mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-26 16:18:31 +00:00
Update Bind to 9.9.3-P2
Notable new features: * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] * The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently. Approved by: delphij (mentor) MFC after: 3 days Sponsored by: DK Hostmaster A/S
This commit is contained in:
commit
08e6ea976b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=254651
File diff suppressed because it is too large
Load Diff
@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
$Id: COPYRIGHT,v 1.17.14.2 2012/01/04 23:46:18 tbox Exp $
|
||||
$Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $
|
||||
|
||||
Portions of this code release fall under one or more of the
|
||||
following Copyright notices. Please see individual source
|
||||
|
@ -1,5 +1,57 @@
|
||||
Summary of functional enhancements from prior major releases of BIND 9:
|
||||
|
||||
BIND 9.8.0
|
||||
|
||||
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
|
||||
releases. New features include:
|
||||
|
||||
- Built-in trust anchor for the root zone, which can be
|
||||
switched on via "dnssec-validation auto;"
|
||||
- Support for DNS64.
|
||||
- Support for response policy zones (RPZ).
|
||||
- Support for writable DLZ zones.
|
||||
- Improved ease of configuration of GSS/TSIG for
|
||||
interoperability with Active Directory
|
||||
- Support for GOST signing algorithm for DNSSEC.
|
||||
- Removed RTT Banding from server selection algorithm.
|
||||
- New "static-stub" zone type.
|
||||
- Allow configuration of resolver timeouts via
|
||||
"resolver-query-timeout" option.
|
||||
- The DLZ "dlopen" driver is now built by default.
|
||||
- Added a new include file with function typedefs
|
||||
for the DLZ "dlopen" driver.
|
||||
- Made "--with-gssapi" default.
|
||||
- More verbose error reporting from DLZ LDAP.
|
||||
|
||||
BIND 9.7.0
|
||||
|
||||
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
|
||||
releases. Most are intended to simplify DNSSEC configuration.
|
||||
|
||||
New features include:
|
||||
|
||||
- Fully automatic signing of zones by "named".
|
||||
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
|
||||
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
|
||||
command line tool or the "local" update-policy option. (As a side
|
||||
effect, this also makes it easier to configure automatic zone
|
||||
re-signing.)
|
||||
- New named option "attach-cache" that allows multiple views to
|
||||
share a single cache.
|
||||
- DNS rebinding attack prevention.
|
||||
- New default values for dnssec-keygen parameters.
|
||||
- Support for RFC 5011 automated trust anchor maintenance
|
||||
- Smart signing: simplified tools for zone signing and key
|
||||
maintenance.
|
||||
- The "statistics-channels" option is now available on Windows.
|
||||
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
|
||||
- On some platforms, named and other binaries can now print out
|
||||
a stack backtrace on assertion failure, to aid in debugging.
|
||||
- A "tools only" installation mode on Windows, which only installs
|
||||
dig, host, nslookup and nsupdate.
|
||||
- Improved PKCS#11 support, including Keyper support and explicit
|
||||
OpenSSL engine selection.
|
||||
|
||||
BIND 9.6.0
|
||||
|
||||
Full NSEC3 support
|
||||
|
@ -13,7 +13,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: Makefile.in,v 1.58.250.4 2011/09/06 04:06:11 marka Exp $
|
||||
# $Id: Makefile.in,v 1.62 2011/09/06 04:06:37 marka Exp $
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
|
@ -51,119 +51,64 @@ BIND 9
|
||||
For up-to-date release notes and errata, see
|
||||
http://www.isc.org/software/bind9/releasenotes
|
||||
|
||||
BIND 9.8.5
|
||||
BIND 9.9.3
|
||||
|
||||
BIND 9.8.5 includes several bug fixes and patches security
|
||||
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
|
||||
BIND 9.9.3 is a maintenance release and patches the security
|
||||
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
|
||||
|
||||
BIND 9.8.4
|
||||
BIND 9.9.2
|
||||
|
||||
BIND 9.8.4 includes several bug fixes and patches security
|
||||
flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
|
||||
BIND 9.9.2 is a maintenance release and patches the security
|
||||
flaw described in CVE-2012-4244.
|
||||
|
||||
BIND 9.8.3
|
||||
BIND 9.9.1
|
||||
|
||||
BIND 9.8.3 is a maintenance release.
|
||||
BIND 9.9.1 is a maintenance release.
|
||||
|
||||
BIND 9.8.2
|
||||
BIND 9.9.0
|
||||
|
||||
BIND 9.8.2 includes a number of bug fixes and prevents a security
|
||||
problem described in CVE-2011-4313
|
||||
BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
|
||||
releases. New features include:
|
||||
|
||||
BIND 9.8.1
|
||||
|
||||
BIND 9.8.1 includes a number of bug fixes and enhancements from
|
||||
BIND 9.8 and earlier releases. New features include:
|
||||
|
||||
- The DLZ "dlopen" driver is now built by default.
|
||||
- Added a new include file with function typedefs
|
||||
for the DLZ "dlopen" driver.
|
||||
- Made "--with-gssapi" default.
|
||||
- More verbose error reporting from DLZ LDAP.
|
||||
|
||||
BIND 9.8.0
|
||||
|
||||
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
|
||||
releases. New features include:
|
||||
|
||||
- Built-in trust anchor for the root zone, which can be
|
||||
switched on via "dnssec-validation auto;"
|
||||
- Support for DNS64.
|
||||
- Support for response policy zones (RPZ).
|
||||
- Support for writable DLZ zones.
|
||||
- Improved ease of configuration of GSS/TSIG for
|
||||
interoperability with Active Directory
|
||||
- Support for GOST signing algorithm for DNSSEC.
|
||||
- Removed RTT Banding from server selection algorithm.
|
||||
- New "static-stub" zone type.
|
||||
- Allow configuration of resolver timeouts via
|
||||
"resolver-query-timeout" option.
|
||||
|
||||
BIND 9.7.0
|
||||
|
||||
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
|
||||
releases. Most are intended to simplify DNSSEC configuration.
|
||||
|
||||
New features include:
|
||||
|
||||
- Fully automatic signing of zones by "named".
|
||||
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
|
||||
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
|
||||
command line tool or the "local" update-policy option. (As a side
|
||||
effect, this also makes it easier to configure automatic zone
|
||||
re-signing.)
|
||||
- New named option "attach-cache" that allows multiple views to
|
||||
share a single cache.
|
||||
- DNS rebinding attack prevention.
|
||||
- New default values for dnssec-keygen parameters.
|
||||
- Support for RFC 5011 automated trust anchor maintenance
|
||||
- Smart signing: simplified tools for zone signing and key
|
||||
maintenance.
|
||||
- The "statistics-channels" option is now available on Windows.
|
||||
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
|
||||
- On some platforms, named and other binaries can now print out
|
||||
a stack backtrace on assertion failure, to aid in debugging.
|
||||
- A "tools only" installation mode on Windows, which only installs
|
||||
dig, host, nslookup and nsupdate.
|
||||
- Improved PKCS#11 support, including Keyper support and explicit
|
||||
OpenSSL engine selection.
|
||||
|
||||
Known issues in this release:
|
||||
|
||||
- In rare cases, DNSSEC validation can leak memory. When this
|
||||
happens, it will cause an assertion failure when named exits,
|
||||
but is otherwise harmless. A fix exists, but was too late for
|
||||
this release; it will be included in BIND 9.7.1.
|
||||
|
||||
Compatibility notes:
|
||||
|
||||
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
|
||||
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
|
||||
you should ensure that all changes that are in progress have
|
||||
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
|
||||
those features in a way which is not backwards compatible.
|
||||
|
||||
- Prior releases had a bug which caused HMAC-SHA* keys with long
|
||||
secrets to be used incorrectly. Fixing this bug means that older
|
||||
versions of BIND 9 may fail to interoperate with this version
|
||||
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
|
||||
tool will convert a key with a long secret into a form that works
|
||||
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
|
||||
man page for additional details.
|
||||
|
||||
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
|
||||
It is possible for the new key ID to collide with that of a
|
||||
different key. Newly generated keys will not have this problem,
|
||||
as "dnssec-keygen" looks for potential collisions before
|
||||
generating keys, but exercise caution if using key revokation
|
||||
with keys that were generated by older versions of BIND 9. See
|
||||
the Administrator's Reference Manual, section 4.10 ("Dynamic
|
||||
Trust Anchor Management") for more details.
|
||||
|
||||
- A bug was fixed in which a key's scheduled inactivity date was
|
||||
stored incorectly. Users who participated in the 9.7.0 BETA test
|
||||
and had DNSSEC keys with scheduled inactivity dates will need to
|
||||
reset those keys' dates using "dnssec-settime -I".
|
||||
- Inline signing, allowing automatic DNSSEC signing of
|
||||
master zones without modification of the zonefile, or
|
||||
"bump in the wire" signing in slaves.
|
||||
- NXDOMAIN redirection.
|
||||
- New 'rndc flushtree' command clears all data under a given
|
||||
name from the DNS cache.
|
||||
- New 'rndc sync' command dumps pending changes in a dynamic
|
||||
zone to disk without a freeze/thaw cycle.
|
||||
- New 'rndc signing' command displays or clears signing status
|
||||
records in 'auto-dnssec' zones.
|
||||
- NSEC3 parameters for 'auto-dnssec' zones can now be set prior
|
||||
to signing, eliminating the need to initially sign with NSEC.
|
||||
- Startup time improvements on large authoritative servers.
|
||||
- Slave zones are now saved in raw format by default.
|
||||
- Several improvements to response policy zones (RPZ).
|
||||
- Improved hardware scalability by using multiple threads
|
||||
to listen for queries and using finer-grained client locking
|
||||
- The 'also-notify' option now takes the same syntax as
|
||||
'masters', so it can used named masterlists and TSIG keys.
|
||||
- 'dnssec-signzone -D' writes an output file containing only DNSSEC
|
||||
data, which can be included by the primary zone file.
|
||||
- 'dnssec-signzone -R' forces removal of signatures that are
|
||||
not expired but were created by a key which no longer exists.
|
||||
- 'dnssec-signzone -X' allows a separate expiration date to
|
||||
be specified for DNSKEY signatures from other signatures.
|
||||
- New '-L' option to dnssec-keygen, dnssec-settime, and
|
||||
dnssec-keyfromlabel sets the default TTL for the key.
|
||||
- dnssec-dsfromkey now supports reading from standard input,
|
||||
to make it easier to convert DNSKEY to DS.
|
||||
- RFC 1918 reverse zones have been added to the empty-zones
|
||||
table per RFC 6303.
|
||||
- Dynamic updates can now optionally set the zone's SOA serial
|
||||
number to the current UNIX time.
|
||||
- DLZ modules can now retrieve the source IP address of
|
||||
the querying client.
|
||||
- 'request-ixfr' option can now be set at the per-zone level.
|
||||
- 'dig +rrcomments' turns on comments about DNSKEY records,
|
||||
indicating their key ID, algorithm and function
|
||||
- Simplified nsupdate syntax and added readline support
|
||||
|
||||
Building
|
||||
|
||||
@ -193,12 +138,12 @@ Building
|
||||
AIX 4.3, 5L
|
||||
CentOS 4, 4.5, 5
|
||||
Darwin 9.0.0d1/ARM
|
||||
Debian 4
|
||||
Fedora Core 5, 7
|
||||
FreeBSD 6.1
|
||||
Debian 4, 5, 6
|
||||
Fedora Core 5, 7, 8
|
||||
FreeBSD 6, 7, 8
|
||||
HP-UX 11.23 PA
|
||||
MacOS X 10.4, 10.5
|
||||
Red Hat Enterprise Linux 4, 5
|
||||
MacOS X 10.5, 10.6, 10.7
|
||||
Red Hat Enterprise Linux 4, 5, 6
|
||||
SCO OpenServer 5.0.6
|
||||
Slackware 9, 10
|
||||
SuSE 9, 10
|
||||
@ -219,7 +164,8 @@ Building
|
||||
|
||||
CFLAGS
|
||||
C compiler flags. Defaults to include -g and/or -O2
|
||||
as supported by the compiler.
|
||||
as supported by the compiler. Please include '-g'
|
||||
if you need to set CFLAGS.
|
||||
|
||||
STD_CINCLUDES
|
||||
System header file directories. Can be used to specify
|
||||
@ -336,6 +282,10 @@ Building
|
||||
libraries. sh-utils-1.16 provides a "printf" which compiles
|
||||
on SunOS 4.
|
||||
|
||||
Known limitations
|
||||
|
||||
Linux requires kernel build 2.6.39 or later to get the
|
||||
performance benefits from using multiple sockets.
|
||||
|
||||
Documentation
|
||||
|
||||
|
@ -20,7 +20,7 @@ VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
SUBDIRS = named rndc dig dnssec tools tests nsupdate \
|
||||
check confgen @PKCS11_TOOLS@
|
||||
check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
|
||||
TARGETS =
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: check-tool.c,v 1.41 2010/09/07 23:46:59 tbox Exp $ */
|
||||
/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -638,7 +638,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
|
||||
/*% dump the zone */
|
||||
isc_result_t
|
||||
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
|
||||
dns_masterformat_t fileformat, const dns_master_style_t *style)
|
||||
dns_masterformat_t fileformat, const dns_master_style_t *style,
|
||||
const isc_uint32_t rawversion)
|
||||
{
|
||||
isc_result_t result;
|
||||
FILE *output = stdout;
|
||||
@ -664,8 +665,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
|
||||
}
|
||||
}
|
||||
|
||||
result = dns_zone_dumptostream2(zone, output, fileformat, style);
|
||||
|
||||
result = dns_zone_dumptostream3(zone, output, fileformat, style,
|
||||
rawversion);
|
||||
if (output != stdout)
|
||||
(void)isc_stdio_close(output);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004, 2005, 2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: check-tool.h,v 1.16 2010/09/07 23:46:59 tbox Exp $ */
|
||||
/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
|
||||
|
||||
#ifndef CHECK_TOOL_H
|
||||
#define CHECK_TOOL_H
|
||||
@ -41,7 +41,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
|
||||
|
||||
isc_result_t
|
||||
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
|
||||
dns_masterformat_t fileformat, const dns_master_style_t *style);
|
||||
dns_masterformat_t fileformat, const dns_master_style_t *style,
|
||||
const isc_uint32_t rawversion);
|
||||
|
||||
#ifdef _WIN32
|
||||
void InitSockets(void);
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: named-checkconf.c,v 1.54.62.2 2011/03/12 04:59:13 tbox Exp $ */
|
||||
/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,9 +33,9 @@
|
||||
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 16
|
||||
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
|
||||
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
|
||||
.HP 18
|
||||
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
|
||||
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBnamed\-checkzone\fR
|
||||
@ -139,11 +139,19 @@ Specify the format of the zone file. Possible formats are
|
||||
.PP
|
||||
\-F \fIformat\fR
|
||||
.RS 4
|
||||
Specify the format of the output file specified. Possible formats are
|
||||
Specify the format of the output file specified. For
|
||||
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
|
||||
.sp
|
||||
Possible formats are
|
||||
\fB"text"\fR
|
||||
(default) and
|
||||
\fB"raw"\fR. For
|
||||
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
|
||||
\fB"raw"\fR
|
||||
or
|
||||
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
|
||||
\fBnamed\fR.
|
||||
\fB"raw=N"\fR
|
||||
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
|
||||
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
|
||||
.RE
|
||||
.PP
|
||||
\-k \fImode\fR
|
||||
@ -160,6 +168,11 @@ checks with the specified failure mode. Possible modes are
|
||||
\fB"ignore"\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-L \fIserial\fR
|
||||
.RS 4
|
||||
When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
|
||||
.RE
|
||||
.PP
|
||||
\-m \fImode\fR
|
||||
.RS 4
|
||||
Specify whether MX records should be checked to see if they are addresses. Possible modes are
|
||||
@ -289,7 +302,7 @@ BIND 9 Administrator Reference Manual.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2007, 2009\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2002 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: named-checkzone.c,v 1.61.62.2 2011/12/22 23:45:54 tbox Exp $ */
|
||||
/* $Id: named-checkzone.c,v 1.65 2011/12/22 17:29:22 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
#include <dns/db.h>
|
||||
#include <dns/fixedname.h>
|
||||
#include <dns/log.h>
|
||||
#include <dns/master.h>
|
||||
#include <dns/masterdump.h>
|
||||
#include <dns/name.h>
|
||||
#include <dns/rdataclass.h>
|
||||
@ -112,8 +113,12 @@ main(int argc, char **argv) {
|
||||
const char *outputformatstr = NULL;
|
||||
dns_masterformat_t inputformat = dns_masterformat_text;
|
||||
dns_masterformat_t outputformat = dns_masterformat_text;
|
||||
dns_masterrawheader_t header;
|
||||
isc_uint32_t rawversion = 1, serialnum = 0;
|
||||
isc_boolean_t snset = ISC_FALSE;
|
||||
isc_boolean_t logdump = ISC_FALSE;
|
||||
FILE *errout = stdout;
|
||||
char *endp;
|
||||
|
||||
outputstyle = &dns_master_style_full;
|
||||
|
||||
@ -159,7 +164,7 @@ main(int argc, char **argv) {
|
||||
isc_commandline_errprint = ISC_FALSE;
|
||||
|
||||
while ((c = isc_commandline_parse(argc, argv,
|
||||
"c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
|
||||
"c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
|
||||
!= EOF) {
|
||||
switch (c) {
|
||||
case 'c':
|
||||
@ -237,6 +242,17 @@ main(int argc, char **argv) {
|
||||
}
|
||||
break;
|
||||
|
||||
case 'L':
|
||||
snset = ISC_TRUE;
|
||||
endp = NULL;
|
||||
serialnum = strtol(isc_commandline_argument, &endp, 0);
|
||||
if (*endp != '\0') {
|
||||
fprintf(stderr, "source serial number "
|
||||
"must be numeric");
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'n':
|
||||
if (ARGCMP("ignore")) {
|
||||
zone_options &= ~(DNS_ZONEOPT_CHECKNS|
|
||||
@ -413,7 +429,11 @@ main(int argc, char **argv) {
|
||||
inputformat = dns_masterformat_text;
|
||||
else if (strcasecmp(inputformatstr, "raw") == 0)
|
||||
inputformat = dns_masterformat_raw;
|
||||
else {
|
||||
else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
|
||||
inputformat = dns_masterformat_raw;
|
||||
fprintf(stderr,
|
||||
"WARNING: input format raw, version ignored\n");
|
||||
} else {
|
||||
fprintf(stderr, "unknown file format: %s\n",
|
||||
inputformatstr);
|
||||
exit(1);
|
||||
@ -421,11 +441,22 @@ main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
if (outputformatstr != NULL) {
|
||||
if (strcasecmp(outputformatstr, "text") == 0)
|
||||
if (strcasecmp(outputformatstr, "text") == 0) {
|
||||
outputformat = dns_masterformat_text;
|
||||
else if (strcasecmp(outputformatstr, "raw") == 0)
|
||||
} else if (strcasecmp(outputformatstr, "raw") == 0) {
|
||||
outputformat = dns_masterformat_raw;
|
||||
else {
|
||||
} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
|
||||
char *end;
|
||||
|
||||
outputformat = dns_masterformat_raw;
|
||||
rawversion = strtol(outputformatstr + 4, &end, 10);
|
||||
if (end == outputformatstr + 4 || *end != '\0' ||
|
||||
rawversion > 1U) {
|
||||
fprintf(stderr,
|
||||
"unknown raw format version\n");
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "unknown file format: %s\n",
|
||||
outputformatstr);
|
||||
exit(1);
|
||||
@ -480,13 +511,20 @@ main(int argc, char **argv) {
|
||||
result = load_zone(mctx, origin, filename, inputformat, classname,
|
||||
&zone);
|
||||
|
||||
if (snset) {
|
||||
dns_master_initrawheader(&header);
|
||||
header.flags = DNS_MASTERRAW_SOURCESERIALSET;
|
||||
header.sourceserial = serialnum;
|
||||
dns_zone_setrawdata(zone, &header);
|
||||
}
|
||||
|
||||
if (result == ISC_R_SUCCESS && dumpzone) {
|
||||
if (logdump) {
|
||||
fprintf(errout, "dump zone to %s...", output_filename);
|
||||
fflush(errout);
|
||||
}
|
||||
result = dump_zone(origin, zone, output_filename,
|
||||
outputformat, outputstyle);
|
||||
outputformat, outputstyle, rawversion);
|
||||
if (logdump)
|
||||
fprintf(errout, "done\n");
|
||||
}
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
|
||||
<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
|
||||
<refentry id="man.named-checkzone">
|
||||
<refentryinfo>
|
||||
<date>June 13, 2000</date>
|
||||
@ -38,6 +38,7 @@
|
||||
<year>2007</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
@ -71,6 +72,7 @@
|
||||
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
|
||||
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
|
||||
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
|
||||
@ -97,6 +99,7 @@
|
||||
<arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
|
||||
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
|
||||
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
@ -250,12 +253,20 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Specify the format of the output file specified.
|
||||
Possible formats are <command>"text"</command> (default)
|
||||
and <command>"raw"</command>.
|
||||
For <command>named-checkzone</command>,
|
||||
this does not cause any effects unless it dumps the zone
|
||||
contents.
|
||||
</para>
|
||||
<para>
|
||||
Possible formats are <command>"text"</command> (default)
|
||||
and <command>"raw"</command> or <command>"raw=N"</command>,
|
||||
which store the zone in a binary format for rapid loading
|
||||
by <command>named</command>. <command>"raw=N"</command>
|
||||
specifies the format version of the raw zone file: if N
|
||||
is 0, the raw file can be read by any version of
|
||||
<command>named</command>; if N is 1, the file can be read
|
||||
by release 9.9.0 or higher. The default is 1.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -274,6 +285,17 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L <replaceable class="parameter">serial</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
When compiling a zone to 'raw' format, set the "source serial"
|
||||
value in the header to the specified serial number. (This is
|
||||
expected to be used primarily for testing purposes.)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-m <replaceable class="parameter">mode</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -29,11 +29,11 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543716"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543736"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
checks the syntax and integrity of a zone file. It performs the
|
||||
same checks as <span><strong class="command">named</strong></span> does when loading a
|
||||
@ -53,7 +53,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543751"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543771"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-d</span></dt>
|
||||
<dd><p>
|
||||
@ -128,14 +128,24 @@
|
||||
and <span><strong class="command">"raw"</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
|
||||
<dd><p>
|
||||
<dd>
|
||||
<p>
|
||||
Specify the format of the output file specified.
