ or if the RRset isn't valid
* return ISC_R_FAILURE if problem
*
*/
@@ -3944,7 +3972,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(rdataset, &rdata);
INSIST(rdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &rdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -3954,7 +3982,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
if (dst_key_compare(tk_list.key[i], dnsseckey)
== ISC_TRUE) {
dns_rdata_reset(&rdata);
-
+
printf(";; Ok, find a Trusted Key in the "
"DNSKEY RRset: %d\n",
dst_key_id(dnsseckey));
@@ -3999,7 +4027,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4095,12 +4123,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
result = dns_rdataset_first(keyrdataset);
check_result(result, "empty KEY dataset");
- dns_rdata_init(&keyrdata);
+ dns_rdata_init(&keyrdata);
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4127,8 +4155,8 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
" new DS rdata\n");
return (result);
}
-
-
+
+
if (dns_rdata_compare(&dsrdata,
&newdsrdata) == 0) {
printf(";; OK a DS valids a DNSKEY"
@@ -4136,7 +4164,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
printf(";; Now verify that this"
" DNSKEY validates the "
"DNSKEY RRset\n");
-
+
result = sigchase_verify_sig_key(name,
keyrdataset,
dnsseckey,
@@ -4147,7 +4175,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
-
+
return (result);
}
} else {
@@ -4372,7 +4400,7 @@ sigchase_td(dns_message_t *msg)
chase_sigrdataset = NULL;
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
-
+
dns_name_init(&tmp_name, NULL);
result = child_of_zone(&chase_name, &chase_current_name,
&tmp_name);
@@ -4454,7 +4482,7 @@ sigchase_td(dns_message_t *msg)
prepare_lookup(&chase_authority_name);
-
+
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
delegation_follow = ISC_TRUE;
@@ -4769,7 +4797,7 @@ sigchase_bu(dns_message_t *msg)
}
printf(";; An NSEC prove the non-existence of a answers,"
" Now we want validate this NSEC\n");
-
+
dup_name(&rdata_name, &chase_name, mctx);
free_name(&rdata_name, mctx);
chase_rdataset = rdataset;
@@ -5021,7 +5049,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
ret = dns_rdataset_first(nsecset);
check_result(ret,"dns_rdataset_first");
-
+
dns_rdataset_current(nsecset, &nsec);
ret = dns_nsec_typepresent(&nsec, type);
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index 3a0432cc1d39..2d1687a687c3 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $
+.\" $Id: host.1,v 1.11.2.1.4.12 2007/05/09 03:32:36 marka Exp $
.\"
.hy 0
.ad l
.\" Title: host
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -130,7 +130,7 @@ makes. This should mean that the name server receiving the query will not attemp
\fB\-r\fR
option enables
\fBhost\fR
-to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
.PP
By default
\fBhost\fR
@@ -152,7 +152,7 @@ The
\fB\-t\fR
option is used to select the query type.
\fItype\fR
-can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type. By default it looks for A records, but if the
\fB\-C\fR
@@ -187,4 +187,7 @@ will effectively wait forever for a reply. The time to wait for a response will
\fBdig\fR(1),
\fBnamed\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dig/host.c b/bin/dig/host.c
index 7d8ce9b80b1a..5eb6c1bf2599 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */
+/* $Id: host.c,v 1.76.2.5.2.19 2007/08/28 07:19:07 tbox Exp $ */
#include <config.h>
#include <limits.h>
@@ -410,8 +410,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (msg->rcode != 0) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name, namestr, sizeof(namestr));
- printf("Host %s not found: %d(%s)\n", namestr,
- msg->rcode, rcodetext[msg->rcode]);
+ printf("Host %s not found: %d(%s)\n",
+ (msg->rcode != dns_rcode_nxdomain) ? namestr :
+ query->lookup->textname, msg->rcode,
+ rcodetext[msg->rcode]);
return (ISC_R_SUCCESS);
}
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 2b6e92b76d46..a399043403ba 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.docbook,v 1.2.2.2.4.7 2005/05/13 01:22:32 marka Exp $ -->
+<!-- $Id: host.docbook,v 1.2.2.2.4.12 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
@@ -36,12 +36,14 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
+ <year>2003</year>
<holder>Internet Software Consortium.</holder>
</copyright>
</docinfo>
@@ -160,7 +162,7 @@ desired &mdash; bit in the query which <command>host</command> makes.
This should mean that the name server receiving the query will not
attempt to resolve <parameter>name</parameter>. The
<option>-r</option> option enables <command>host</command> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</para>
@@ -180,7 +182,7 @@ use IPv4 query transport. The <option>-6</option> option forces
<para>
The <option>-t</option> option is used to select the query type.
-<parameter>type</parameter> can be any recognised query type: CNAME,
+<parameter>type</parameter> can be any recognized query type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<command>host</command> automatically selects an appropriate query
type. By default it looks for A records, but if the
diff --git a/bin/dig/host.html b/bin/dig/host.html
index 4c1621510441..07c930550f45 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,6 +1,6 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.4.2.1.4.14 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: host.html,v 1.4.2.1.4.19 2007/05/09 03:32:36 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>host &#8212; DNS lookup utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549466"></a><h2>DESCRIPTION</h2>
+<a name="id2543411"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
@@ -114,7 +114,7 @@ desired &#8212; bit in the query which <span><strong class="command">host</stron
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
<code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
@@ -131,7 +131,7 @@ use IPv4 query transport. The <code class="option">-6</code> option forces
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
-<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME,
+<em class="parameter"><code>type</code></em> can be any recognized query type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate query
type. By default it looks for A records, but if the
@@ -155,13 +155,13 @@ value for an integer quantity.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549874"></a><h2>FILES</h2>
+<a name="id2543682"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549886"></a><h2>SEE ALSO</h2>
+<a name="id2543694"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index 91dae5cf2e24..1e6ea7b8acc9 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.6.2.18 2007/08/28 07:19:07 tbox Exp $ */
#ifndef DIG_H
#define DIG_H
@@ -116,6 +116,8 @@ struct dig_lookup {
section_additional,
servfail_stops,
new_search,
+ need_search,
+ done_as_is,
besteffort,
dnssec;
#ifdef DIG_SIGCHASE
@@ -282,6 +284,9 @@ void
setup_lookup(dig_lookup_t *lookup);
void
+destroy_lookup(dig_lookup_t *lookup);
+
+void
do_lookup(dig_lookup_t *lookup);
void
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index 7b1d4d2f7f72..4121c8d4ac0c 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $
+.\" $Id: nslookup.1,v 1.1.6.12 2007/05/16 06:10:54 marka Exp $
.\"
.hy 0
.ad l
.\" Title: nslookup
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use
.SH "ARGUMENTS"
.PP
Interactive mode is entered in the following cases:
-.TP 3n
+.TP 4
1.
when no arguments are given (the default name server will be used)
-.TP 3n
+.TP 4
2.
when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
.sp
@@ -54,17 +54,22 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
.PP
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
+.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
.SH "INTERACTIVE COMMANDS"
-.TP 3n
-host [server]
+.PP
+\fBhost\fR [server]
+.RS 4
Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
.sp
To look up a host not in the current domain, append a period to the name.
-.TP 3n
+.RE
+.PP
\fBserver\fR \fIdomain\fR
-.TP 3n
+.RS 4
+.RE
+.PP
\fBlserver\fR \fIdomain\fR
+.RS 4
Change the default server to
\fIdomain\fR;
\fBlserver\fR
@@ -72,107 +77,158 @@ uses the initial server to look up information about
\fIdomain\fR, while
\fBserver\fR
uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.TP 3n
+.RE
+.PP
\fBroot\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBfinger\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBls\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBview\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBhelp\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fB?\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBexit\fR
+.RS 4
Exits the program.
-.TP 3n
+.RE
+.PP
\fBset\fR \fIkeyword\fR\fI[=value]\fR
+.RS 4
This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 3n
-.TP 3n
+.RS 4
+.PP
\fBall\fR
+.RS 4
Prints the current values of the frequently used options to
\fBset\fR. Information about the current default server and host is also printed.
-.TP 3n
+.RE
+.PP
\fBclass=\fR\fIvalue\fR
+.RS 4
Change the query class to one of:
-.RS 3n
-.TP 3n
+.RS 4
+.PP
\fBIN\fR
+.RS 4
the Internet class
-.TP 3n
+.RE
+.PP
\fBCH\fR
+.RS 4
the Chaos class
-.TP 3n
+.RE
+.PP
\fBHS\fR
+.RS 4
the Hesiod class
-.TP 3n
+.RE
+.PP
\fBANY\fR
+.RS 4
wildcard
.RE
-.IP "" 3n
+.RE
+.IP "" 4
The class specifies the protocol group of the information.
.sp
(Default = IN; abbreviation = cl)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBdebug\fR
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.RS 4
+Turn on or off the display of the full response packet and any intermediate response packets when searching.
.sp
(Default = nodebug; abbreviation =
[no]deb)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBd2\fR
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.RS 4
+Turn debugging mode on or off. This displays more about what nslookup is doing.
.sp
(Default = nod2)
-.TP 3n
+.RE
+.PP
\fBdomain=\fR\fIname\fR
+.RS 4
Sets the search list to
\fIname\fR.
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBsearch\fR
+.RS 4
If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
.sp
(Default = search)
-.TP 3n
+.RE
+.PP
\fBport=\fR\fIvalue\fR
+.RS 4
Change the default TCP/UDP name server port to
\fIvalue\fR.
.sp
(Default = 53; abbreviation = po)
-.TP 3n
+.RE
+.PP
\fBquerytype=\fR\fIvalue\fR
-.TP 3n
+.RS 4
+.RE
+.PP
\fBtype=\fR\fIvalue\fR
+.RS 4
Change the type of the information query.
.sp
(Default = A; abbreviations = q, ty)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBrecurse\fR
+.RS 4
Tell the name server to query other servers if it does not have the information.
.sp
(Default = recurse; abbreviation = [no]rec)
-.TP 3n
+.RE
+.PP
\fBretry=\fR\fInumber\fR
+.RS 4
Set the number of retries to number.
-.TP 3n
+.RE
+.PP
\fBtimeout=\fR\fInumber\fR
+.RS 4
Change the initial timeout interval for waiting for a reply to number seconds.
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBvc\fR
+.RS 4
Always use a virtual circuit when sending requests to the server.
.sp
(Default = novc)
.RE
-.IP "" 3n
+.RE
+.IP "" 4
+.RE
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
@@ -185,4 +241,5 @@ Always use a virtual circuit when sending requests to the server.
.PP
Andrew Cherenson
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 5ae64d0d5940..32fcdbf325f6 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.4.2.15 2007/08/28 07:19:07 tbox Exp $ */
#include <config.h>
@@ -409,8 +409,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char nametext[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
- printf("** server can't find %s: %s\n", nametext,
- rcodetext[msg->rcode]);
+ printf("** server can't find %s: %s\n",
+ (msg->rcode != dns_rcode_nxdomain) ? nametext :
+ query->lookup->textname, rcodetext[msg->rcode]);
debug("returning with rcode == 0");
return (ISC_R_SUCCESS);
}
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index 741ad345a27a..090545468651 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -1,10 +1,10 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.docbook,v 1.3.6.7 2006/01/06 00:01:42 marka Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.3.6.13 2007/08/28 07:19:07 tbox Exp $ -->
<!--
- Copyright (c) 1985, 1989
@@ -69,6 +69,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -141,7 +142,7 @@ nslookup -query=hinfo -timeout=10
<refsect1>
<title>INTERACTIVE COMMANDS</title>
<variablelist>
-<varlistentry><term>host <optional>server</optional></term>
+<varlistentry><term><constant>host</constant> <optional>server</optional></term>
<listitem><para>
Look up information for host using the current default server or
using server, if specified. If host is an Internet address and
@@ -221,18 +222,16 @@ the lookups. Valid keywords are:
<varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
<listitem><para>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
</para><para>
(Default = nodebug; abbreviation = <optional>no</optional>deb)
</para></listitem></varlistentry>
<varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
<listitem><para>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
</para><para>
(Default = nod2)
</para></listitem></varlistentry>
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index e6801e9512d8..a3462594048d 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.html,v 1.1.6.12 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.6.18 2007/05/16 06:10:54 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482694"></a><div class="titlepage"></div>
+<a name="id2476276"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549404"></a><h2>DESCRIPTION</h2>
+<a name="id2543346"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">Nslookup</strong></span>
is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
@@ -43,7 +43,7 @@ domain.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549421"></a><h2>ARGUMENTS</h2>
+<a name="id2543363"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
@@ -75,9 +75,9 @@ nslookup -query=hinfo -timeout=10
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549464"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2543405"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl>
-<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
<dd>
<p>
Look up information for host using the current default server or
@@ -151,9 +151,8 @@ the lookups. Valid keywords are:
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
<dd>
<p>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
</p>
<p>
(Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -162,9 +161,8 @@ the lookups. Valid keywords are:
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
<dd>
<p>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
</p>
<p>
(Default = nod2)
@@ -241,13 +239,13 @@ the lookups. Valid keywords are:
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549990"></a><h2>FILES</h2>
+<a name="id2543797"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550003"></a><h2>SEE ALSO</h2>
+<a name="id2543810"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
@@ -255,7 +253,7 @@ the lookups. Valid keywords are:
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550038"></a><h2>Author</h2>
+<a name="id2543845"></a><h2>Author</h2>
<p>
Andrew Cherenson
</p>
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index b9b7bea37c26..25437c3a0d5b 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.19.12.12 2005/05/02 00:25:54 marka Exp $
+# $Id: Makefile.in,v 1.19.12.15 2007/08/28 07:19:07 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 35bb0efda57a..877ac0782909 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.12.13 2007/05/09 03:32:36 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-keygen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -37,10 +37,11 @@ dnssec\-keygen \- DNSSEC key generation tool
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a \fIalgorithm\fR
+.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
@@ -48,38 +49,58 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5.
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
.sp
Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
-.TP 3n
+.RE
+.PP
\-b \fIkeysize\fR
+.RS 4
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
-.TP 3n
+.RE
+.PP
\-n \fInametype\fR
+.RS 4
Specifies the owner type of the key. The value of
\fBnametype\fR
must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.TP 3n
+.RE
+.PP
\-e
+.RS 4
If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.TP 3n
+.RE
+.PP
\-f \fIflag\fR
+.RS 4
Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.TP 3n
+.RE
+.PP
\-g \fIgenerator\fR
+.RS 4
If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-keygen\fR.
-.TP 3n
+.RE
+.PP
\-k
+.RS 4
Generate KEY records rather than DNSKEY records.
-.TP 3n
+.RE
+.PP
\-p \fIprotocol\fR
+.RS 4
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -87,17 +108,24 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-s \fIstrength\fR
+.RS 4
Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.TP 3n
+.RE
+.PP
\-t \fItype\fR
+.RS 4
Indicates the use of the key.
\fBtype\fR
must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
+.RE
.SH "GENERATED KEYS"
.PP
When
@@ -105,23 +133,21 @@ When
completes successfully, it prints a string of the form
\fIKnnnn.+aaa+iiiii\fR
to the standard output. This is an identification string for the key it has generated.
-.TP 3n
+.TP 4
\(bu
\fInnnn\fR
is the key name.
-.TP 3n
+.TP 4
\(bu
\fIaaa\fR
is the numeric representation of the algorithm.
-.TP 3n
+.TP 4
\(bu
\fIiiiii\fR
is the key identifier (or footprint).
-.sp
-.RE
.PP
\fBdnssec\-keygen\fR
-creates two file, with names based on the printed string.
+creates two files, with names based on the printed string.
\fIKnnnn.+aaa+iiiii.key\fR
contains the public key, and
\fIKnnnn.+aaa+iiiii.private\fR
@@ -133,13 +159,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
.PP
The
\fI.private\fR
-file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
+file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
.PP
Both
\fI.key\fR
and
\fI.private\fR
-files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
+files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
.SH "EXAMPLE"
.PP
To generate a 768\-bit DSA key for the domain
@@ -156,7 +182,7 @@ In this example,
creates the files
\fIKexample.com.+003+26160.key\fR
and
-\fIKexample.com.+003+26160.private\fR
+\fIKexample.com.+003+26160.private\fR.
.SH "SEE ALSO"
.PP
\fBdnssec\-signzone\fR(8),
@@ -168,4 +194,7 @@ RFC 2539.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 7feaf7c3d977..9e0b8c7cb965 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,9 +1,9 @@
/*
- * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 2000-2003 Internet Software Consortium.
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.48.2.1.10.11 2004/06/11 01:17:34 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.48.2.1.10.14 2007/08/28 07:19:07 tbox Exp $ */
#include <config.h>
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index e1eee228ee65..6ef1f090e628 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.3.12.13 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -76,7 +77,7 @@
<title>DESCRIPTION</title>
<para>
<command>dnssec-keygen</command> generates keys for DNSSEC
- (Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;. It can also generate
+ (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
</para>
@@ -282,7 +283,7 @@
</listitem>
</itemizedlist>
<para>
- <command>dnssec-keygen</command> creates two file, with names based
+ <command>dnssec-keygen</command> creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
<filename>Knnnn.+aaa+iiiii.private</filename> contains the private
@@ -294,13 +295,13 @@
statement).
</para>
<para>
- The <filename>.private</filename> file contains algorithm specific
+ The <filename>.private</filename> file contains algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
</para>
<para>
Both <filename>.key</filename> and <filename>.private</filename>
- files are generated for symmetric encryption algorithm such as
+ files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</para>
</refsect1>
@@ -324,7 +325,7 @@
<para>
In this example, <command>dnssec-keygen</command> creates
the files <filename>Kexample.com.+003+26160.key</filename> and
- <filename>Kexample.com.+003+26160.private</filename>
+ <filename>Kexample.com.+003+26160.private</filename>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 7a15099bae01..6d3cc83f5ddf 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.19 2007/05/09 03:32:36 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
@@ -32,16 +32,16 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549521"></a><h2>DESCRIPTION</h2>
+<a name="id2543462"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
- (Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;. It can also generate
+ (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549533"></a><h2>OPTIONS</h2>
+<a name="id2543475"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -144,7 +144,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549939"></a><h2>GENERATED KEYS</h2>
+<a name="id2543744"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
@@ -164,7 +164,7 @@
</p></li>
</ul></div>
<p>
- <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based
+ <span><strong class="command">dnssec-keygen</strong></span> creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
<code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private
@@ -176,18 +176,18 @@
statement).
</p>
<p>
- The <code class="filename">.private</code> file contains algorithm specific
+ The <code class="filename">.private</code> file contains algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
</p>
<p>
Both <code class="filename">.key</code> and <code class="filename">.private</code>
- files are generated for symmetric encryption algorithm such as
+ files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550027"></a><h2>EXAMPLE</h2>
+<a name="id2543900"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -205,11 +205,11 @@
<p>
In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code> and
- <code class="filename">Kexample.com.+003+26160.private</code>
+ <code class="filename">Kexample.com.+003+26160.private</code>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550073"></a><h2>SEE ALSO</h2>
+<a name="id2543946"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550106"></a><h2>AUTHOR</h2>
+<a name="id2543979"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index 734eca6f8070..e1e88c8466ce 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.14 2007/05/09 03:32:36 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-signzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -41,51 +41,72 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version
\fIkeyset\fR
file for each child zone.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Verify all generated signatures.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Specifies the DNS class of the zone.
-.TP 3n
+.RE
+.PP
\-k \fIkey\fR
+.RS 4
Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
-.TP 3n
+.RE
+.PP
\-l \fIdomain\fR
+.RS 4
Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
-.TP 3n
+.RE
+.PP
\-d \fIdirectory\fR
+.RS 4
Look for
\fIkeyset\fR
files in
\fBdirectory\fR
as the directory
-.TP 3n
+.RE
+.PP
\-g
+.RS 4
Generate DS records for child zones from keyset files. Existing DS records will be removed.
-.TP 3n
+.RE
+.PP
\-s \fIstart\-time\fR
+.RS 4
Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
\fBstart\-time\fR
is specified, the current time minus 1 hour (to allow for clock skew) is used.