|
||||
Possible formats are <span><strong class="command">"text"</strong></span> (default)
|
||||
and <span><strong class="command">"raw"</strong></span>.
|
||||
For <span><strong class="command">named-checkzone</strong></span>,
|
||||
this does not cause any effects unless it dumps the zone
|
||||
contents.
|
||||
</p></dd>
|
||||
</p>
|
||||
<p>
|
||||
Possible formats are <span><strong class="command">"text"</strong></span> (default)
|
||||
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
|
||||
which store the zone in a binary format for rapid loading
|
||||
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
|
||||
specifies the format version of the raw zone file: if N
|
||||
is 0, the raw file can be read by any version of
|
||||
<span><strong class="command">named</strong></span>; if N is 1, the file can be read
|
||||
by release 9.9.0 or higher. The default is 1.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
|
||||
<dd><p>
|
||||
Perform <span><strong class="command">"check-names"</strong></span> checks with the
|
||||
@ -146,6 +156,12 @@
|
||||
(default for <span><strong class="command">named-checkzone</strong></span>) and
|
||||
<span><strong class="command">"ignore"</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
|
||||
<dd><p>
|
||||
When compiling a zone to 'raw' format, set the "source serial"
|
||||
value in the header to the specified serial number. (This is
|
||||
expected to be used primarily for testing purposes.)
|
||||
</p></dd>
|
||||
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specify whether MX records should be checked to see if they
|
||||
@ -254,14 +270,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544422"></a><h2>RETURN VALUES</h2>
|
||||
<a name="id2544612"></a><h2>RETURN VALUES</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544434"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2544624"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
|
||||
<em class="citetitle">RFC 1035</em>,
|
||||
@ -269,7 +285,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544603"></a><h2>AUTHOR</h2>
|
||||
<a name="id2544657"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: ddns-confgen.c,v 1.9.308.2 2011/03/12 04:59:13 tbox Exp $ */
|
||||
/* $Id: ddns-confgen.c,v 1.11 2011/03/12 04:59:46 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: rndc-confgen.c,v 1.5.308.2 2011/03/12 04:59:13 tbox Exp $ */
|
||||
/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -23,6 +23,8 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
READLINE_LIB = @READLINE_LIB@
|
||||
|
||||
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
|
||||
${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
|
||||
|
||||
@ -78,7 +80,7 @@ host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
|
||||
${FINALBUILDCMD}
|
||||
|
||||
nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
|
||||
export BASEOBJS="nslookup.@O@ dighost.@O@ ${UOBJS}"; \
|
||||
export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
doc man:: ${MANOBJS}
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -300,7 +300,7 @@ A synonym for
|
||||
.PP
|
||||
\fB+[no]adflag\fR
|
||||
.RS 4
|
||||
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
|
||||
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
|
||||
.RE
|
||||
.PP
|
||||
\fB+[no]cdflag\fR
|
||||
@ -341,6 +341,9 @@ attempts to find the authoritative name servers for the zone containing the name
|
||||
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
|
||||
\fBdig\fR
|
||||
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
|
||||
.sp
|
||||
\fB+dnssec\fR
|
||||
is also set when +trace is set to better emulate the default queries from a nameserver.
|
||||
.RE
|
||||
.PP
|
||||
\fB+[no]cmd\fR
|
||||
@ -367,6 +370,24 @@ option is enabled. If short form answers are requested, the default is not to sh
|
||||
Toggle the display of comment lines in the output. The default is to print comments.
|
||||
.RE
|
||||
.PP
|
||||
\fB+[no]rrcomments\fR
|
||||
.RS 4
|
||||
Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
|
||||
.RE
|
||||
.PP
|
||||
\fB+split=W\fR
|
||||
.RS 4
|
||||
Split long hex\- or base64\-formatted fields in resource records into chunks of
|
||||
\fIW\fR
|
||||
characters (where
|
||||
\fIW\fR
|
||||
is rounded up to the nearest multiple of 4).
|
||||
\fI+nosplit\fR
|
||||
or
|
||||
\fI+split=0\fR
|
||||
causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
|
||||
.RE
|
||||
.PP
|
||||
\fB+[no]stats\fR
|
||||
.RS 4
|
||||
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
|
||||
@ -454,7 +475,7 @@ bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively
|
||||
.RS 4
|
||||
Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
|
||||
\fB+noedns\fR
|
||||
clears the remembered EDNS version.
|
||||
clears the remembered EDNS version. EDNS is set to 0 by default.
|
||||
.RE
|
||||
.PP
|
||||
\fB+[no]multiline\fR
|
||||
@ -576,7 +597,7 @@ RFC1035.
|
||||
.PP
|
||||
There are probably too many query options.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2003 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dig.c,v 1.237.124.4 2011/12/07 17:23:55 each Exp $ */
|
||||
/* $Id: dig.c,v 1.245 2011/12/07 17:23:28 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -67,7 +67,8 @@ static char domainopt[DNS_NAME_MAXTEXT];
|
||||
static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
|
||||
ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
|
||||
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE,
|
||||
onesoa = ISC_FALSE;
|
||||
onesoa = ISC_FALSE, rrcomments = ISC_FALSE;
|
||||
static isc_uint32_t splitwidth = 0xffffffff;
|
||||
|
||||
/*% opcode text */
|
||||
static const char * const opcodetext[] = {
|
||||
@ -201,6 +202,8 @@ help(void) {
|
||||
" +[no]cl (Control display of class in records)\n"
|
||||
" +[no]cmd (Control display of command line)\n"
|
||||
" +[no]comments (Control display of comment lines)\n"
|
||||
" +[no]rrcomments (Control display of per-record "
|
||||
"comments)\n"
|
||||
" +[no]question (Control display of question)\n"
|
||||
" +[no]answer (Control display of answer)\n"
|
||||
" +[no]authority (Control display of authority)\n"
|
||||
@ -213,7 +216,7 @@ help(void) {
|
||||
" +[no]qr (Print question before sending)\n"
|
||||
" +[no]nssearch (Search all authoritative nameservers)\n"
|
||||
" +[no]identify (ID responders in short answers)\n"
|
||||
" +[no]trace (Trace delegation down from root)\n"
|
||||
" +[no]trace (Trace delegation down from root [+dnssec])\n"
|
||||
" +[no]dnssec (Request DNSSEC records)\n"
|
||||
" +[no]nsid (Request Name Server ID)\n"
|
||||
#ifdef DIG_SIGCHASE
|
||||
@ -223,6 +226,7 @@ help(void) {
|
||||
" +[no]topdown (Do DNSSEC validation top down mode)\n"
|
||||
#endif
|
||||
#endif
|
||||
" +[no]split=## (Split hex/base64 fields into chunks)\n"
|
||||
" +[no]multiline (Print records in an expanded format)\n"
|
||||
" +[no]onesoa (AXFR prints only one soa record)\n"
|
||||
" global d-opts and servers (before host name) affect all queries.\n"
|
||||
@ -395,6 +399,8 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
|
||||
styleflags |= DNS_STYLEFLAG_NO_TTL;
|
||||
if (noclass)
|
||||
styleflags |= DNS_STYLEFLAG_NO_CLASS;
|
||||
if (rrcomments)
|
||||
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
|
||||
if (multiline) {
|
||||
styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
|
||||
styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
|
||||
@ -403,16 +409,21 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
|
||||
styleflags |= DNS_STYLEFLAG_TTL;
|
||||
styleflags |= DNS_STYLEFLAG_MULTILINE;
|
||||
styleflags |= DNS_STYLEFLAG_COMMENT;
|
||||
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
|
||||
}
|
||||
|
||||
if (multiline || (nottl && noclass))
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 24, 24, 32, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 24, 24, 32, 80, 8,
|
||||
splitwidth, mctx);
|
||||
else if (nottl || noclass)
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 24, 32, 40, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 24, 32, 40, 80, 8,
|
||||
splitwidth, mctx);
|
||||
else
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 32, 40, 48, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 32, 40, 48, 80, 8,
|
||||
splitwidth, mctx);
|
||||
check_result(result, "dns_master_stylecreate");
|
||||
|
||||
result = dns_master_rdatasettotext(owner_name, rdataset, style, target);
|
||||
@ -437,6 +448,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
|
||||
unsigned int styleflags = 0;
|
||||
|
||||
styleflags |= DNS_STYLEFLAG_REL_OWNER;
|
||||
if (query->lookup->comments)
|
||||
styleflags |= DNS_STYLEFLAG_COMMENT;
|
||||
if (rrcomments)
|
||||
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
|
||||
if (nottl)
|
||||
styleflags |= DNS_STYLEFLAG_NO_TTL;
|
||||
if (noclass)
|
||||
@ -448,17 +463,20 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
|
||||
styleflags |= DNS_STYLEFLAG_OMIT_TTL;
|
||||
styleflags |= DNS_STYLEFLAG_TTL;
|
||||
styleflags |= DNS_STYLEFLAG_MULTILINE;
|
||||
styleflags |= DNS_STYLEFLAG_COMMENT;
|
||||
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
|
||||
}
|
||||
if (multiline || (nottl && noclass))
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 24, 24, 32, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 24, 24, 32, 80, 8,
|
||||
splitwidth, mctx);
|
||||
else if (nottl || noclass)
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 24, 32, 40, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 24, 32, 40, 80, 8,
|
||||
splitwidth, mctx);
|
||||
else
|
||||
result = dns_master_stylecreate(&style, styleflags,
|
||||
24, 32, 40, 48, 80, 8, mctx);
|
||||
result = dns_master_stylecreate2(&style, styleflags,
|
||||
24, 32, 40, 48, 80, 8,
|
||||
splitwidth, mctx);
|
||||
check_result(result, "dns_master_stylecreate");
|
||||
|
||||
if (query->lookup->cmdline[0] != 0) {
|
||||
@ -765,6 +783,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->section_answer = state;
|
||||
lookup->section_additional = state;
|
||||
lookup->comments = state;
|
||||
rrcomments = state;
|
||||
lookup->stats = state;
|
||||
printcmd = state;
|
||||
break;
|
||||
@ -925,6 +944,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->identify = ISC_TRUE;
|
||||
lookup->stats = ISC_FALSE;
|
||||
lookup->comments = ISC_FALSE;
|
||||
rrcomments = ISC_FALSE;
|
||||
lookup->section_additional = ISC_FALSE;
|
||||
lookup->section_authority = ISC_FALSE;
|
||||
lookup->section_question = ISC_FALSE;
|
||||
@ -985,6 +1005,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
goto invalid_option;
|
||||
}
|
||||
break;
|
||||
case 'r': /* rrcomments */
|
||||
FULLCHECK("rrcomments");
|
||||
rrcomments = state;
|
||||
break;
|
||||
default:
|
||||
goto invalid_option;
|
||||
}
|
||||
@ -1011,6 +1035,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->section_authority = ISC_FALSE;
|
||||
lookup->section_question = ISC_FALSE;
|
||||
lookup->comments = ISC_FALSE;
|
||||
rrcomments = ISC_FALSE;
|
||||
lookup->stats = ISC_FALSE;
|
||||
}
|
||||
break;
|
||||
@ -1033,6 +1058,36 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->dnssec = ISC_TRUE;
|
||||
break;
|
||||
#endif
|
||||
case 'p': /* split */
|
||||
FULLCHECK("split");
|
||||
if (value != NULL && !state)
|
||||
goto invalid_option;
|
||||
if (!state) {
|
||||
splitwidth = 0;
|
||||
break;
|
||||
} else if (value == NULL)
|
||||
break;
|
||||
|
||||
result = parse_uint(&splitwidth, value,
|
||||
1023, "split");
|
||||
if (splitwidth % 4 != 0) {
|
||||
splitwidth = ((splitwidth + 3) / 4) * 4;
|
||||
fprintf(stderr, ";; Warning, split must be "
|
||||
"a multiple of 4; adjusting "
|
||||
"to %d\n", splitwidth);
|
||||
}
|
||||
/*
|
||||
* There is an adjustment done in the
|
||||
* totext_<rrtype>() functions which causes
|
||||
* splitwidth to shrink. This is okay when we're
|
||||
* using the default width but incorrect in this
|
||||
* case, so we correct for it
|
||||
*/
|
||||
if (splitwidth)
|
||||
splitwidth += 3;
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("Couldn't parse retries");
|
||||
break;
|
||||
case 't': /* stats */
|
||||
FULLCHECK("stats");
|
||||
lookup->stats = state;
|
||||
@ -1077,10 +1132,12 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->recurse = ISC_FALSE;
|
||||
lookup->identify = ISC_TRUE;
|
||||
lookup->comments = ISC_FALSE;
|
||||
rrcomments = ISC_FALSE;
|
||||
lookup->stats = ISC_FALSE;
|
||||
lookup->section_additional = ISC_FALSE;
|
||||
lookup->section_authority = ISC_TRUE;
|
||||
lookup->section_question = ISC_FALSE;
|
||||
lookup->dnssec = ISC_TRUE;
|
||||
usesearch = ISC_FALSE;
|
||||
}
|
||||
break;
|
||||
@ -1484,6 +1541,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
|
||||
if (!is_batchfile) {
|
||||
debug("making new lookup");
|
||||
default_lookup = make_empty_lookup();
|
||||
default_lookup->adflag = ISC_TRUE;
|
||||
default_lookup->edns = 0;
|
||||
|
||||
#ifndef NOPOSIX
|
||||
/*
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
|
||||
<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ -->
|
||||
<refentry id="man.dig">
|
||||
|
||||
<refentryinfo>
|
||||
@ -45,6 +45,7 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
@ -467,7 +468,8 @@
|
||||
policy of the server. AD=1 indicates that all records
|
||||
have been validated as secure and the answer is not
|
||||
from a OPT-OUT range. AD=0 indicate that some part
|
||||
of the answer was insecure or not validated.
|
||||
of the answer was insecure or not validated. This
|
||||
bit is set by default.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -504,19 +506,17 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><option>+[no]recurse</option></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle the setting of the RD (recursion desired) bit in the
|
||||
query.
|
||||
This bit is set by default, which means <command>dig</command>
|
||||
normally sends recursive queries. Recursion is automatically
|
||||
disabled
|
||||
when the <parameter>+nssearch</parameter> or
|
||||
<parameter>+trace</parameter> query options are
|
||||
used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle the setting of the RD (recursion desired) bit
|
||||
in the query. This bit is set by default, which means
|
||||
<command>dig</command> normally sends recursive
|
||||
queries. Recursion is automatically disabled when
|
||||
the <parameter>+nssearch</parameter> or
|
||||
<parameter>+trace</parameter> query options are used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>+[no]nssearch</option></term>
|
||||
@ -536,20 +536,21 @@
|
||||
<varlistentry>
|
||||
<term><option>+[no]trace</option></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle tracing of the delegation path from the root name servers
|
||||
for
|
||||
the name being looked up. Tracing is disabled by default. When
|
||||
tracing is enabled, <command>dig</command> makes
|
||||
iterative queries to
|
||||
resolve the name being looked up. It will follow referrals from
|
||||
the
|
||||
root servers, showing the answer from each server that was used
|
||||
to
|
||||
resolve the lookup.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<para>
|
||||
Toggle tracing of the delegation path from the root
|
||||
name servers for the name being looked up. Tracing
|
||||
is disabled by default. When tracing is enabled,
|
||||
<command>dig</command> makes iterative queries to
|
||||
resolve the name being looked up. It will follow
|
||||
referrals from the root servers, showing the answer
|
||||
from each server that was used to resolve the lookup.
|
||||
</para>
|
||||
<para>
|
||||
<command>+dnssec</command> is also set when +trace is
|
||||
set to better emulate the default queries from a nameserver.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>+[no]cmd</option></term>
|
||||
@ -594,8 +595,35 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle the display of comment lines in the output. The default
|
||||
is to
|
||||
print comments.
|
||||
is to print comments.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>+[no]rrcomments</option></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle the display of per-record comments in the output (for
|
||||
example, human-readable key information about DNSKEY records).
|
||||
The default is not to print record comments unless multiline
|
||||
mode is active.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>+split=W</option></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Split long hex- or base64-formatted fields in resource
|
||||
records into chunks of <parameter>W</parameter> characters
|
||||
(where <parameter>W</parameter> is rounded up to the nearest
|
||||
multiple of 4).
|
||||
<parameter>+nosplit</parameter> or
|
||||
<parameter>+split=0</parameter> causes fields not to be
|
||||
split at all. The default is 56 characters, or 44 characters
|
||||
when multiline mode is active.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -755,9 +783,10 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Specify the EDNS version to query with. Valid values
|
||||
are 0 to 255. Setting the EDNS version will cause a
|
||||
EDNS query to be sent. <option>+noedns</option> clears the
|
||||
remembered EDNS version.
|
||||
are 0 to 255. Setting the EDNS version will cause
|
||||
a EDNS query to be sent. <option>+noedns</option>
|
||||
clears the remembered EDNS version. EDNS is set to
|
||||
0 by default.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -34,7 +34,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543527"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543530"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
(domain information groper) is a flexible tool
|
||||
for interrogating DNS name servers. It performs DNS lookups and
|
||||
@ -81,7 +81,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543606"></a><h2>SIMPLE USAGE</h2>
|
||||
<a name="id2543609"></a><h2>SIMPLE USAGE</h2>
|
||||
<p>
|
||||
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
|
||||
</p>
|
||||
@ -134,7 +134,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543709"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543713"></a><h2>OPTIONS</h2>
|
||||
<p>
|
||||
The <code class="option">-b</code> option sets the source IP address of the query
|
||||
to <em class="parameter"><code>address</code></em>. This must be a valid
|
||||
@ -238,7 +238,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544058"></a><h2>QUERY OPTIONS</h2>
|
||||
<a name="id2544061"></a><h2>QUERY OPTIONS</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
provides a number of query options which affect
|
||||
the way in which lookups are made and the results displayed. Some of
|
||||
@ -323,7 +323,8 @@
|
||||
policy of the server. AD=1 indicates that all records
|
||||
have been validated as secure and the answer is not
|
||||
from a OPT-OUT range. AD=0 indicate that some part
|
||||
of the answer was insecure or not validated.
|
||||
of the answer was insecure or not validated. This
|
||||
bit is set by default.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
|
||||
<dd><p>
|
||||
@ -342,15 +343,13 @@
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
|
||||
<dd><p>
|
||||
Toggle the setting of the RD (recursion desired) bit in the
|
||||
query.
|
||||
This bit is set by default, which means <span><strong class="command">dig</strong></span>
|
||||
normally sends recursive queries. Recursion is automatically
|
||||
disabled
|
||||
when the <em class="parameter"><code>+nssearch</code></em> or
|
||||
<em class="parameter"><code>+trace</code></em> query options are
|
||||
used.
|
||||
</p></dd>
|
||||
Toggle the setting of the RD (recursion desired) bit
|
||||
in the query. This bit is set by default, which means
|
||||
<span><strong class="command">dig</strong></span> normally sends recursive
|
||||
queries. Recursion is automatically disabled when
|
||||
the <em class="parameter"><code>+nssearch</code></em> or
|
||||
<em class="parameter"><code>+trace</code></em> query options are used.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
|
||||
<dd><p>
|
||||
When this option is set, <span><strong class="command">dig</strong></span>
|
||||
@ -362,18 +361,21 @@
|
||||
zone.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
|
||||
<dd><p>
|
||||
Toggle tracing of the delegation path from the root name servers
|
||||
for
|
||||
the name being looked up. Tracing is disabled by default. When
|
||||
tracing is enabled, <span><strong class="command">dig</strong></span> makes
|
||||
iterative queries to
|
||||
resolve the name being looked up. It will follow referrals from
|
||||
the
|
||||
root servers, showing the answer from each server that was used
|
||||
to
|
||||
resolve the lookup.
|
||||
</p></dd>
|
||||
<dd>
|
||||
<p>
|
||||
Toggle tracing of the delegation path from the root
|
||||
name servers for the name being looked up. Tracing
|
||||
is disabled by default. When tracing is enabled,
|
||||
<span><strong class="command">dig</strong></span> makes iterative queries to
|
||||
resolve the name being looked up. It will follow
|
||||
referrals from the root servers, showing the answer
|
||||
from each server that was used to resolve the lookup.
|
||||
</p>
|
||||
<p>
|
||||
<span><strong class="command">+dnssec</strong></span> is also set when +trace is
|
||||
set to better emulate the default queries from a nameserver.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
|
||||
<dd><p>
|
||||
Toggles the printing of the initial comment in the output
|
||||
@ -400,8 +402,25 @@
|
||||
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
|
||||
<dd><p>
|
||||
Toggle the display of comment lines in the output. The default
|
||||
is to
|
||||
print comments.
|
||||
is to print comments.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
|
||||
<dd><p>
|
||||
Toggle the display of per-record comments in the output (for
|
||||
example, human-readable key information about DNSKEY records).
|
||||
The default is not to print record comments unless multiline
|
||||
mode is active.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+split=W</code></span></dt>
|
||||
<dd><p>
|
||||
Split long hex- or base64-formatted fields in resource
|
||||
records into chunks of <em class="parameter"><code>W</code></em> characters
|
||||
(where <em class="parameter"><code>W</code></em> is rounded up to the nearest
|
||||
multiple of 4).
|
||||
<em class="parameter"><code>+nosplit</code></em> or
|
||||
<em class="parameter"><code>+split=0</code></em> causes fields not to be
|
||||
split at all. The default is 56 characters, or 44 characters
|
||||
when multiline mode is active.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
|
||||
<dd><p>
|
||||
@ -496,9 +515,10 @@
|
||||
<dt><span class="term"><code class="option">+edns=#</code></span></dt>
|
||||
<dd><p>
|
||||
Specify the EDNS version to query with. Valid values
|
||||
are 0 to 255. Setting the EDNS version will cause a
|
||||
EDNS query to be sent. <code class="option">+noedns</code> clears the
|
||||
remembered EDNS version.
|
||||
are 0 to 255. Setting the EDNS version will cause
|
||||
a EDNS query to be sent. <code class="option">+noedns</code>
|
||||
clears the remembered EDNS version. EDNS is set to
|
||||
0 by default.
|
||||
</p></dd>
|
||||
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
|
||||
<dd><p>
|
||||
@ -569,7 +589,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<a name="id2545324"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<p>
|
||||
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
|
||||
supports
|
||||
@ -615,7 +635,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545337"></a><h2>IDN SUPPORT</h2>
|
||||
<a name="id2545386"></a><h2>IDN SUPPORT</h2>
|
||||
<p>
|
||||
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
@ -629,14 +649,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545360"></a><h2>FILES</h2>
|
||||
<a name="id2545409"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/resolv.conf</code>
|
||||
</p>
|
||||
<p><code class="filename">${HOME}/.digrc</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545377"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2545426"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
@ -644,7 +664,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545414"></a><h2>BUGS</h2>
|
||||
<a name="id2545531"></a><h2>BUGS</h2>
|
||||
<p>
|
||||
There are probably too many query options.
|
||||
</p>
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dighost.c,v 1.336.22.9 2011/12/07 17:23:55 each Exp $ */
|
||||
/* $Id: dighost.c,v 1.345 2011/12/07 17:23:28 each Exp $ */
|
||||
|
||||
/*! \file
|
||||
* \note
|
||||
@ -362,8 +362,6 @@ connect_timeout(isc_task_t *task, isc_event_t *event);
|
||||
static void
|
||||
launch_next_query(dig_query_t *query, isc_boolean_t include_question);
|
||||
|
||||
static void
|
||||
send_tcp_connect(dig_query_t *query);
|
||||
|
||||
static void *
|
||||
mem_alloc(void *arg, size_t size) {
|
||||
@ -791,7 +789,6 @@ make_empty_lookup(void) {
|
||||
looknew->new_search = ISC_FALSE;
|
||||
looknew->done_as_is = ISC_FALSE;
|
||||
looknew->need_search = ISC_FALSE;
|
||||
dns_fixedname_init(&looknew->fdomain);
|
||||
ISC_LINK_INIT(looknew, link);
|
||||
ISC_LIST_INIT(looknew->q);
|
||||
ISC_LIST_INIT(looknew->connecting);
|
||||
@ -868,8 +865,6 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
|
||||
looknew->tsigctx = NULL;
|
||||
looknew->need_search = lookold->need_search;
|
||||
looknew->done_as_is = lookold->done_as_is;
|
||||
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
|
||||
dns_fixedname_name(&looknew->fdomain), NULL);
|
||||
|
||||
if (servers)
|
||||
clone_server_list(lookold->my_server_list,
|
||||
@ -1814,6 +1809,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
|
||||
lookup->trace_root = ISC_FALSE;
|
||||
if (lookup->ns_search_only)
|
||||
lookup->recurse = ISC_FALSE;
|
||||
dns_fixedname_init(&lookup->fdomain);
|
||||
domain = dns_fixedname_name(&lookup->fdomain);
|
||||
dns_name_copy(name, domain, NULL);
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: host.c,v 1.124.40.3 2011/03/11 06:46:59 marka Exp $ */
|
||||
/* $Id: host.c,v 1.127 2011/03/11 06:11:20 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dig.h,v 1.111.306.3 2011/12/07 17:23:55 each Exp $ */
|
||||
/* $Id: dig.h,v 1.114 2011/12/07 17:23:28 each Exp $ */
|
||||
|
||||
#ifndef DIG_H
|
||||
#define DIG_H
|
||||
|
@ -15,11 +15,12 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nslookup.c,v 1.127.38.2 2011/02/28 01:19:58 tbox Exp $ */
|
||||
/* $Id: nslookup.c,v 1.130 2011/12/16 23:01:16 each Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <isc/app.h>
|
||||
#include <isc/buffer.h>
|
||||
@ -45,6 +46,11 @@
|
||||
|
||||
#include <dig/dig.h>
|
||||
|
||||
#if defined(HAVE_READLINE)
|
||||
#include <readline/readline.h>
|
||||
#include <readline/history.h>
|
||||
#endif
|
||||
|
||||
static isc_boolean_t short_form = ISC_TRUE,
|
||||
tcpmode = ISC_FALSE,
|
||||
identify = ISC_FALSE, stats = ISC_TRUE,
|
||||
@ -53,6 +59,8 @@ static isc_boolean_t short_form = ISC_TRUE,
|
||||
section_additional = ISC_TRUE, recurse = ISC_TRUE,
|
||||
aaonly = ISC_FALSE, nofail = ISC_TRUE;
|
||||
|
||||
static isc_boolean_t interactive;
|
||||
|
||||
static isc_boolean_t in_use = ISC_FALSE;
|
||||
static char defclass[MXRD] = "IN";
|
||||
static char deftype[MXRD] = "A";
|
||||
@ -715,28 +723,12 @@ addlookup(char *opt) {
|
||||
}
|
||||
|
||||
static void
|
||||
get_next_command(void) {
|
||||
char *buf;
|
||||
do_next_command(char *input) {
|
||||
char *ptr, *arg;
|
||||
char *input;
|
||||
|
||||
fflush(stdout);
|
||||
buf = isc_mem_allocate(mctx, COMMSIZE);
|
||||
if (buf == NULL)
|
||||
fatal("memory allocation failure");
|
||||
fputs("> ", stderr);
|
||||
fflush(stderr);
|
||||
isc_app_block();
|
||||
ptr = fgets(buf, COMMSIZE, stdin);
|
||||
isc_app_unblock();
|
||||
if (ptr == NULL) {
|
||||
in_use = ISC_FALSE;
|
||||
goto cleanup;
|
||||
}
|
||||
input = buf;
|
||||
ptr = next_token(&input, " \t\r\n");
|
||||
if (ptr == NULL)
|
||||
goto cleanup;
|
||||
return;
|
||||
arg = next_token(&input, " \t\r\n");
|
||||
if ((strcasecmp(ptr, "set") == 0) &&
|
||||
(arg != NULL))
|
||||
@ -750,20 +742,48 @@ get_next_command(void) {
|
||||
show_settings(ISC_TRUE, ISC_TRUE);
|
||||
} else if (strcasecmp(ptr, "exit") == 0) {
|
||||
in_use = ISC_FALSE;
|
||||
goto cleanup;
|
||||
} else if (strcasecmp(ptr, "help") == 0 ||
|
||||
strcasecmp(ptr, "?") == 0) {
|
||||
printf("The '%s' command is not yet implemented.\n", ptr);
|
||||
goto cleanup;
|
||||
} else if (strcasecmp(ptr, "finger") == 0 ||
|
||||
strcasecmp(ptr, "root") == 0 ||
|
||||
strcasecmp(ptr, "ls") == 0 ||
|
||||
strcasecmp(ptr, "view") == 0) {
|
||||
printf("The '%s' command is not implemented.\n", ptr);
|
||||
goto cleanup;
|
||||
} else
|
||||
addlookup(ptr);
|
||||
cleanup:
|
||||
}
|
||||
|
||||
static void
|
||||
get_next_command(void) {
|
||||
char *buf;
|
||||
char *ptr;
|
||||
|
||||
fflush(stdout);
|
||||
buf = isc_mem_allocate(mctx, COMMSIZE);
|
||||
if (buf == NULL)
|
||||
fatal("memory allocation failure");
|
||||
isc_app_block();
|
||||
if (interactive) {
|
||||
#ifdef HAVE_READLINE
|
||||
ptr = readline("> ");
|
||||
add_history(ptr);
|
||||
#else
|
||||
fputs("> ", stderr);
|
||||
fflush(stderr);
|
||||
ptr = fgets(buf, COMMSIZE, stdin);
|
||||
#endif
|
||||
} else
|
||||
ptr = fgets(buf, COMMSIZE, stdin);
|
||||
isc_app_unblock();
|
||||
if (ptr == NULL) {
|
||||
in_use = ISC_FALSE;
|
||||
} else
|
||||
do_next_command(ptr);
|
||||
#ifdef HAVE_READLINE
|
||||
if (interactive)
|
||||
free(ptr);
|
||||
#endif
|
||||
isc_mem_free(mctx, buf);
|
||||
}
|
||||
|
||||
@ -859,6 +879,8 @@ int
|
||||
main(int argc, char **argv) {
|
||||
isc_result_t result;
|
||||
|
||||
interactive = ISC_TF(isatty(0));
|
||||
|
||||
ISC_LIST_INIT(lookup_list);
|
||||
ISC_LIST_INIT(server_list);
|
||||
ISC_LIST_INIT(search_list);
|
||||
|
@ -13,7 +13,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
|
||||
# $Id: Makefile.in,v 1.42.332.1 2011/03/16 06:37:51 each Exp $
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
@ -44,19 +44,23 @@ NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
|
||||
# Alphabetically
|
||||
TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
|
||||
dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
|
||||
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@
|
||||
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
|
||||
dnssec-verify@EXEEXT@
|
||||
|
||||
OBJS = dnssectool.@O@
|
||||
|
||||
SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
|
||||
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c dnssectool.c
|
||||
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c \
|
||||
dnssec-verify.c dnssectool.c
|
||||
|
||||
MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
|
||||
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8
|
||||
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \
|
||||
dnssec-verify.8
|
||||
|
||||
HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \
|
||||
dnssec-keygen.html dnssec-revoke.html \
|
||||
dnssec-settime.html dnssec-signzone.html
|
||||
dnssec-settime.html dnssec-signzone.html \
|
||||
dnssec-verify.html
|
||||
|
||||
MANOBJS = ${MANPAGES} ${HTMLPAGES}
|
||||
|
||||
@ -82,6 +86,14 @@ dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
dnssec-verify.@O@: dnssec-verify.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
||||
-c ${srcdir}/dnssec-verify.c
|
||||
|
||||
dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-revoke.@O@ ${OBJS} ${LIBS}
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@ -32,9 +32,9 @@
|
||||
dnssec\-dsfromkey \- DNSSEC DS RR generation tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 17
|
||||
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
|
||||
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
|
||||
.HP 17
|
||||
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
|
||||
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-dsfromkey\fR
|
||||
@ -58,6 +58,11 @@ Select the digest algorithm. The value of
|
||||
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
|
||||
.RE
|
||||
.PP
|
||||
\-T \fITTL\fR
|
||||
.RS 4
|
||||
Specifies the TTL of the DS records.
|
||||
.RE
|
||||
.PP
|
||||
\-K \fIdirectory\fR
|
||||
.RS 4
|
||||
Look for key files (or, in keyset mode,
|
||||
@ -71,6 +76,15 @@ files) in
|
||||
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
|
||||
\fBfile\fR. If the zone name is the same as
|
||||
\fBfile\fR, then it may be omitted.
|
||||
.sp
|
||||
If
|
||||
\fBfile\fR
|
||||
is set to
|
||||
"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
|
||||
\fBdig\fR
|
||||
command as input, as in:
|
||||
.sp
|
||||
\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
|
||||
.RE
|
||||
.PP
|
||||
\-A
|
||||
@ -139,5 +153,5 @@ RFC 4509.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */
|
||||
/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -31,12 +31,13 @@
|
||||
#include <isc/string.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#include <dns/callbacks.h>
|
||||
#include <dns/db.h>
|
||||
#include <dns/dbiterator.h>
|
||||
#include <dns/ds.h>
|
||||
#include <dns/fixedname.h>
|
||||
#include <dns/log.h>
|
||||
#include <dns/keyvalues.h>
|
||||
#include <dns/log.h>
|
||||
#include <dns/master.h>
|
||||
#include <dns/name.h>
|
||||
#include <dns/rdata.h>
|
||||
@ -61,6 +62,7 @@ static dns_rdataclass_t rdclass;
|
||||
static dns_fixedname_t fixed;
|
||||
static dns_name_t *name = NULL;
|
||||
static isc_mem_t *mctx = NULL;
|
||||
static isc_uint32_t ttl;
|
||||
|
||||
static isc_result_t
|
||||
initname(char *setname) {
|
||||
@ -76,8 +78,28 @@ initname(char *setname) {
|
||||
return (result);
|
||||
}
|
||||
|
||||
static void
|
||||
db_load_from_stream(dns_db_t *db, FILE *fp) {
|
||||
isc_result_t result;
|
||||
dns_rdatacallbacks_t callbacks;
|
||||
|
||||
dns_rdatacallbacks_init(&callbacks);
|
||||
result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("dns_db_beginload failed: %s", isc_result_totext(result));
|
||||
|
||||
result = dns_master_loadstream(fp, name, name, rdclass, 0,
|
||||
&callbacks, mctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("can't load from input: %s", isc_result_totext(result));
|
||||
|
||||
result = dns_db_endload(db, &callbacks.add_private);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("dns_db_endload failed: %s", isc_result_totext(result));
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
|
||||
loadset(const char *filename, dns_rdataset_t *rdataset) {
|
||||
isc_result_t result;
|
||||
dns_db_t *db = NULL;
|
||||
dns_dbnode_t *node = NULL;
|
||||
@ -90,9 +112,15 @@ loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("can't create database");
|
||||
|
||||
result = dns_db_load(db, filename);
|
||||
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
|
||||
fatal("can't load %s: %s", filename, isc_result_totext(result));
|
||||
if (strcmp(filename, "-") == 0) {
|
||||
db_load_from_stream(db, stdin);
|
||||
filename = "input";
|
||||
} else {
|
||||
result = dns_db_load(db, filename);
|
||||
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
|
||||
fatal("can't load %s: %s", filename,
|
||||
isc_result_totext(result));
|
||||
}
|
||||
|
||||
result = dns_db_findnode(db, name, ISC_FALSE, &node);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
@ -141,7 +169,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
|
||||
return (ISC_R_NOSPACE);
|
||||
isc_buffer_putuint8(&buf, 0);
|
||||
|
||||
return (loadsetfromfile(filename, rdataset));
|
||||
return (loadset(filename, rdataset));
|
||||
}
|
||||
|
||||
static void
|
||||
@ -256,7 +284,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
|
||||
}
|
||||
}
|
||||
|
||||
result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
|
||||
result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
|
||||
&textb);
|
||||
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("can't print rdata");
|
||||
|
||||
@ -267,6 +297,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
|
||||
isc_buffer_usedregion(&nameb, &r);
|
||||
printf("%.*s ", (int)r.length, r.base);
|
||||
|
||||
if (ttl != 0U)
|
||||
printf("%u ", ttl);
|
||||
|
||||
isc_buffer_usedregion(&classb, &r);
|
||||
printf("%.*s", (int)r.length, r.base);
|
||||
|
||||
@ -302,6 +335,7 @@ usage(void) {
|
||||
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
|
||||
fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n");
|
||||
fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n");
|
||||
fprintf(stderr, " -T TTL\n");
|
||||
fprintf(stderr, " -f file: read keyset from zone file\n");
|
||||
fprintf(stderr, " -A: when used with -f, "
|
||||
"include all keys in DS set, not just KSKs\n");
|
||||
@ -341,7 +375,7 @@ main(int argc, char **argv) {
|
||||
isc_commandline_errprint = ISC_FALSE;
|
||||
|
||||
while ((ch = isc_commandline_parse(argc, argv,
|
||||
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
|
||||
"12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
|
||||
switch (ch) {
|
||||
case '1':
|
||||
dtype = DNS_DSDIGEST_SHA1;
|
||||
@ -381,6 +415,9 @@ main(int argc, char **argv) {
|
||||
case 's':
|
||||
usekeyset = ISC_TRUE;
|
||||
break;
|
||||
case 'T':
|
||||
ttl = atol(isc_commandline_argument);
|
||||
break;
|
||||
case 'v':
|
||||
verbose = strtol(isc_commandline_argument, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
@ -466,7 +503,7 @@ main(int argc, char **argv) {
|
||||
if (usekeyset)
|
||||
result = loadkeyset(dir, &rdataset);
|
||||
else
|
||||
result = loadsetfromfile(filename, &rdataset);
|
||||
result = loadset(filename, &rdataset);
|
||||
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("could not load DNSKEY set: %s\n",
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010/12/23 23:47:08 tbox Exp $ -->
|
||||
<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
|
||||
<refentry id="man.dnssec-dsfromkey">
|
||||
<refentryinfo>
|
||||
<date>August 26, 2009</date>
|
||||
@ -39,6 +39,7 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2012</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
@ -52,6 +53,7 @@
|
||||
<arg><option>-2</option></arg>
|
||||
<arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
|
||||
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
|
||||
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
|
||||
<arg choice="req">keyfile</arg>
|
||||
</cmdsynopsis>
|
||||
<cmdsynopsis>
|
||||
@ -64,6 +66,7 @@
|
||||
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
|
||||
<arg><option>-s</option></arg>
|
||||
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
|
||||
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
|
||||
<arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
|
||||
<arg><option>-A</option></arg>
|
||||
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
|
||||
@ -114,6 +117,15 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-T <replaceable class="parameter">TTL</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the TTL of the DS records.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-K <replaceable class="parameter">directory</replaceable></term>
|
||||
<listitem>
|
||||
@ -134,6 +146,15 @@
|
||||
from <option>file</option>. If the zone name is the same as
|
||||
<option>file</option>, then it may be omitted.
|
||||
</para>
|
||||
<para>
|
||||
If <option>file</option> is set to <literal>"-"</literal>, then
|
||||
the zone data is read from the standard input. This makes it
|
||||
possible to use the output of the <command>dig</command>
|
||||
command as input, as in:
|
||||
</para>
|
||||
<para>
|
||||
<userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -28,18 +28,18 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543468"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543489"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
|
||||
outputs the Delegation Signer (DS) resource record (RR), as defined in
|
||||
RFC 3658 and RFC 4509, for the given key(s).
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543480"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543500"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-1</span></dt>
|
||||
<dd><p>
|
||||
@ -57,6 +57,10 @@
|
||||
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
|
||||
These values are case insensitive.
|
||||
</p></dd>
|
||||
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specifies the TTL of the DS records.
|
||||
</p></dd>
|
||||
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
|
||||
<dd><p>
|
||||
Look for key files (or, in keyset mode,
|
||||
@ -64,12 +68,23 @@
|
||||
<code class="option">directory</code>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
|
||||
<dd><p>
|
||||
<dd>
|
||||
<p>
|
||||
Zone file mode: in place of the keyfile name, the argument is
|
||||
the DNS domain name of a zone master file, which can be read
|
||||
from <code class="option">file</code>. If the zone name is the same as
|
||||
<code class="option">file</code>, then it may be omitted.
|
||||
</p></dd>
|
||||
</p>
|
||||
<p>
|
||||
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
|
||||
the zone data is read from the standard input. This makes it
|
||||
possible to use the output of the <span><strong class="command">dig</strong></span>
|
||||
command as input, as in:
|
||||
</p>
|
||||
<p>
|
||||
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-A</span></dt>
|
||||
<dd><p>
|
||||
Include ZSK's when generating DS records. Without this option,
|
||||
@ -101,7 +116,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543667"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2543726"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
To build the SHA-256 DS RR from the
|
||||
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
|
||||
@ -116,7 +131,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543697"></a><h2>FILES</h2>
|
||||
<a name="id2543756"></a><h2>FILES</h2>
|
||||
<p>
|
||||
The keyfile can be designed by the key identification
|
||||
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
|
||||
@ -130,13 +145,13 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543732"></a><h2>CAVEAT</h2>
|
||||
<a name="id2543792"></a><h2>CAVEAT</h2>
|
||||
<p>
|
||||
A keyfile error can give a "file not found" even if the file exists.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543741"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543801"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -146,7 +161,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543781"></a><h2>AUTHOR</h2>
|
||||
<a name="id2543841"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -32,7 +32,7 @@
|
||||
dnssec\-keyfromlabel \- DNSSEC key generation tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 20
|
||||
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
|
||||
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-keyfromlabel\fR
|
||||
@ -122,6 +122,15 @@ Sets the directory in which the key files are to be written.
|
||||
Generate KEY records rather than DNSKEY records.
|
||||
.RE
|
||||
.PP
|
||||
\-L \fIttl\fR
|
||||
.RS 4
|
||||
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
|
||||
0
|
||||
or
|
||||
none
|
||||
removes it.