-.TP 3n
+.RE
+.PP
\-e \fIend\-time\fR
+.RS 4
Specify the date and time when the generated RRSIG records expire. As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBend\-time\fR
is specified, 30 days from the start time is used as a default.
-.TP 3n
+.RE
+.PP
\-f \fIoutput\-file\fR
+.RS 4
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
-to the input file.
-.TP 3n
+to the input filename.
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-signzone\fR.
-.TP 3n
+.RE
+.PP
\-i \fIinterval\fR
-When a previously signed zone is passed as input, records may be resigned. The
+.RS 4
+When a previously\-signed zone is passed as input, records may be resigned. The
\fBinterval\fR
option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
.sp
@@ -96,17 +117,25 @@ or
are specified,
\fBdnssec\-signzone\fR
generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
-.TP 3n
+.RE
+.PP
\-n \fIncpus\fR
+.RS 4
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.TP 3n
+.RE
+.PP
\-o \fIorigin\fR
+.RS 4
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.TP 3n
+.RE
+.PP
\-p
+.RS 4
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -114,42 +143,68 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-t
+.RS 4
Print statistics at completion.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
-.TP 3n
+.RE
+.PP
\-z
+.RS 4
Ignore KSK flag on key when determining what to sign.
-.TP 3n
+.RE
+.PP
zonefile
+.RS 4
The file containing the zone to be signed.
-.TP 3n
+.RE
+.PP
key
-The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
+.RS 4
+Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
+.RE
.SH "EXAMPLE"
.PP
The following command signs the
\fBexample.com\fR
-zone with the DSA key generated in the
+zone with the DSA key generated by
\fBdnssec\-keygen\fR
-man page. The zone's keys must be in the zone. If there are
+(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
\fIkeyset\fR
-files associated with child zones, they must be in the current directory.
-\fBexample.com\fR, the following command would be issued:
-.PP
-\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
-.PP
-The command would print a string of the form:
+files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
+.sp
+.RS 4
+.nf
+% dnssec\-signzone \-g \-o example.com db.example.com \\
+Kexample.com.+003+17247
+db.example.com.signed
+%
+.fi
+.RE
.PP
-In this example,
+In the above example,
\fBdnssec\-signzone\fR
creates the file
\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
\fInamed.conf\fR
file.
+.PP
+This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
+.sp
+.RS 4
+.nf
+% cp db.example.com.signed db.example.com
+% dnssec\-signzone \-o example.com db.example.com
+db.example.com.signed
+%
+.fi
+.RE
.SH "SEE ALSO"
.PP
\fBdnssec\-keygen\fR(8),
@@ -159,4 +214,7 @@ RFC 2535.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 4ac840df06b8..10e1133660c4 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,9 +1,9 @@
/*
- * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.139.2.2.4.29 2008/01/30 01:51:54 marka Exp $ */
#include <config.h>
@@ -159,37 +159,6 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
check_result(result, "dns_master_dumpnodetostream");
}
-static void
-dumpdb(dns_db_t *db) {
- dns_dbiterator_t *dbiter = NULL;
- dns_dbnode_t *node;
- dns_fixedname_t fname;
- dns_name_t *name;
- isc_result_t result;
-
- dbiter = NULL;
- result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
- check_result(result, "dns_db_createiterator()");
-
- dns_fixedname_init(&fname);
- name = dns_fixedname_name(&fname);
- node = NULL;
-
- for (result = dns_dbiterator_first(dbiter);
- result == ISC_R_SUCCESS;
- result = dns_dbiterator_next(dbiter))
- {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_result(result, "dns_dbiterator_current()");
- dumpnode(name, node);
- dns_db_detachnode(db, &node);
- }
- if (result != ISC_R_NOMORE)
- fatal("iterating database: %s", isc_result_totext(result));
-
- dns_dbiterator_destroy(&dbiter);
-}
-
static signer_key_t *
newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) {
signer_key_t *key;
@@ -974,7 +943,7 @@ active_node(dns_dbnode_t *node) {
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
} else {
- /*
+ /*
* Delete RRSIGs for types that no longer exist.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
@@ -1382,7 +1351,7 @@ loadzonekeys(dns_db_t *db) {
for (i = 0; i < nkeys; i++) {
signer_key_t *key;
- key = newkeystruct(keys[i], ISC_TRUE);
+ key = newkeystruct(keys[i], dst_key_isprivate(keys[i]));
ISC_LIST_APPEND(keylist, key, link);
}
dns_db_detachnode(db, &node);
@@ -1506,7 +1475,7 @@ writeset(const char *prefix, dns_rdatatype_t type) {
unsigned char dsbuf[DNS_DS_BUFFERSIZE];
unsigned char keybuf[DST_KEY_MAXSIZE];
unsigned int filenamelen;
- const dns_master_style_t *style =
+ const dns_master_style_t *style =
(type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
isc_buffer_init(&namebuf, namestr, sizeof(namestr));
@@ -1692,13 +1661,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
printf("Signatures successfully verified: %10d\n", nverified);
printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
runtime_ms = runtime_us / 1000;
- printf("Runtime in seconds: %7u.%03u\n",
- (unsigned int) (runtime_ms / 1000),
+ printf("Runtime in seconds: %7u.%03u\n",
+ (unsigned int) (runtime_ms / 1000),
(unsigned int) (runtime_ms % 1000));
if (runtime_us > 0) {
sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
printf("Signatures per second: %7u.%03u\n",
- (unsigned int) sig_ms / 1000,
+ (unsigned int) sig_ms / 1000,
(unsigned int) sig_ms % 1000);
}
}
@@ -1720,7 +1689,6 @@ main(int argc, char *argv[]) {
isc_boolean_t free_output = ISC_FALSE;
int tempfilelen;
dns_rdataclass_t rdclass;
- dns_db_t *udb = NULL;
isc_task_t **tasks = NULL;
isc_buffer_t b;
int len;
@@ -1776,7 +1744,7 @@ main(int argc, char *argv[]) {
"positive");
break;
- case 'l':
+ case 'l':
dns_fixedname_init(&dlv_fixed);
len = strlen(isc_commandline_argument);
isc_buffer_init(&b, isc_commandline_argument, len);
@@ -1904,7 +1872,7 @@ main(int argc, char *argv[]) {
result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
0, 24, 0, 0, 0, 8, mctx);
check_result(result, "dns_master_stylecreate");
-
+
gdb = NULL;
TIME_NOW(&timer_start);
@@ -1926,8 +1894,8 @@ main(int argc, char *argv[]) {
DST_TYPE_PRIVATE,
mctx, &newkey);
if (result != ISC_R_SUCCESS)
- fatal("cannot load dnskey %s: %s", argv[i],
- isc_result_totext(result));
+ fatal("cannot load dnskey %s: %s", argv[i],
+ isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@@ -1935,7 +1903,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
+ dst_key_name(newkey)))
{
if (!dst_key_isprivate(dkey))
fatal("cannot sign zone with "
@@ -1964,7 +1932,7 @@ main(int argc, char *argv[]) {
mctx, &newkey);
if (result != ISC_R_SUCCESS)
fatal("cannot load dnskey %s: %s", dskeyfile[i],
- isc_result_totext(result));
+ isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@@ -1972,7 +1940,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
+ dst_key_name(newkey)))
{
/* Override key flags. */
key->issigningkey = ISC_TRUE;
@@ -2074,11 +2042,6 @@ main(int argc, char *argv[]) {
isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
postsign();
- if (udb != NULL) {
- dumpdb(udb);
- dns_db_detach(&udb);
- }
-
result = isc_stdio_close(fp);
check_result(result, "isc_stdio_close");
removefile = ISC_FALSE;
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index 35f35cc7339d..d3f9fc5c5b83 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.11 2005/06/24 00:18:15 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.16 2007/08/28 07:19:07 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -188,7 +189,7 @@
<para>
The name of the output file containing the signed zone. The
default is to append <filename>.signed</filename> to the
- input file.
+ input filename.
</para>
</listitem>
</varlistentry>
@@ -207,7 +208,7 @@
<term>-i <replaceable class="parameter">interval</replaceable></term>
<listitem>
<para>
- When a previously signed zone is passed as input, records
+ When a previously-signed zone is passed as input, records
may be resigned. The <option>interval</option> option
specifies the cycle interval as an offset from the current
time (in seconds). If a RRSIG record expires after the
@@ -315,9 +316,11 @@
<term>key</term>
<listitem>
<para>
- The keys used to sign the zone. If no keys are specified, the
- default all zone keys that have private key files in the
- current directory.
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
</para>
</listitem>
</varlistentry>
@@ -328,26 +331,31 @@
<refsect1>
<title>EXAMPLE</title>
<para>
- The following command signs the <userinput>example.com</userinput>
- zone with the DSA key generated in the <command>dnssec-keygen</command>
- man page. The zone's keys must be in the zone. If there are
- <filename>keyset</filename> files associated with child zones,
- they must be in the current directory.
- <userinput>example.com</userinput>, the following command would be
- issued:
+ The following command signs the <userinput>example.com</userinput>
+ zone with the DSA key generated by <command>dnssec-keygen</command>
+ (Kexample.com.+003+17247). The zone's keys must be in the master
+ file (<filename>db.example.com</filename>). This invocation looks
+ for <filename>keyset</filename> files, in the current directory,
+ so that DS records can be generated from them (<command>-g</command>).
</para>
+<programlisting>% dnssec-signzone -g -o example.com db.example.com \
+Kexample.com.+003+17247
+db.example.com.signed
+%</programlisting>
<para>
- <userinput>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</userinput>
+ In the above example, <command>dnssec-signzone</command> creates
+ the file <filename>db.example.com.signed</filename>. This
+ file should be referenced in a zone statement in a
+ <filename>named.conf</filename> file.
</para>
<para>
- The command would print a string of the form:
- </para>
- <para>
- In this example, <command>dnssec-signzone</command> creates
- the file <filename>db.example.com.signed</filename>. This file
- should be referenced in a zone statement in a
- <filename>named.conf</filename> file.
+ This example re-signs a previously signed zone with default parameters.
+ The private keys are assumed to be in the current directory.
</para>
+<programlisting>% cp db.example.com.signed db.example.com
+% dnssec-signzone -o example.com db.example.com
+db.example.com.signed
+%</programlisting>
</refsect1>
<refsect1>
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index bd926312e868..b3d00ce0f056 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.16 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.20 2007/05/09 03:32:36 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549544"></a><h2>DESCRIPTION</h2>
+<a name="id2543485"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549560"></a><h2>OPTIONS</h2>
+<a name="id2543501"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -98,7 +98,7 @@
<dd><p>
The name of the output file containing the signed zone. The
default is to append <code class="filename">.signed</code> to the
- input file.
+ input filename.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -108,7 +108,7 @@
<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
<dd>
<p>
- When a previously signed zone is passed as input, records
+ When a previously-signed zone is passed as input, records
may be resigned. The <code class="option">interval</code> option
specifies the cycle interval as an offset from the current
time (in seconds). If a RRSIG record expires after the
@@ -172,38 +172,45 @@
</p></dd>
<dt><span class="term">key</span></dt>
<dd><p>
- The keys used to sign the zone. If no keys are specified, the
- default all zone keys that have private key files in the
- current directory.
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550068"></a><h2>EXAMPLE</h2>
+<a name="id2543874"></a><h2>EXAMPLE</h2>
<p>
- The following command signs the <strong class="userinput"><code>example.com</code></strong>
- zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
- man page. The zone's keys must be in the zone. If there are
- <code class="filename">keyset</code> files associated with child zones,
- they must be in the current directory.
- <strong class="userinput"><code>example.com</code></strong>, the following command would be
- issued:
+ The following command signs the <strong class="userinput"><code>example.com</code></strong>
+ zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
+ (Kexample.com.+003+17247). The zone's keys must be in the master
+ file (<code class="filename">db.example.com</code>). This invocation looks
+ for <code class="filename">keyset</code> files, in the current directory,
+ so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
</p>
+<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
+Kexample.com.+003+17247
+db.example.com.signed
+%</pre>
<p>
- <strong class="userinput"><code>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</code></strong>
+ In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+ the file <code class="filename">db.example.com.signed</code>. This
+ file should be referenced in a zone statement in a
+ <code class="filename">named.conf</code> file.
</p>
<p>
- The command would print a string of the form:
- </p>
-<p>
- In this example, <span><strong class="command">dnssec-signzone</strong></span> creates
- the file <code class="filename">db.example.com.signed</code>. This file
- should be referenced in a zone statement in a
- <code class="filename">named.conf</code> file.
+ This example re-signs a previously signed zone with default parameters.
+ The private keys are assumed to be in the current directory.
</p>
+<pre class="programlisting">% cp db.example.com.signed db.example.com
+% dnssec-signzone -o example.com db.example.com
+db.example.com.signed
+%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2550118"></a><h2>SEE ALSO</h2>
+<a name="id2543993"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -211,7 +218,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550145"></a><h2>AUTHOR</h2>
+<a name="id2544020"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 50fb93bf11d9..a2c92bcfbe27 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.74.12.11 2004/09/06 21:47:25 marka Exp $
+# $Id: Makefile.in,v 1.74.12.14 2007/08/28 07:19:08 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/bin/named/aclconf.c b/bin/named/aclconf.c
index 102a891033a4..4a6cce72fbc4 100644
--- a/bin/named/aclconf.c
+++ b/bin/named/aclconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: aclconf.c,v 1.27.12.10 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/client.c b/bin/named/client.c
index b0ce793b98ea..6d4cc91a4e4c 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */
+/* $Id: client.c,v 1.176.2.13.4.38 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
@@ -1149,7 +1149,7 @@ client_addopt(ns_client_t *client) {
rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
/*
- * No ENDS options in the default case.
+ * No EDNS options in the default case.
*/
rdata->data = NULL;
rdata->length = 0;
@@ -1349,6 +1349,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
}
/*
+ * Hash the incoming request here as it is after
+ * dns_dispatch_importrecv().
+ */
+ dns_dispatch_hash(&client->now, sizeof(client->now));
+ dns_dispatch_hash(isc_buffer_base(buffer),
+ isc_buffer_usedlength(buffer));
+
+ /*
* It's a request. Parse it.
*/
result = dns_message_parse(client->message, buffer, 0);
@@ -1413,7 +1421,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
}
/*
- * Do we understand this version of ENDS?
+ * Do we understand this version of EDNS?
*
* XXXRTH need library support for this!
*/
@@ -1485,6 +1493,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
"failed to get request's "
"destination: %s",
isc_result_totext(result));
+ ns_client_next(client, ISC_R_SUCCESS);
goto cleanup;
}
}
@@ -1573,21 +1582,29 @@ client_request(isc_task_t *task, isc_event_t *event) {
char tsigrcode[64];
isc_buffer_t b;
dns_name_t *name = NULL;
+ dns_rcode_t status;
+ isc_result_t tresult;
- isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
- RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus,
- &b) == ISC_R_SUCCESS);
- tsigrcode[isc_buffer_usedlength(&b)] = '\0';
/* There is a signature, but it is bad. */
if (dns_message_gettsig(client->message, &name) != NULL) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
+ status = client->message->tsigstatus;
+ isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
+ tresult = dns_tsigrcode_totext(status, &b);
+ INSIST(tresult == ISC_R_SUCCESS);
+ tsigrcode[isc_buffer_usedlength(&b)] = '\0';
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
"request has invalid signature: "
"TSIG %s: %s (%s)", namebuf,
isc_result_totext(result), tsigrcode);
} else {
+ status = client->message->sig0status;
+ isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
+ tresult = dns_tsigrcode_totext(status, &b);
+ INSIST(tresult == ISC_R_SUCCESS);
+ tsigrcode[isc_buffer_usedlength(&b)] = '\0';
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
"request has invalid signature: %s (%s)",
diff --git a/bin/named/config.c b/bin/named/config.c
index 7b5b99e6720e..88e7bc9e3407 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,12 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */
+/* $Id: config.c,v 1.11.2.4.8.36 2007/09/13 05:18:08 each Exp $ */
#include <config.h>
#include <stdlib.h>
-#include <string.h>
#include <isc/buffer.h>
#include <isc/log.h>
@@ -28,6 +27,7 @@
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
+#include <isc/string.h>
#include <isc/util.h>
#include <isccfg/namedconf.h>
@@ -159,7 +159,7 @@ options {\n\
"
"#\n\
-# Zones in the \"_bind\" view are NOT counted is the count of zones.\n\
+# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
#\n\
view \"_bind\" chaos {\n\
recursion no;\n\
diff --git a/bin/named/control.c b/bin/named/control.c
index c9d17abe0276..c4b5419f71a4 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,15 +15,15 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.c,v 1.7.2.2.2.14 2005/04/29 01:04:47 marka Exp $ */
+/* $Id: control.c,v 1.7.2.2.2.16 2007/09/13 23:45:58 tbox Exp $ */
#include <config.h>
-#include <string.h>
#include <isc/app.h>
#include <isc/event.h>
#include <isc/mem.h>
+#include <isc/string.h>
#include <isc/timer.h>
#include <isc/util.h>
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index b6bcc166200c..d8a7bcf2fcf9 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */
+/* $Id: controlconf.c,v 1.28.2.9.2.13 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
@@ -337,9 +337,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
listener = conn->listener;
secret.rstart = NULL;
- /* Is the server shutting down? */
- if (listener->controls->shuttingdown)
- goto cleanup;
+ /* Is the server shutting down? */
+ if (listener->controls->shuttingdown)
+ goto cleanup;
if (conn->ccmsg.result != ISC_R_SUCCESS) {
if (conn->ccmsg.result != ISC_R_CANCELED &&
@@ -356,9 +356,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
{
ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
if (secret.rstart == NULL)
goto cleanup;
@@ -367,7 +364,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_fromwire(&ccregion, &request, &secret);
if (result == ISC_R_SUCCESS)
break;
- else if (result == ISCCC_R_BADAUTH) {
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ if (result == ISCCC_R_BADAUTH) {
/*
* For some reason, request is non-NULL when
* isccc_cc_fromwire returns ISCCC_R_BADAUTH.
@@ -388,7 +386,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
/* We shouldn't be getting a reply. */
if (isccc_cc_isreply(request)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
isc_stdtime_get(&now);
@@ -399,17 +397,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
_ctrl = isccc_alist_lookup(request, "_ctrl");
if (_ctrl == NULL) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
- goto cleanup;
+ goto cleanup_request;
}
} else {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -418,7 +416,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
now > exp) {
log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -428,16 +426,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_checkdup(listener->controls->symtab, request, now);
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_EXISTS)
- result = ISCCC_R_DUPLICATE;
+ result = ISCCC_R_DUPLICATE;
log_invalid(&conn->ccmsg, result);
- goto cleanup;
+ goto cleanup_request;
}
if (conn->nonce != 0 &&
(isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
conn->nonce != nonce)) {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -451,7 +449,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_request;
if (eresult != ISC_R_SUCCESS) {
isccc_sexpr_t *data;
@@ -459,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
const char *estr = isc_result_totext(eresult);
if (isccc_cc_definestring(data, "err", estr) == NULL)
- goto cleanup;
+ goto cleanup_response;
}
}
@@ -470,20 +468,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
char *str = (char *)isc_buffer_base(&text);
if (isccc_cc_definestring(data, "text", str) == NULL)
- goto cleanup;
+ goto cleanup_response;
}
}
_ctrl = isccc_alist_lookup(response, "_ctrl");
if (_ctrl == NULL ||
isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
- goto cleanup;
+ goto cleanup_response;
ccregion.rstart = conn->buffer + 4;
ccregion.rend = conn->buffer + sizeof(conn->buffer);
result = isccc_cc_towire(response, &ccregion, &secret);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_response;
isc_buffer_init(&b, conn->buffer, 4);
len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
isc_buffer_putuint32(&b, len - 4);
@@ -492,31 +490,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_response;
conn->sending = ISC_TRUE;
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
- if (request != NULL)
- isccc_sexpr_free(&request);
- if (response != NULL)
- isccc_sexpr_free(&response);
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ isccc_sexpr_free(&request);
+ isccc_sexpr_free(&response);
return;
+ cleanup_response:
+ isccc_sexpr_free(&response);
+
+ cleanup_request:
+ isccc_sexpr_free(&request);
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+
cleanup:
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
isc_socket_detach(&conn->sock);
isccc_ccmsg_invalidate(&conn->ccmsg);
conn->ccmsg_valid = ISC_FALSE;
maybe_free_connection(conn);
maybe_free_listener(listener);
- if (request != NULL)
- isccc_sexpr_free(&request);
- if (response != NULL)
- isccc_sexpr_free(&response);
}
static void
@@ -540,7 +534,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
conn = isc_mem_get(listener->mctx, sizeof(*conn));
if (conn == NULL)
return (ISC_R_NOMEMORY);
-
+
conn->sock = sock;
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
conn->ccmsg_valid = ISC_TRUE;
@@ -651,7 +645,7 @@ ns_controls_shutdown(ns_controls_t *controls) {
static isc_result_t
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
- const cfg_obj_t **objp)
+ const cfg_obj_t **objp)
{
const cfg_listelt_t *element;
const char *str;
@@ -681,7 +675,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
char *newstr = NULL;
const char *str;
const cfg_obj_t *obj;
- controlkey_t *key = NULL;
+ controlkey_t *key;
for (element = cfg_list_first(keylist);
element != NULL;
@@ -700,7 +694,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
key->secret.length = 0;
ISC_LINK_INIT(key, link);
ISC_LIST_APPEND(*keyids, key, link);
- key = NULL;
newstr = NULL;
}
return (ISC_R_SUCCESS);
@@ -708,8 +701,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
cleanup:
if (newstr != NULL)
isc_mem_free(mctx, newstr);
- if (key != NULL)
- isc_mem_put(mctx, key, sizeof(*key));
free_controlkeylist(keyids, mctx);
return (ISC_R_NOMEMORY);
}
@@ -802,7 +793,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
-
+
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
@@ -822,14 +813,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
- if (keyid == NULL)
+ if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
ISC_LINK_INIT(keyid, link);
- if (keyid->keyname == NULL)
+ if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
@@ -885,7 +876,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
cfg_parser_destroy(&pctx);
return (result);
}
-
+
/*
* Ensures that both '*global_keylistp' and '*control_keylistp' are
* valid or both are NULL.