|
||||
.RE
|
||||
.PP
|
||||
\-p \fIprotocol\fR
|
||||
.RS 4
|
||||
Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011/11/30 00:51:38 marka Exp $ */
|
||||
/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -85,6 +85,7 @@ usage(void) {
|
||||
fprintf(stderr, " -K directory: directory in which to place "
|
||||
"key files\n");
|
||||
fprintf(stderr, " -k: generate a TYPE=KEY key\n");
|
||||
fprintf(stderr, " -L ttl: default key TTL\n");
|
||||
fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
|
||||
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
|
||||
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
|
||||
@ -139,12 +140,13 @@ main(int argc, char **argv) {
|
||||
dns_rdataclass_t rdclass;
|
||||
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
|
||||
char *label = NULL;
|
||||
dns_ttl_t ttl = 0;
|
||||
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
|
||||
isc_stdtime_t inactive = 0, delete = 0;
|
||||
isc_stdtime_t now;
|
||||
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
|
||||
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
|
||||
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
|
||||
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
|
||||
isc_boolean_t unsetdel = ISC_FALSE;
|
||||
@ -166,7 +168,7 @@ main(int argc, char **argv) {
|
||||
isc_stdtime_get(&now);
|
||||
|
||||
while ((ch = isc_commandline_parse(argc, argv,
|
||||
"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
|
||||
"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
|
||||
{
|
||||
switch (ch) {
|
||||
case '3':
|
||||
@ -204,6 +206,13 @@ main(int argc, char **argv) {
|
||||
case 'k':
|
||||
options |= DST_TYPE_KEY;
|
||||
break;
|
||||
case 'L':
|
||||
if (strcmp(isc_commandline_argument, "none") == 0)
|
||||
ttl = 0;
|
||||
else
|
||||
ttl = strtottl(isc_commandline_argument);
|
||||
setttl = ISC_TRUE;
|
||||
break;
|
||||
case 'l':
|
||||
label = isc_mem_strdup(mctx, isc_commandline_argument);
|
||||
break;
|
||||
@ -517,6 +526,10 @@ main(int argc, char **argv) {
|
||||
dst_key_setprivateformat(key, 1, 2);
|
||||
}
|
||||
|
||||
/* Set default key TTL */
|
||||
if (setttl)
|
||||
dst_key_setttl(key, ttl);
|
||||
|
||||
/*
|
||||
* Do not overwrite an existing key. Warn LOUDLY if there
|
||||
* is a risk of ID collision due to this key or another key
|
||||
|
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011/02/28 01:19:58 tbox Exp $ -->
|
||||
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
|
||||
<refentry id="man.dnssec-keyfromlabel">
|
||||
<refentryinfo>
|
||||
<date>February 8, 2008</date>
|
||||
@ -60,6 +60,7 @@
|
||||
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-k</option></arg>
|
||||
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
|
||||
<arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
|
||||
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
|
||||
@ -236,6 +237,20 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L <replaceable class="parameter">ttl</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<literal>0</literal> or <literal>none</literal> removes it.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p <replaceable class="parameter">protocol</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -28,10 +28,10 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543498"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543507"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
|
||||
gets keys with the given label from a crypto hardware and builds
|
||||
key files for DNSSEC (Secure DNS), as defined in RFC 2535
|
||||
@ -44,7 +44,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543516"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543525"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
|
||||
<dd>
|
||||
@ -135,6 +135,15 @@
|
||||
<dd><p>
|
||||
Generate KEY records rather than DNSKEY records.
|
||||
</p></dd>
|
||||
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<code class="literal">0</code> or <code class="literal">none</code> removes it.
|
||||
</p></dd>
|
||||
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the protocol value for the key. The protocol
|
||||
@ -164,7 +173,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2543980"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -211,7 +220,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
|
||||
<a name="id2543054"></a><h2>GENERATED KEY FILES</h2>
|
||||
<p>
|
||||
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
|
||||
successfully,
|
||||
@ -250,7 +259,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544119"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543127"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -258,7 +267,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544152"></a><h2>AUTHOR</h2>
|
||||
<a name="id2543160"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,7 +33,7 @@
|
||||
dnssec\-keygen \- DNSSEC key generation tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 14
|
||||
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
|
||||
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-keygen\fR
|
||||
@ -103,11 +103,6 @@ Indicates that the DNS record containing the key should have the specified class
|
||||
Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
|
||||
.RE
|
||||
.PP
|
||||
\-e
|
||||
.RS 4
|
||||
If generating an RSAMD5/RSASHA1 key, use a large exponent.
|
||||
.RE
|
||||
.PP
|
||||
\-f \fIflag\fR
|
||||
.RS 4
|
||||
Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
|
||||
@ -139,6 +134,15 @@ Sets the directory in which the key files are to be written.
|
||||
Deprecated in favor of \-T KEY.
|
||||
.RE
|
||||
.PP
|
||||
\-L \fIttl\fR
|
||||
.RS 4
|
||||
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
|
||||
0
|
||||
or
|
||||
none
|
||||
removes it.
|
||||
.RE
|
||||
.PP
|
||||
\-p \fIprotocol\fR
|
||||
.RS 4
|
||||
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
|
||||
@ -298,7 +302,7 @@ RFC 4034.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004, 2005, 2007\-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2003 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -29,7 +29,7 @@
|
||||
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */
|
||||
/* $Id: dnssec-keygen.c,v 1.120 2011/11/30 00:48:51 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -124,11 +124,12 @@ usage(void) {
|
||||
#else
|
||||
fprintf(stderr, " -E <engine name>\n");
|
||||
#endif
|
||||
fprintf(stderr, " -e: use large exponent (RSAMD5/RSASHA1 only)\n");
|
||||
fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n");
|
||||
fprintf(stderr, " -g <generator>: use specified generator "
|
||||
"(DH only)\n");
|
||||
fprintf(stderr, " -L <ttl>: default key TTL\n");
|
||||
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
|
||||
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
|
||||
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
|
||||
"records with (default: 0)\n");
|
||||
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
|
||||
@ -137,8 +138,6 @@ usage(void) {
|
||||
fprintf(stderr, " -t <type>: "
|
||||
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
|
||||
"(default: AUTHCONF)\n");
|
||||
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
|
||||
|
||||
fprintf(stderr, " -h: print usage and exit\n");
|
||||
fprintf(stderr, " -m <memory debugging mode>:\n");
|
||||
fprintf(stderr, " usage | trace | record | size | mctx\n");
|
||||
@ -212,7 +211,7 @@ main(int argc, char **argv) {
|
||||
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
|
||||
isc_boolean_t oldstyle = ISC_FALSE;
|
||||
isc_mem_t *mctx = NULL;
|
||||
int ch, rsa_exp = 0, generator = 0, param = 0;
|
||||
int ch, generator = 0, param = 0;
|
||||
int protocol = -1, size = -1, signatory = 0;
|
||||
isc_result_t ret;
|
||||
isc_textregion_t r;
|
||||
@ -231,6 +230,7 @@ main(int argc, char **argv) {
|
||||
dns_rdataclass_t rdclass;
|
||||
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
|
||||
int dbits = 0;
|
||||
dns_ttl_t ttl = 0;
|
||||
isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
|
||||
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
|
||||
isc_stdtime_t inactive = 0, delete = 0;
|
||||
@ -238,7 +238,7 @@ main(int argc, char **argv) {
|
||||
int prepub = -1;
|
||||
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
|
||||
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
|
||||
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
|
||||
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
|
||||
isc_boolean_t unsetdel = ISC_FALSE;
|
||||
@ -257,7 +257,7 @@ main(int argc, char **argv) {
|
||||
/*
|
||||
* Process memory debugging argument first.
|
||||
*/
|
||||
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
|
||||
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:"
|
||||
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
|
||||
switch (ch) {
|
||||
case 'm':
|
||||
@ -310,7 +310,9 @@ main(int argc, char **argv) {
|
||||
engine = isc_commandline_argument;
|
||||
break;
|
||||
case 'e':
|
||||
rsa_exp = 1;
|
||||
fprintf(stderr,
|
||||
"phased-out option -e "
|
||||
"(was 'use (RSA) large exponent)\n");
|
||||
break;
|
||||
case 'f':
|
||||
c = (unsigned char)(isc_commandline_argument[0]);
|
||||
@ -340,6 +342,13 @@ main(int argc, char **argv) {
|
||||
"To generate a key-signing key, use -f KSK.\n"
|
||||
"To generate a key with TYPE=KEY, use -T KEY.\n");
|
||||
break;
|
||||
case 'L':
|
||||
if (strcmp(isc_commandline_argument, "none") == 0)
|
||||
ttl = 0;
|
||||
else
|
||||
ttl = strtottl(isc_commandline_argument);
|
||||
setttl = ISC_TRUE;
|
||||
break;
|
||||
case 'n':
|
||||
nametype = isc_commandline_argument;
|
||||
break;
|
||||
@ -782,13 +791,6 @@ main(int argc, char **argv) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
|
||||
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
|
||||
alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
|
||||
alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
|
||||
rsa_exp != 0)
|
||||
fatal("specified RSA exponent for a non-RSA key");
|
||||
|
||||
if (alg != DNS_KEYALG_DH && generator != 0)
|
||||
fatal("specified DH generator for a non-DH key");
|
||||
|
||||
@ -848,7 +850,6 @@ main(int argc, char **argv) {
|
||||
case DNS_KEYALG_NSEC3RSASHA1:
|
||||
case DNS_KEYALG_RSASHA256:
|
||||
case DNS_KEYALG_RSASHA512:
|
||||
param = rsa_exp;
|
||||
show_progress = ISC_TRUE;
|
||||
break;
|
||||
|
||||
@ -983,6 +984,10 @@ main(int argc, char **argv) {
|
||||
dst_key_setprivateformat(key, 1, 2);
|
||||
}
|
||||
|
||||
/* Set the default key TTL */
|
||||
if (setttl)
|
||||
dst_key_setttl(key, ttl);
|
||||
|
||||
/*
|
||||
* Do not overwrite an existing key, or create a key
|
||||
* if there is a risk of ID collision due to this key
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-keygen.docbook,v 1.36 2010/12/23 04:07:59 marka Exp $ -->
|
||||
<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ -->
|
||||
<refentry id="man.dnssec-keygen">
|
||||
<refentryinfo>
|
||||
<date>June 30, 2000</date>
|
||||
@ -43,6 +43,7 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2012</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
@ -67,7 +68,6 @@
|
||||
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
|
||||
<arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
|
||||
<arg><option>-e</option></arg>
|
||||
<arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
|
||||
<arg><option>-G</option></arg>
|
||||
<arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
|
||||
@ -75,6 +75,7 @@
|
||||
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
|
||||
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
|
||||
<arg><option>-k</option></arg>
|
||||
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
|
||||
@ -231,15 +232,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-e</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If generating an RSAMD5/RSASHA1 key, use a large exponent.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f <replaceable class="parameter">flag</replaceable></term>
|
||||
<listitem>
|
||||
@ -300,6 +292,20 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L <replaceable class="parameter">ttl</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<literal>0</literal> or <literal>none</literal> removes it.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p <replaceable class="parameter">protocol</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -29,10 +29,10 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543582"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543590"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-keygen</strong></span>
|
||||
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
|
||||
and RFC 4034. It can also generate keys for use with
|
||||
@ -46,7 +46,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543601"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543608"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
|
||||
<dd>
|
||||
@ -139,10 +139,6 @@
|
||||
support it defaults to pkcs11; the empty name resets it to
|
||||
no engine.
|
||||
</p></dd>
|
||||
<dt><span class="term">-e</span></dt>
|
||||
<dd><p>
|
||||
If generating an RSAMD5/RSASHA1 key, use a large exponent.
|
||||
</p></dd>
|
||||
<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
|
||||
<dd><p>
|
||||
Set the specified flag in the flag field of the KEY/DNSKEY record.
|
||||
@ -173,6 +169,15 @@
|
||||
<dd><p>
|
||||
Deprecated in favor of -T KEY.
|
||||
</p></dd>
|
||||
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<code class="literal">0</code> or <code class="literal">none</code> removes it.
|
||||
</p></dd>
|
||||
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the protocol value for the generated key. The protocol
|
||||
@ -251,7 +256,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2544187"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -322,7 +327,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544359"></a><h2>GENERATED KEYS</h2>
|
||||
<a name="id2544377"></a><h2>GENERATED KEYS</h2>
|
||||
<p>
|
||||
When <span><strong class="command">dnssec-keygen</strong></span> completes
|
||||
successfully,
|
||||
@ -368,7 +373,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544441"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2544459"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
To generate a 768-bit DSA key for the domain
|
||||
<strong class="userinput"><code>example.com</code></strong>, the following command would be
|
||||
@ -389,7 +394,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544485"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2544571"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 2539</em>,
|
||||
@ -398,7 +403,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544584"></a><h2>AUTHOR</h2>
|
||||
<a name="id2544602"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-revoke.c,v 1.22.124.2 2011/10/20 23:46:27 tbox Exp $ */
|
||||
/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-revoke.docbook,v 1.7.266.2 2011/10/20 23:46:27 tbox Exp $ -->
|
||||
<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
|
||||
<refentry id="man.dnssec-revoke">
|
||||
<refentryinfo>
|
||||
<date>June 1, 2009</date>
|
||||
|
@ -32,7 +32,7 @@
|
||||
dnssec\-settime \- Set the key timing metadata for a DNSSEC key
|
||||
.SH "SYNOPSIS"
|
||||
.HP 15
|
||||
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
|
||||
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-settime\fR
|
||||
@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will
|
||||
Sets the directory in which the key files are to reside.
|
||||
.RE
|
||||
.PP
|
||||
\-L \fIttl\fR
|
||||
.RS 4
|
||||
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
|
||||
0
|
||||
or
|
||||
none
|
||||
removes it.
|
||||
.RE
|
||||
.PP
|
||||
\-h
|
||||
.RS 4
|
||||
Emit usage message and exit.
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-settime.c,v 1.28.16.3 2011/06/02 20:24:11 each Exp $ */
|
||||
/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -66,6 +66,7 @@ usage(void) {
|
||||
fprintf(stderr, " -f: force update of old-style "
|
||||
"keys\n");
|
||||
fprintf(stderr, " -K directory: set key file location\n");
|
||||
fprintf(stderr, " -L ttl: set default key TTL\n");
|
||||
fprintf(stderr, " -v level: set level of verbosity\n");
|
||||
fprintf(stderr, " -h: help\n");
|
||||
fprintf(stderr, "Timing options:\n");
|
||||
@ -137,12 +138,13 @@ main(int argc, char **argv) {
|
||||
unsigned int size = 0;
|
||||
isc_uint16_t flags = 0;
|
||||
int prepub = -1;
|
||||
dns_ttl_t ttl = 0;
|
||||
isc_stdtime_t now;
|
||||
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
|
||||
isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
|
||||
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
|
||||
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
|
||||
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
|
||||
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
|
||||
isc_boolean_t unsetdel = ISC_FALSE;
|
||||
@ -169,7 +171,7 @@ main(int argc, char **argv) {
|
||||
|
||||
isc_stdtime_get(&now);
|
||||
|
||||
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:P:p:R:S:uv:"
|
||||
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
|
||||
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
|
||||
switch (ch) {
|
||||
case 'E':
|
||||
@ -233,6 +235,13 @@ main(int argc, char **argv) {
|
||||
"directory");
|
||||
}
|
||||
break;
|
||||
case 'L':
|
||||
if (strcmp(isc_commandline_argument, "none") == 0)
|
||||
ttl = 0;
|
||||
else
|
||||
ttl = strtottl(isc_commandline_argument);
|
||||
setttl = ISC_TRUE;
|
||||
break;
|
||||
case 'v':
|
||||
verbose = strtol(isc_commandline_argument, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
@ -535,6 +544,9 @@ main(int argc, char **argv) {
|
||||
else if (unsetdel)
|
||||
dst_key_unsettime(key, DST_TIME_DELETE);
|
||||
|
||||
if (setttl)
|
||||
dst_key_setttl(key, ttl);
|
||||
|
||||
/*
|
||||
* No metadata changes were made but we're forcing an upgrade
|
||||
* to the new format anyway: use "-P now -A now" as the default
|
||||
@ -545,6 +557,9 @@ main(int argc, char **argv) {
|
||||
changed = ISC_TRUE;
|
||||
}
|
||||
|
||||
if (!changed && setttl)
|
||||
changed = ISC_TRUE;
|
||||
|
||||
/*
|
||||
* Print out time values, if -p was used.
|
||||
*/
|
||||
|
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-settime.docbook,v 1.11.70.3 2011/11/03 20:21:30 each Exp $ -->
|
||||
<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
|
||||
<refentry id="man.dnssec-settime">
|
||||
<refentryinfo>
|
||||
<date>July 15, 2009</date>
|
||||
@ -48,6 +48,7 @@
|
||||
<command>dnssec-settime</command>
|
||||
<arg><option>-f</option></arg>
|
||||
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
|
||||
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
@ -116,6 +117,20 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L <replaceable class="parameter">ttl</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<literal>0</literal> or <literal>none</literal> removes it.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-h</term>
|
||||
<listitem>
|
||||
|
@ -28,10 +28,10 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543424"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543432"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-settime</strong></span>
|
||||
reads a DNSSEC private key file and sets the key timing metadata
|
||||
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
|
||||
@ -57,7 +57,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543472"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543480"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-f</span></dt>
|
||||
<dd><p>
|
||||
@ -74,6 +74,15 @@
|
||||
<dd><p>
|
||||
Sets the directory in which the key files are to reside.
|
||||
</p></dd>
|
||||
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the default TTL to use for this key when it is converted
|
||||
into a DNSKEY RR. If the key is imported into a zone,
|
||||
this is the TTL that will be used for it, unless there was
|
||||
already a DNSKEY RRset in place, in which case the existing TTL
|
||||
would take precedence. Setting the default TTL to
|
||||
<code class="literal">0</code> or <code class="literal">none</code> removes it.
|
||||
</p></dd>
|
||||
<dt><span class="term">-h</span></dt>
|
||||
<dd><p>
|
||||
Emit usage message and exit.
|
||||
@ -90,7 +99,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543563"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2543664"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -169,7 +178,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543770"></a><h2>PRINTING OPTIONS</h2>
|
||||
<a name="id2543802"></a><h2>PRINTING OPTIONS</h2>
|
||||
<p>
|
||||
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
|
||||
timing metadata associated with a key.
|
||||
@ -195,7 +204,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543848"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543880"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -203,7 +212,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543881"></a><h2>AUTHOR</h2>
|
||||
<a name="id2542138"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,7 +33,7 @@
|
||||
dnssec\-signzone \- DNSSEC zone signing tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 16
|
||||
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
|
||||
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-signzone\fR
|
||||
@ -72,6 +72,15 @@ files in
|
||||
\fBdirectory\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-D
|
||||
.RS 4
|
||||
Output only those record types automatically managed by
|
||||
\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
|
||||
\fB$INCLUDE\fR. This option cannot be combined with
|
||||
\fB\-O raw\fR
|
||||
or serial number updating.
|
||||
.RE
|
||||
.PP
|
||||
\-E \fIengine\fR
|
||||
.RS 4
|
||||
Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
|
||||
@ -119,11 +128,29 @@ must be later than
|
||||
\fBstart\-time\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-X \fIextended end\-time\fR
|
||||
.RS 4
|
||||
Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually.
|
||||
.sp
|
||||
As with
|
||||
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
|
||||
\fBextended end\-time\fR
|
||||
is specified, the value of
|
||||
\fBend\-time\fR
|
||||
is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.)
|
||||
\fBextended end\-time\fR
|
||||
must be later than
|
||||
\fBstart\-time\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-f \fIoutput\-file\fR
|
||||
.RS 4
|
||||
The name of the output file containing the signed zone. The default is to append
|
||||
\fI.signed\fR
|
||||
to the input filename.
|
||||
to the input filename. If
|
||||
\fBoutput\-file\fR
|
||||
is set to
|
||||
"\-", then the signed zone is written to the standard output, with a default output format of "full".
|
||||
.RE
|
||||
.PP
|
||||
\-h
|
||||
@ -164,6 +191,11 @@ option specifies a jitter window that will be used to randomize the signature ex
|
||||
Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
|
||||
.RE
|
||||
.PP
|
||||
\-L \fIserial\fR
|
||||
.RS 4
|
||||
When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
|
||||
.RE
|
||||
.PP
|
||||
\-n \fIncpus\fR
|
||||
.RS 4
|
||||
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
|
||||
@ -205,8 +237,15 @@ The zone origin. If not specified, the name of the zone file is assumed to be th
|
||||
.RS 4
|
||||
The format of the output file containing the signed zone. Possible formats are
|
||||
\fB"text"\fR
|
||||
(default) and
|
||||
\fB"raw"\fR.
|
||||
(default)
|
||||
\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
|
||||
\fB"raw"\fR
|
||||
or
|
||||
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
|
||||
\fBnamed\fR.
|
||||
\fB"raw=N"\fR
|
||||
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
|
||||
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
|
||||
.RE
|
||||
.PP
|
||||
\-p
|
||||
@ -221,6 +260,17 @@ Disable post sign verification tests.
|
||||
The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
|
||||
.RE
|
||||
.PP
|
||||
\-R
|
||||
.RS 4
|
||||
Remove signatures from keys that no longer exist.
|
||||
.sp
|
||||
Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The
|
||||
\fB\-R\fR
|
||||
forces
|
||||
\fBdnssec\-signzone\fR
|
||||
to remove all orphaned signatures.
|
||||
.RE
|
||||
.PP
|
||||
\-r \fIrandomdev\fR
|
||||
.RS 4
|
||||
Specifies the source of randomness. If the operating system does not provide a
|
||||
@ -265,8 +315,8 @@ If either of the key's unpublication or deletion dates are set and in the past,
|
||||
.PP
|
||||
\-T \fIttl\fR
|
||||
.RS 4
|
||||
Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without
|
||||
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them.
|
||||
Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without
|
||||
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used.
|
||||
.RE
|
||||
.PP
|
||||
\-t
|
||||
@ -378,7 +428,7 @@ RFC 4033.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2003 Internet Software Consortium.
|
||||
.br
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ -->
|
||||
<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
|
||||
<refentry id="man.dnssec-signzone">
|
||||
<refentryinfo>
|
||||
<date>June 05, 2009</date>
|
||||
@ -43,6 +43,7 @@
|
||||
<year>2007</year>
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2011</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -60,6 +61,7 @@
|
||||
<arg><option>-a</option></arg>
|
||||
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
|
||||
<arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-D</option></arg>
|
||||
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
|
||||
<arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
|
||||
<arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
|
||||
@ -67,6 +69,7 @@
|
||||
<arg><option>-h</option></arg>
|
||||
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
|
||||
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
|
||||
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
|
||||
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
|
||||
<arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
|
||||
@ -74,8 +77,9 @@
|
||||
<arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
|
||||
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
|
||||
<arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
|
||||
<arg><option>-p</option></arg>
|
||||
<arg><option>-P</option></arg>
|
||||
<arg><option>-p</option></arg>
|
||||
<arg><option>-R</option></arg>
|
||||
<arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
|
||||
<arg><option>-S</option></arg>
|
||||
<arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
|
||||
@ -83,6 +87,7 @@
|
||||
<arg><option>-t</option></arg>
|
||||
<arg><option>-u</option></arg>
|
||||
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
|
||||
<arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
|
||||
<arg><option>-x</option></arg>
|
||||
<arg><option>-z</option></arg>
|
||||
<arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
|
||||
@ -151,6 +156,22 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-D</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Output only those record types automatically managed by
|
||||
<command>dnssec-signzone</command>, i.e. RRSIG, NSEC,
|
||||
NSEC3 and NSEC3PARAM records. If smart signing
|
||||
(<option>-S</option>) is used, DNSKEY records are also
|
||||
included. The resulting file can be included in the original
|
||||
zone file with <command>$INCLUDE</command>. This option
|
||||
cannot be combined with <option>-O raw</option> or serial
|
||||
number updating.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-E <replaceable class="parameter">engine</replaceable></term>
|
||||
<listitem>
|
||||
@ -237,14 +258,41 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-X <replaceable class="parameter">extended end-time</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specify the date and time when the generated RRSIG records
|
||||
for the DNSKEY RRset will expire. This is to be used in cases
|
||||
when the DNSKEY signatures need to persist longer than
|
||||
signatures on other records; e.g., when the private component
|
||||
of the KSK is kept offline and the KSK signature is to be
|
||||
refreshed manually.
|
||||
</para>
|
||||
<para>
|
||||
As with <option>start-time</option>, an absolute
|
||||
time is indicated in YYYYMMDDHHMMSS notation. A time relative
|
||||
to the start time is indicated with +N, which is N seconds from
|
||||
the start time. A time relative to the current time is
|
||||
indicated with now+N. If no <option>extended end-time</option> is
|
||||
specified, the value of <option>end-time</option> is used as
|
||||
the default. (<option>end-time</option>, in turn, defaults to
|
||||
30 days from the start time.) <option>extended end-time</option>
|
||||
must be later than <option>start-time</option>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f <replaceable class="parameter">output-file</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The name of the output file containing the signed zone. The
|
||||
default is to append <filename>.signed</filename> to
|
||||
the
|
||||
input filename.
|
||||
the input filename. If <option>output-file</option> is
|
||||
set to <literal>"-"</literal>, then the signed zone is
|
||||
written to the standard output, with a default output
|
||||
format of "full".
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -324,6 +372,17 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L <replaceable class="parameter">serial</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
When writing a signed zone to 'raw' format, set the "source serial"
|
||||
value in the header to the specified serial number. (This is
|
||||
expected to be used primarily for testing purposes.)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n <replaceable class="parameter">ncpus</replaceable></term>
|
||||
<listitem>
|
||||
@ -388,7 +447,15 @@
|
||||
<para>
|
||||
The format of the output file containing the signed zone.
|
||||
Possible formats are <command>"text"</command> (default)
|
||||
and <command>"raw"</command>.
|
||||
<command>"full"</command>, which is text output in a
|
||||
format suitable for processing by external scripts,
|
||||
and <command>"raw"</command> or <command>"raw=N"</command>,
|
||||
which store the zone in a binary format for rapid loading
|
||||
by <command>named</command>. <command>"raw=N"</command>
|
||||
specifies the format version of the raw zone file: if N
|
||||
is 0, the raw file can be read by any version of
|
||||
<command>named</command>; if N is 1, the file can be
|
||||
read by release 9.9.0 or higher. The default is 1.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -421,6 +488,24 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-R</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Remove signatures from keys that no longer exist.
|
||||
</para>
|
||||
<para>
|
||||
Normally, when a previously-signed zone is passed as input
|
||||
to the signer, and a DNSKEY record has been removed and
|
||||
replaced with a new one, signatures from the old key
|
||||
that are still within their validity period are retained.
|
||||
This allows the zone to continue to validate with cached
|
||||
copies of the old DNSKEY RRset. The <option>-R</option> forces
|
||||
<command>dnssec-signzone</command> to remove all orphaned
|
||||
signatures.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
@ -508,15 +593,17 @@
|
||||
<term>-T <replaceable class="parameter">ttl</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the TTL to be used for new DNSKEY records imported
|
||||
into the zone from the key repository. If not specified,
|
||||
the default is the minimum TTL value from the zone's SOA
|
||||
Specifies a TTL to be used for new DNSKEY records imported
|
||||
into the zone from the key repository. If not
|
||||
specified, the default is the TTL value from the zone's SOA
|
||||
record. This option is ignored when signing without
|
||||
<option>-S</option>, since DNSKEY records are not imported
|
||||
from the key repository in that case. It is also ignored if
|
||||
there are any pre-existing DNSKEY records at the zone apex,
|
||||
in which case new records' TTL values will be set to match
|
||||
them.
|
||||
them, or if any of the imported DNSKEY records had a default
|
||||
TTL value. In the event of a a conflict between TTL values in
|
||||
imported keys, the shortest one is used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -29,10 +29,10 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543597"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543626"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-signzone</strong></span>
|
||||
signs a zone. It generates
|
||||
NSEC and RRSIG records and produces a signed version of the
|
||||
@ -43,7 +43,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543612"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543641"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a</span></dt>
|
||||
<dd><p>
|
||||
@ -67,6 +67,17 @@
|
||||
Look for <code class="filename">dsset-</code> or
|
||||
<code class="filename">keyset-</code> files in <code class="option">directory</code>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-D</span></dt>
|
||||
<dd><p>
|
||||
Output only those record types automatically managed by
|
||||
<span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
|
||||
NSEC3 and NSEC3PARAM records. If smart signing
|
||||
(<code class="option">-S</code>) is used, DNSKEY records are also
|
||||
included. The resulting file can be included in the original
|
||||
zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
|
||||
cannot be combined with <code class="option">-O raw</code> or serial
|
||||
number updating.
|
||||
</p></dd>
|
||||
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
|
||||
<dd><p>
|
||||
Uses a crypto hardware (OpenSSL engine) for the crypto operations
|
||||
@ -118,12 +129,36 @@
|
||||
<code class="option">end-time</code> must be later than
|
||||
<code class="option">start-time</code>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-X <em class="replaceable"><code>extended end-time</code></em></span></dt>
|
||||
<dd>
|
||||
<p>
|
||||
Specify the date and time when the generated RRSIG records
|
||||
for the DNSKEY RRset will expire. This is to be used in cases
|
||||
when the DNSKEY signatures need to persist longer than
|
||||
signatures on other records; e.g., when the private component
|
||||
of the KSK is kept offline and the KSK signature is to be
|
||||
refreshed manually.
|
||||
</p>
|
||||
<p>
|
||||
As with <code class="option">start-time</code>, an absolute
|
||||
time is indicated in YYYYMMDDHHMMSS notation. A time relative
|
||||
to the start time is indicated with +N, which is N seconds from
|
||||
the start time. A time relative to the current time is
|
||||
indicated with now+N. If no <code class="option">extended end-time</code> is
|
||||
specified, the value of <code class="option">end-time</code> is used as
|
||||
the default. (<code class="option">end-time</code>, in turn, defaults to
|
||||
30 days from the start time.) <code class="option">extended end-time</code>
|
||||
must be later than <code class="option">start-time</code>.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
|
||||
<dd><p>
|
||||
The name of the output file containing the signed zone. The
|
||||
default is to append <code class="filename">.signed</code> to
|
||||
the
|
||||
input filename.
|
||||
the input filename. If <code class="option">output-file</code> is
|
||||
set to <code class="literal">"-"</code>, then the signed zone is
|
||||
written to the standard output, with a default output
|
||||
format of "full".
|
||||
</p></dd>
|
||||
<dt><span class="term">-h</span></dt>
|
||||
<dd><p>
|
||||
@ -184,6 +219,12 @@
|
||||
validators need to refetch at mostly the same time.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
|
||||
<dd><p>
|
||||
When writing a signed zone to 'raw' format, set the "source serial"
|
||||
value in the header to the specified serial number. (This is
|
||||
expected to be used primarily for testing purposes.)
|
||||
</p></dd>
|
||||
<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specifies the number of threads to use. By default, one
|
||||
@ -217,7 +258,15 @@
|
||||
<dd><p>
|
||||
The format of the output file containing the signed zone.
|
||||
Possible formats are <span><strong class="command">"text"</strong></span> (default)
|
||||
and <span><strong class="command">"raw"</strong></span>.
|
||||
<span><strong class="command">"full"</strong></span>, which is text output in a
|
||||
format suitable for processing by external scripts,
|
||||
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
|
||||
which store the zone in a binary format for rapid loading
|
||||
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
|
||||
specifies the format version of the raw zone file: if N
|
||||
is 0, the raw file can be read by any version of
|
||||
<span><strong class="command">named</strong></span>; if N is 1, the file can be
|
||||
read by release 9.9.0 or higher. The default is 1.
|
||||
</p></dd>
|
||||
<dt><span class="term">-p</span></dt>
|
||||
<dd><p>
|
||||
@ -239,6 +288,22 @@
|
||||
This option skips these tests.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-R</span></dt>
|
||||
<dd>
|
||||
<p>
|
||||
Remove signatures from keys that no longer exist.
|
||||
</p>
|
||||
<p>
|
||||
Normally, when a previously-signed zone is passed as input
|
||||
to the signer, and a DNSKEY record has been removed and
|
||||
replaced with a new one, signatures from the old key
|
||||
that are still within their validity period are retained.
|
||||
This allows the zone to continue to validate with cached
|
||||
copies of the old DNSKEY RRset. The <code class="option">-R</code> forces
|
||||
<span><strong class="command">dnssec-signzone</strong></span> to remove all orphaned
|
||||
signatures.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specifies the source of randomness. If the operating
|
||||
@ -297,15 +362,17 @@
|
||||
</dd>
|
||||
<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specifies the TTL to be used for new DNSKEY records imported
|
||||
into the zone from the key repository. If not specified,
|
||||
the default is the minimum TTL value from the zone's SOA
|
||||
Specifies a TTL to be used for new DNSKEY records imported
|
||||
into the zone from the key repository. If not
|
||||
specified, the default is the TTL value from the zone's SOA
|
||||
record. This option is ignored when signing without
|
||||
<code class="option">-S</code>, since DNSKEY records are not imported
|
||||
from the key repository in that case. It is also ignored if
|
||||
there are any pre-existing DNSKEY records at the zone apex,
|
||||
in which case new records' TTL values will be set to match
|
||||
them.
|
||||
them, or if any of the imported DNSKEY records had a default
|
||||
TTL value. In the event of a a conflict between TTL values in
|
||||
imported keys, the shortest one is used.
|
||||
</p></dd>
|
||||
<dt><span class="term">-t</span></dt>
|
||||
<dd><p>
|
||||
@ -379,7 +446,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544965"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2545127"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
The following command signs the <strong class="userinput"><code>example.com</code></strong>
|
||||
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
|
||||
@ -409,14 +476,14 @@ db.example.com.signed
|
||||
%</pre>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545020"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2545182"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 4033</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545045"></a><h2>AUTHOR</h2>
|
||||
<a name="id2545207"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
97
contrib/bind9/bin/dnssec/dnssec-verify.8
Normal file
97
contrib/bind9/bin/dnssec/dnssec-verify.8
Normal file
@ -0,0 +1,97 @@
|
||||
.\" Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
.\" copyright notice and this permission notice appear in all copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
.\" PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.hy 0
|
||||
.ad l
|
||||
.\" Title: dnssec\-verify
|
||||
.\" Author:
|
||||
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
||||
.\" Date: April 12, 2012
|
||||
.\" Manual: BIND9
|
||||
.\" Source: BIND9
|
||||
.\"
|
||||
.TH "DNSSEC\-VERIFY" "8" "April 12, 2012" "BIND9" "BIND9"
|
||||
.\" disable hyphenation
|
||||
.nh
|
||||
.\" disable justification (adjust text to left margin only)
|
||||
.ad l
|
||||
.SH "NAME"
|
||||
dnssec\-verify \- DNSSEC zone verification tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 14
|
||||
\fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBdnssec\-verify\fR
|
||||
verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete.
|
||||
.SH "OPTIONS"
|
||||
.PP
|
||||
\-c \fIclass\fR
|
||||
.RS 4
|
||||
Specifies the DNS class of the zone.
|
||||
.RE
|
||||
.PP
|
||||
\-I \fIinput\-format\fR
|
||||
.RS 4
|
||||
The format of the input zone file. Possible formats are
|
||||
\fB"text"\fR
|
||||
(default) and
|
||||
\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be verified independently. The use of this option does not make much sense for non\-dynamic zones.
|
||||
.RE
|
||||
.PP
|
||||
\-o \fIorigin\fR
|
||||
.RS 4
|
||||
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
|
||||
.RE
|
||||
.PP
|
||||
\-v \fIlevel\fR
|
||||
.RS 4
|
||||
Sets the debugging level.
|
||||
.RE
|
||||
.PP
|
||||
\-x
|
||||
.RS 4
|
||||
Only verify that the DNSKEY RRset is signed with key\-signing keys. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys. This corresponds to the
|
||||
\fB\-x\fR
|
||||
option in
|
||||
\fBdnssec\-signzone\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-z
|
||||
.RS 4
|
||||
Ignore the KSK flag on the keys when determining whether the zone if correctly signed. Without this flag it is assumed that there will be a non\-revoked, self\-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed with a different DNSKEY without the KSK flag set.
|
||||
.sp
|
||||
With this flag set, we only require that for each algorithm, there will be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets will be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes. This corresponds to the
|
||||
\fB\-z\fR
|
||||
option in
|
||||
\fBdnssec\-signzone\fR.
|
||||
.RE
|
||||
.PP
|
||||
zonefile
|
||||
.RS 4
|
||||
The file containing the zone to be signed.
|
||||
.RE
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
\fBdnssec\-signzone\fR(8),
|
||||
BIND 9 Administrator Reference Manual,
|
||||
RFC 4033.
|
||||
.SH "AUTHOR"
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
328
contrib/bind9/bin/dnssec/dnssec-verify.c
Normal file
328
contrib/bind9/bin/dnssec/dnssec-verify.c
Normal file
@ -0,0 +1,328 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssec-verify.c,v 1.1.2.1 2011/03/16 06:37:51 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <isc/app.h>
|
||||
#include <isc/base32.h>
|
||||
#include <isc/commandline.h>
|
||||
#include <isc/entropy.h>
|
||||
#include <isc/event.h>
|
||||
#include <isc/file.h>
|
||||
#include <isc/hash.h>
|
||||
#include <isc/hex.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/mutex.h>
|
||||
#include <isc/os.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/random.h>
|
||||
#include <isc/rwlock.h>
|
||||
#include <isc/serial.h>
|
||||
#include <isc/stdio.h>
|
||||
#include <isc/stdlib.h>
|
||||
#include <isc/string.h>
|
||||
#include <isc/time.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#include <dns/db.h>
|
||||
#include <dns/dbiterator.h>
|
||||
#include <dns/diff.h>
|
||||
#include <dns/dnssec.h>
|
||||
#include <dns/ds.h>
|
||||
#include <dns/fixedname.h>
|
||||
#include <dns/keyvalues.h>
|
||||
#include <dns/log.h>
|
||||
#include <dns/master.h>
|
||||
#include <dns/masterdump.h>
|
||||
#include <dns/nsec.h>
|
||||
#include <dns/nsec3.h>
|
||||
#include <dns/rdata.h>
|
||||
#include <dns/rdatalist.h>
|
||||
#include <dns/rdataset.h>
|
||||
#include <dns/rdataclass.h>
|
||||
#include <dns/rdatasetiter.h>
|
||||
#include <dns/rdatastruct.h>
|
||||
#include <dns/rdatatype.h>
|
||||
#include <dns/result.h>
|
||||
#include <dns/soa.h>
|
||||
#include <dns/time.h>
|
||||
|
||||
#include <dst/dst.h>
|
||||
|
||||
#include "dnssectool.h"
|
||||
|
||||
const char *program = "dnssec-verify";
|
||||
int verbose;
|
||||
|
||||
static isc_stdtime_t now;
|
||||
static isc_mem_t *mctx = NULL;
|
||||
static isc_entropy_t *ectx = NULL;
|
||||
static dns_masterformat_t inputformat = dns_masterformat_text;
|
||||
static dns_db_t *gdb; /* The database */
|
||||
static dns_dbversion_t *gversion; /* The database version */
|
||||
static dns_rdataclass_t gclass; /* The class */
|
||||
static dns_name_t *gorigin; /* The database origin */
|
||||
static isc_boolean_t ignore_kskflag = ISC_FALSE;
|
||||
static isc_boolean_t keyset_kskonly = ISC_FALSE;
|
||||
|
||||
/*%
|
||||
* Load the zone file from disk
|
||||
*/
|
||||
static void
|
||||
loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
|
||||
isc_buffer_t b;
|
||||
int len;
|
||||
dns_fixedname_t fname;
|
||||
dns_name_t *name;
|
||||
isc_result_t result;
|
||||
|
||||
len = strlen(origin);
|
||||
isc_buffer_init(&b, origin, len);
|
||||
isc_buffer_add(&b, len);
|
||||
|
||||
dns_fixedname_init(&fname);
|
||||
name = dns_fixedname_name(&fname);
|
||||
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("failed converting name '%s' to dns format: %s",
|
||||
origin, isc_result_totext(result));
|
||||
|
||||
result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
|
||||
rdclass, 0, NULL, db);
|
||||
check_result(result, "dns_db_create()");
|
||||
|
||||
result = dns_db_load2(*db, file, inputformat);
|
||||
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
|
||||
fatal("failed loading zone from '%s': %s",
|
||||
file, isc_result_totext(result));
|
||||
}
|
||||
|
||||
ISC_PLATFORM_NORETURN_PRE static void
|
||||
usage(void) ISC_PLATFORM_NORETURN_POST;
|
||||
|
||||
static void
|
||||
usage(void) {
|
||||
fprintf(stderr, "Usage:\n");
|
||||
fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);
|
||||
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
fprintf(stderr, "Version: %s\n", VERSION);
|
||||
|
||||
fprintf(stderr, "Options: (default value in parenthesis) \n");
|
||||
fprintf(stderr, "\t-v debuglevel (0)\n");
|
||||
fprintf(stderr, "\t-o origin:\n");
|
||||
fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
|
||||
fprintf(stderr, "\t-I format:\n");
|
||||
fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
|
||||
fprintf(stderr, "\t-c class (IN)\n");
|
||||
fprintf(stderr, "\t-E engine:\n");
|
||||
#ifdef USE_PKCS11
|
||||
fprintf(stderr, "\t\tname of an OpenSSL engine to use "
|
||||
"(default is \"pkcs11\")\n");
|
||||
#else
|
||||
fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
|
||||
#endif
|
||||
fprintf(stderr, "\t-x:\tDNSKEY record signed with KSKs only, "
|
||||
"not ZSKs\n");
|
||||
fprintf(stderr, "\t-z:\tAll records signed with KSKs\n");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char *argv[]) {
|
||||
char *origin = NULL, *file = NULL;
|
||||
char *inputformatstr = NULL;
|
||||
isc_result_t result;
|
||||
isc_log_t *log = NULL;
|
||||
#ifdef USE_PKCS11
|
||||
const char *engine = "pkcs11";
|
||||
#else
|
||||
const char *engine = NULL;
|
||||
#endif
|
||||
char *classname = NULL;
|
||||
dns_rdataclass_t rdclass;
|
||||
char ch, *endp;
|
||||
|
||||
#define CMDLINE_FLAGS \
|
||||
"m:o:I:c:E:v:xz"
|
||||
|
||||
/*
|
||||
* Process memory debugging argument first.
|
||||
*/
|
||||
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
|
||||
switch (ch) {
|
||||
case 'm':
|
||||
if (strcasecmp(isc_commandline_argument, "record") == 0)
|
||||
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
|
||||
if (strcasecmp(isc_commandline_argument, "trace") == 0)
|
||||
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
|
||||
if (strcasecmp(isc_commandline_argument, "usage") == 0)
|
||||
isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
|
||||
if (strcasecmp(isc_commandline_argument, "size") == 0)
|
||||
isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
|
||||
if (strcasecmp(isc_commandline_argument, "mctx") == 0)
|
||||
isc_mem_debugging |= ISC_MEM_DEBUGCTX;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
isc_commandline_reset = ISC_TRUE;
|
||||
check_result(isc_app_start(), "isc_app_start");
|
||||
|
||||
result = isc_mem_create(0, 0, &mctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("out of memory");
|
||||
|
||||
dns_result_register();
|
||||
|
||||
isc_commandline_errprint = ISC_FALSE;
|
||||
|
||||
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
|
||||
switch (ch) {
|
||||
case 'c':
|
||||
classname = isc_commandline_argument;
|
||||
break;
|
||||
|
||||
case 'E':
|
||||
engine = isc_commandline_argument;
|
||||
break;
|
||||
|
||||
case 'h':
|
||||
usage();
|
||||
break;
|
||||
|
||||
case 'I':
|
||||
inputformatstr = isc_commandline_argument;
|
||||
break;
|
||||
|
||||
case 'm':
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
origin = isc_commandline_argument;
|
||||
break;
|
||||
|
||||
case 'v':
|
||||
endp = NULL;
|
||||
verbose = strtol(isc_commandline_argument, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
fatal("verbose level must be numeric");
|
||||
break;
|
||||
|
||||
case 'x':
|
||||
keyset_kskonly = ISC_TRUE;
|
||||
break;
|
||||
|
||||
case 'z':
|
||||
ignore_kskflag = ISC_TRUE;
|
||||
break;
|
||||
|
||||
case '?':
|
||||
if (isc_commandline_option != '?')