@@ -939,7 +930,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
*listenerp = NULL;
return;
}
-
+
/*
* There is already a listener for this sockaddr.
* Update the access list and key information.
@@ -1267,7 +1258,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
-
+
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext);
diff --git a/bin/named/include/named/builtin.h b/bin/named/include/named/builtin.h
index 15564bf3fb0d..257a9aa3300d 100644
--- a/bin/named/include/named/builtin.h
+++ b/bin/named/include/named/builtin.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: builtin.h,v 1.1.204.3 2004/03/08 04:04:20 marka Exp $ */
+/* $Id: builtin.h,v 1.1.204.6 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_BUILTIN_H
#define NAMED_BUILTIN_H 1
diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h
index 8e5b94a7fc35..0e9a378f17e1 100644
--- a/bin/named/include/named/config.h
+++ b/bin/named/include/named/config.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001, 2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: config.h,v 1.4.12.9 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_CONFIG_H
#define NAMED_CONFIG_H 1
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
index 54bd91cbd4c5..96e54a31df0f 100644
--- a/bin/named/include/named/interfacemgr.h
+++ b/bin/named/include/named/interfacemgr.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.h,v 1.23.24.7 2004/04/29 01:31:22 marka Exp $ */
+/* $Id: interfacemgr.h,v 1.23.24.10 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_INTERFACEMGR_H
#define NAMED_INTERFACEMGR_H 1
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
index e8ad1ca15ff1..35b6837d78a9 100644
--- a/bin/named/include/named/log.h
+++ b/bin/named/include/named/log.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.h,v 1.19.12.3 2004/03/08 04:04:21 marka Exp $ */
+/* $Id: log.h,v 1.19.12.6 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_LOG_H
#define NAMED_LOG_H 1
diff --git a/bin/named/include/named/main.h b/bin/named/include/named/main.h
index e37b5198fd03..9514616c2d30 100644
--- a/bin/named/include/named/main.h
+++ b/bin/named/include/named/main.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.h,v 1.8.2.2.8.4 2004/03/08 04:04:21 marka Exp $ */
+/* $Id: main.h,v 1.8.2.2.8.7 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_MAIN_H
#define NAMED_MAIN_H 1
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
index 6f348d530e7c..4c7f4e74f9df 100644
--- a/bin/named/include/named/query.h
+++ b/bin/named/include/named/query.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.h,v 1.28.2.3.8.6 2004/03/08 04:04:21 marka Exp $ */
+/* $Id: query.h,v 1.28.2.3.8.9 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
diff --git a/bin/named/include/named/zoneconf.h b/bin/named/include/named/zoneconf.h
index 3e63053f3898..032bad7b36a2 100644
--- a/bin/named/include/named/zoneconf.h
+++ b/bin/named/include/named/zoneconf.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: zoneconf.h,v 1.16.2.2.8.6 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NS_ZONECONF_H
#define NS_ZONECONF_H 1
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index a3410567e631..f3d1d0b88c34 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.59.2.5.8.21 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/log.c b/bin/named/log.c
index 9032af795d4f..9f6893a0cc53 100644
--- a/bin/named/log.c
+++ b/bin/named/log.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.33.2.1.10.6 2005/05/24 23:58:17 marka Exp $ */
+/* $Id: log.c,v 1.33.2.1.10.9 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 1bf3b5589e23..200c031d57a3 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: logconf.c,v 1.30.2.3.10.7 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c
index 1bd8d82875e7..724216b2ed00 100644
--- a/bin/named/lwaddr.c
+++ b/bin/named/lwaddr.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwaddr.c,v 1.3.208.1 2004/03/06 10:21:18 marka Exp $ */
+/* $Id: lwaddr.c,v 1.3.208.3 2008/01/11 23:45:30 tbox Exp $ */
#include <config.h>
@@ -79,7 +79,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) {
} else {
la->family = LWRES_ADDRTYPE_V6;
la->length = 16;
- memcpy(la->address, &na->type.in, 16);
+ memcpy(la->address, &na->type.in6, 16);
}
return (ISC_R_SUCCESS);
}
diff --git a/bin/named/lwdclient.c b/bin/named/lwdclient.c
index 7975a4991e13..a2516503762a 100644
--- a/bin/named/lwdclient.c
+++ b/bin/named/lwdclient.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdclient.c,v 1.13.12.5 2004/03/08 09:04:15 marka Exp $ */
+/* $Id: lwdclient.c,v 1.13.12.8 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/lwdgabn.c b/bin/named/lwdgabn.c
index 539c25bf3d15..f8c0f3bb5f7d 100644
--- a/bin/named/lwdgabn.c
+++ b/bin/named/lwdgabn.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: lwdgabn.c,v 1.13.12.8 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c
index 21ef804ac933..1770f3933f3b 100644
--- a/bin/named/lwdgnba.c
+++ b/bin/named/lwdgnba.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgnba.c,v 1.13.2.1.2.5 2004/03/08 04:04:19 marka Exp $ */
+/* $Id: lwdgnba.c,v 1.13.2.1.2.10 2008/01/14 23:45:30 tbox Exp $ */
#include <config.h>
@@ -218,8 +218,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) {
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
goto out;
- if (req->addr.address == NULL)
- goto out;
client->options = 0;
if (req->addr.family == LWRES_ADDRTYPE_V4) {
diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
index 3ad9e9e38d5a..8c4868b1f262 100644
--- a/bin/named/lwdgrbn.c
+++ b/bin/named/lwdgrbn.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */
+/* $Id: lwdgrbn.c,v 1.11.208.6 2006/12/07 04:52:50 marka Exp $ */
#include <config.h>
@@ -183,8 +183,6 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
if (newrdatas != NULL)
isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
- if (newlens != NULL)
- isc_mem_put(mctx, newlens, used * sizeof(*oldlens));
return (result);
}
diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c
index 30d95ee8d8e2..5708f3a9491c 100644
--- a/bin/named/lwdnoop.c
+++ b/bin/named/lwdnoop.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdnoop.c,v 1.6.208.1 2004/03/06 10:21:19 marka Exp $ */
+/* $Id: lwdnoop.c,v 1.6.208.3 2008/01/22 23:26:39 tbox Exp $ */
#include <config.h>
@@ -42,7 +42,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
result = lwres_nooprequest_parse(client->clientmgr->lwctx,
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
- goto out;
+ goto send_error;
client->pkt.recvlength = LWRES_RECVLENGTH;
client->pkt.authtype = 0; /* XXXMLG */
@@ -55,7 +55,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
&client->pkt, &lwb);
if (lwres != LWRES_R_SUCCESS)
- goto out;
+ goto cleanup_req;
r.base = lwb.base;
r.length = lwb.used;
@@ -63,7 +63,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
client->sendlength = r.length;
result = ns_lwdclient_sendreply(client, &r);
if (result != ISC_R_SUCCESS)
- goto out;
+ goto cleanup_lwb;
/*
* We can now destroy request.
@@ -74,13 +74,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
return;
- out:
- if (req != NULL)
- lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+ cleanup_lwb:
+ lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length);
- if (lwb.base != NULL)
- lwres_context_freemem(client->clientmgr->lwctx,
- lwb.base, lwb.length);
+ cleanup_req:
+ lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+ send_error:
ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
}
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index 1333a5d5092e..91d0e8a79167 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $
+.\" $Id: lwresd.8,v 1.13.208.10 2007/05/16 06:10:54 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwresd
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -33,7 +33,7 @@
lwresd \- lightweight resolver daemon
.SH "SYNOPSIS"
.HP 7
-\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
+\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR]
.SH "DESCRIPTION"
.PP
\fBlwresd\fR
@@ -60,42 +60,106 @@ entries are present, or if forwarding fails,
\fBlwresd\fR
resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
.SH "OPTIONS"
-.TP 3n
+.PP
+\-4
+.RS 4
+Use IPv4 only even if the host machine is capable of IPv6.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-6
+.RS 4
+Use IPv6 only even if the host machine is capable of IPv4.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/lwresd.conf\fR.
+<term>\-c</term>
+can not be used with
+<term>\-C</term>.
+.RE
+.PP
\-C \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
-.TP 3n
+<term>\-C</term>
+can not be used with
+<term>\-c</term>.
+.RE
+.PP
\-d \fIdebug\-level\fR
+.RS 4
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBlwresd\fR
become more verbose as the debug level increases.
-.TP 3n
+.RE
+.PP
\-f
+.RS 4
Run the server in the foreground (i.e. do not daemonize).
-.TP 3n
+.RE
+.PP
\-g
+.RS 4
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP 3n
+.RE
+.PP
+\-i \fIpid\-file\fR
+.RS 4
+Use
+\fIpid\-file\fR
+as the PID file instead of the default,
+\fI/var/run/lwresd.pid\fR.
+.RE
+.PP
+\-m \fIflag\fR
+.RS 4
+Turn on memory usage debugging flags. Possible flags are
+\fIusage\fR,
+\fItrace\fR, and
+\fIrecord\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+\fI<isc/mem.h>\fR.
+.RE
+.PP
\-n \fI#cpus\fR
+.RS 4
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBlwresd\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP 3n
+.RE
+.PP
\-P \fIport\fR
+.RS 4
Listen for lightweight resolver queries on port
\fIport\fR. If not specified, the default is port 921.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Send DNS lookups to port
\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
-.TP 3n
+.RE
+.PP
\-s
+.RS 4
Write memory usage statistics to
\fIstdout\fR
on exit.
@@ -103,9 +167,11 @@ on exit.
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP 3n
+.RE
+.PP
\-t \fIdirectory\fR
-\fBchroot()\fR
+.RS 4
+\fBChroot\fR
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
@@ -114,25 +180,34 @@ after processing the command line arguments, but before reading the configuratio
This option should be used in conjunction with the
\fB\-u\fR
option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot()\fR
+\fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
-\fBsetuid()\fR
+.RS 4
+\fBSetuid\fR
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Report the version number and exit.
+.RE
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/resolv.conf\fR
+.RS 4
The default configuration file.
-.TP 3n
+.RE
+.PP
\fI/var/run/lwresd.pid\fR
+.RS 4
The default process\-id file.
+.RE
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
@@ -142,4 +217,7 @@ The default process\-id file.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
index c1f500bb8300..354a4ab85d58 100644
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.docbook,v 1.6.208.4 2005/05/13 01:22:33 marka Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.6.208.9 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -52,11 +53,13 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>lwresd</command>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
<arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
<arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
<arg><option>-f</option></arg>
<arg><option>-g</option></arg>
<arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">port</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
@@ -64,6 +67,8 @@
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
<arg><option>-v</option></arg>
+ <arg><option>-4</option></arg>
+ <arg><option>-6</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -107,15 +112,51 @@
<title>OPTIONS</title>
<variablelist>
+
+ <varlistentry>
+ <term>-4</term>
+ <listitem>
+ <para>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-6</term>
+ <listitem>
+ <para>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <!-- this is in source but not mentioned? does this matter? -->
+ <varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/lwresd.conf</filename>.
+ <term>-c</term> can not be used with <term>-C</term>.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>-C <replaceable class="parameter">config-file</replaceable></term>
<listitem>
<para>
- Use <replaceable
- class="parameter">config-file</replaceable> as the
- configuration file instead of the default,
- <filename>/etc/resolv.conf</filename>.
- </para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/resolv.conf</filename>.
+ <term>-C</term> can not be used with <term>-c</term>.
+ </para>
</listitem>
</varlistentry>
@@ -127,7 +168,7 @@
class="parameter">debug-level</replaceable>.
Debugging traces from <command>lwresd</command> become
more verbose as the debug level increases.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -136,7 +177,7 @@
<listitem>
<para>
Run the server in the foreground (i.e. do not daemonize).
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -146,7 +187,32 @@
<para>
Run the server in the foreground and force all logging
to <filename>stderr</filename>.
- </para>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i <replaceable class="parameter">pid-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">pid-file</replaceable> as the
+ PID file instead of the default,
+ <filename>/var/run/lwresd.pid</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Turn on memory usage debugging flags. Possible flags are
+ <replaceable class="parameter">usage</replaceable>,
+ <replaceable class="parameter">trace</replaceable>, and
+ <replaceable class="parameter">record</replaceable>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <filename>&lt;isc/mem.h&gt;</filename>.
+ </para>
</listitem>
</varlistentry>
@@ -161,7 +227,7 @@
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -172,7 +238,7 @@
Listen for lightweight resolver queries on port
<replaceable class="parameter">port</replaceable>. If
not specified, the default is port 921.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -186,7 +252,7 @@
way of testing the lightweight resolver daemon with a
name server that listens for queries on a non-standard
port number.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -196,7 +262,7 @@
<para>
Write memory usage statistics to <filename>stdout</filename>
on exit.
- </para>
+ </para>
<note>
<para>
This option is mainly of interest to BIND 9 developers
@@ -210,17 +276,17 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- <function>chroot()</function> to <replaceable
+ <function>Chroot</function> to <replaceable
class="parameter">directory</replaceable> after
processing the command line arguments, but before
reading the configuration file.
- </para>
+ </para>
<warning>
<para>
This option should be used in conjunction with the
<option>-u</option> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <function>chroot()</function> is
+ systems; the way <function>chroot(2)</function> is
defined allows a process with root privileges to
escape a chroot jail.
</para>
@@ -232,11 +298,11 @@
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
- <function>setuid()</function> to <replaceable
+ <function>Setuid</function> to <replaceable
class="parameter">user</replaceable> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -245,7 +311,7 @@
<listitem>
<para>
Report the version number and exit.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -263,7 +329,7 @@
<listitem>
<para>
The default configuration file.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -272,7 +338,7 @@
<listitem>
<para>
The default process-id file.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -286,15 +352,15 @@
<citerefentry>
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
- </citerefentry>,
+ </citerefentry>,
<citerefentry>
<refentrytitle>lwres</refentrytitle>
<manvolnum>3</manvolnum>
- </citerefentry>,
+ </citerefentry>,
<citerefentry>
<refentrytitle>resolver</refentrytitle>
<manvolnum>5</manvolnum>
- </citerefentry>.
+ </citerefentry>.
</para>
</refsect1>
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index 6ab78242e73f..45837e8ed4a1 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,25 +14,25 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.4.2.1.4.10 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: lwresd.html,v 1.4.2.1.4.15 2007/05/16 06:10:55 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwresd</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549484"></a><h2>DESCRIPTION</h2>
+<a name="id2543451"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">lwresd</strong></span> is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@@ -67,29 +67,64 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549533"></a><h2>OPTIONS</h2>
+<a name="id2543500"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
+<dt><span class="term">-4</span></dt>
+<dd><p>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-6</span></dt>
+<dd><p>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/lwresd.conf</code>.
+ <font color="red">&lt;term&gt;-c&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-C&lt;/term&gt;</font>.
+ </p></dd>
<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
- Use <em class="replaceable"><code>config-file</code></em> as the
- configuration file instead of the default,
- <code class="filename">/etc/resolv.conf</code>.
- </p></dd>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/resolv.conf</code>.
+ <font color="red">&lt;term&gt;-C&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-c&lt;/term&gt;</font>.
+ </p></dd>
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
Debugging traces from <span><strong class="command">lwresd</strong></span> become
more verbose as the debug level increases.
- </p></dd>
+ </p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
Run the server in the foreground (i.e. do not daemonize).
- </p></dd>
+ </p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
Run the server in the foreground and force all logging
to <code class="filename">stderr</code>.
- </p></dd>
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>pid-file</code></em> as the
+ PID file instead of the default,
+ <code class="filename">/var/run/lwresd.pid</code>.
+ </p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Turn on memory usage debugging flags. Possible flags are
+ <em class="replaceable"><code>usage</code></em>,
+ <em class="replaceable"><code>trace</code></em>, and
+ <em class="replaceable"><code>record</code></em>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <code class="filename">&lt;isc/mem.h&gt;</code>.
+ </p></dd>
<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
@@ -98,13 +133,13 @@
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
- </p></dd>
+ </p></dd>
<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Listen for lightweight resolver queries on port
<em class="replaceable"><code>port</code></em>. If
not specified, the default is port 921.
- </p></dd>
+ </p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
@@ -112,13 +147,13 @@
way of testing the lightweight resolver daemon with a
name server that listens for queries on a non-standard
port number.
- </p></dd>
+ </p></dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
Write memory usage statistics to <code class="filename">stdout</code>
on exit.
- </p>
+ </p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@@ -130,17 +165,17 @@
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
- <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
+ <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
- </p>
+ </p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be used in conjunction with the
<code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <code class="function">chroot()</code> is
+ systems; the way <code class="function">chroot(2)</code> is
defined allows a process with root privileges to
escape a chroot jail.
</p>
@@ -148,31 +183,31 @@
</dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd><p>
- <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
+ <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
- </p></dd>
+ </p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
Report the version number and exit.
- </p></dd>
+ </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549939"></a><h2>FILES</h2>
+<a name="id2543915"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
The default configuration file.
- </p></dd>
+ </p></dd>
<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
<dd><p>
The default process-id file.
- </p></dd>
+ </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549978"></a><h2>SEE ALSO</h2>
+<a name="id2543955"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
@@ -180,7 +215,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550017"></a><h2>AUTHOR</h2>
+<a name="id2543993"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/named.8 b/bin/named/named.8
index 7172393534de..a8d49747fe68 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $
+.\" $Id: named.8,v 1.17.208.14 2007/06/20 02:26:23 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -33,7 +33,7 @@
named \- Internet domain name server
.SH "SYNOPSIS"
.HP 6
-\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\fR
@@ -44,22 +44,27 @@ When invoked without arguments,
will read the default configuration file
\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
-.TP 3n
+.PP
\-4
+.RS 4
Use IPv4 only even if the host machine is capable of IPv6.
\fB\-4\fR
and
\fB\-6\fR
are mutually exclusive.
-.TP 3n
+.RE
+.PP
\-6
+.RS 4
Use IPv6 only even if the host machine is capable of IPv4.
\fB\-4\fR
and
\fB\-6\fR
are mutually exclusive.
-.TP 3n
+.RE
+.PP
\-c \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
@@ -68,32 +73,53 @@ as the configuration file instead of the default,
option in the configuration file,
\fIconfig\-file\fR
should be an absolute pathname.