|
||||
fprintf(stderr, "%s: invalid argument -%c\n",
|
||||
program, isc_commandline_option);
|
||||
usage();
|
||||
break;
|
||||
|
||||
default:
|
||||
fprintf(stderr, "%s: unhandled option -%c\n",
|
||||
program, isc_commandline_option);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
if (ectx == NULL)
|
||||
setup_entropy(mctx, NULL, &ectx);
|
||||
|
||||
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("could not create hash context");
|
||||
|
||||
result = dst_lib_init2(mctx, ectx, engine, ISC_ENTROPY_BLOCKING);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("could not initialize dst: %s",
|
||||
isc_result_totext(result));
|
||||
|
||||
isc_stdtime_get(&now);
|
||||
|
||||
rdclass = strtoclass(classname);
|
||||
|
||||
setup_logging(verbose, mctx, &log);
|
||||
|
||||
argc -= isc_commandline_index;
|
||||
argv += isc_commandline_index;
|
||||
|
||||
if (argc < 1)
|
||||
usage();
|
||||
|
||||
file = argv[0];
|
||||
|
||||
argc -= 1;
|
||||
argv += 1;
|
||||
|
||||
POST(argc);
|
||||
POST(argv);
|
||||
|
||||
if (origin == NULL)
|
||||
origin = file;
|
||||
|
||||
if (inputformatstr != NULL) {
|
||||
if (strcasecmp(inputformatstr, "text") == 0)
|
||||
inputformat = dns_masterformat_text;
|
||||
else if (strcasecmp(inputformatstr, "raw") == 0)
|
||||
inputformat = dns_masterformat_raw;
|
||||
else
|
||||
fatal("unknown file format: %s\n", inputformatstr);
|
||||
}
|
||||
|
||||
gdb = NULL;
|
||||
fprintf(stderr, "Loading zone '%s' from file '%s'\n", origin, file);
|
||||
loadzone(file, origin, rdclass, &gdb);
|
||||
gorigin = dns_db_origin(gdb);
|
||||
gclass = dns_db_class(gdb);
|
||||
|
||||
gversion = NULL;
|
||||
result = dns_db_newversion(gdb, &gversion);
|
||||
check_result(result, "dns_db_newversion()");
|
||||
|
||||
verifyzone(gdb, gversion, gorigin, mctx,
|
||||
ignore_kskflag, keyset_kskonly);
|
||||
|
||||
dns_db_closeversion(gdb, &gversion, ISC_FALSE);
|
||||
dns_db_detach(&gdb);
|
||||
|
||||
cleanup_logging(&log);
|
||||
dst_lib_destroy();
|
||||
isc_hash_destroy();
|
||||
cleanup_entropy(&ectx);
|
||||
dns_name_destroy();
|
||||
if (verbose > 10)
|
||||
isc_mem_stats(mctx, stdout);
|
||||
isc_mem_destroy(&mctx);
|
||||
|
||||
(void) isc_app_finish();
|
||||
|
||||
return (0);
|
||||
}
|
185
contrib/bind9/bin/dnssec/dnssec-verify.docbook
Normal file
185
contrib/bind9/bin/dnssec/dnssec-verify.docbook
Normal file
@ -0,0 +1,185 @@
|
||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
- copyright notice and this permission notice appear in all copies.
|
||||
-
|
||||
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: dnssec-verify.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
|
||||
<refentry id="man.dnssec-verify">
|
||||
<refentryinfo>
|
||||
<date>April 12, 2012</date>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle><application>dnssec-verify</application></refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
<refmiscinfo>BIND9</refmiscinfo>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname><application>dnssec-verify</application></refname>
|
||||
<refpurpose>DNSSEC zone verification tool</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<docinfo>
|
||||
<copyright>
|
||||
<year>2012</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
</docinfo>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>dnssec-verify</command>
|
||||
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
|
||||
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
|
||||
<arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
|
||||
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
|
||||
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
|
||||
<arg><option>-x</option></arg>
|
||||
<arg><option>-z</option></arg>
|
||||
<arg choice="req">zonefile</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
<para><command>dnssec-verify</command>
|
||||
verifies that a zone is fully signed for each algorithm found
|
||||
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
|
||||
chains are complete.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-c <replaceable class="parameter">class</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the DNS class of the zone.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-I <replaceable class="parameter">input-format</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The format of the input zone file.
|
||||
Possible formats are <command>"text"</command> (default)
|
||||
and <command>"raw"</command>.
|
||||
This option is primarily intended to be used for dynamic
|
||||
signed zones so that the dumped zone file in a non-text
|
||||
format containing updates can be verified independently.
|
||||
The use of this option does not make much sense for
|
||||
non-dynamic zones.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-o <replaceable class="parameter">origin</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The zone origin. If not specified, the name of the zone file
|
||||
is assumed to be the origin.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-v <replaceable class="parameter">level</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sets the debugging level.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-x</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Only verify that the DNSKEY RRset is signed with key-signing
|
||||
keys. Without this flag, it is assumed that the DNSKEY RRset
|
||||
will be signed by all active keys. When this flag is set,
|
||||
it will not be an error if the DNSKEY RRset is not signed
|
||||
by zone-signing keys. This corresponds to the <option>-x</option>
|
||||
option in <command>dnssec-signzone</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-z</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Ignore the KSK flag on the keys when determining whether
|
||||
the zone if correctly signed. Without this flag it is
|
||||
assumed that there will be a non-revoked, self-signed
|
||||
DNSKEY with the KSK flag set for each algorithm and
|
||||
that RRsets other than DNSKEY RRset will be signed with
|
||||
a different DNSKEY without the KSK flag set.
|
||||
</para>
|
||||
<para>
|
||||
With this flag set, we only require that for each algorithm,
|
||||
there will be at least one non-revoked, self-signed DNSKEY,
|
||||
regardless of the KSK flag state, and that other RRsets
|
||||
will be signed by a non-revoked key for the same algorithm
|
||||
that includes the self-signed key; the same key may be used
|
||||
for both purposes. This corresponds to the <option>-z</option>
|
||||
option in <command>dnssec-signzone</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>zonefile</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The file containing the zone to be signed.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
|
||||
<citetitle>RFC 4033</citetitle>.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
<para><corpauthor>Internet Systems Consortium</corpauthor>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry><!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
-->
|
117
contrib/bind9/bin/dnssec/dnssec-verify.html
Normal file
117
contrib/bind9/bin/dnssec/dnssec-verify.html
Normal file
@ -0,0 +1,117 @@
|
||||
<!--
|
||||
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
- copyright notice and this permission notice appear in all copies.
|
||||
-
|
||||
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
<!-- $Id$ -->
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>dnssec-verify</title>
|
||||
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
|
||||
</head>
|
||||
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
|
||||
<a name="man.dnssec-verify"></a><div class="titlepage"></div>
|
||||
<div class="refnamediv">
|
||||
<h2>Name</h2>
|
||||
<p><span class="application">dnssec-verify</span> — DNSSEC zone verification tool</p>
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543390"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-verify</strong></span>
|
||||
verifies that a zone is fully signed for each algorithm found
|
||||
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
|
||||
chains are complete.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543402"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
|
||||
<dd><p>
|
||||
Specifies the DNS class of the zone.
|
||||
</p></dd>
|
||||
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
|
||||
<dd><p>
|
||||
The format of the input zone file.
|
||||
Possible formats are <span><strong class="command">"text"</strong></span> (default)
|
||||
and <span><strong class="command">"raw"</strong></span>.
|
||||
This option is primarily intended to be used for dynamic
|
||||
signed zones so that the dumped zone file in a non-text
|
||||
format containing updates can be verified independently.
|
||||
The use of this option does not make much sense for
|
||||
non-dynamic zones.
|
||||
</p></dd>
|
||||
<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
|
||||
<dd><p>
|
||||
The zone origin. If not specified, the name of the zone file
|
||||
is assumed to be the origin.
|
||||
</p></dd>
|
||||
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
|
||||
<dd><p>
|
||||
Sets the debugging level.
|
||||
</p></dd>
|
||||
<dt><span class="term">-x</span></dt>
|
||||
<dd><p>
|
||||
Only verify that the DNSKEY RRset is signed with key-signing
|
||||
keys. Without this flag, it is assumed that the DNSKEY RRset
|
||||
will be signed by all active keys. When this flag is set,
|
||||
it will not be an error if the DNSKEY RRset is not signed
|
||||
by zone-signing keys. This corresponds to the <code class="option">-x</code>
|
||||
option in <span><strong class="command">dnssec-signzone</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-z</span></dt>
|
||||
<dd>
|
||||
<p>
|
||||
Ignore the KSK flag on the keys when determining whether
|
||||
the zone if correctly signed. Without this flag it is
|
||||
assumed that there will be a non-revoked, self-signed
|
||||
DNSKEY with the KSK flag set for each algorithm and
|
||||
that RRsets other than DNSKEY RRset will be signed with
|
||||
a different DNSKEY without the KSK flag set.
|
||||
</p>
|
||||
<p>
|
||||
With this flag set, we only require that for each algorithm,
|
||||
there will be at least one non-revoked, self-signed DNSKEY,
|
||||
regardless of the KSK flag state, and that other RRsets
|
||||
will be signed by a non-revoked key for the same algorithm
|
||||
that includes the self-signed key; the same key may be used
|
||||
for both purposes. This corresponds to the <code class="option">-z</code>
|
||||
option in <span><strong class="command">dnssec-signzone</strong></span>.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term">zonefile</span></dt>
|
||||
<dd><p>
|
||||
The file containing the zone to be signed.
|
||||
</p></dd>
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543543"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 4033</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543637"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
</div></body>
|
||||
</html>
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dnssectool.h,v 1.31.162.2 2011/10/20 23:46:27 tbox Exp $ */
|
||||
/* $Id: dnssectool.h,v 1.33 2011/10/20 23:46:51 tbox Exp $ */
|
||||
|
||||
#ifndef DNSSECTOOL_H
|
||||
#define DNSSECTOOL_H 1
|
||||
@ -25,6 +25,11 @@
|
||||
#include <dns/rdatastruct.h>
|
||||
#include <dst/dst.h>
|
||||
|
||||
#define check_dns_dbiterator_current(result) \
|
||||
check_result((result == DNS_R_NEWORIGIN) ? ISC_R_SUCCESS : result, \
|
||||
"dns_dbiterator_current()")
|
||||
|
||||
|
||||
typedef void (fatalcallback_t)(void);
|
||||
|
||||
ISC_PLATFORM_NORETURN_PRE void
|
||||
@ -81,4 +86,12 @@ isc_boolean_t
|
||||
key_collision(dst_key_t *key, dns_name_t *name, const char *dir,
|
||||
isc_mem_t *mctx, isc_boolean_t *exact);
|
||||
|
||||
isc_boolean_t
|
||||
is_delegation(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
|
||||
dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp);
|
||||
|
||||
void
|
||||
verifyzone(dns_db_t *db, dns_dbversion_t *ver,
|
||||
dns_name_t *origin, isc_mem_t *mctx,
|
||||
isc_boolean_t ignore_kskflag, isc_boolean_t keyset_kskonly);
|
||||
#endif /* DNSSEC_DNSSECTOOL_H */
|
||||
|
@ -13,7 +13,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: Makefile.in,v 1.114.14.2 2011/03/10 23:47:25 tbox Exp $
|
||||
# $Id: Makefile.in,v 1.116 2011/03/10 23:47:49 tbox Exp $
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
@ -161,8 +161,11 @@ maintainer-clean::
|
||||
bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
|
||||
${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
|
||||
|
||||
depend: bind9.xsl.h
|
||||
statschannel.@O@: bind9.xsl.h
|
||||
bind9.ver3.xsl.h: bind9.ver3.xsl ${srcdir}/convertxsl.pl
|
||||
${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.ver3.xsl > bind9.ver3.xsl.h
|
||||
|
||||
depend: bind9.xsl.h bind9.ver3.xsl.h
|
||||
statschannel.@O@: bind9.xsl.h bind9.ver3.xsl.h
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
|
||||
|
738
contrib/bind9/bin/named/bind9.ver3.xsl
Normal file
738
contrib/bind9/bin/named/bind9.ver3.xsl
Normal file
@ -0,0 +1,738 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
- Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
- copyright notice and this permission notice appear in all copies.
|
||||
-
|
||||
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id$ -->
|
||||
|
||||
<!-- %Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp % -->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" version="1.0">
|
||||
<xsl:output method="html" indent="yes" version="4.0"/>
|
||||
<xsl:template match="statistics[@version="3.0"]">
|
||||
<html>
|
||||
<head>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<script type="text/javascript" src="https://www.google.com/jsapi"/>
|
||||
<script type="text/javascript">
|
||||
|
||||
google.load("visualization", "1", {packages:["corechart"]});
|
||||
google.setOnLoadCallback(loadGraphs);
|
||||
|
||||
var graphs=[];
|
||||
|
||||
function drawChart(chart_title,target,data) {
|
||||
var data = google.visualization.arrayToDataTable(data);
|
||||
|
||||
var options = {
|
||||
title: chart_title
|
||||
};
|
||||
|
||||
var chart = new google.visualization.BarChart(document.getElementById(target));
|
||||
chart.draw(data, options);
|
||||
}
|
||||
|
||||
function loadGraphs(){
|
||||
//alert("here we are!");
|
||||
var g;
|
||||
|
||||
// Server Incoming query Types
|
||||
while(g = graphs.shift()){
|
||||
// alert("going for: " + g.target);
|
||||
if(g.data.length > 1){
|
||||
drawChart(g.title,g.target,g.data);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Server Incoming Queries Types
|
||||
graphs.push({
|
||||
'title' : "Server Incoming Query Types",
|
||||
'target': 'chart_incoming_qtypes',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type="qtype"]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
|
||||
// Server Incoming Requests
|
||||
graphs.push({
|
||||
'title' : "Server Incoming Requests",
|
||||
'target': 'chart_incoming_requests',
|
||||
'data': [['Requests','Counter'],<xsl:for-each select="server/counters[@type="opcode"]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]});
|
||||
|
||||
|
||||
|
||||
|
||||
</script>
|
||||
</xsl:if>
|
||||
<style type="text/css">
|
||||
body {
|
||||
font-family: sans-serif;
|
||||
background-color: #ffffff;
|
||||
color: #000000;
|
||||
font-size: 10pt;
|
||||
}
|
||||
|
||||
.odd{
|
||||
background-color: #f0f0f0;
|
||||
}
|
||||
|
||||
.even{
|
||||
background-color: #ffffff;
|
||||
}
|
||||
|
||||
p.footer{
|
||||
font-style:italic;
|
||||
color: grey;
|
||||
}
|
||||
|
||||
table {
|
||||
border-collapse: collapse;
|
||||
border: 1px solid grey;
|
||||
}
|
||||
|
||||
table.counters{
|
||||
border: 1px solid grey;
|
||||
width: 500px;
|
||||
}
|
||||
|
||||
table.counters th {
|
||||
text-align: center;
|
||||
border: 1px solid grey;
|
||||
width: 120px;
|
||||
}
|
||||
table.counters td{
|
||||
text-align:center;
|
||||
|
||||
}
|
||||
|
||||
table.counters tr:hover{
|
||||
background-color: #99ddff;
|
||||
}
|
||||
|
||||
.totals {
|
||||
background-color: rgb(1,169,206);
|
||||
color: #ffffff;
|
||||
}
|
||||
|
||||
td, th {
|
||||
padding-right: 5px;
|
||||
padding-left: 5px;
|
||||
border: 1px solid grey;
|
||||
}
|
||||
|
||||
.header h1 {
|
||||
color: rgb(1,169,206);
|
||||
padding: 0px;
|
||||
}
|
||||
|
||||
.content {
|
||||
background-color: #ffffff;
|
||||
color: #000000;
|
||||
padding: 4px;
|
||||
}
|
||||
|
||||
.item {
|
||||
padding: 4px;
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
.value {
|
||||
padding: 4px;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
|
||||
h2 {
|
||||
color: grey;
|
||||
font-size: 14pt;
|
||||
width:500px;
|
||||
text-align:center;
|
||||
}
|
||||
|
||||
h3 {
|
||||
color: #444444;
|
||||
font-size: 12pt;
|
||||
width:500px;
|
||||
text-align:center;
|
||||
|
||||
}
|
||||
h4 {
|
||||
color: rgb(1,169,206);
|
||||
font-size: 10pt;
|
||||
width:500px;
|
||||
text-align:center;
|
||||
|
||||
}
|
||||
|
||||
.pie {
|
||||
width:500px;
|
||||
height: 500px;
|
||||
}
|
||||
|
||||
</style>
|
||||
<title>ISC BIND 9 Statistics</title>
|
||||
</head>
|
||||
<body>
|
||||
<div class="header">
|
||||
<h1>ISC Bind 9 Configuration and Statistics</h1>
|
||||
</div>
|
||||
<hr/>
|
||||
<h2>Server Times</h2>
|
||||
<table class="counters">
|
||||
<tr>
|
||||
<th>Boot time:</th>
|
||||
<td>
|
||||
<xsl:value-of select="server/boot-time"/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th>Sample time:</th>
|
||||
<td>
|
||||
<xsl:value-of select="server/current-time"/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Incoming Requests</h2>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<div class="pie" id="chart_incoming_requests">[no incoming requests]</div>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="opcode"]/counter">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<tr>
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
<tr>
|
||||
<th class="totals">Total:</th>
|
||||
<td class="totals">
|
||||
<xsl:value-of select="sum(server/counters[@type="opcode"]/counter)"/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br/>
|
||||
<h3>Incoming Queries by Type</h3>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<div class="pie" id="chart_incoming_qtypes">[no incoming queries]</div>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="qtype"]/counter">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
<tr>
|
||||
<th class="totals">Total:</th>
|
||||
<td class="totals">
|
||||
<xsl:value-of select="sum(server/counters[@type="qtype"]/counter)"/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Outgoing Queries per view</h2>
|
||||
<xsl:for-each select="views/view[count(counters[@type="resqtype"]/counter) > 0]">
|
||||
<h3>View <xsl:value-of select="@name"/></h3>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<script type="text/javascript">
|
||||
graphs.push({
|
||||
'title': "Outgoing queries for view: <xsl:value-of select="@name"/>",
|
||||
'target': 'chart_outgoing_queries_view_<xsl:value-of select="@name"/>',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="counters[@type="resqtype"]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
</script>
|
||||
<xsl:variable name="target">
|
||||
<xsl:value-of select="@name"/>
|
||||
</xsl:variable>
|
||||
<div class="pie" id="chart_outgoing_queries_view_{$target}"/>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="counters[@type="resqtype"]/counter">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class1">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class1}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
</xsl:for-each>
|
||||
<h2>Server Statistics</h2>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<script type="text/javascript">
|
||||
graphs.push({
|
||||
'title' : "Server Counters",
|
||||
'target': 'chart_server_nsstat_restype',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type="nsstat"]/counter[.>0]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
</script>
|
||||
<div class="pie" id="chart_server_nsstat_restype"/>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="nsstat"]/counter[.>0]">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class2">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class2}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Zone Maintenance Statistics</h2>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<script type="text/javascript">
|
||||
graphs.push({
|
||||
'title' : "Zone Maintenance Stats",
|
||||
'target': 'chart_server_zone_maint',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type="zonestat"]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
</script>
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<div class="pie" id="chart_server_zone_maint"/>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="zonestat"]/counter">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class3">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class3}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<h2>Resolver Statistics (Common)</h2>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="restat"]/counter">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class4">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class4}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<xsl:for-each select="views/view">
|
||||
<h3>Resolver Statistics for View <xsl:value-of select="@name"/></h3>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="counters[@type="resstats"]/counter[.>0]">
|
||||
<xsl:sort select="." data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class5">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class5}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
</xsl:for-each>
|
||||
<h3>Cache DB RRsets for View <xsl:value-of select="@name"/></h3>
|
||||
<xsl:for-each select="views/view">
|
||||
<table class="counters">
|
||||
<xsl:for-each select="cache/rrset">
|
||||
<xsl:variable name="css-class6">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class6}">
|
||||
<th>
|
||||
<xsl:value-of select="name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="counter"/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
</xsl:for-each>
|
||||
<h2>Socket I/O Statistics</h2>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="server/counters[@type="sockstat"]/counter[.>0]">
|
||||
<xsl:variable name="css-class7">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class7}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
<br/>
|
||||
<h2>Response Codes per view/zone</h2>
|
||||
<xsl:for-each select="views/view[zones/zone/counters[@type="rcode"]/counter >0]">
|
||||
<h3>View <xsl:value-of select="@name"/></h3>
|
||||
<xsl:variable name="thisview">
|
||||
<xsl:value-of select="@name"/>
|
||||
</xsl:variable>
|
||||
<xsl:for-each select="zones/zone">
|
||||
<xsl:if test="counters[@type="rcode"]/counter[. > 0]">
|
||||
<h4>Zone <xsl:value-of select="@name"/></h4>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<script type="text/javascript">
|
||||
graphs.push({
|
||||
'title': "Response Codes for zone <xsl:value-of select="@name"/>",
|
||||
'target': 'chart_rescode_<xsl:value-of select="../../@name"/>_<xsl:value-of select="@name"/>',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="counters[@type="rcode"]/counter[.>0 and @name != "QryAuthAns"]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
</script>
|
||||
<xsl:variable name="target">
|
||||
<xsl:value-of select="@name"/>
|
||||
</xsl:variable>
|
||||
<div class="pie" id="chart_rescode_{$thisview}_{$target}"/>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="counters[@type="rcode"]/counter[.>0 and @name != "QryAuthAns"]">
|
||||
<xsl:sort select="."/>
|
||||
<xsl:variable name="css-class10">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class10}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
</xsl:if>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
<h2>Received QTYPES per view/zone</h2>
|
||||
<xsl:for-each select="views/view[zones/zone/counters[@type="qtype"]/counter >0]">
|
||||
<h3>View <xsl:value-of select="@name"/></h3>
|
||||
<xsl:variable name="thisview2">
|
||||
<xsl:value-of select="@name"/>
|
||||
</xsl:variable>
|
||||
<xsl:for-each select="zones/zone">
|
||||
<xsl:if test="counters[@type="qtype"]/counter[count(.) > 0]">
|
||||
<h4>Zone <xsl:value-of select="@name"/></h4>
|
||||
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
|
||||
<!-- Non Mozilla specific markup -->
|
||||
<script type="text/javascript">
|
||||
graphs.push({
|
||||
'title': "Query Types for zone <xsl:value-of select="@name"/>",
|
||||
'target': 'chart_qtype_<xsl:value-of select="../../@name"/>_<xsl:value-of select="@name"/>',
|
||||
'data': [['Type','Counter'],<xsl:for-each select="counters[@type="qtype"]/counter[.>0 and @name != "QryAuthAns"]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
|
||||
</script>
|
||||
<xsl:variable name="target">
|
||||
<xsl:value-of select="@name"/>
|
||||
</xsl:variable>
|
||||
<div class="pie" id="chart_qtype_{$thisview2}_{$target}"/>
|
||||
</xsl:if>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="counters[@type="qtype"]/counter">
|
||||
<xsl:sort select="."/>
|
||||
<xsl:variable name="css-class11">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class11}">
|
||||
<th>
|
||||
<xsl:value-of select="@name"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
</xsl:if>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
<h2>Network Status</h2>
|
||||
<table class="counters">
|
||||
<tr>
|
||||
<th>ID</th>
|
||||
<th>Name</th>
|
||||
<th>Type</th>
|
||||
<th>References</th>
|
||||
<th>LocalAddress</th>
|
||||
<th>PeerAddress</th>
|
||||
<th>State</th>
|
||||
</tr>
|
||||
<xsl:for-each select="socketmgr/sockets/socket">
|
||||
<xsl:sort select="id"/>
|
||||
<xsl:variable name="css-class12">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class12}">
|
||||
<td>
|
||||