-.TP 3n
+.RE
+.PP
\-d \fIdebug\-level\fR
+.RS 4
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBnamed\fR
become more verbose as the debug level increases.
-.TP 3n
+.RE
+.PP
\-f
+.RS 4
Run the server in the foreground (i.e. do not daemonize).
-.TP 3n
+.RE
+.PP
\-g
+.RS 4
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP 3n
+.RE
+.PP
+\-m \fIflag\fR
+.RS 4
+Turn on memory usage debugging flags. Possible flags are
+\fIusage\fR,
+\fItrace\fR, and
+\fIrecord\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+\fI<isc/mem.h>\fR.
+.RE
+.PP
\-n \fI#cpus\fR
+.RS 4
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBnamed\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Listen for queries on port
\fIport\fR. If not specified, the default is port 53.
-.TP 3n
+.RE
+.PP
\-s
+.RS 4
Write memory usage statistics to
\fIstdout\fR
on exit.
@@ -101,9 +127,11 @@ on exit.
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP 3n
+.RE
+.PP
\-t \fIdirectory\fR
-\fBchroot()\fR
+.RS 4
+\fBChroot\fR
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
@@ -112,12 +140,14 @@ after processing the command line arguments, but before reading the configuratio
This option should be used in conjunction with the
\fB\-u\fR
option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot()\fR
+\fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
-\fBsetuid()\fR
+.RS 4
+\fBSetuid\fR
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
@@ -126,19 +156,23 @@ after completing privileged operations, such as creating sockets that listen on
On Linux,
\fBnamed\fR
uses the kernel's capability mechanism to drop all root privileges except the ability to
-\fBbind()\fR
+\fBbind(2)\fR
to a privileged port and set process resource limits. Unfortunately, this means that the
\fB\-u\fR
option only works when
\fBnamed\fR
is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
-\fBsetuid()\fR.
+\fBsetuid(2)\fR.
.RE
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Report the version number and exit.
-.TP 3n
+.RE
+.PP
\-x \fIcache\-file\fR
+.RS 4
Load data from
\fIcache\-file\fR
into the cache of the default view.
@@ -146,17 +180,22 @@ into the cache of the default view.
.B "Warning:"
This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
+.RE
.SH "SIGNALS"
.PP
In routine operation, signals should not be used to control the nameserver;
\fBrndc\fR
should be used instead.
-.TP 3n
+.PP
SIGHUP
+.RS 4
Force a reload of the server.
-.TP 3n
+.RE
+.PP
SIGINT, SIGTERM
+.RS 4
Shut down the server.
+.RE
.PP
The result of sending any other signals to the server is undefined.
.SH "CONFIGURATION"
@@ -166,17 +205,23 @@ The
configuration file is too complex to describe in detail here. A complete description is provided in the
BIND 9 Administrator Reference Manual.
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/named.conf\fR
+.RS 4
The default configuration file.
-.TP 3n
+.RE
+.PP
\fI/var/run/named.pid\fR
+.RS 4
The default process\-id file.
+.RE
.SH "SEE ALSO"
.PP
RFC 1033,
RFC 1034,
RFC 1035,
+\fBnamed\-checkconf\fR(8),
+\fBnamed\-checkzone\fR(8),
\fBrndc\fR(8),
\fBlwresd\fR(8),
\fBnamed.conf\fR(5),
@@ -185,4 +230,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 1ace4da31cd1..15a8cf723c45 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $
+.\" $Id: named.conf.5,v 1.1.4.14 2007/06/20 02:26:23 marka Exp $
.\"
.hy 0
.ad l
.\" Title: \fInamed.conf\fR
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Aug 13, 2004
.\" Manual: BIND9
.\" Source: BIND9
@@ -46,14 +46,14 @@ C++ style: // to end of line
Unix style: # to end of line
.SH "ACL"
.sp
-.RS 3n
+.RS 4
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
.fi
.RE
.SH "KEY"
.sp
-.RS 3n
+.RS 4
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
@@ -63,7 +63,7 @@ key \fIdomain_name\fR {
.RE
.SH "MASTERS"
.sp
-.RS 3n
+.RS 4
.nf
masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
@@ -73,7 +73,7 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
.RE
.SH "SERVER"
.sp
-.RS 3n
+.RS 4
.nf
server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
bogus \fIboolean\fR;
@@ -93,7 +93,7 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
.RE
.SH "TRUSTED\-KEYS"
.sp
-.RS 3n
+.RS 4
.nf
trusted\-keys {
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
@@ -102,7 +102,7 @@ trusted\-keys {
.RE
.SH "CONTROLS"
.sp
-.RS 3n
+.RS 4
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
@@ -115,7 +115,7 @@ controls {
.RE
.SH "LOGGING"
.sp
-.RS 3n
+.RS 4
.nf
logging {
channel \fIstring\fR {
@@ -134,7 +134,7 @@ logging {
.RE
.SH "LWRES"
.sp
-.RS 3n
+.RS 4
.nf
lwres {
listen\-on [ port \fIinteger\fR ] {
@@ -148,7 +148,7 @@ lwres {
.RE
.SH "OPTIONS"
.sp
-.RS 3n
+.RS 4
.nf
options {
avoid\-v4\-udp\-ports { \fIport\fR; ... };
@@ -284,7 +284,7 @@ options {
.RE
.SH "VIEW"
.sp
-.RS 3n
+.RS 4
.nf
view \fIstring\fR \fIoptional_class\fR {
match\-clients { \fIaddress_match_element\fR; ... };
@@ -389,7 +389,7 @@ view \fIstring\fR \fIoptional_class\fR {
.RE
.SH "ZONE"
.sp
-.RS 3n
+.RS 4
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint |
@@ -460,7 +460,9 @@ zone \fIstring\fR \fIoptional_class\fR {
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
\fBrndc\fR(8),
-\fBBIND 9 Administrator Reference Manual\fR().
+BIND 9 Administrator Reference Manual
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index fb8a5ef61a16..ff9ae4bce1a6 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -1,10 +1,10 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.docbook,v 1.1.4.8 2006/09/13 00:26:41 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.1.4.13 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -522,20 +523,21 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
</para>
</refsect1>
-<refsect1>
-<title>SEE ALSO</title>
-<para>
-<citerefentry>
-<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>BIND 9 Administrator Reference Manual</refentrytitle>
-</citerefentry>.
-</para>
-</refsect1>
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>
+ </para>
+ </refsect1>
</refentry>
<!--
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index b43ee7f83c6e..54f20fbf731c 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.4.15 2006/09/13 02:56:21 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.4.20 2007/06/20 02:26:23 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549388"></a><h2>DESCRIPTION</h2>
+<a name="id2543330"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">named.conf</code> is the configuration file for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549417"></a><h2>ACL</h2>
+<a name="id2543358"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549433"></a><h2>KEY</h2>
+<a name="id2543374"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549452"></a><h2>MASTERS</h2>
+<a name="id2543394"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
@@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional"
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549498"></a><h2>SERVER</h2>
+<a name="id2543440"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
@@ -95,7 +95,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549556"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2543497"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@@ -103,7 +103,7 @@ trusted-keys {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549581"></a><h2>CONTROLS</h2>
+<a name="id2543523"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@@ -115,7 +115,7 @@ controls {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549617"></a><h2>LOGGING</h2>
+<a name="id2543558"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
@@ -133,7 +133,7 @@ logging {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549655"></a><h2>LWRES</h2>
+<a name="id2543596"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@@ -146,7 +146,7 @@ lwres {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549697"></a><h2>OPTIONS</h2>
+<a name="id2543638"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
@@ -290,7 +290,7 @@ options {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550312"></a><h2>VIEW</h2>
+<a name="id2544322"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -408,7 +408,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550878"></a><h2>ZONE</h2>
+<a name="id2544820"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
@@ -484,18 +484,19 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2551216"></a><h2>FILES</h2>
+<a name="id2545089"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2551228"></a><h2>SEE ALSO</h2>
+<a name="id2545101"></a><h2>SEE ALSO</h2>
<p>
-<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>.
-</p>
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>
+ </p>
</div>
</div></body>
</html>
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index f7cae12b1357..43401d027447 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.docbook,v 1.5.98.7 2006/01/17 23:49:30 marka Exp $ -->
+<!-- $Id: named.docbook,v 1.5.98.13 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -60,6 +61,7 @@
<arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
<arg><option>-f</option></arg>
<arg><option>-g</option></arg>
+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg><option>-s</option></arg>
@@ -161,6 +163,20 @@
</varlistentry>
<varlistentry>
+ <term>-m <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Turn on memory usage debugging flags. Possible flags are
+ <replaceable class="parameter">usage</replaceable>,
+ <replaceable class="parameter">trace</replaceable>, and
+ <replaceable class="parameter">record</replaceable>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <filename>&lt;isc/mem.h&gt;</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-n <replaceable class="parameter">#cpus</replaceable></term>
<listitem>
<para>
@@ -205,7 +221,7 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- <function>chroot()</function> to <replaceable
+ <function>Chroot</function> to <replaceable
class="parameter">directory</replaceable> after
processing the command line arguments, but before
reading the configuration file.
@@ -215,7 +231,7 @@
This option should be used in conjunction with the
<option>-u</option> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <function>chroot()</function> is
+ systems; the way <function>chroot(2)</function> is
defined allows a process with root privileges to
escape a chroot jail.
</para>
@@ -227,7 +243,7 @@
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
- <function>setuid()</function> to <replaceable
+ <function>Setuid</function> to <replaceable
class="parameter">user</replaceable> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
@@ -236,13 +252,13 @@
<para>
On Linux, <command>named</command> uses the kernel's
capability mechanism to drop all root privileges
- except the ability to <function>bind()</function> to a
+ except the ability to <function>bind(2)</function> to a
privileged port and set process resource limits.
Unfortunately, this means that the <option>-u</option>
option only works when <command>named</command> is run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
- to be retained after <function>setuid()</function>.
+ to be retained after <function>setuid(2)</function>.
</para>
</note>
</listitem>
@@ -359,6 +375,14 @@
<citetitle>RFC 1034</citetitle>,
<citetitle>RFC 1035</citetitle>,
<citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>rndc</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
diff --git a/bin/named/named.html b/bin/named/named.html
index 6e77e5b9c3b6..f90b087b25c3 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,25 +14,25 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.4.2.1.4.13 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: named.html,v 1.4.2.1.4.19 2007/06/20 02:26:23 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named</span> &#8212; Internet domain name server</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549491"></a><h2>DESCRIPTION</h2>
+<a name="id2543441"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named</strong></span> is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549516"></a><h2>OPTIONS</h2>
+<a name="id2543466"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -87,6 +87,15 @@
Run the server in the foreground and force all logging
to <code class="filename">stderr</code>.
</p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Turn on memory usage debugging flags. Possible flags are
+ <em class="replaceable"><code>usage</code></em>,
+ <em class="replaceable"><code>trace</code></em>, and
+ <em class="replaceable"><code>record</code></em>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <code class="filename">&lt;isc/mem.h&gt;</code>.
+ </p></dd>
<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
@@ -117,7 +126,7 @@
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
- <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
+ <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
</p>
@@ -127,7 +136,7 @@
This option should be used in conjunction with the
<code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <code class="function">chroot()</code> is
+ systems; the way <code class="function">chroot(2)</code> is
defined allows a process with root privileges to
escape a chroot jail.
</p>
@@ -136,7 +145,7 @@
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
<p>
- <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
+ <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
</p>
@@ -145,13 +154,13 @@
<p>
On Linux, <span><strong class="command">named</strong></span> uses the kernel's
capability mechanism to drop all root privileges
- except the ability to <code class="function">bind()</code> to a
+ except the ability to <code class="function">bind(2)</code> to a
privileged port and set process resource limits.
Unfortunately, this means that the <code class="option">-u</code>
option only works when <span><strong class="command">named</strong></span> is run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
- to be retained after <code class="function">setuid()</code>.
+ to be retained after <code class="function">setuid(2)</code>.
</p>
</div>
</dd>
@@ -177,7 +186,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550002"></a><h2>SIGNALS</h2>
+<a name="id2543851"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -198,7 +207,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550049"></a><h2>CONFIGURATION</h2>
+<a name="id2543898"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is
@@ -207,7 +216,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550066"></a><h2>FILES</h2>
+<a name="id2543915"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -220,11 +229,13 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550105"></a><h2>SEE ALSO</h2>
+<a name="id2543955"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
@@ -232,7 +243,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550157"></a><h2>AUTHOR</h2>
+<a name="id2544026"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/query.c b/bin/named/query.c
index c0a76a8bdd11..858df8cd975b 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */
+/* $Id: query.c,v 1.198.2.13.4.53 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
@@ -479,7 +479,7 @@ ns_query_init(ns_client_t *client) {
client->query.authdb = NULL;
client->query.authzone = NULL;
client->query.authdbset = ISC_FALSE;
- client->query.isreferral = ISC_FALSE;
+ client->query.isreferral = ISC_FALSE;
query_reset(client, ISC_FALSE);
result = query_newdbversion(client, 3);
if (result != ISC_R_SUCCESS) {
@@ -561,13 +561,13 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
result = dns_zone_getdb(zone, &db);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS)
goto fail;
/*
* This limits our searching to the zone where the first name
* (the query target) was looked for. This prevents following
- * CNAMES or DNAMES into other zones and prevents returning
+ * CNAMES or DNAMES into other zones and prevents returning
* additional data from other zones.
*/
if (!client->view->additionalfromauth &&
@@ -644,7 +644,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
ISC_LOG_DEBUG(3),
"%s approved", msg);
}
- } else {
+ } else {
ns_client_aclmsg("query", name, qtype,
client->view->rdclass,
msg, sizeof(msg));
@@ -745,7 +745,7 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
if (check_acl) {
isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0);
char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")];
-
+
result = ns_client_checkaclsilent(client,
client->view->queryacl,
ISC_TRUE);
@@ -1192,7 +1192,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
* recursing to add address records, which in turn can cause
* recursion to add KEYs.
*/
- if (type == dns_rdatatype_srv && trdataset != NULL) {
+ if (type == dns_rdatatype_srv && trdataset != NULL) {
/*
* If we're adding SRV records to the additional data
* section, it's helpful if we add the SRV additional data
@@ -1735,7 +1735,9 @@ query_addbestns(ns_client_t *client) {
}
static void
-query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) {
+query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
+ dns_dbversion_t *version)
+{
dns_name_t *rname;
dns_rdataset_t *rdataset, *sigrdataset;
isc_result_t result;
@@ -1756,12 +1758,12 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) {
/*
* Look for the DS record, which may or may not be present.
*/
- result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, 0,
+ result = dns_db_findrdataset(db, node, version, dns_rdatatype_ds, 0,
client->now, rdataset, sigrdataset);
/*
* If we didn't find it, look for an NSEC. */
if (result == ISC_R_NOTFOUND)
- result = dns_db_findrdataset(db, node, NULL,
+ result = dns_db_findrdataset(db, node, version,
dns_rdatatype_nsec, 0, client->now,
rdataset, sigrdataset);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
@@ -1800,7 +1802,8 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) {
static void
query_addwildcardproof(ns_client_t *client, dns_db_t *db,
- dns_name_t *name, isc_boolean_t ispositive)
+ dns_dbversion_t *version, dns_name_t *name,
+ isc_boolean_t ispositive)
{
isc_buffer_t *dbuf, b;
dns_name_t *fname;
@@ -1881,7 +1884,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
goto cleanup;
- result = dns_db_find(db, name, NULL, dns_rdatatype_nsec, options,
+ result = dns_db_find(db, name, version, dns_rdatatype_nsec, options,
0, &node, fname, rdataset, sigrdataset);
if (node != NULL)
dns_db_detachnode(db, &node);
@@ -1922,7 +1925,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
name = wname;
goto again;
}
- }
+ }
cleanup:
if (rdataset != NULL)
query_putrdataset(client, &rdataset);
@@ -1933,8 +1936,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
}
static void
-query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep,
- dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp)
+query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db,
+ dns_dbversion_t *version, dns_name_t **namep,
+ dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp)
{
dns_name_t *name;
dns_rdataset_t *sigrdataset;
@@ -1971,8 +1975,7 @@ query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep,
return;
/* XXX */
- query_addwildcardproof(client, db,
- client->query.qname,
+ query_addwildcardproof(client, db, version, client->query.qname,
ISC_TRUE);
/*
@@ -2193,7 +2196,7 @@ static isc_result_t
rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) {
struct in_addr ina;
struct in6_addr in6a;
-
+
switch (rdata->type) {
case dns_rdatatype_a:
INSIST(rdata->length == 4);
@@ -2246,7 +2249,7 @@ setup_query_sortlist(ns_client_t *client) {
isc_netaddr_t netaddr;
dns_rdatasetorderfunc_t order = NULL;
const void *order_arg = NULL;
-
+
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (ns_sortlist_setup(client->view->sortlist,
&netaddr, &order_arg)) {
@@ -2296,11 +2299,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
cleanup:
if (nsec != NULL)
- query_putrdataset(client, &nsec);
- if (nsecsig != NULL)
- query_putrdataset(client, &nsecsig);
- if (fname != NULL)
- query_releasename(client, &fname);
+ query_putrdataset(client, &nsec);
+ if (nsecsig != NULL)
+ query_putrdataset(client, &nsecsig);
+ if (fname != NULL)
+ query_releasename(client, &fname);
}
static inline void
@@ -2434,7 +2437,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto resume;
}
-
+
/*
* Not returning from recursion.
*/
@@ -2527,7 +2530,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (is_zone)
authoritative = ISC_TRUE;
-
+
if (event == NULL && client->query.restarts == 0) {
if (is_zone) {
dns_zone_attach(zone, &client->query.authzone);
@@ -2723,7 +2726,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dbuf, DNS_SECTION_AUTHORITY);
client->query.gluedb = NULL;
if (WANTDNSSEC(client) && dns_db_issecure(db))
- query_addds(client, db, node);
+ query_addds(client, db, node, version);
} else {
/*
* We might have a better answer or delegation
@@ -2824,7 +2827,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
client->query.attributes &=
~NS_QUERYATTR_CACHEGLUEOK;
if (WANTDNSSEC(client))
- query_addds(client, db, node);
+ query_addds(client, db, node, version);
}
}
goto cleanup;
@@ -2861,8 +2864,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (WANTDNSSEC(client)) {
if (dns_rdataset_isassociated(rdataset))
- query_addnxrrsetnsec(client, db, &fname,
- &rdataset, &sigrdataset);
+ query_addnxrrsetnsec(client, db, version,
+ &fname, &rdataset,
+ &sigrdataset);
}
goto cleanup;
case DNS_R_EMPTYWILD:
@@ -2907,7 +2911,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
query_addrrset(client, &fname, &rdataset,
&sigrdataset,
NULL, DNS_SECTION_AUTHORITY);
- query_addwildcardproof(client, db,
+ query_addwildcardproof(client, db, version,
client->query.qname,
ISC_FALSE);
}
@@ -3212,6 +3216,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* an error unless we were searching for
* glue. Ugh.
*/
+ if (!is_zone) {
+ authoritative = ISC_FALSE;
+ dns_rdatasetiter_destroy(&rdsiter);
+ if (RECURSIONOK(client)) {
+ result = query_recurse(client,
+ qtype,
+ NULL,
+ NULL);
+ if (result == ISC_R_SUCCESS)
+ client->query.attributes |=
+ NS_QUERYATTR_RECURSING;
+ else
+ QUERY_ERROR(DNS_R_SERVFAIL); }
+ goto addauth;
+ }
/*
* We were searching for SIG records in
* a nonsecure zone. Send a "no error,
@@ -3249,6 +3268,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
noqname = rdataset;
else
noqname = NULL;
+ /*
+ * BIND 8 priming queries need the additional section.
+ */
+ if (is_zone && qtype == dns_rdatatype_ns &&
+ dns_name_equal(client->query.qname, dns_rootname))
+ client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
+
query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
DNS_SECTION_ANSWER);
if (noqname != NULL)
@@ -3285,7 +3311,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* DNSSEC wildcard proofs.