<xsl:value-of select="id"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="name"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="type"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="references"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="local-address"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="peer-address"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:for-each select="states">
|
||||
<xsl:value-of select="."/>
|
||||
</xsl:for-each>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Task Manager Configuration</h2>
|
||||
<table class="counters">
|
||||
<tr>
|
||||
<th class="even">Thread-Model</th>
|
||||
<td>
|
||||
<xsl:value-of select="taskmgr/thread-model/type"/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<th>Worker Threads</th>
|
||||
<td>
|
||||
<xsl:value-of select="taskmgr/thread-model/worker-threads"/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<th>Default Quantum</th>
|
||||
<td>
|
||||
<xsl:value-of select="taskmgr/thread-model/default-quantum"/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<th>Tasks Running</th>
|
||||
<td>
|
||||
<xsl:value-of select="taskmgr/thread-model/tasks-running"/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Tasks</h2>
|
||||
<table class="counters">
|
||||
<tr>
|
||||
<th>ID</th>
|
||||
<th>Name</th>
|
||||
<th>References</th>
|
||||
<th>State</th>
|
||||
<th>Quantum</th>
|
||||
</tr>
|
||||
<xsl:for-each select="taskmgr/tasks/task">
|
||||
<xsl:sort select="name"/>
|
||||
<xsl:variable name="css-class14">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class14}">
|
||||
<td>
|
||||
<xsl:value-of select="id"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="name"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="references"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="state"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="quantum"/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Memory Usage Summary</h2>
|
||||
<table class="counters">
|
||||
<xsl:for-each select="memory/summary/*">
|
||||
<xsl:variable name="css-class13">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class13}">
|
||||
<th>
|
||||
<xsl:value-of select="name()"/>
|
||||
</th>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<br/>
|
||||
<h2>Memory Contexts</h2>
|
||||
<table class="counters">
|
||||
<tr>
|
||||
<th>ID</th>
|
||||
<th>Name</th>
|
||||
<th>References</th>
|
||||
<th>TotalUse</th>
|
||||
<th>InUse</th>
|
||||
<th>MaxUse</th>
|
||||
<th>BlockSize</th>
|
||||
<th>Pools</th>
|
||||
<th>HiWater</th>
|
||||
<th>LoWater</th>
|
||||
</tr>
|
||||
<xsl:for-each select="memory/contexts/context">
|
||||
<xsl:sort select="total" data-type="number" order="descending"/>
|
||||
<xsl:variable name="css-class14">
|
||||
<xsl:choose>
|
||||
<xsl:when test="position() mod 2 = 0">even</xsl:when>
|
||||
<xsl:otherwise>odd</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
<tr class="{$css-class14}">
|
||||
<td>
|
||||
<xsl:value-of select="id"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="name"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="references"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="total"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="inuse"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="maxinuse"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="blocksize"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="pools"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="hiwater"/>
|
||||
</td>
|
||||
<td>
|
||||
<xsl:value-of select="lowater"/>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<hr/>
|
||||
<p class="footer">Internet Systems Consortium Inc.<br/><a href="http://www.isc.org">http://www.isc.org</a></p>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
740
contrib/bind9/bin/named/bind9.ver3.xsl.h
Normal file
740
contrib/bind9/bin/named/bind9.ver3.xsl.h
Normal file
@ -0,0 +1,740 @@
|
||||
/*
|
||||
* Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp
|
||||
* From <!-- %Id: bind9.xsl 1.21 2009/01/27 23:47:54 tbox Exp %
|
||||
*/
|
||||
static char xslmsg[] =
|
||||
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
|
||||
"<!--\n"
|
||||
" - Copyright (C) 2006-2009 Internet Systems Consortium, Inc. (\"ISC\")\n"
|
||||
" -\n"
|
||||
" - Permission to use, copy, modify, and/or distribute this software for any\n"
|
||||
" - purpose with or without fee is hereby granted, provided that the above\n"
|
||||
" - copyright notice and this permission notice appear in all copies.\n"
|
||||
" -\n"
|
||||
" - THE SOFTWARE IS PROVIDED \"AS IS\" AND ISC DISCLAIMS ALL WARRANTIES WITH\n"
|
||||
" - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\n"
|
||||
" - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,\n"
|
||||
" - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\n"
|
||||
" - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE\n"
|
||||
" - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\n"
|
||||
" - PERFORMANCE OF THIS SOFTWARE.\n"
|
||||
"-->\n"
|
||||
"<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n"
|
||||
"<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns=\"http://www.w3.org/1999/xhtml\" version=\"1.0\">\n"
|
||||
" <xsl:output method=\"html\" indent=\"yes\" version=\"4.0\"/>\n"
|
||||
" <xsl:template match=\"statistics[@version="3.0"]\">\n"
|
||||
" <html>\n"
|
||||
" <head>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <script type=\"text/javascript\" src=\"https://www.google.com/jsapi\"/>\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" \n"
|
||||
" google.load(\"visualization\", \"1\", {packages:[\"corechart\"]});\n"
|
||||
" google.setOnLoadCallback(loadGraphs);\n"
|
||||
"\n"
|
||||
" var graphs=[];\n"
|
||||
" \n"
|
||||
" function drawChart(chart_title,target,data) {\n"
|
||||
" var data = google.visualization.arrayToDataTable(data);\n"
|
||||
"\n"
|
||||
" var options = {\n"
|
||||
" title: chart_title\n"
|
||||
" };\n"
|
||||
" \n"
|
||||
" var chart = new google.visualization.BarChart(document.getElementById(target));\n"
|
||||
" chart.draw(data, options);\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" function loadGraphs(){\n"
|
||||
" //alert(\"here we are!\");\n"
|
||||
" var g;\n"
|
||||
" \n"
|
||||
" // Server Incoming query Types\n"
|
||||
" while(g = graphs.shift()){\n"
|
||||
" // alert(\"going for: \" + g.target);\n"
|
||||
" if(g.data.length > 1){\n"
|
||||
" drawChart(g.title,g.target,g.data);\n"
|
||||
" }\n"
|
||||
" }\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" // Server Incoming Queries Types \n"
|
||||
" graphs.push({\n"
|
||||
" 'title' : \"Server Incoming Query Types\",\n"
|
||||
" 'target': 'chart_incoming_qtypes',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type="qtype"]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
"\n"
|
||||
"\n"
|
||||
" // Server Incoming Requests \n"
|
||||
" graphs.push({\n"
|
||||
" 'title' : \"Server Incoming Requests\",\n"
|
||||
" 'target': 'chart_incoming_requests',\n"
|
||||
" 'data': [['Requests','Counter'],<xsl:for-each select=\"server/counters[@type="opcode"]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]});\n"
|
||||
" \n"
|
||||
" \n"
|
||||
" \n"
|
||||
" \n"
|
||||
" </script>\n"
|
||||
" </xsl:if>\n"
|
||||
" <style type=\"text/css\">\n"
|
||||
" body {\n"
|
||||
" font-family: sans-serif;\n"
|
||||
" background-color: #ffffff;\n"
|
||||
" color: #000000;\n"
|
||||
" font-size: 10pt;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" .odd{\n"
|
||||
" background-color: #f0f0f0;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" .even{\n"
|
||||
" background-color: #ffffff;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" p.footer{\n"
|
||||
" font-style:italic;\n"
|
||||
" color: grey;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" table {\n"
|
||||
" border-collapse: collapse;\n"
|
||||
" border: 1px solid grey;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" table.counters{\n"
|
||||
" border: 1px solid grey;\n"
|
||||
" width: 500px;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" table.counters th {\n"
|
||||
" text-align: center;\n"
|
||||
" border: 1px solid grey;\n"
|
||||
" width: 120px;\n"
|
||||
" }\n"
|
||||
" table.counters td{\n"
|
||||
" text-align:center;\n"
|
||||
" \n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" table.counters tr:hover{\n"
|
||||
" background-color: #99ddff;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" .totals {\n"
|
||||
" background-color: rgb(1,169,206);\n"
|
||||
" color: #ffffff;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" td, th {\n"
|
||||
" padding-right: 5px;\n"
|
||||
" padding-left: 5px;\n"
|
||||
" border: 1px solid grey;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" .header h1 {\n"
|
||||
" color: rgb(1,169,206);\n"
|
||||
" padding: 0px;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" .content {\n"
|
||||
" background-color: #ffffff;\n"
|
||||
" color: #000000;\n"
|
||||
" padding: 4px;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" .item {\n"
|
||||
" padding: 4px;\n"
|
||||
" text-align: right;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" .value {\n"
|
||||
" padding: 4px;\n"
|
||||
" font-weight: bold;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
"\n"
|
||||
" h2 {\n"
|
||||
" color: grey;\n"
|
||||
" font-size: 14pt;\n"
|
||||
" width:500px;\n"
|
||||
" text-align:center;\n"
|
||||
" }\n"
|
||||
" \n"
|
||||
" h3 {\n"
|
||||
" color: #444444;\n"
|
||||
" font-size: 12pt;\n"
|
||||
" width:500px;\n"
|
||||
" text-align:center;\n"
|
||||
" \n"
|
||||
" }\n"
|
||||
" h4 {\n"
|
||||
" color: rgb(1,169,206);\n"
|
||||
" font-size: 10pt;\n"
|
||||
" width:500px;\n"
|
||||
" text-align:center;\n"
|
||||
" \n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" .pie {\n"
|
||||
" width:500px;\n"
|
||||
" height: 500px;\n"
|
||||
" }\n"
|
||||
"\n"
|
||||
" </style>\n"
|
||||
" <title>ISC BIND 9 Statistics</title>\n"
|
||||
" </head>\n"
|
||||
" <body>\n"
|
||||
" <div class=\"header\">\n"
|
||||
" <h1>ISC Bind 9 Configuration and Statistics</h1>\n"
|
||||
" </div>\n"
|
||||
" <hr/>\n"
|
||||
" <h2>Server Times</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <tr>\n"
|
||||
" <th>Boot time:</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"server/boot-time\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" <tr>\n"
|
||||
" <th>Sample time:</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"server/current-time\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Incoming Requests</h2>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <div class=\"pie\" id=\"chart_incoming_requests\">[graph incoming requests]</div>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="opcode"]/counter\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <tr>\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <tr>\n"
|
||||
" <th class=\"totals\">Total:</th>\n"
|
||||
" <td class=\"totals\">\n"
|
||||
" <xsl:value-of select=\"sum(server/counters[@type="opcode"]/counter)\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h3>Incoming Queries by Type</h3>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <div class=\"pie\" id=\"chart_incoming_qtypes\">[graph incoming qtypes]</div>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="qtype"]/counter\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <tr>\n"
|
||||
" <th class=\"totals\">Total:</th>\n"
|
||||
" <td class=\"totals\">\n"
|
||||
" <xsl:value-of select=\"sum(server/counters[@type="qtype"]/counter)\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Outgoing Queries per view</h2>\n"
|
||||
" <xsl:for-each select=\"views/view[count(counters[@type="resqtype"]/counter) > 0]\">\n"
|
||||
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" graphs.push({\n"
|
||||
" 'title': \"Outgoing queries for view: <xsl:value-of select=\"@name\"/>\",\n"
|
||||
" 'target': 'chart_outgoing_queries_view_<xsl:value-of select=\"@name\"/>',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type="resqtype"]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
" \n"
|
||||
" </script>\n"
|
||||
" <xsl:variable name=\"target\">\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <div class=\"pie\" id=\"chart_outgoing_queries_view_{$target}\"/>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"counters[@type="resqtype"]/counter\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class1\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class1}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <h2>Server Statistics</h2>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" graphs.push({\n"
|
||||
" 'title' : \"Server Response Types\",\n"
|
||||
" 'target': 'chart_server_nsstat_restype',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type="nsstat"]/counter[.>0]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
" \n"
|
||||
" </script>\n"
|
||||
" <div class=\"pie\" id=\"chart_server_nsstat_restype\"/>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="nsstat"]/counter[.>0]\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class2\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class2}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Zone Maintenance Statistics</h2>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" graphs.push({\n"
|
||||
" 'title' : \"Zone Maintenance Stats\",\n"
|
||||
" 'target': 'chart_server_zone_maint',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type="zonestat"]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
"\n"
|
||||
" </script>\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <div class=\"pie\" id=\"chart_server_zone_maint\"/>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="zonestat"]/counter\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class3\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class3}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <h2>Resolver Statistics (Common)</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="restat"]/counter\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class4\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class4}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <xsl:for-each select=\"views/view\">\n"
|
||||
" <h3>Resolver Statistics for View <xsl:value-of select=\"@name\"/></h3>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"counters[@type="resstats"]/counter[.>0]\">\n"
|
||||
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class5\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class5}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <h3>Cache DB RRsets for View <xsl:value-of select=\"@name\"/></h3>\n"
|
||||
" <xsl:for-each select=\"views/view\">\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"cache/rrset\">\n"
|
||||
" <xsl:variable name=\"css-class6\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class6}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"counter\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <h2>Socket I/O Statistics</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"server/counters[@type="sockstat"]/counter[.>0]\">\n"
|
||||
" <xsl:variable name=\"css-class7\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class7}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Response Codes per view/zone</h2>\n"
|
||||
" <xsl:for-each select=\"views/view[zones/zone/counters[@type="rcode"]/counter >0]\">\n"
|
||||
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
|
||||
" <xsl:variable name=\"thisview\">\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <xsl:for-each select=\"zones/zone\">\n"
|
||||
" <xsl:if test=\"counters[@type="rcode"]/counter[. > 0]\">\n"
|
||||
" <h4>Zone <xsl:value-of select=\"@name\"/></h4>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" graphs.push({\n"
|
||||
" 'title': \"Response Codes for zone <xsl:value-of select=\"@name\"/>\",\n"
|
||||
" 'target': 'chart_rescode_<xsl:value-of select=\"../../@name\"/>_<xsl:value-of select=\"@name\"/>',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type="rcode"]/counter[.>0 and @name != "QryAuthAns"]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
"\n"
|
||||
" </script>\n"
|
||||
" <xsl:variable name=\"target\">\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <div class=\"pie\" id=\"chart_rescode_{$thisview}_{$target}\"/>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"counters[@type="rcode"]/counter[.>0 and @name != "QryAuthAns"]\">\n"
|
||||
" <xsl:sort select=\".\"/>\n"
|
||||
" <xsl:variable name=\"css-class10\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class10}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" </xsl:if>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <h2>Received QTYPES per view/zone</h2>\n"
|
||||
" <xsl:for-each select=\"views/view[zones/zone/counters[@type="qtype"]/counter >0]\">\n"
|
||||
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
|
||||
" <xsl:variable name=\"thisview2\">\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <xsl:for-each select=\"zones/zone\">\n"
|
||||
" <xsl:if test=\"counters[@type="qtype"]/counter[count(.) > 0]\">\n"
|
||||
" <h4>Zone <xsl:value-of select=\"@name\"/></h4>\n"
|
||||
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
|
||||
" <!-- Non Mozilla specific markup -->\n"
|
||||
" <script type=\"text/javascript\">\n"
|
||||
" graphs.push({\n"
|
||||
" 'title': \"Query Types for zone <xsl:value-of select=\"@name\"/>\",\n"
|
||||
" 'target': 'chart_qtype_<xsl:value-of select=\"../../@name\"/>_<xsl:value-of select=\"@name\"/>',\n"
|
||||
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type="qtype"]/counter[.>0 and @name != "QryAuthAns"]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
|
||||
" });\n"
|
||||
"\n"
|
||||
" </script>\n"
|
||||
" <xsl:variable name=\"target\">\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <div class=\"pie\" id=\"chart_qtype_{$thisview2}_{$target}\"/>\n"
|
||||
" </xsl:if>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"counters[@type="qtype"]/counter\">\n"
|
||||
" <xsl:sort select=\".\"/>\n"
|
||||
" <xsl:variable name=\"css-class11\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class11}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"@name\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" </xsl:if>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" <h2>Network Status</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <tr>\n"
|
||||
" <th>ID</th>\n"
|
||||
" <th>Name</th>\n"
|
||||
" <th>Type</th>\n"
|
||||
" <th>References</th>\n"
|
||||
" <th>LocalAddress</th>\n"
|
||||
" <th>PeerAddress</th>\n"
|
||||
" <th>State</th>\n"
|
||||
" </tr>\n"
|
||||
" <xsl:for-each select=\"socketmgr/sockets/socket\">\n"
|
||||
" <xsl:sort select=\"id\"/>\n"
|
||||
" <xsl:variable name=\"css-class12\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class12}\">\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"id\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"name\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"type\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"references\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"local-address\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"peer-address\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:for-each select=\"states\">\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Task Manager Configuration</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <tr>\n"
|
||||
" <th class=\"even\">Thread-Model</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"taskmgr/thread-model/type\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" <tr class=\"odd\">\n"
|
||||
" <th>Worker Threads</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"taskmgr/thread-model/worker-threads\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" <tr class=\"even\">\n"
|
||||
" <th>Default Quantum</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"taskmgr/thread-model/default-quantum\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" <tr class=\"odd\">\n"
|
||||
" <th>Tasks Running</th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"taskmgr/thread-model/tasks-running\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Tasks</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <tr>\n"
|
||||
" <th>ID</th>\n"
|
||||
" <th>Name</th>\n"
|
||||
" <th>References</th>\n"
|
||||
" <th>State</th>\n"
|
||||
" <th>Quantum</th>\n"
|
||||
" </tr>\n"
|
||||
" <xsl:for-each select=\"taskmgr/tasks/task\">\n"
|
||||
" <xsl:sort select=\"name\"/>\n"
|
||||
" <xsl:variable name=\"css-class14\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class14}\">\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"id\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"name\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"references\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"state\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"quantum\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Memory Usage Summary</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <xsl:for-each select=\"memory/summary/*\">\n"
|
||||
" <xsl:variable name=\"css-class13\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class13}\">\n"
|
||||
" <th>\n"
|
||||
" <xsl:value-of select=\"name()\"/>\n"
|
||||
" </th>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\".\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <br/>\n"
|
||||
" <h2>Memory Contexts</h2>\n"
|
||||
" <table class=\"counters\">\n"
|
||||
" <tr>\n"
|
||||
" <th>ID</th>\n"
|
||||
" <th>Name</th>\n"
|
||||
" <th>References</th>\n"
|
||||
" <th>TotalUse</th>\n"
|
||||
" <th>InUse</th>\n"
|
||||
" <th>MaxUse</th>\n"
|
||||
" <th>BlockSize</th>\n"
|
||||
" <th>Pools</th>\n"
|
||||
" <th>HiWater</th>\n"
|
||||
" <th>LoWater</th>\n"
|
||||
" </tr>\n"
|
||||
" <xsl:for-each select=\"memory/contexts/context\">\n"
|
||||
" <xsl:sort select=\"total\" data-type=\"number\" order=\"descending\"/>\n"
|
||||
" <xsl:variable name=\"css-class14\">\n"
|
||||
" <xsl:choose>\n"
|
||||
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
|
||||
" <xsl:otherwise>odd</xsl:otherwise>\n"
|
||||
" </xsl:choose>\n"
|
||||
" </xsl:variable>\n"
|
||||
" <tr class=\"{$css-class14}\">\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"id\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"name\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"references\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"total\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"inuse\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"maxinuse\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"blocksize\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"pools\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"hiwater\"/>\n"
|
||||
" </td>\n"
|
||||
" <td>\n"
|
||||
" <xsl:value-of select=\"lowater\"/>\n"
|
||||
" </td>\n"
|
||||
" </tr>\n"
|
||||
" </xsl:for-each>\n"
|
||||
" </table>\n"
|
||||
" <hr/>\n"
|
||||
" <p class=\"footer\">Internet Systems Consortium Inc.<br/><a href=\"http://www.isc.org\">http://www.isc.org</a></p>\n"
|
||||
" </body>\n"
|
||||
" </html>\n"
|
||||
" </xsl:template>\n"
|
||||
"</xsl:stylesheet>\n";
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: builtin.c,v 1.20.14.3 2012/01/11 20:19:40 ckb Exp $ */
|
||||
/* $Id: builtin.c,v 1.26 2012/01/21 19:44:18 each Exp $ */
|
||||
|
||||
/*! \file
|
||||
* \brief
|
||||
@ -281,11 +281,14 @@ dns64_cname(const dns_name_t *zone, const dns_name_t *name,
|
||||
|
||||
static isc_result_t
|
||||
builtin_lookup(const char *zone, const char *name, void *dbdata,
|
||||
dns_sdblookup_t *lookup)
|
||||
dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods,
|
||||
dns_clientinfo_t *clientinfo)
|
||||
{
|
||||
builtin_t *b = (builtin_t *) dbdata;
|
||||
|
||||
UNUSED(zone);
|
||||
UNUSED(methods);
|
||||
UNUSED(clientinfo);
|
||||
|
||||
if (strcmp(name, "@") == 0)
|
||||
return (b->do_lookup(lookup));
|
||||
@ -295,10 +298,14 @@ builtin_lookup(const char *zone, const char *name, void *dbdata,
|
||||
|
||||
static isc_result_t
|
||||
dns64_lookup(const dns_name_t *zone, const dns_name_t *name, void *dbdata,
|
||||
dns_sdblookup_t *lookup)
|
||||
dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods,
|
||||
dns_clientinfo_t *clientinfo)
|
||||
{
|
||||
builtin_t *b = (builtin_t *) dbdata;
|
||||
|
||||
UNUSED(methods);
|
||||
UNUSED(clientinfo);
|
||||
|
||||
if (name->labels == 0 && name->length == 0)
|
||||
return (b->do_lookup(lookup));
|
||||
else
|
||||
@ -353,6 +360,8 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
|
||||
"Curtis Blackburn",
|
||||
"James Brister",
|
||||
"Ben Cottrell",
|
||||
"John H. DuBois III",
|
||||
"Francis Dupont",
|
||||
"Michael Graff",
|
||||
"Andreas Gustafsson",
|
||||
"Bob Halley",
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: client.c,v 1.271.10.4 2012/01/31 23:46:39 tbox Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
#include <isc/once.h>
|
||||
#include <isc/platform.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/queue.h>
|
||||
#include <isc/stats.h>
|
||||
#include <isc/stdio.h>
|
||||
#include <isc/string.h>
|
||||
@ -116,15 +117,26 @@
|
||||
struct ns_clientmgr {
|
||||
/* Unlocked. */
|
||||
unsigned int magic;
|
||||
|
||||
/* The queue object has its own locks */
|
||||
client_queue_t inactive; /*%< To be recycled */
|
||||
|
||||
isc_mem_t * mctx;
|
||||
isc_taskmgr_t * taskmgr;
|
||||
isc_timermgr_t * timermgr;
|
||||
|
||||
/* Lock covers manager state. */
|
||||
isc_mutex_t lock;
|
||||
/* Locked by lock. */
|
||||
isc_boolean_t exiting;
|
||||
client_list_t active; /*%< Active clients */
|
||||
client_list_t recursing; /*%< Recursing clients */
|
||||
client_list_t inactive; /*%< To be recycled */
|
||||
|
||||
/* Lock covers the clients list */
|
||||
isc_mutex_t listlock;
|
||||
client_list_t clients; /*%< All active clients */
|
||||
|
||||
/* Lock covers the recursing list */
|
||||
isc_mutex_t reclock;
|
||||
client_list_t recursing; /*%< Recursing clients */
|
||||
|
||||
#if NMCTXS > 0
|
||||
/*%< mctx pool for clients. */
|
||||
unsigned int nextmctx;
|
||||
@ -188,6 +200,12 @@ struct ns_clientmgr {
|
||||
* recursion quota, and an outstanding write request.