*/
if (need_wildcardproof && dns_db_issecure(db))
- query_addwildcardproof(client, db,
+ query_addwildcardproof(client, db, version,
dns_fixedname_name(&wildcardname),
ISC_TRUE);
cleanup:
@@ -3404,6 +3430,7 @@ ns_query_start(ns_client_t *client) {
dns_rdataset_t *rdataset;
ns_client_t *qclient;
dns_rdatatype_t qtype;
+ isc_boolean_t want_ad;
CTRACE("ns_query_start");
@@ -3422,10 +3449,10 @@ ns_query_start(ns_client_t *client) {
if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
-
+
if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0)
client->attributes |= NS_CLIENTATTR_WANTDNSSEC;
-
+
if (client->view->minimalresponses)
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
NS_QUERYATTR_NOADDITIONAL);
@@ -3537,6 +3564,15 @@ ns_query_start(ns_client_t *client) {
client->query.attributes &= ~NS_QUERYATTR_SECURE;
/*
+ * Set 'want_ad' if the client has set AD in the query.
+ * This allows AD to be returned on queries without DO set.
+ */
+ if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
+ want_ad = ISC_TRUE;
+ else
+ want_ad = ISC_FALSE;
+
+ /*
* This is an ordinary query.
*/
result = dns_message_reply(message, ISC_TRUE);
@@ -3555,7 +3591,7 @@ ns_query_start(ns_client_t *client) {
* Set AD. We must clear it if we add non-validated data to a
* response.
*/
- if (client->view->enablednssec)
+ if (WANTDNSSEC(client) || want_ad)
message->flags |= DNS_MESSAGEFLAG_AD;
qclient = NULL;
diff --git a/bin/named/server.c b/bin/named/server.c
index f29321e51060..a01e5e79cfe3 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,11 +15,12 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */
+/* $Id: server.c,v 1.339.2.15.2.78 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
#include <stdlib.h>
+#include <unistd.h>
#include <isc/app.h>
#include <isc/base64.h>
@@ -290,6 +291,13 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key,
keystruct.datalen = r.length;
keystruct.data = r.base;
+ if ((keystruct.algorithm == DST_ALG_RSASHA1 ||
+ keystruct.algorithm == DST_ALG_RSAMD5) &&
+ r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
+ "trusted key '%s' has a weak exponent",
+ keynamestr);
+
CHECK(dns_rdata_fromstruct(NULL,
keystruct.common.rdclass,
keystruct.common.rdtype,
@@ -375,7 +383,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config,
*target = keytable; /* Transfer ownership. */
keytable = NULL;
result = ISC_R_SUCCESS;
-
+
cleanup:
return (result);
}
@@ -391,7 +399,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
isc_boolean_t value;
isc_result_t result;
isc_buffer_t b;
-
+
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(mbs);
@@ -409,7 +417,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
}
result = ISC_R_SUCCESS;
-
+
cleanup:
return (result);
}
@@ -538,7 +546,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
return (result);
obj = cfg_tuple_get(ent, "name");
- if (cfg_obj_isstring(obj))
+ if (cfg_obj_isstring(obj))
str = cfg_obj_asstring(obj);
else
str = "*";
@@ -931,7 +939,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (lame_ttl > 1800)
lame_ttl = 1800;
dns_resolver_setlamettl(view->resolver, lame_ttl);
-
+
/*
* Set the resolver's EDNS UDP size.
*/
@@ -944,7 +952,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (udpsize > 4096)
udpsize = 4096;
dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
-
+
/*
* Set supported DNSSEC algorithms.
*/
@@ -968,7 +976,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
(void)ns_config_get(maps, "forward", &forwardtype);
(void)ns_config_get(maps, "forwarders", &forwarders);
if (forwarders != NULL)
- CHECK(configure_forward(config, view, dns_rootname,
+ CHECK(configure_forward(config, view, dns_rootname,
forwarders, forwardtype));
/*
@@ -988,7 +996,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
/*
* If we still have no hints, this is a non-IN view with no
* "hints zone" configured. Issue a warning, except if this
- * is a root server. Root servers never need to consult
+ * is a root server. Root servers never need to consult
* their hints, so it's no point requiring users to configure
* them.
*/
@@ -1111,7 +1119,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
view->transfer_format = dns_one_answer;
else
INSIST(0);
-
+
/*
* Set sources where additional data and CNAME/DNAME
* targets for authoritative answers may be found.
@@ -1179,7 +1187,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
result = ns_config_get(maps, "provide-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
view->provideixfr = cfg_obj_asboolean(obj);
-
+
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
@@ -1608,7 +1616,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
"name"));
else
vname = "<default view>";
-
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': wrong class for view '%s'",
@@ -1968,7 +1976,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
}
ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
-
+
clean:
ns_listenlist_detach(&list);
return;
@@ -2042,7 +2050,7 @@ setstring(ns_server_t *server, char **field, const char *value) {
*field = copy;
return (ISC_R_SUCCESS);
-}
+}
/*
* Replace the current value of '*field', a dynamically allocated
@@ -2084,7 +2092,7 @@ set_limit(const cfg_obj_t **maps, const char *configname,
result = isc_resource_setlimit(resourceid, value);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
- ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
+ ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
description, value, isc_result_totext(result));
}
@@ -2113,7 +2121,7 @@ portlist_fromconf(dns_portlist_t *portlist, unsigned int family,
element = cfg_list_next(element)) {
const cfg_obj_t *obj = cfg_listelt_value(element);
in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
-
+
result = dns_portlist_add(portlist, family, port);
if (result != ISC_R_SUCCESS)
break;
@@ -2151,7 +2159,7 @@ load_configuration(const char *filename, ns_server_t *server,
/* Ensure exclusive access to configuration data. */
result = isc_task_beginexclusive(server->task);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Parse the global default pseudo-config file.
@@ -2204,6 +2212,15 @@ load_configuration(const char *filename, ns_server_t *server,
CHECK(result);
/*
+ * Check that the working directory is writable.
+ */
+ if (access(".", W_OK) != 0) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "the working directory is not writable");
+ }
+
+ /*
* Check the validity of the configuration.
*/
CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx));
@@ -2664,7 +2681,7 @@ load_configuration(const char *filename, ns_server_t *server,
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
-
+
obj = NULL;
if (options != NULL &&
cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS)
@@ -2798,7 +2815,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) {
*/
CHECK(dns_zonemgr_forcemaint(server->zonemgr));
cleanup:
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -2826,7 +2843,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) {
*/
dns_zonemgr_resumexfrs(server->zonemgr);
cleanup:
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -2880,7 +2897,7 @@ run_server(isc_task_t *task, isc_event_t *event) {
ISC_LOG_NOTICE, "running");
}
-void
+void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
REQUIRE(NS_SERVER_VALID(server));
@@ -3012,7 +3029,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->interface_timer = NULL;
server->heartbeat_timer = NULL;
-
+
server->interface_interval = 0;
server->heartbeat_interval = 0;
@@ -3035,7 +3052,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->hostname_set = ISC_FALSE;
server->hostname = NULL;
- server->version_set = ISC_FALSE;
+ server->version_set = ISC_FALSE;
server->version = NULL;
server->server_usehostname = ISC_FALSE;
server->server_id = NULL;
@@ -3191,7 +3208,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &dispatch->addr, 4096,
1000, 32768, 16411, 16433,
- attrs, attrmask, &dispatch->dispatch);
+ attrs, attrmask, &dispatch->dispatch);
if (result != ISC_R_SUCCESS)
goto cleanup;
@@ -3294,7 +3311,7 @@ next_token(char **stringp, const char *delim) {
break;
} while (*res == '\0');
return (res);
-}
+}
/*
* Find the zone specified in the control channel command 'args',
@@ -3352,14 +3369,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
} else {
rdclass = dns_rdataclass_in;
}
-
+
if (viewtxt == NULL)
viewtxt = "_default";
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
if (result != ISC_R_SUCCESS)
goto fail1;
-
+
result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
0, NULL, zonep);
/* Partial match? */
@@ -3378,7 +3395,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@@ -3391,7 +3408,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
result = ISC_R_NOTFOUND;
dns_zone_detach(&zone);
return (result);
-}
+}
/*
* Act on a "reload" command from the command channel.
@@ -3402,7 +3419,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@@ -3414,11 +3431,12 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
+ dns_zone_detach(&zone);
msg = "zone refresh queued";
} else {
result = dns_zone_load(zone);
dns_zone_detach(&zone);
- switch (result) {
+ switch (result) {
case ISC_R_SUCCESS:
msg = "zone reload successful";
break;
@@ -3440,7 +3458,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
return (result);
-}
+}
/*
* Act on a "reconfig" command from the command channel.
@@ -3478,17 +3496,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, msg1, sizeof(msg1));
return (ISC_R_SUCCESS);
}
-
+
dns_zone_detach(&zone);
if (sizeof(msg2) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg2, sizeof(msg2));
return (ISC_R_FAILURE);
-}
+}
isc_result_t
ns_server_togglequerylog(ns_server_t *server) {
server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
-
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"query logging is now %s",
@@ -3592,15 +3610,15 @@ ns_server_dumpstats(ns_server_t *server) {
CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
"could not open statistics dump file", server->statsfile);
-
+
ncounters = DNS_STATS_NCOUNTERS;
fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
-
+
for (i = 0; i < ncounters; i++)
fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n",
dns_statscounter_names[i],
server->querystats[i]);
-
+
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
@@ -3611,7 +3629,7 @@ ns_server_dumpstats(ns_server_t *server) {
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *viewname;
-
+
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
view = dns_zone_getview(zone);
@@ -3631,7 +3649,7 @@ ns_server_dumpstats(ns_server_t *server) {
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
CHECK(result);
-
+
fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now);
cleanup:
@@ -3659,7 +3677,7 @@ static isc_result_t
add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
struct viewlistentry *vle;
isc_result_t result = ISC_R_SUCCESS;
-
+
/*
* Prevent duplicate views.
*/
@@ -3722,7 +3740,7 @@ dumpdone(void *arg, isc_result_t result) {
struct dumpcontext *dctx = arg;
char buf[1024+32];
const dns_master_style_t *style;
-
+
if (result != ISC_R_SUCCESS)
goto cleanup;
if (dctx->mdctx != NULL)
@@ -3879,7 +3897,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_FALSE;
ptr = next_token(&args, " \t");
- }
+ }
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
@@ -3954,7 +3972,8 @@ isc_result_t
ns_server_flushcache(ns_server_t *server, char *args) {
char *ptr, *viewname;
dns_view_t *view;
- isc_boolean_t flushed = ISC_FALSE;
+ isc_boolean_t flushed;
+ isc_boolean_t found;
isc_result_t result;
/* Skip the command name. */
@@ -3967,23 +3986,28 @@ ns_server_flushcache(ns_server_t *server, char *args) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ flushed = ISC_TRUE;
+ found = ISC_FALSE;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
+ found = ISC_TRUE;
result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS)
- goto out;
- flushed = ISC_TRUE;
+ flushed = ISC_FALSE;
}
- if (flushed)
+ if (flushed && found) {
result = ISC_R_SUCCESS;
- else
- result = ISC_R_FAILURE;
- out:
- isc_task_endexclusive(server->task);
+ } else {
+ if (!found)
+ result = ISC_R_NOTFOUND;
+ else
+ result = ISC_R_FAILURE;
+ }
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -3991,7 +4015,8 @@ isc_result_t
ns_server_flushname(ns_server_t *server, char *args) {
char *ptr, *target, *viewname;
dns_view_t *view;
- isc_boolean_t flushed = ISC_FALSE;
+ isc_boolean_t flushed;
+ isc_boolean_t found;
isc_result_t result;
isc_buffer_t b;
dns_fixedname_t fixed;
@@ -4021,21 +4046,25 @@ ns_server_flushname(ns_server_t *server, char *args) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
flushed = ISC_TRUE;
+ found = ISC_FALSE;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
+ found = ISC_TRUE;
result = dns_view_flushname(view, name);
if (result != ISC_R_SUCCESS)
flushed = ISC_FALSE;
}
- if (flushed)
+ if (flushed && found)
result = ISC_R_SUCCESS;
+ else if (!found)
+ result = ISC_R_NOTFOUND;
else
result = ISC_R_FAILURE;
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -4086,7 +4115,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
diff --git a/bin/named/sortlist.c b/bin/named/sortlist.c
index 0feba3bbee82..d6691c89a991 100644
--- a/bin/named/sortlist.c
+++ b/bin/named/sortlist.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sortlist.c,v 1.5.12.6 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: sortlist.c,v 1.5.12.9 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c
index a90438d85efe..a9005e25bd3f 100644
--- a/bin/named/tsigconf.c
+++ b/bin/named/tsigconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001 Internet Software Consortium.
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsigconf.c,v 1.21.208.6 2006/03/02 00:37:20 marka Exp $ */
+/* $Id: tsigconf.c,v 1.21.208.9 2007/08/28 07:19:08 tbox Exp $ */
#include <config.h>
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
index 60ce968865dc..fc68927a3ba1 100644
--- a/bin/named/unix/Makefile.in
+++ b/bin/named/unix/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1999-2001 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001, 2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.6.12.3 2004/03/08 09:04:15 marka Exp $
+# $Id: Makefile.in,v 1.6.12.6 2007/08/28 07:19:08 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h
index 03baee57ea48..1c4bec070727 100644
--- a/bin/named/unix/include/named/os.h
+++ b/bin/named/unix/include/named/os.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.14.2.2.8.9 2004/09/29 06:36:44 marka Exp $ */
+/* $Id: os.h,v 1.14.2.2.8.12 2007/08/28 07:19:08 tbox Exp $ */
#ifndef NS_OS_H
#define NS_OS_H 1
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 361d1b63639f..f8026660391e 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002 Internet Software Consortium.
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.46.2.4.8.24 2006/02/03 23:51:37 marka Exp $ */
+/* $Id: os.c,v 1.46.2.4.8.30 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
#include <stdarg.h>
@@ -324,7 +324,7 @@ ns_os_daemonize(void) {
/*
* Wait for the child to finish loading for the first time.
* This would be so much simpler if fork() worked once we
- * were multi-threaded.
+ * were multi-threaded.
*/
(void)close(dfd[1]);
do {
@@ -494,15 +494,19 @@ ns_os_changeuser(void) {
ns_main_earlyfatal("setuid(): %s", strbuf);
}
-#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
- linux_minprivs();
-#endif
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
/*
* Restore the ability of named to drop core after the setuid()
* call has disabled it.
*/
- prctl(PR_SET_DUMPABLE,1,0,0,0);
+ if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s",
+ strbuf);
+ }
+#endif
+#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
+ linux_minprivs();
#endif
}
@@ -663,7 +667,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
ptr = next_token(&input, " \t");
if (ptr == NULL)
return;
-
+
if (strcmp(ptr, "-p") != 0)
return;
diff --git a/bin/named/update.c b/bin/named/update.c
index fa0ddb01049a..6733d76902b1 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.88.2.5.2.29 2006/01/06 00:01:42 marka Exp $ */
+/* $Id: update.c,v 1.88.2.5.2.35 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
@@ -112,7 +112,7 @@
} \
update_log(client, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s (%s)", _what, \
- msg, isc_result_totext(result)); \
+ msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) goto failure; \
} while (0)
@@ -401,7 +401,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) {
result = dns_rdataset_next(rdataset))
{
rr_t rr = { 0, DNS_RDATA_INIT };
-
+
dns_rdataset_current(rdataset, &rr.rdata);
rr.ttl = rdataset->ttl;
result = (*ctx->rr_action)(ctx->rr_action_data, &rr);
@@ -841,10 +841,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
/* A new unique name begins here. */
node = NULL;
result = dns_db_findnode(db, name, ISC_FALSE, &node);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND) {
+ dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
- if (result != ISC_R_SUCCESS)
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_diff_clear(&trash);
return (result);
+ }
/* A new unique type begins here. */
while (t != NULL && dns_name_equal(&t->name, name)) {
@@ -852,7 +856,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
dns_rdataset_t rdataset;
dns_diff_t d_rrs; /* Database RRs with
this name and type */
- dns_diff_t u_rrs; /* Update RRs with
+ dns_diff_t u_rrs; /* Update RRs with
this name and type */
*typep = type = t->rdata.type;
@@ -872,6 +876,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
&rdataset, NULL);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
}
@@ -1117,7 +1122,7 @@ typedef struct {
static isc_result_t
add_rr_prepare_action(void *data, rr_t *rr) {
- isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
add_rr_prepare_ctx_t *ctx = data;
dns_difftuple_t *tuple = NULL;
isc_boolean_t equal;
@@ -1631,6 +1636,8 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_db_detachnode(db, &node);
for (i = 0; i < nkeys; i++) {
+ if (!dst_key_isprivate(keys[i]))
+ continue;
/* Calculate the signature, creating a RRSIG RDATA. */
CHECK(dns_dnssec_sign(name, &rdataset, keys[i],
&inception, &expire,
@@ -1710,7 +1717,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
dns_rdataset_init(&rdataset);
CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
- (isc_stdtime_t) 0, &rdataset, NULL));
+ (isc_stdtime_t) 0, &rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
@@ -2306,7 +2313,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
else if (client->signer == NULL)
CHECK(checkupdateacl(client, NULL, "update", zonename,
ISC_FALSE));
-
+
if (dns_zone_getupdatedisabled(zone))
FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled");
@@ -2701,7 +2708,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
* The reason for failure should have been logged at this point.
*/
if (ver != NULL) {
- update_log(client, zone, LOGLEVEL_DEBUG,
+ update_log(client, zone, LOGLEVEL_DEBUG,
"rolling back");
dns_db_closeversion(db, &ver, ISC_FALSE);
}
@@ -2753,7 +2760,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) {
static void
forward_fail(isc_task_t *task, isc_event_t *event) {
- ns_client_t *client = (ns_client_t *)event->ev_arg;
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
UNUSED(task);
diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in
index 2652628768da..3474f7cfa06c 100644
--- a/bin/nsupdate/Makefile.in
+++ b/bin/nsupdate/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.15.12.10 2004/07/20 07:01:49 marka Exp $
+# $Id: Makefile.in,v 1.15.12.13 2007/08/28 07:19:08 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8
index 7e254e0e2eae..5d608e3565af 100644
--- a/bin/nsupdate/nsupdate.8
+++ b/bin/nsupdate/nsupdate.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.8,v 1.24.2.2.2.9 2006/06/29 13:02:30 marka Exp $
+.\" $Id: nsupdate.8,v 1.24.2.2.2.13 2007/05/09 03:32:36 marka Exp $
.\"
.hy 0
.ad l
.\" Title: nsupdate
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -55,7 +55,7 @@ operate in debug mode. This provides tracing information about the update reques
.PP
Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to
\fBnsupdate\fR
-and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable
+and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
\fBkey\fR
and
\fBserver\fR
@@ -106,15 +106,15 @@ use a TCP connection. This may be preferable when a batch of update requests is
.PP
The
\fB\-t\fR
-option sets the maximum time a update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
+option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
.PP
The
\fB\-u\fR
-option sets the UDP retry interval. The default is 3 seconds. If zero the interval will be computed from the timeout interval and number of UDP retries.
+option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries.
.PP
The
\fB\-r\fR
-option sets the number of UDP retries. The default is 3. If zero only one update request will be made.
+option sets the number of UDP retries. The default is 3. If zero, only one update request will be made.
.SH "INPUT FORMAT"
.PP
\fBnsupdate\fR
@@ -127,8 +127,9 @@ Every update request consists of zero or more prerequisites and zero or more upd
command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
.PP
The command formats and their meaning are as follows:
-.TP 3n
-.HP 7 \fBserver\fR {servername} [port]
+.PP
+\fBserver\fR {servername} [port]
+.RS 4
Sends all dynamic update requests to the name server
\fIservername\fR. When no server statement is provided,
\fBnsupdate\fR
@@ -137,31 +138,39 @@ will send updates to the master server of the correct zone. The MNAME field of t
is the port number on
\fIservername\fR
where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
-.TP 3n
-.HP 6 \fBlocal\fR {address} [port]
+.RE
+.PP
+\fBlocal\fR {address} [port]
+.RS 4
Sends all dynamic update requests using the local
\fIaddress\fR. When no local statement is provided,
\fBnsupdate\fR
will send updates using an address and port chosen by the system.
\fIport\fR
can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
-.TP 3n
-.HP 5 \fBzone\fR {zonename}
+.RE
+.PP
+\fBzone\fR {zonename}
+.RS 4
Specifies that all updates are to be made to the zone
\fIzonename\fR. If no
\fIzone\fR
statement is provided,
\fBnsupdate\fR
will attempt determine the correct zone to update based on the rest of the input.
-.TP 3n
-.HP 6 \fBclass\fR {classname}
+.RE
+.PP
+\fBclass\fR {classname}
+.RS 4
Specify the default class. If no
\fIclass\fR
-is specified the default class is
+is specified, the default class is
\fIIN\fR.
-.TP 3n
-.HP 4 \fBkey\fR {name} {secret}
-Specifies that all updates are to be TSIG signed using the
+.RE
+.PP
+\fBkey\fR {name} {secret}
+.RS 4
+Specifies that all updates are to be TSIG\-signed using the
\fIkeyname\fR
\fIkeysecret\fR
pair. The
@@ -170,17 +179,23 @@ command overrides any key specified on the command line via
\fB\-y\fR
or
\fB\-k\fR.
-.TP 3n
-.HP 16 \fBprereq nxdomain\fR {domain\-name}
+.RE
+.PP
+\fBprereq nxdomain\fR {domain\-name}
+.RS 4
Requires that no resource record of any type exists with name
\fIdomain\-name\fR.
-.TP 3n
-.HP 16 \fBprereq yxdomain\fR {domain\-name}
+.RE
+.PP
+\fBprereq yxdomain\fR {domain\-name}
+.RS 4
Requires that
\fIdomain\-name\fR
exists (has as at least one resource record, of any type).
-.TP 3n
-.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RE
+.PP
+\fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RS 4
Requires that no resource record exists of the specified
\fItype\fR,
\fIclass\fR
@@ -188,8 +203,10 @@ and
\fIdomain\-name\fR. If
\fIclass\fR
is omitted, IN (internet) is assumed.
-.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RS 4
This requires that a resource record of the specified
\fItype\fR,
\fIclass\fR
@@ -198,8 +215,10 @@ and
must exist. If
\fIclass\fR
is omitted, IN (internet) is assumed.
-.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RS 4
The
\fIdata\fR
from each set of prerequisites of this form sharing a common
@@ -212,8 +231,10 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of
\fIdomain\-name\fR. The
\fIdata\fR
are written in the standard text representation of the resource record's RDATA.
-.TP 3n
-.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RE
+.PP
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RS 4
Deletes any resource records named
\fIdomain\-name\fR. If
\fItype\fR
@@ -224,22 +245,31 @@ is provided, only matching resource records will be removed. The internet class
is not supplied. The
\fIttl\fR
is ignored, and is only allowed for compatibility.
-.TP 3n
-.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RE
+.PP
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RS 4
Adds a new resource record with the specified
\fIttl\fR,
\fIclass\fR
and
\fIdata\fR.
-.TP 3n
-.HP 5 \fBshow\fR
+.RE
+.PP
+\fBshow\fR
+.RS 4
Displays the current message, containing all of the prerequisites and updates specified since the last send.
-.TP 3n
-.HP 5 \fBsend\fR
+.RE
+.PP
+\fBsend\fR
+.RS 4
Sends the current message. This is equivalent to entering a blank line.
-.TP 3n
-.HP 7 \fBanswer\fR
+.RE
+.PP
+\fBanswer\fR
+.RS 4
Displays the answer.
+.RE
.PP
Lines beginning with a semicolon are comments and are ignored.
.SH "EXAMPLES"
@@ -251,7 +281,7 @@ could be used to insert and delete resource records from the
zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
\fBexample.com\fR.
.sp
-.RS 3n
+.RS 4
.nf
# nsupdate
> update delete oldhost.example.com A
@@ -263,11 +293,11 @@ zone. Notice that the input in each example contains a trailing blank line so th
.PP
Any A records for
\fBoldhost.example.com\fR
-are deleted. and an A record for
+are deleted. And an A record for
\fBnewhost.example.com\fR
-it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
.sp
-.RS 3n
+.RS 4
.nf
# nsupdate
> prereq nxdomain nickname.example.com
@@ -280,17 +310,23 @@ it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (8640
The prerequisite condition gets the name server to check that there are no resource records of any type for
\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
.SH "FILES"
-.TP 3n
+.PP
\fB/etc/resolv.conf\fR
+.RS 4
used to identify default name server
-.TP 3n
+.RE
+.PP
\fBK{name}.+157.+{random}.key\fR
+.RS 4
base\-64 encoding of HMAC\-MD5 key created by
\fBdnssec\-keygen\fR(8).
-.TP 3n
+.RE
+.PP
\fBK{name}.+157.+{random}.private\fR
+.RS 4
base\-64 encoding of HMAC\-MD5 key created by
\fBdnssec\-keygen\fR(8).
+.RE
.SH "SEE ALSO"
.PP
\fBRFC2136\fR(),
@@ -306,4 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 107d85f98039..6c9fdc15e8fb 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.103.2.15.2.23 2006/06/09 07:29:24 marka Exp $ */
+/* $Id: nsupdate.c,v 1.103.2.15.2.30 2008/01/17 23:45:27 tbox Exp $ */
#include <config.h>
@@ -159,6 +159,9 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
static void
ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+static void
+error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
#define STATUS_MORE (isc_uint16_t)0
#define STATUS_SEND (isc_uint16_t)1
#define STATUS_QUIT (isc_uint16_t)2
@@ -193,6 +196,16 @@ fatal(const char *format, ...) {
}
static void
+error(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+}
+
+static void
debug(const char *format, ...) {
va_list args;
@@ -1025,7 +1038,7 @@ evaluate_key(char *cmdline) {
secret = isc_mem_allocate(mctx, secretlen);
if (secret == NULL)
fatal("out of memory");
-
+
isc_buffer_init(&secretbuf, secret, secretlen);
result = isc_base64_decodestring(secretstr, &secretbuf);
if (result != ISC_R_SUCCESS) {
@@ -1091,8 +1104,8 @@ evaluate_class(char *cmdline) {
}
r.base = word;
- r.length = strlen(word);
- result = dns_rdataclass_fromtext(&rdclass, &r);
+ r.length = strlen(word);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not parse class name: %s\n", word);
return (STATUS_SYNTAX);
@@ -1276,8 +1289,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
failure:
if (name != NULL)
dns_message_puttempname(updatemsg, &name);
- if (rdata != NULL)
- dns_message_puttemprdata(updatemsg, &rdata);
+ dns_message_puttemprdata(updatemsg, &rdata);
return (STATUS_SYNTAX);
}
@@ -1311,7 +1323,7 @@ show_message(dns_message_t *msg) {
ddebug("show_message()");
bufsz = INITTEXT;
- do {
+ do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large enough "
"buffer to display message\n");
@@ -1396,8 +1408,11 @@ user_interaction(void) {
isc_uint16_t result = STATUS_MORE;
ddebug("user_interaction()");
- while ((result == STATUS_MORE) || (result == STATUS_SYNTAX))
+ while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) {
result = get_next_command();
+ if (!interactive && result == STATUS_SYNTAX)
+ fatal("syntax error");
+ }
if (result == STATUS_SEND)
return (ISC_TRUE);
return (ISC_FALSE);
@@ -1490,7 +1505,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
char buf[64];
isc_buffer_t b;
dns_rdataset_t *rds;
-
+
isc_buffer_init(&b, buf, sizeof(buf) - 1);
result = dns_rcode_totext(answer->rcode, &b);
check_result(result, "dns_rcode_totext");
@@ -1506,7 +1521,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
int bufsz;
bufsz = INITTEXT;
- do {
+ do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large "
"enough buffer to display message\n");
@@ -1605,7 +1620,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
ddebug("recvsoa()");
requests--;
-
+
REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
reqev = (dns_requestevent_t *)event;
request = reqev->request;
@@ -1643,8 +1658,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
setzoneclass(dns_rdataclass_none);
return;
}
- isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ reqinfo = NULL;
isc_event_free(&event);
reqev = NULL;
@@ -1703,12 +1719,25 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
rcvmsg->rcode != dns_rcode_nxdomain)
fatal("response to SOA query was unsuccessful");
+ if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(userzone, namebuf, sizeof(namebuf));
+ error("specified zone '%s' does not exist (NXDOMAIN)",
+ namebuf);
+ dns_message_destroy(&rcvmsg);
+ dns_request_destroy(&request);
+ dns_message_destroy(&soaquery);
+ ddebug("Out of recvsoa");
+ done_update();
+ return;
+ }
+
lookforsoa:
if (pass == 0)
section = DNS_SECTION_ANSWER;
else if (pass == 1)
section = DNS_SECTION_AUTHORITY;
- else
+ else
goto droplabel;
result = dns_message_firstname(rcvmsg, section);
@@ -1737,7 +1766,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
break;
}
}
-
+
result = dns_message_nextname(rcvmsg, section);
}
@@ -1802,7 +1831,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
dns_message_destroy(&rcvmsg);
ddebug("Out of recvsoa");
return;
-
+
droplabel:
result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION);
INSIST(result == ISC_R_SUCCESS);
@@ -1859,15 +1888,6 @@ start_update(void) {
if (answer != NULL)
dns_message_destroy(&answer);
- result = dns_message_firstname(updatemsg, section);
- if (result == ISC_R_NOMORE) {
- section = DNS_SECTION_PREREQUISITE;
- result = dns_message_firstname(updatemsg, section);
- }
- if (result != ISC_R_SUCCESS) {
- done_update();
- return;
- }
if (userzone != NULL && userserver != NULL) {
send_update(userzone, userserver, localaddr);
@@ -1879,7 +1899,8 @@ start_update(void) {
&soaquery);
check_result(result, "dns_message_create");
- soaquery->flags |= DNS_MESSAGEFLAG_RD;
+ if (userserver == NULL)
+ soaquery->flags |= DNS_MESSAGEFLAG_RD;
result = dns_message_gettempname(soaquery, &name);
check_result(result, "dns_message_gettempname");
@@ -1889,10 +1910,24 @@ start_update(void) {
dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa);
- firstname = NULL;
- dns_message_currentname(updatemsg, section, &firstname);
- dns_name_init(name, NULL);
- dns_name_clone(firstname, name);
+ if (userzone != NULL) {
+ dns_name_init(name, NULL);
+ dns_name_clone(userzone, name);
+ } else {
+ result = dns_message_firstname(updatemsg, section);
+ if (result == ISC_R_NOMORE) {
+ section = DNS_SECTION_PREREQUISITE;
+ result = dns_message_firstname(updatemsg, section);
+ }
+ if (result != ISC_R_SUCCESS) {
+ done_update();
+ return;
+ }
+ firstname = NULL;
+ dns_message_currentname(updatemsg, section, &firstname);
+ dns_name_init(name, NULL);
+ dns_name_clone(firstname, name);
+ }
ISC_LIST_INIT(name->list);
ISC_LIST_APPEND(name->list, rdataset, link);
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index 7a2b4cfb7dd7..f45ec143bbd5 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.10 2005/05/12 21:36:03 sra Exp $ -->
+<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.16 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -34,6 +34,8 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -111,7 +113,7 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when
authenticating each other.
-For instance suitable
+For instance, suitable
<type>key</type>
and
<type>server</type>
@@ -183,16 +185,16 @@ option makes
use a TCP connection.
This may be preferable when a batch of update requests is made.
</para>
-<para>The <option>-t</option> option sets the maximum time a update request can
+<para>The <option>-t</option> option sets the maximum time an update request can
take before it is aborted. The default is 300 seconds. Zero can be used
to disable the timeout.
</para>
<para>The <option>-u</option> option sets the UDP retry interval. The default is
-3 seconds. If zero the interval will be computed from the timeout interval
+3 seconds. If zero, the interval will be computed from the timeout interval
and number of UDP retries.
</para>
<para>The <option>-r</option> option sets the number of UDP retries. The default is
-3. If zero only one update request will be made.
+3. If zero, only one update request will be made.
</para>
</refsect1>
@@ -225,11 +227,9 @@ name server.
The command formats and their meaning are as follows:
<variablelist>
<varlistentry><term>
-<cmdsynopsis>
<command>server</command>
<arg choice="req">servername</arg>
<arg choice="opt">port</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -251,11 +251,9 @@ used.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>local</command>
<arg choice="req">address</arg>
<arg choice="opt">port</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -273,10 +271,8 @@ If no port number is specified, the system will assign one.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>zone</command>
<arg choice="req">zonename</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -292,30 +288,26 @@ will attempt determine the correct zone to update based on the rest of the input
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>class</command>
<arg choice="req">classname</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
Specify the default class.
-If no <parameter>class</parameter> is specified the default class is
+If no <parameter>class</parameter> is specified, the default class is
<parameter>IN</parameter>.
</para>
</listitem>
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>key</command>
<arg choice="req">name</arg>
<arg choice="req">secret</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
-Specifies that all updates are to be TSIG signed using the
+Specifies that all updates are to be TSIG-signed using the
<parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
The <command>key</command> command
overrides any key specified on the command line via
@@ -325,10 +317,8 @@ overrides any key specified on the command line via
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq nxdomain</command>
<arg choice="req">domain-name</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -340,10 +330,8 @@ Requires that no resource record of any type exists with name
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxdomain</command>
<arg choice="req">domain-name</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -355,12 +343,10 @@ exists (has as at least one resource record, of any type).
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq nxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -378,12 +364,10 @@ is omitted, IN (internet) is assumed.
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -401,13 +385,11 @@ is omitted, IN (internet) is assumed.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
<arg choice="req" rep="repeat">data</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -435,13 +417,11 @@ RDATA.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>update delete</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">ttl</arg>
<arg choice="opt">class</arg>
<arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -462,14 +442,12 @@ is ignored, and is only allowed for compatibility.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>update add</command>
<arg choice="req">domain-name</arg>
<arg choice="req">ttl</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
<arg choice="req" rep="repeat">data</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -483,9 +461,7 @@ and
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>show</command>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -496,9 +472,7 @@ updates specified since the last send.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>send</command>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -508,9 +482,7 @@ Sends the current message. This is equivalent to entering a blank line.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>answer</command>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -552,10 +524,10 @@ master name server for
Any A records for
<type>oldhost.example.com</type>
are deleted.
-and an A record for
+And an A record for
<type>newhost.example.com</type>
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added.
+The newly-added record has a 1 day TTL (86400 seconds).
<programlisting>
# nsupdate
> prereq nxdomain nickname.example.com
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 4df8280ce863..009942d11b4e 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.9.2.3.2.15 2006/06/29 13:02:30 marka Exp $ -->
+<!-- $Id: nsupdate.html,v 1.9.2.3.2.20 2007/05/09 03:32:36 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsupdate</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nsupdate &#8212; Dynamic DNS update utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549461"></a><h2>DESCRIPTION</h2>
+<a name="id2543405"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
@@ -77,7 +77,7 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when
authenticating each other.
-For instance suitable
+For instance, suitable
<span class="type">key</span>
and
<span class="type">server</span>
@@ -147,20 +147,20 @@ option makes
use a TCP connection.
This may be preferable when a batch of update requests is made.
</p>
-<p>The <code class="option">-t</code> option sets the maximum time a update request can
+<p>The <code class="option">-t</code> option sets the maximum time an update request can
take before it is aborted. The default is 300 seconds. Zero can be used
to disable the timeout.
</p>
<p>The <code class="option">-u</code> option sets the UDP retry interval. The default is
-3 seconds. If zero the interval will be computed from the timeout interval
+3 seconds. If zero, the interval will be computed from the timeout interval
and number of UDP retries.
</p>
<p>The <code class="option">-r</code> option sets the number of UDP retries. The default is
-3. If zero only one update request will be made.
+3. If zero, only one update request will be made.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549686"></a><h2>INPUT FORMAT</h2>
+<a name="id2543562"></a><h2>INPUT FORMAT</h2>
<p>
<span><strong class="command">nsupdate</strong></span>
reads input from
@@ -189,7 +189,9 @@ The command formats and their meaning are as follows:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">server</code> {servername} [port]</p></div>
+<span><strong class="command">server</strong></span>
+ {servername}
+ [port]
</span></dt>
<dd><p>
Sends all dynamic update requests to the name server
@@ -207,7 +209,9 @@ If no port number is specified, the default DNS port number of 53 is
used.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">local</code> {address} [port]</p></div>
+<span><strong class="command">local</strong></span>
+ {address}
+ [port]
</span></dt>
<dd><p>
Sends all dynamic update requests using the local
@@ -221,7 +225,8 @@ can additionally be used to make requests come from a specific port.
If no port number is specified, the system will assign one.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">zone</code> {zonename}</p></div>
+<span><strong class="command">zone</strong></span>
+ {zonename}
</span></dt>
<dd><p>
Specifies that all updates are to be made to the zone
@@ -233,32 +238,37 @@ statement is provided,
will attempt determine the correct zone to update based on the rest of the input.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">class</code> {classname}</p></div>
+<span><strong class="command">class</strong></span>
+ {classname}
</span></dt>
<dd><p>
Specify the default class.
-If no <em class="parameter"><code>class</code></em> is specified the default class is
+If no <em class="parameter"><code>class</code></em> is specified, the default class is
<em class="parameter"><code>IN</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">key</code> {name} {secret}</p></div>
+<span><strong class="command">key</strong></span>
+ {name}
+ {secret}
</span></dt>
<dd><p>
-Specifies that all updates are to be TSIG signed using the
+Specifies that all updates are to be TSIG-signed using the
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
The <span><strong class="command">key</strong></span> command
overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code> {domain-name}</p></div>
+<span><strong class="command">prereq nxdomain</strong></span>
+ {domain-name}
</span></dt>
<dd><p>
Requires that no resource record of any type exists with name
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code> {domain-name}</p></div>
+<span><strong class="command">prereq yxdomain</strong></span>
+ {domain-name}
</span></dt>
<dd><p>
Requires that
@@ -266,7 +276,10 @@ Requires that
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code> {domain-name} [class] {type}</p></div>
+<span><strong class="command">prereq nxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
</span></dt>
<dd><p>
Requires that no resource record exists of the specified
@@ -279,7 +292,10 @@ If
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type}</p></div>
+<span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
</span></dt>
<dd><p>
This requires that a resource record of the specified
@@ -293,7 +309,11 @@ If
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type} {data...}</p></div>
+<span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
+ {data...}
</span></dt>
<dd><p>
The
@@ -317,7 +337,11 @@ are written in the standard text representation of the resource record's
RDATA.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">update delete</code> {domain-name} [ttl] [class] [type [data...]]</p></div>
+<span><strong class="command">update delete</strong></span>
+ {domain-name}
+ [ttl]
+ [class]
+ [type [data...]]
</span></dt>
<dd><p>
Deletes any resource records named
@@ -334,7 +358,12 @@ is not supplied. The
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">update add</code> {domain-name} {ttl} [class] {type} {data...}</p></div>
+<span><strong class="command">update add</strong></span>
+ {domain-name}
+ {ttl}
+ [class]
+ {type}
+ {data...}
</span></dt>
<dd><p>
Adds a new resource record with the specified
@@ -344,20 +373,20 @@ and
<em class="parameter"><code>data</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">show</code> </p></div>
+<span><strong class="command">show</strong></span>
</span></dt>
<dd><p>
Displays the current message, containing all of the prerequisites and
updates specified since the last send.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">send</code> </p></div>
+<span><strong class="command">send</strong></span>
</span></dt>
<dd><p>
Sends the current message. This is equivalent to entering a blank line.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">answer</code> </p></div>
+<span><strong class="command">answer</strong></span>
</span></dt>
<dd><p>
Displays the answer.
@@ -370,7 +399,7 @@ Lines beginning with a semicolon are comments and are ignored.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550382"></a><h2>EXAMPLES</h2>
+<a name="id2544279"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -395,10 +424,10 @@ master name server for
Any A records for
<span class="type">oldhost.example.com</span>
are deleted.
-and an A record for
+And an A record for
<span class="type">newhost.example.com</span>
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added.
+The newly-added record has a 1 day TTL (86400 seconds).
</p>
<pre class="programlisting">
# nsupdate
@@ -423,7 +452,7 @@ RRSIG, DNSKEY and NSEC records.)
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550426"></a><h2>FILES</h2>
+<a name="id2544323"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -442,7 +471,7 @@ base-64 encoding of HMAC-MD5 key created by
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549061"></a><h2>SEE ALSO</h2>
+<a name="id2544459"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
@@ -456,7 +485,7 @@ base-64 encoding of HMAC-MD5 key created by
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549132"></a><h2>BUGS</h2>
+<a name="id2544531"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in
index e6773151126b..ffa0e8fb508d 100644
--- a/bin/rndc/Makefile.in
+++ b/bin/rndc/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.32.2.3.8.8 2004/07/20 07:01:50 marka Exp $
+# $Id: Makefile.in,v 1.32.2.3.8.12 2007/08/28 07:19:08 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -47,6 +47,8 @@ RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${I
CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+SRCS= rndc.c rndc-confgen.c
+
SUBDIRS = unix
TARGETS = rndc@EXEEXT@ rndc-confgen@EXEEXT@
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
index c6a421879b4b..fc69c3f0b037 100644
--- a/bin/rndc/rndc-confgen.8
+++ b/bin/rndc/rndc-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $
+.\" $Id: rndc-confgen.8,v 1.3.2.5.2.10 2007/01/30 00:11:48 marka Exp $
.\"
.hy 0
.ad l
.\" Title: rndc\-confgen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Aug 27, 2001
.\" Manual: BIND9
.\" Source: BIND9
@@ -56,8 +56,9 @@ file and a
\fBcontrols\fR
statement altogether.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Do automatic
\fBrndc\fR
configuration. This creates a file
@@ -100,31 +101,43 @@ option and set up a
and
\fInamed.conf\fR
as directed.
-.TP 3n
+.RE
+.PP
\-b \fIkeysize\fR
+.RS 4
Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
-.TP 3n
+.RE
+.PP
\-c \fIkeyfile\fR
+.RS 4
Used with the
\fB\-a\fR
option to specify an alternate location for
\fIrndc.key\fR.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBrndc\-confgen\fR.
-.TP 3n
+.RE
+.PP
\-k \fIkeyname\fR
+.RS 4
Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
\fBrndc\-key\fR.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Specifies the command channel port where
\fBnamed\fR
listens for connections from
\fBrndc\fR. The default is 953.
-.TP 3n
+.RE
+.PP
\-r \fIrandomfile\fR
+.RS 4
Specifies a source of random data for generating the authorization. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -132,14 +145,18 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-s \fIaddress\fR
+.RS 4
Specifies the IP address where
\fBnamed\fR
listens for command channel connections from
\fBrndc\fR. The default is the loopback address 127.0.0.1.
-.TP 3n
+.RE
+.PP
\-t \fIchrootdir\fR
+.RS 4
Used with the
\fB\-a\fR
option to specify a directory where
@@ -148,8 +165,10 @@ will run chrooted. An additional copy of the
\fIrndc.key\fR
will be written relative to this directory so that it will be found by the chrooted
\fBnamed\fR.
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
+.RS 4
Used with the
\fB\-a\fR
option to set the owner of the
@@ -157,6 +176,7 @@ option to set the owner of the
file generated. If
\fB\-t\fR
is also specified only the file in the chroot area has its owner changed.
+.RE
.SH "EXAMPLES"
.PP
To allow
@@ -185,4 +205,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook
index e0c5a68cf6f6..6b49fd7ca073 100644
--- a/bin/rndc/rndc-confgen.docbook
+++ b/bin/rndc/rndc-confgen.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.5 2005/05/13 01:22:34 marka Exp $ -->
+<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.8 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
index 058cd56d1637..cc04b7843b64 100644
--- a/bin/rndc/rndc-confgen.html
+++ b/bin/rndc/rndc-confgen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.13 2006/06/29 13:02:31 marka Exp $ -->
+<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.16 2007/01/30 00:11:48 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549476"></a><h2>DESCRIPTION</h2>
+<a name="id2543417"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">rndc-confgen</strong></span> generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -48,7 +48,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549522"></a><h2>OPTIONS</h2>
+<a name="id2543463"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -148,7 +148,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549972"></a><h2>EXAMPLES</h2>
+<a name="id2543777"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -167,7 +167,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550016"></a><h2>SEE ALSO</h2>
+<a name="id2543820"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
@@ -176,7 +176,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550058"></a><h2>AUTHOR</h2>
+<a name="id2543863"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index 04bd133f376f..9b7a4e13793d 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.24.206.6 2006/06/29 13:02:30 marka Exp $
+.\" $Id: rndc.8,v 1.24.206.12 2007/12/14 22:37:11 marka Exp $
.\"
.hy 0
.ad l
.\" Title: rndc
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -47,20 +47,22 @@ is invoked with no command line options or arguments, it prints a short summary
communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
\fBrndc\fR
and
-\fBnamed\fR
-named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
.PP
\fBrndc\fR
reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
.SH "OPTIONS"
-.TP 3n
+.PP
\-c \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/rndc.conf\fR.
-.TP 3n
+.RE
+.PP
\-k \fIkey\-file\fR
+.RS 4
Use
\fIkey\-file\fR
as the key file instead of the default,
@@ -69,30 +71,41 @@ as the key file instead of the default,
will be used to authenticate commands sent to the server if the
\fIconfig\-file\fR
does not exist.
-.TP 3n
+.RE
+.PP
\-s \fIserver\fR
+.RS 4
\fIserver\fR
is the name or address of the server which matches a server statement in the configuration file for
-\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used.
-.TP 3n
+\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
+\fBrndc\fR
+configuration file will be used.
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Send commands to TCP port
\fIport\fR
instead of BIND 9's default control channel port, 953.
-.TP 3n
+.RE
+.PP
\-V
+.RS 4
Enable verbose logging.
-.TP 3n
-\-y \fIkeyid\fR
+.RE
+.PP
+\-y \fIkey_id\fR
+.RS 4
Use the key
-\fIkeyid\fR
+\fIkey_id\fR
from the configuration file.
-\fIkeyid\fR
+\fIkey_id\fR
must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
-\fIkeyid\fR
+\fIkey_id\fR
is specified,
\fBrndc\fR
will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
+.RE
.PP
For the complete set of commands supported by
\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run
@@ -113,12 +126,16 @@ Several error messages could be clearer.
.SH "SEE ALSO"
.PP
\fBrndc.conf\fR(5),
+\fBrndc\-confgen\fR(8),
\fBnamed\fR(8),
-\fBnamed.conf\fR(5)
+\fBnamed.conf\fR(5),
\fBndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index 3a06a44cd0b8..d71cc50395c3 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.conf.5,v 1.21.206.6 2006/06/29 13:02:31 marka Exp $
+.\" $Id: rndc.conf.5,v 1.21.206.9 2007/05/09 03:32:36 marka Exp $
.\"
.hy 0
.ad l
.\" Title: \fIrndc.conf\fR
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -101,7 +101,7 @@ program, also known as
does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
.SH "EXAMPLE"
.sp
-.RS 3n
+.RS 4
.nf
options {
default\-server localhost;
@@ -128,7 +128,7 @@ To generate a random secret with
.PP
A complete
\fIrndc.conf\fR
-file, including the randomly generated key, will be written to the standard output. Commented out
+file, including the randomly generated key, will be written to the standard output. Commented\-out
\fBkey\fR
and
\fBcontrols\fR
@@ -158,4 +158,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
index 16b9caf43cbe..a1cc80a0f6c8 100644
--- a/bin/rndc/rndc.conf.docbook
+++ b/bin/rndc/rndc.conf.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.docbook,v 1.4.206.4 2005/05/12 21:36:04 sra Exp $ -->
+<!-- $Id: rndc.conf.docbook,v 1.4.206.8 2007/08/28 07:19:08 tbox Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -166,7 +167,7 @@
<para>
A complete <filename>rndc.conf</filename> file, including the
randomly generated key, will be written to the standard
- output. Commented out <option>key</option> and
+ output. Commented-out <option>key</option> and
<option>controls</option> statements for
<filename>named.conf</filename> are also printed.
</para>
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index fefe616d8dc2..2bf728e106c6 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.html,v 1.5.2.1.4.13 2006/06/29 13:02:31 marka Exp $ -->
+<!-- $Id: rndc.conf.html,v 1.5.2.1.4.17 2007/05/09 03:32:36 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">rndc.conf</code> &#8212; rndc configuration file</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549398"></a><h2>DESCRIPTION</h2>
+<a name="id2543339"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
@@ -105,7 +105,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549601"></a><h2>EXAMPLE</h2>
+<a name="id2543474"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -139,7 +139,7 @@
<p>
A complete <code class="filename">rndc.conf</code> file, including the
randomly generated key, will be written to the standard
- output. Commented out <code class="option">key</code> and
+ output. Commented-out <code class="option">key</code> and
<code class="option">controls</code> statements for
<code class="filename">named.conf</code> are also printed.
</p>
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549730"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2543534"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -161,7 +161,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549750"></a><h2>SEE ALSO</h2>
+<a name="id2543555"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
@@ -170,7 +170,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549793"></a><h2>AUTHOR</h2>
+<a name="id2543597"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index afb88f5f6ea2..66658a9c02bb 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.docbook,v 1.7.206.4 2005/05/12 21:36:05 sra Exp $ -->
+<!-- $Id: rndc.docbook,v 1.7.206.11 2007/12/14 20:56:36 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -77,7 +78,7 @@
<command>rndc</command> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <command>rndc</command> and <command>named</command> named
+ <command>rndc</command> and <command>named</command>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -124,14 +125,13 @@
<varlistentry>
<term>-s <replaceable class="parameter">server</replaceable></term>
<listitem>
- <para>
- <replaceable class="parameter">server</replaceable> is
- the name or address of the server which matches a
- server statement in the configuration file for
- <command>rndc</command>. If no server is supplied on the
- command line, the host named by the default-server clause
- in the option statement of the configuration file will be
- used.
+ <para><replaceable class="parameter">server</replaceable> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <command>rndc</command>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <command>rndc</command>
+ configuration file will be used.
</para>
</listitem>
</varlistentry>
@@ -157,15 +157,15 @@
</varlistentry>
<varlistentry>
- <term>-y <replaceable class="parameter">keyid</replaceable></term>
+ <term>-y <replaceable class="parameter">key_id</replaceable></term>
<listitem>
<para>
- Use the key <replaceable class="parameter">keyid</replaceable>
+ Use the key <replaceable class="parameter">key_id</replaceable>
from the configuration file.
- <replaceable class="parameter">keyid</replaceable> must be
+ <replaceable class="parameter">key_id</replaceable> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
- If no <replaceable class="parameter">keyid</replaceable>
+ If no <replaceable class="parameter">key_id</replaceable>
is specified, <command>rndc</command> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
@@ -211,13 +211,17 @@
<manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named.conf</refentrytitle>
<manvolnum>5</manvolnum>
- </citerefentry>
+ </citerefentry>,
<citerefentry>
<refentrytitle>ndc</refentrytitle>
<manvolnum>8</manvolnum>
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index 4dfd3188142d..36a5eea5acfe 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.7.2.1.4.12 2006/06/29 13:02:31 marka Exp $ -->
+<!-- $Id: rndc.html,v 1.7.2.1.4.19 2007/12/14 22:37:11 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">rndc</span> &#8212; name server control utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549451"></a><h2>DESCRIPTION</h2>
+<a name="id2543393"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">rndc</strong></span> controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -46,7 +46,7 @@
<span><strong class="command">rndc</strong></span> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
+ <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549492"></a><h2>OPTIONS</h2>
+<a name="id2543433"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
@@ -79,14 +79,13 @@
does not exist.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
-<dd><p>
- <em class="replaceable"><code>server</code></em> is
- the name or address of the server which matches a
- server statement in the configuration file for
- <span><strong class="command">rndc</strong></span>. If no server is supplied on the
- command line, the host named by the default-server clause
- in the option statement of the configuration file will be
- used.
+<dd><p><em class="replaceable"><code>server</code></em> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <span><strong class="command">rndc</strong></span>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <span><strong class="command">rndc</strong></span>
+ configuration file will be used.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
@@ -98,14 +97,14 @@
<dd><p>
Enable verbose logging.
</p></dd>
-<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
+<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
- Use the key <em class="replaceable"><code>keyid</code></em>
+ Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
- <em class="replaceable"><code>keyid</code></em> must be
+ <em class="replaceable"><code>key_id</code></em> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
- If no <em class="replaceable"><code>keyid</code></em>
+ If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
@@ -123,7 +122,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549811"></a><h2>LIMITATIONS</h2>
+<a name="id2543619"></a><h2>LIMITATIONS</h2>
<p>
<span><strong class="command">rndc</strong></span> does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@@ -137,17 +136,18 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549840"></a><h2>SEE ALSO</h2>
+<a name="id2543648"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
- <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
+ <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549892"></a><h2>AUTHOR</h2>
+<a name="id2543709"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/rndc/unix/Makefile.in b/bin/rndc/unix/Makefile.in
index 0409a188838f..c233e3812db1 100644
--- a/bin/rndc/unix/Makefile.in
+++ b/bin/rndc/unix/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2001 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001, 2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.12.3 2004/03/08 04:04:24 marka Exp $
+# $Id: Makefile.in,v 1.1.12.6 2007/08/28 07:19:08 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
diff --git a/configure.in b/configure.in
index 050a2722314c..d4ea2bd2fe90 100644
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
-AC_REVISION($Revision: 1.294.2.23.2.73 $)
+AC_REVISION($Revision: 1.294.2.23.2.82 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.13)
@@ -237,6 +237,7 @@ AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param
AC_C_CONST
AC_C_INLINE
+AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
#
@@ -420,6 +421,21 @@ case "$use_openssl" in
*-hp-hpux*)
DNS_OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto"
;;
+ *-apple-darwin*)
+ #
+ # Apple's ld seaches for serially for dynamic
+ # then static libraries. This means you can't
+ # use -L to override dynamic system libraries
+ # with static ones when linking. Instead
+ # we specify a absolute path.
+ #
+ if test -f "$use_openssl/lib/libcrypto.dylib"
+ then
+ DNS_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
+ else
+ DNS_OPENSSL_LIBS="$use_openssl/lib/libcrypto.a"
+ fi
+ ;;
*)
DNS_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
;;
@@ -466,16 +482,6 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
[AC_MSG_RESULT(assuming it does work on target platform)]
)
- AC_CHECK_FUNC(DH_generate_parameters,
- AC_DEFINE(HAVE_DH_GENERATE_PARAMETERS, 1,
- [Define if libcrypto has DH_generate_parameters]))
- AC_CHECK_FUNC(RSA_generate_key,
- AC_DEFINE(HAVE_RSA_GENERATE_KEY, 1,
- [Define if libcrypto has RSA_generate_key]))
- AC_CHECK_FUNC(DSA_generate_parameters,
- AC_DEFINE(HAVE_DSA_GENERATE_PARAMETERS, 1,
- [Define if libcrypto has DSA_generate_parameters]))
-
AC_ARG_ENABLE(openssl-version-check,
[AC_HELP_STRING([--enable-openssl-version-check],
[Check OpenSSL Version @<:@default=yes@:>@])])
@@ -1847,6 +1853,13 @@ case "$hack_shutup_stdargcast" in
;;
esac
+AC_CHECK_HEADERS(strings.h,
+ ISC_PLATFORM_HAVESTRINGSH="#define ISC_PLATFORM_HAVESTRINGSH 1"
+,
+ ISC_PLATFORM_HAVESTRINGSH="#undef ISC_PLATFORM_HAVESTRINGSH"
+)
+AC_SUBST(ISC_PLATFORM_HAVESTRINGSH)
+
#
# Check for if_nametoindex() for IPv6 scoped addresses support
#
@@ -1962,24 +1975,35 @@ fi
AC_SUBST($1)
])
-#
-# Look for Docbook-XSL stylesheets. Location probably varies by
-# system. Guessing where it might be found, based on where SGML stuff
-# lives on some systems. FreeBSD is the only one I'm sure of at the
-# moment.
-#
-
-docbook_xsl_trees="/usr/pkg/share/xsl /usr/local/share/xsl /usr/share/xsl"
+# Look for Docbook-XSL stylesheets. Location probably varies by system.
+# If it's not explicitly specified, guess where it might be found, based on
+# where SGML stuff lives on some systems (FreeBSD is the only one we're sure
+# of at the moment).
+#
+AC_MSG_CHECKING(for Docbook-XSL path)
+AC_ARG_WITH(docbook-xsl,
+[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
+ docbook_path="$withval", docbook_path="auto")
+case "$docbook_path" in
+auto)
+ AC_MSG_RESULT(auto)
+ docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook"
+ ;;
+*)
+ docbook_xsl_trees="$withval"
+ AC_MSG_RESULT($docbook_xsl_trees)
+ ;;
+esac
#
# Look for stylesheets we need.
#
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, docbook/html/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, docbook/xhtml/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, docbook/manpages/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, docbook/html/chunk.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, docbook/xhtml/chunk.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, html/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, xhtml/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, manpages/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, html/chunk.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, xhtml/chunk.xsl, $docbook_xsl_trees)
#
# Same dance for db2latex
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index bccb088a664a..67f8c8973624 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.155.2.27.2.74 2006/11/14 22:38:53 sra Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.155.2.27.2.88 2008/01/18 23:45:32 tbox Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
@@ -28,6 +28,8 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -79,8 +81,8 @@
</emphasis>addresses security considerations, and
<emphasis>Section 8</emphasis> contains troubleshooting help. The
main body of the document is followed by several
- <emphasis>Appendices</emphasis> which contain useful reference
- information, such as a <emphasis>Bibliography</emphasis> and
+ <emphasis>appendices</emphasis> which contain useful reference
+ information, such as a <emphasis>bibliography</emphasis> and
historic information related to <acronym>BIND</acronym> and the Domain Name
System.</para>
</sect1>
@@ -148,7 +150,7 @@ describe:</emphasis></para></entry>
</tgroup></informaltable></para></sect1>
<sect1><title>The Domain Name System (<acronym>DNS</acronym>)</title>
<para>The purpose of this document is to explain the installation
-and upkeep of the <acronym>BIND</acronym> software package, and we
+and upkeep of the <acronym>BIND</acronym> (Berkeley Internet Name Domain) software package, and we
begin by reviewing the fundamentals of the Domain Name System
(<acronym>DNS</acronym>) as they relate to <acronym>BIND</acronym>.
</para>
@@ -516,7 +518,8 @@ zone "eng.example.com" {
<title>Load Balancing</title>
<para>A primitive form of load balancing can be achieved in
-the <acronym>DNS</acronym> by using multiple A records for one name.</para>
+the <acronym>DNS</acronym> by using multiple records
+(such as multiple A records) for one name.</para>
<para>For example, if you have three WWW servers with network addresses
of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
@@ -636,6 +639,8 @@ can be extended with the use of options.</para>
<arg>-t <replaceable>type</replaceable></arg>
<arg>-W <replaceable>timeout</replaceable></arg>
<arg>-R <replaceable>retries</replaceable></arg>
+ <arg>-4</arg>
+ <arg>-6</arg>
<arg choice="plain"><replaceable>hostname</replaceable></arg>
<arg><replaceable>server</replaceable></arg>
</cmdsynopsis>
@@ -719,6 +724,11 @@ of a server.</para>
<para>The remote name daemon control
(<command>rndc</command>) program allows the system
administrator to control the operation of a name server.
+ Since <acronym>BIND</acronym> 9.2, <command>rndc</command>
+ supports all the commands of the BIND 8 <command>ndc</command>
+ utility except <command>ndc start</command> and
+ <command>ndc restart</command>, which were also
+ not supported in <command>ndc</command>'s channel mode.
If you run <command>rndc</command> without any options
it will display a usage message as follows:</para>
<cmdsynopsis label="Usage">
@@ -1121,7 +1131,8 @@ to allow internal networks that are behind filters or in RFC 1918
space (reserved IP space, as documented in RFC 1918) to resolve DNS
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.</para>
-<para>Here is an example of a split DNS setup:</para>
+ <sect2>
+ <title>Example split DNS setup</title>
<para>Let's say a company named <emphasis>Example, Inc.</emphasis>
(<literal>example.com</literal>)
has several corporate sites that have an internal network with reserved
@@ -1292,6 +1303,7 @@ nameserver 172.16.72.2
nameserver 172.16.72.3
nameserver 172.16.72.4
</programlisting>
+ </sect2>
</sect1>
<sect1 id="tsig"><title>TSIG</title>
<para>This is a short guide to setting up Transaction SIGnatures
@@ -1417,7 +1429,7 @@ allow-update { key host1-host2. ;};
outside of the allowed range, the response will be signed with
the TSIG extended error code set to BADTIME, and the time values
will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode is set to
+ verified. In any of these cases, the message's rcode (response code) is set to
NOTAUTH (not authenticated).</para>
</sect2>
@@ -1476,7 +1488,7 @@ allow-update { key host1-host2. ;};
<para>Cryptographic authentication of DNS information is possible
through the DNS Security (<emphasis>DNSSEC-bis</emphasis>)
- extensions, defined in RFC 4033, RFC4034 and RFC4035. This
+ extensions, defined in RFC 4033, RFC4034, and RFC4035. This
section describes the creation and use of DNSSEC signed
zones.</para>
@@ -1525,7 +1537,7 @@ allow-update { key host1-host2. ;};
<para>Two output files will be produced:
<filename>Kchild.example.+005+12345.key</filename> and
<filename>Kchild.example.+005+12345.private</filename> (where
- 12345 is an example of a key tag). The key file names contain
+ 12345 is an example of a key tag). The key filenames contain
the key name (<filename>child.example.</filename>), algorithm (3
is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in this case).
The private key (in the <filename>.private</filename> file) is
@@ -1570,7 +1582,7 @@ allow-update { key host1-host2. ;};
<para><command>dnssec-signzone</command> will also produce a
keyset and dsset files and optionally a dlvset file. These
- are used to provide the parent zone administators with the
+ are used to provide the parent zone administrators with the
<literal>DNSKEYs</literal> (or their corresponding <literal>DS</literal>
records) that are the secure entry point to the zone.</para>
@@ -1857,7 +1869,7 @@ ambiguity, and need to be disambiguated.</para></entry>
<row rowsep = "0">
<entry colname = "1"><para><varname>ip_port</varname></para></entry>
<entry colname = "2"><para>An IP port <varname>number</varname>.
-<varname>number</varname> is limited to 0 through 65535, with values
+The <varname>number</varname> is limited to 0 through 65535, with values
below 1024 typically restricted to use by processes running as root.
In some cases, an asterisk (`*') character can be used as a placeholder to
select a random high-numbered port.</para></entry>
@@ -1996,7 +2008,7 @@ other 1.2.3.* hosts fall through.</para>
<title>Comment Syntax</title>
<para>The <acronym>BIND</acronym> 9 comment syntax allows for comments to appear
-anywhere that white space may appear in a <acronym>BIND</acronym> configuration
+anywhere that whitespace may appear in a <acronym>BIND</acronym> configuration
file. To appeal to programmers of all kinds, they can be written
in the C, C++, or shell/perl style.</para>
@@ -2010,7 +2022,7 @@ in the C, C++, or shell/perl style.</para>
</sect3>
<sect3>
<title>Definition and Usage</title>
-<para>Comments may appear anywhere that white space may appear in
+<para>Comments may appear anywhere that whitespace may appear in
a <acronym>BIND</acronym> configuration file.</para>
<para>C-style comments start with the two characters /* (slash,
star) and end with */ (star, slash). Because they are completely
@@ -2305,7 +2317,7 @@ statement: <command>controls { };</command>.
</sect2>
<sect2>
<title><command>include</command> Statement Grammar</title>
- <programlisting>include <replaceable>filename</replaceable>;</programlisting>
+ <programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
</sect2>
<sect2>
<title><command>include</command> Statement Definition and Usage</title>
@@ -2321,7 +2333,7 @@ statement: <command>controls { };</command>.
</sect2>
<sect2>
<title><command>key</command> Statement Grammar</title>
-<programlisting>key <replaceable>key_id</replaceable> {
+<programlisting><command>key</command> <replaceable>key_id</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
@@ -2765,7 +2777,7 @@ statement in the <filename>named.conf</filename> file:</para>
<para>The <command>lwres</command> statement configures the name
server to also act as a lightweight resolver server. (See
-<xref linkend="lwresd"/>.) There may be be multiple
+<xref linkend="lwresd"/>.) There may be multiple
<command>lwres</command> statements configuring
lightweight resolver servers with different properties.</para>
@@ -2809,7 +2821,7 @@ to be easily used by multiple stub and slave zones.</para>
<para>This is the grammar of the <command>options</command>
statement in the <filename>named.conf</filename> file:</para>
-<programlisting>options {
+<programlisting><command>options</command> {
<optional> version <replaceable>version_string</replaceable>; </optional>
<optional> hostname <replaceable>hostname_string</replaceable>; </optional>
<optional> server-id <replaceable>server_id_string</replaceable>; </optional>
@@ -2822,6 +2834,7 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> dump-file <replaceable>path_name</replaceable>; </optional>
<optional> memstatistics-file <replaceable>path_name</replaceable>; </optional>
<optional> pid-file <replaceable>path_name</replaceable>; </optional>
+ <optional> recursing-file <replaceable>path_name</replaceable>; </optional>
<optional> statistics-file <replaceable>path_name</replaceable>; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable>; </optional>
<optional> auth-nxdomain <replaceable>yes_or_no</replaceable>; </optional>
@@ -2994,11 +3007,24 @@ the database to when instructed to do so with
<command>rndc dumpdb</command>.
If not specified, the default is <filename>named_dump.db</filename>.</para>
</listitem></varlistentry>
-<varlistentry><term><command>memstatistics-file</command></term>
-<listitem><para>The pathname of the file the server writes memory
-usage statistics to on exit. If not specified,
-the default is <filename>named.memstats</filename>.</para>
-</listitem></varlistentry>
+
+ <varlistentry>
+ <term><command>memstatistics-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server writes memory
+ usage statistics to on exit. If specified the
+ statistics will be written to the file on exit.
+ </para>
+ <para>
+ In <acronym>BIND</acronym> 9.5 and later this will
+ default to <filename>named.memstats</filename>.
+ <acronym>BIND</acronym> 9.5 will also introduce
+ <command>memstatistics</command> to control the
+ writing.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry><term><command>pid-file</command></term>
<listitem><para>The pathname of the file the server writes its process ID
@@ -3007,10 +3033,22 @@ The pid-file is used by programs that want to send signals to the running
name server. Specifying <command>pid-file none</command> disables the
use of a PID file &mdash; no file will be written and any
existing one will be removed. Note that <command>none</command>
-is a keyword, not a file name, and therefore is not enclosed in
+is a keyword, not a filename, and therefore is not enclosed in
double quotes.</para>
</listitem></varlistentry>
+ <varlistentry>
+ <term><command>recursing-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server dumps
+ the queries that are currently recursing when instructed
+ to do so with <command>rndc recursing</command>.
+ If not specified, the default is <filename>named.recursing</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry><term><command>statistics-file</command></term>
<listitem><para>The pathname of the file the server appends statistics
to when instructed to do so using <command>rndc stats</command>.
@@ -3318,7 +3356,7 @@ in the <command>statistics-file</command>. See also <xref linkend="statsfile"/>
<varlistentry><term><command>use-ixfr</command></term>
<listitem><para><emphasis>This option is obsolete</emphasis>.
-If you need to disable IXFR to a particular server or servers see
+If you need to disable IXFR to a particular server or servers, see
the information on the <command>provide-ixfr</command> option
in <xref linkend="server_statement_definition_and_usage"/>. See also
<xref linkend="incremental_zone_transfers"/>.
@@ -3491,7 +3529,7 @@ and RFC 821 as modified by RFC 1123.
MX records. It also applies to the domain names in the RDATA of NS, SOA and MX
records. It also applies to the RDATA of PTR records where the owner name
indicated that it is a reverse lookup of a hostname (the owner name ends in
-IN-ADDR.ARPA, IP6.ARPA, IP6.INT).
+IN-ADDR.ARPA, IP6.ARPA, or IP6.INT).
</para>
</listitem></varlistentry>
@@ -4086,7 +4124,7 @@ stop listening on interfaces that have gone away.</para>
every <command>statistics-interval</command> minutes. The default is
60. The maximum value is 28 days (40320 minutes).
If set to 0, no statistics will be logged.</para><note>
-<simpara>Not yet implemented in <acronym>BIND</acronym>9.</simpara></note>
+<simpara>Not yet implemented in <acronym>BIND</acronym> 9.</simpara></note>
</listitem></varlistentry>
</variablelist>
@@ -4330,7 +4368,7 @@ and clamp the SOA refresh and retry times to the specified values.
<command>edns-udp-size</command> sets the advertised EDNS UDP buffer
size in bytes. Valid values are 512 to 4096 bytes (values outside this range will be
silently adjusted). The default value is 4096. The usual reason for
-setting edns-udp-size to a non-default value it to get UDP answers to
+setting edns-udp-size to a non-default value is to get UDP answers to
pass through broken firewalls that block fragmented packets and/or
block UDP packets that are greater than 512 bytes.
</para></listitem></varlistentry>
@@ -4480,7 +4518,7 @@ to be incremented, and may additionally cause the
<sect2 id="server_statement_grammar">
<title><command>server</command> Statement Grammar</title>
-<programlisting>server <replaceable>ip_addr</replaceable> {
+<programlisting><command>server</command> <replaceable>ip_addr</replaceable> {
<optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
<optional> provide-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
@@ -4586,7 +4624,7 @@ For more details, see the description of
</sect2>
<sect2><title><command>trusted-keys</command> Statement Grammar</title>
-<programlisting>trusted-keys {
+<programlisting><command>trusted-keys</command> {
<replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
<optional> <replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; <optional>...</optional></optional>
};
@@ -4626,7 +4664,7 @@ For more details, see the description of
<sect2 id="view_statement_grammar">
<title><command>view</command> Statement Grammar</title>
-<programlisting>view <replaceable>view_name</replaceable>
+<programlisting><command>view</command> <replaceable>view_name</replaceable>
<optional><replaceable>class</replaceable></optional> {
match-clients { <replaceable>address_match_list</replaceable> } ;
match-destinations { <replaceable>address_match_list</replaceable> } ;
@@ -4722,7 +4760,7 @@ view "external" {
</sect2>
<sect2 id="zone_statement_grammar"><title><command>zone</command>
Statement Grammar</title>
-<programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
+<programlisting><command>zone</command> <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
type master;
<optional> allow-query { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> } ; </optional>
@@ -4870,7 +4908,7 @@ and reloaded from this file on a server restart. Use of a file is
recommended, since it often speeds server startup and eliminates
a needless waste of bandwidth. Note that for large numbers (in the
tens or hundreds of thousands) of zones per server, it is best to
-use a two-level naming scheme for zone file names. For example,
+use a two-level naming scheme for zone filenames. For example,
a slave server for the zone <literal>example.com</literal> might place
the zone contents into a file called
<filename>ex/example.com</filename> where <filename>ex/</filename> is
@@ -4958,7 +4996,7 @@ used to share information about various systems databases, such
as users, groups, printers and so on. The keyword
<literal>HS</literal> is
a synonym for hesiod.</para>
-<para>Another MIT development is CHAOSnet, a LAN protocol created
+<para>Another MIT development is Chaosnet, a LAN protocol created
in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</literal> class.</para></sect3>
<sect3>
@@ -5225,7 +5263,7 @@ shared secret is the same as the identity of the key used to authenticate the
TKEY exchange. When the <replaceable>identity</replaceable> field specifies a
wildcard name, it is subject to DNS wildcard expansion, so the rule will apply
to multiple identities. The <replaceable>identity</replaceable> field must
-contain a fully qualified domain name.</para>
+contain a fully-qualified domain name.</para>
<para>The <replaceable>nametype</replaceable> field has 4 values:
<varname>name</varname>, <varname>subdomain</varname>,
@@ -5270,7 +5308,7 @@ specified as <constant>*</constant> in this case.</para></entry>
</tgroup></informaltable>
<para>In all cases, the <replaceable>name</replaceable> field must
-specify a fully qualified domain name.</para>
+specify a fully-qualified domain name.</para>
<para>If no types are explicitly specified, this rule matches all types except
SIG, NS, SOA, and NXT. Types may be specified by name, including
@@ -5514,7 +5552,7 @@ are currently valid in the DNS:</para><informaltable colsep = "0"
<row rowsep = "0">
<entry colname = "1"><para>CH</para></entry>
<entry colname = "2"><para>
-CHAOSnet, a LAN protocol created at MIT in the mid-1970s.
+Chaosnet, a LAN protocol created at MIT in the mid-1970s.
Rarely used for its historical purpose, but reused for BIND's
built-in server information zones, e.g.,
<literal>version.bind</literal>.
@@ -5776,7 +5814,7 @@ in the <optional>example.com</optional> domain:</para>
</tgroup></informaltable>
<note>
<para>The <command>$ORIGIN</command> lines in the examples
-are for providing context to the examples only-they do not necessarily
+are for providing context to the examples only &mdash; they do not necessarily
appear in the actual usage. They are only used here to indicate
that the example is relative to the listed origin.</para></note></sect2>
<sect2><title>Other Zone File Directives</title>
@@ -5855,16 +5893,16 @@ or start-stop/step. If the first form is used, then step is set to
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>lhs</command></para></entry>
- <entry colname = "2"><para><command>lhs</command> describes the
+ <entry colname = "2"><para>This describes the
owner name of the resource records to be created. Any single
<command>$</command> (dollar sign) symbols
within the <command>lhs</command> side are replaced by the iterator
value.
-To get a $ in the output you need to escape the <command>$</command>
+To get a $ in the output, you need to escape the <command>$</command>
using a backslash <command>\</command>,
e.g. <command>\$</command>. The <command>$</command> may optionally be followed
by modifiers which change the offset from the iterator, field width and base.
-Modifiers are introduced by a <command>{</command> immediately following the
+Modifiers are introduced by a <command>{</command> (left brace) immediately following the
<command>$</command> as <command>${offset[,width[,base]]}</command>.
For example, <command>${-20,3,d}</command> which subtracts 20 from the current value,
prints the result as a decimal in a zero-padded field of width 3. Available
@@ -5900,7 +5938,7 @@ PTR, CNAME, DNAME, A, AAAA and NS.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>rhs</command></para></entry>
- <entry colname = "2"><para>A domain name. It is processed
+ <entry colname = "2"><para><command>rhs</command> is a domain name. It is processed
similarly to lhs.</para></entry>
</row>
</tbody>
@@ -5954,7 +5992,7 @@ unless recursion has been previously disabled.</para>
<para>For more information on how to use ACLs to protect your server,
see the <emphasis>AUSCERT</emphasis> advisory at
<ulink url="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos">ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</ulink></para></sect1>
-<sect1><title><command>chroot</command> and <command>setuid</command> (for
+<sect1><title><command>Chroot</command> and <command>Setuid</command> (for
UNIX servers)</title>
<para>On UNIX servers, it is possible to run <acronym>BIND</acronym> in a <emphasis>chrooted</emphasis> environment
(using the <command>chroot()</command> function) by specifying the "<option>-t</option>"
@@ -5981,7 +6019,7 @@ like <command>directory</command> and <command>pid-file</command> to account
for this.
</para>
<para>
-Unlike with earlier versions of BIND, you will typically
+Unlike with earlier versions of BIND, you typically will
<emphasis>not</emphasis> need to compile <command>named</command>
statically nor install shared libraries under the new root.
However, depending on your operating system, you may need
@@ -6054,16 +6092,18 @@ all.</para>
<sect1>
<title>Incrementing and Changing the Serial Number</title>
- <para>Zone serial numbers are just numbers-they aren't date
- related. A lot of people set them to a number that represents a
- date, usually of the form YYYYMMDDRR. A number of people have been
- testing these numbers for Y2K compliance and have set the number
- to the year 2000 to see if it will work. They then try to restore
- the old serial number. This will cause problems because serial
- numbers are used to indicate that a zone has been updated. If the
- serial number on the slave server is lower than the serial number
- on the master, the slave server will attempt to update its copy of
- the zone.</para>
+ <para>
+ Zone serial numbers are just numbers &mdash; they aren't
+ date related. A lot of people set them to a number that
+ represents a date, usually of the form YYYYMMDDRR.
+ Occasionally they will make a mistake and set them to a
+ "date in the future" then try to correct them by setting
+ them to the "current date". This causes problems because
+ serial numbers are used to indicate that a zone has been
+ updated. If the serial number on the slave server is
+ lower than the serial number on the master, the slave
+ server will attempt to update its copy of the zone.
+ </para>
<para>Setting the serial number to a lower number on the master
server than the slave server means that the slave will not perform
@@ -6137,7 +6177,7 @@ employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, fro
to 1987. Many other people also contributed to <acronym>BIND</acronym> development
during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell,
Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
-handled by Mike Karels and O. Kure.</para>
+handled by Mike Karels and &#216;ivind Kure.</para>
<para><acronym>BIND</acronym> versions 4.9 and 4.9.1 were released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then
a DEC employee, became <acronym>BIND</acronym>'s primary caretaker. He was assisted
@@ -6145,13 +6185,27 @@ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
Wolfhugel, and others.</para>
- <para><acronym>BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
+ <para>In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
Vixie became <acronym>BIND</acronym>'s principal architect/programmer.</para>
<para><acronym>BIND</acronym> versions from 4.9.3 onward have been developed and maintained
by the Internet Software Consortium with support being provided
-by ISC's sponsors. As co-architects/programmers, Bob Halley and
+by ISC's sponsors.
+ </para>
+ <para>As co-architects/programmers, Bob Halley and
Paul Vixie released the first production-ready version of <acronym>BIND</acronym> version
8 in May 1997.</para>
+ <para>
+ BIND version 9 was released in September 2000 and is a
+ major rewrite of nearly all aspects of the underlying
+ BIND architecture.
+ </para>
+ <para>
+ BIND version 4 is officially deprecated and BIND version
+ 8 development is considered maintenance-only in favor
+ of BIND version 9. No additional development is done
+ on BIND version 4 or BIND version 8 other than for
+ security-related patches.
+ </para>
<para><acronym>BIND</acronym> development work is made possible today by the sponsorship
of several corporations, and by the tireless work efforts of numerous
individuals.</para>
@@ -6168,7 +6222,8 @@ scalable Internet routing. There are three types of addresses: <emphasis>Unicast
an identifier for a single interface; <emphasis>Anycast</emphasis>,
an identifier for a set of interfaces; and <emphasis>Multicast</emphasis>,
an identifier for a set of interfaces. Here we describe the global
-Unicast address scheme. For more information, see RFC 2374.</para>
+Unicast address scheme. For more information, see RFC 3587,
+"Global Unicast Address Format."</para>
<para>The aggregatable global Unicast address format is as follows:</para>
<informaltable colsep = "0" rowsep = "0"><tgroup cols = "6"
colsep = "0" rowsep = "0" tgroupstyle = "1Level-table">
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 3f3aebb10c42..92c670876011 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.12.2.2.8.15 2006/07/20 02:33:31 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch01.html,v 1.12.2.2.8.20 2008/01/19 01:52:13 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Chapter 1. Introduction </title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<title>Chapter 1. Introduction</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569434">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569460">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569736">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569994">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563879">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564246">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564317">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563142">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570014">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570323">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570407">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570550">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570642">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570699">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563162">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563197">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565057">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565131">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565223">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565281">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -67,7 +67,7 @@
hierarchical databases.</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569434"></a>Scope of Document</h2></div></div></div>
+<a name="id2563879"></a>Scope of Document</h2></div></div></div>
<p>The Berkeley Internet Name Domain (<acronym class="acronym">BIND</acronym>) implements a
domain name server for a number of operating systems. This
document provides basic information about the installation and
@@ -78,7 +78,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569460"></a>Organization of This Document</h2></div></div></div>
+<a name="id2564246"></a>Organization of This Document</h2&