|
||||
*/
|
||||
|
||||
#define NS_CLIENTSTATE_RECURSING 5
|
||||
/*%<
|
||||
* The client object is recursing. It will be on the 'recursing'
|
||||
* list.
|
||||
*/
|
||||
|
||||
#define NS_CLIENTSTATE_MAX 9
|
||||
/*%<
|
||||
* Sentinel value used to indicate "no state". When client->newstate
|
||||
@ -210,20 +228,21 @@ static void client_udprecv(ns_client_t *client);
|
||||
static void clientmgr_destroy(ns_clientmgr_t *manager);
|
||||
static isc_boolean_t exit_check(ns_client_t *client);
|
||||
static void ns_client_endrequest(ns_client_t *client);
|
||||
static void ns_client_checkactive(ns_client_t *client);
|
||||
static void client_start(isc_task_t *task, isc_event_t *event);
|
||||
static void client_request(isc_task_t *task, isc_event_t *event);
|
||||
static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
|
||||
static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
||||
dns_dispatch_t *disp, isc_boolean_t tcp);
|
||||
|
||||
void
|
||||
ns_client_recursing(ns_client_t *client) {
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
REQUIRE(client->state == NS_CLIENTSTATE_WORKING);
|
||||
|
||||
LOCK(&client->manager->lock);
|
||||
ISC_LIST_UNLINK(*client->list, client, link);
|
||||
ISC_LIST_APPEND(client->manager->recursing, client, link);
|
||||
client->list = &client->manager->recursing;
|
||||
UNLOCK(&client->manager->lock);
|
||||
LOCK(&client->manager->reclock);
|
||||
client->newstate = client->state = NS_CLIENTSTATE_RECURSING;
|
||||
ISC_LIST_APPEND(client->manager->recursing, client, rlink);
|
||||
UNLOCK(&client->manager->reclock);
|
||||
}
|
||||
|
||||
void
|
||||
@ -231,15 +250,14 @@ ns_client_killoldestquery(ns_client_t *client) {
|
||||
ns_client_t *oldest;
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
|
||||
LOCK(&client->manager->lock);
|
||||
LOCK(&client->manager->reclock);
|
||||
oldest = ISC_LIST_HEAD(client->manager->recursing);
|
||||
if (oldest != NULL) {
|
||||
ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
|
||||
UNLOCK(&client->manager->reclock);
|
||||
ns_query_cancel(oldest);
|
||||
ISC_LIST_UNLINK(*oldest->list, oldest, link);
|
||||
ISC_LIST_APPEND(client->manager->active, oldest, link);
|
||||
oldest->list = &client->manager->active;
|
||||
}
|
||||
UNLOCK(&client->manager->lock);
|
||||
} else
|
||||
UNLOCK(&client->manager->reclock);
|
||||
}
|
||||
|
||||
void
|
||||
@ -268,15 +286,16 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
|
||||
*/
|
||||
static isc_boolean_t
|
||||
exit_check(ns_client_t *client) {
|
||||
ns_clientmgr_t *locked_manager = NULL;
|
||||
ns_clientmgr_t *destroy_manager = NULL;
|
||||
isc_boolean_t destroy_manager = ISC_FALSE;
|
||||
ns_clientmgr_t *manager = NULL;
|
||||
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
manager = client->manager;
|
||||
|
||||
if (client->state <= client->newstate)
|
||||
return (ISC_FALSE); /* Business as usual. */
|
||||
|
||||
INSIST(client->newstate < NS_CLIENTSTATE_WORKING);
|
||||
INSIST(client->newstate < NS_CLIENTSTATE_RECURSING);
|
||||
|
||||
/*
|
||||
* We need to detach from the view early when shutting down
|
||||
@ -293,13 +312,16 @@ exit_check(ns_client_t *client) {
|
||||
client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
|
||||
dns_view_detach(&client->view);
|
||||
|
||||
if (client->state == NS_CLIENTSTATE_WORKING) {
|
||||
if (client->state == NS_CLIENTSTATE_WORKING ||
|
||||
client->state == NS_CLIENTSTATE_RECURSING)
|
||||
{
|
||||
INSIST(client->newstate <= NS_CLIENTSTATE_READING);
|
||||
/*
|
||||
* Let the update processing complete.
|
||||
*/
|
||||
if (client->nupdates > 0)
|
||||
return (ISC_TRUE);
|
||||
|
||||
/*
|
||||
* We are trying to abort request processing.
|
||||
*/
|
||||
@ -322,23 +344,28 @@ exit_check(ns_client_t *client) {
|
||||
*/
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
|
||||
/*
|
||||
* I/O cancel is complete. Burn down all state
|
||||
* related to the current request. Ensure that
|
||||
* the client is on the active list and not the
|
||||
* recursing list.
|
||||
* the client is no longer on the recursing list.
|
||||
*
|
||||
* We need to check whether the client is still linked,
|
||||
* because it may already have been removed from the
|
||||
* recursing list by ns_client_killoldestquery()
|
||||
*/
|
||||
LOCK(&client->manager->lock);
|
||||
if (client->list == &client->manager->recursing) {
|
||||
ISC_LIST_UNLINK(*client->list, client, link);
|
||||
ISC_LIST_APPEND(client->manager->active, client, link);
|
||||
client->list = &client->manager->active;
|
||||
if (client->state == NS_CLIENTSTATE_RECURSING) {
|
||||
LOCK(&manager->reclock);
|
||||
if (ISC_LINK_LINKED(client, rlink))
|
||||
ISC_LIST_UNLINK(manager->recursing,
|
||||
client, rlink);
|
||||
UNLOCK(&manager->reclock);
|
||||
}
|
||||
UNLOCK(&client->manager->lock);
|
||||
ns_client_endrequest(client);
|
||||
|
||||
client->state = NS_CLIENTSTATE_READING;
|
||||
INSIST(client->recursionquota == NULL);
|
||||
|
||||
if (NS_CLIENTSTATE_READING == client->newstate) {
|
||||
client_read(client);
|
||||
client->newstate = NS_CLIENTSTATE_MAX;
|
||||
@ -389,8 +416,27 @@ exit_check(ns_client_t *client) {
|
||||
* or UDP request, but we may have enough clients doing
|
||||
* that already. Check whether this client needs to remain
|
||||
* active and force it to go inactive if not.
|
||||
*
|
||||
* UDP clients go inactive at this point, but TCP clients
|
||||
* may remain active if we have fewer active TCP client
|
||||
* objects than desired due to an earlier quota exhaustion.
|
||||
*/
|
||||
ns_client_checkactive(client);
|
||||
if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
|
||||
LOCK(&client->interface->lock);
|
||||
if (client->interface->ntcpcurrent <
|
||||
client->interface->ntcptarget)
|
||||
client->mortal = ISC_FALSE;
|
||||
UNLOCK(&client->interface->lock);
|
||||
}
|
||||
|
||||
/*
|
||||
* We don't need the client; send it to the inactive
|
||||
* queue for recycling.
|
||||
*/
|
||||
if (client->mortal) {
|
||||
if (client->newstate > NS_CLIENTSTATE_INACTIVE)
|
||||
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
||||
}
|
||||
|
||||
if (NS_CLIENTSTATE_READY == client->newstate) {
|
||||
if (TCP_CLIENT(client)) {
|
||||
@ -404,6 +450,7 @@ exit_check(ns_client_t *client) {
|
||||
|
||||
if (client->state == NS_CLIENTSTATE_READY) {
|
||||
INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
|
||||
|
||||
/*
|
||||
* We are trying to enter the inactive state.
|
||||
*/
|
||||
@ -411,25 +458,22 @@ exit_check(ns_client_t *client) {
|
||||
isc_socket_cancel(client->tcplistener, client->task,
|
||||
ISC_SOCKCANCEL_ACCEPT);
|
||||
|
||||
if (! (client->naccepts == 0)) {
|
||||
/* Still waiting for accept cancel completion. */
|
||||
/* Still waiting for accept cancel completion. */
|
||||
if (! (client->naccepts == 0))
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
/* Accept cancel is complete. */
|
||||
|
||||
/* Accept cancel is complete. */
|
||||
if (client->nrecvs > 0)
|
||||
isc_socket_cancel(client->udpsocket, client->task,
|
||||
ISC_SOCKCANCEL_RECV);
|
||||
if (! (client->nrecvs == 0)) {
|
||||
/* Still waiting for recv cancel completion. */
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
/* Recv cancel is complete. */
|
||||
|
||||
if (client->nctls > 0) {
|
||||
/* Still waiting for control event to be delivered */
|
||||
/* Still waiting for recv cancel completion. */
|
||||
if (! (client->nrecvs == 0))
|
||||
return (ISC_TRUE);
|
||||
|
||||
/* Still waiting for control event to be delivered */
|
||||
if (client->nctls > 0)
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
|
||||
/* Deactivate the client. */
|
||||
if (client->interface)
|
||||
@ -449,7 +493,6 @@ exit_check(ns_client_t *client) {
|
||||
client->attributes = 0;
|
||||
client->mortal = ISC_FALSE;
|
||||
|
||||
LOCK(&client->manager->lock);
|
||||
/*
|
||||
* Put the client on the inactive list. If we are aiming for
|
||||
* the "freed" state, it will be removed from the inactive
|
||||
@ -457,18 +500,18 @@ exit_check(ns_client_t *client) {
|
||||
* that has been done, lest the manager decide to reactivate
|
||||
* the dying client inbetween.
|
||||
*/
|
||||
locked_manager = client->manager;
|
||||
ISC_LIST_UNLINK(*client->list, client, link);
|
||||
ISC_LIST_APPEND(client->manager->inactive, client, link);
|
||||
client->list = &client->manager->inactive;
|
||||
client->state = NS_CLIENTSTATE_INACTIVE;
|
||||
INSIST(client->recursionquota == NULL);
|
||||
|
||||
if (client->state == client->newstate) {
|
||||
client->newstate = NS_CLIENTSTATE_MAX;
|
||||
if (!ns_g_clienttest && manager != NULL &&
|
||||
!manager->exiting)
|
||||
ISC_QUEUE_PUSH(manager->inactive, client,
|
||||
ilink);
|
||||
if (client->needshutdown)
|
||||
isc_task_shutdown(client->task);
|
||||
goto unlock;
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
}
|
||||
|
||||
@ -485,6 +528,7 @@ exit_check(ns_client_t *client) {
|
||||
REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
|
||||
|
||||
INSIST(client->recursionquota == NULL);
|
||||
INSIST(!ISC_QLINK_LINKED(client, ilink));
|
||||
|
||||
ns_query_free(client);
|
||||
isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
|
||||
@ -493,27 +537,27 @@ exit_check(ns_client_t *client) {
|
||||
isc_timer_detach(&client->timer);
|
||||
|
||||
if (client->tcpbuf != NULL)
|
||||
isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
|
||||
isc_mem_put(client->mctx, client->tcpbuf,
|
||||
TCP_BUFFER_SIZE);
|
||||
if (client->opt != NULL) {
|
||||
INSIST(dns_rdataset_isassociated(client->opt));
|
||||
dns_rdataset_disassociate(client->opt);
|
||||
dns_message_puttemprdataset(client->message, &client->opt);
|
||||
dns_message_puttemprdataset(client->message,
|
||||
&client->opt);
|
||||
}
|
||||
|
||||
dns_message_destroy(&client->message);
|
||||
if (client->manager != NULL) {
|
||||
ns_clientmgr_t *manager = client->manager;
|
||||
if (locked_manager == NULL) {
|
||||
LOCK(&manager->lock);
|
||||
locked_manager = manager;
|
||||
}
|
||||
ISC_LIST_UNLINK(*client->list, client, link);
|
||||
client->list = NULL;
|
||||
if (manager != NULL) {
|
||||
LOCK(&manager->listlock);
|
||||
ISC_LIST_UNLINK(manager->clients, client, link);
|
||||
LOCK(&manager->lock);
|
||||
if (manager->exiting &&
|
||||
ISC_LIST_EMPTY(manager->active) &&
|
||||
ISC_LIST_EMPTY(manager->inactive) &&
|
||||
ISC_LIST_EMPTY(manager->recursing))
|
||||
destroy_manager = manager;
|
||||
ISC_LIST_EMPTY(manager->clients))
|
||||
destroy_manager = ISC_TRUE;
|
||||
UNLOCK(&manager->lock);
|
||||
UNLOCK(&manager->listlock);
|
||||
}
|
||||
|
||||
/*
|
||||
* Detaching the task must be done after unlinking from
|
||||
* the manager's lists because the manager accesses
|
||||
@ -524,6 +568,7 @@ exit_check(ns_client_t *client) {
|
||||
|
||||
CTRACE("free");
|
||||
client->magic = 0;
|
||||
|
||||
/*
|
||||
* Check that there are no other external references to
|
||||
* the memory context.
|
||||
@ -533,22 +578,10 @@ exit_check(ns_client_t *client) {
|
||||
INSIST(0);
|
||||
}
|
||||
isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
|
||||
|
||||
goto unlock;
|
||||
}
|
||||
|
||||
unlock:
|
||||
if (locked_manager != NULL) {
|
||||
UNLOCK(&locked_manager->lock);
|
||||
locked_manager = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Only now is it safe to destroy the client manager (if needed),
|
||||
* because we have accessed its lock for the last time.
|
||||
*/
|
||||
if (destroy_manager != NULL)
|
||||
clientmgr_destroy(destroy_manager);
|
||||
if (destroy_manager && manager != NULL)
|
||||
clientmgr_destroy(manager);
|
||||
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
@ -604,6 +637,9 @@ client_shutdown(isc_task_t *task, isc_event_t *event) {
|
||||
client->shutdown_arg = NULL;
|
||||
}
|
||||
|
||||
if (ISC_QLINK_LINKED(client, ilink))
|
||||
ISC_QUEUE_UNLINK(client->manager->inactive, client, ilink);
|
||||
|
||||
client->newstate = NS_CLIENTSTATE_FREED;
|
||||
client->needshutdown = ISC_FALSE;
|
||||
(void)exit_check(client);
|
||||
@ -616,7 +652,8 @@ ns_client_endrequest(ns_client_t *client) {
|
||||
INSIST(client->nsends == 0);
|
||||
INSIST(client->nrecvs == 0);
|
||||
INSIST(client->nupdates == 0);
|
||||
INSIST(client->state == NS_CLIENTSTATE_WORKING);
|
||||
INSIST(client->state == NS_CLIENTSTATE_WORKING ||
|
||||
client->state == NS_CLIENTSTATE_RECURSING);
|
||||
|
||||
CTRACE("endrequest");
|
||||
|
||||
@ -649,46 +686,13 @@ ns_client_endrequest(ns_client_t *client) {
|
||||
client->attributes &= NS_CLIENTATTR_TCP;
|
||||
}
|
||||
|
||||
static void
|
||||
ns_client_checkactive(ns_client_t *client) {
|
||||
if (client->mortal) {
|
||||
/*
|
||||
* This client object should normally go inactive
|
||||
* at this point, but if we have fewer active client
|
||||
* objects than desired due to earlier quota exhaustion,
|
||||
* keep it active to make up for the shortage.
|
||||
*/
|
||||
isc_boolean_t need_another_client = ISC_FALSE;
|
||||
if (TCP_CLIENT(client) && !ns_g_clienttest) {
|
||||
LOCK(&client->interface->lock);
|
||||
if (client->interface->ntcpcurrent <
|
||||
client->interface->ntcptarget)
|
||||
need_another_client = ISC_TRUE;
|
||||
UNLOCK(&client->interface->lock);
|
||||
} else {
|
||||
/*
|
||||
* The UDP client quota is enforced by making
|
||||
* requests fail rather than by not listening
|
||||
* for new ones. Therefore, there is always a
|
||||
* full set of UDP clients listening.
|
||||
*/
|
||||
}
|
||||
if (! need_another_client) {
|
||||
/*
|
||||
* We don't need this client object. Recycle it.
|
||||
*/
|
||||
if (client->newstate >= NS_CLIENTSTATE_INACTIVE)
|
||||
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
ns_client_next(ns_client_t *client, isc_result_t result) {
|
||||
int newstate;
|
||||
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
|
||||
client->state == NS_CLIENTSTATE_RECURSING ||
|
||||
client->state == NS_CLIENTSTATE_READING);
|
||||
|
||||
CTRACE("next");
|
||||
@ -745,9 +749,6 @@ client_senddone(isc_task_t *task, isc_event_t *event) {
|
||||
client->tcpbuf = NULL;
|
||||
}
|
||||
|
||||
if (exit_check(client))
|
||||
return;
|
||||
|
||||
ns_client_next(client, ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
@ -1974,6 +1975,11 @@ static isc_result_t
|
||||
get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
|
||||
isc_mem_t *clientmctx;
|
||||
isc_result_t result;
|
||||
#if NMCTXS > 0
|
||||
unsigned int nextmctx;
|
||||
#endif
|
||||
|
||||
MTRACE("clientmctx");
|
||||
|
||||
/*
|
||||
* Caller must be holding the manager lock.
|
||||
@ -1985,19 +1991,21 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
|
||||
return (result);
|
||||
}
|
||||
#if NMCTXS > 0
|
||||
INSIST(manager->nextmctx < NMCTXS);
|
||||
clientmctx = manager->mctxpool[manager->nextmctx];
|
||||
nextmctx = manager->nextmctx++;
|
||||
if (manager->nextmctx == NMCTXS)
|
||||
manager->nextmctx = 0;
|
||||
|
||||
INSIST(nextmctx < NMCTXS);
|
||||
|
||||
clientmctx = manager->mctxpool[nextmctx];
|
||||
if (clientmctx == NULL) {
|
||||
result = isc_mem_create(0, 0, &clientmctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
isc_mem_setname(clientmctx, "client", NULL);
|
||||
|
||||
manager->mctxpool[manager->nextmctx] = clientmctx;
|
||||
manager->mctxpool[nextmctx] = clientmctx;
|
||||
}
|
||||
manager->nextmctx++;
|
||||
if (manager->nextmctx == NMCTXS)
|
||||
manager->nextmctx = 0;
|
||||
#else
|
||||
clientmctx = manager->mctx;
|
||||
#endif
|
||||
@ -2118,6 +2126,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
|
||||
#ifdef ALLOW_FILTER_AAAA_ON_V4
|
||||
client->filter_aaaa = dns_v4_aaaa_ok;
|
||||
#endif
|
||||
client->needshutdown = ns_g_clienttest;
|
||||
|
||||
ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
|
||||
NS_EVENT_CLIENTCONTROL, client_start, client, client,
|
||||
NULL, NULL);
|
||||
@ -2129,7 +2139,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
|
||||
client->formerrcache.time = 0;
|
||||
client->formerrcache.id = 0;
|
||||
ISC_LINK_INIT(client, link);
|
||||
client->list = NULL;
|
||||
ISC_LINK_INIT(client, rlink);
|
||||
ISC_QLINK_INIT(client, ilink);
|
||||
|
||||
/*
|
||||
* We call the init routines for the various kinds of client here,
|
||||
@ -2144,8 +2155,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_query;
|
||||
|
||||
client->needshutdown = ns_g_clienttest;
|
||||
|
||||
CTRACE("create");
|
||||
|
||||
*clientp = client;
|
||||
@ -2410,10 +2419,8 @@ ns_client_replace(ns_client_t *client) {
|
||||
REQUIRE(client != NULL);
|
||||
REQUIRE(client->manager != NULL);
|
||||
|
||||
result = ns_clientmgr_createclients(client->manager,
|
||||
1, client->interface,
|
||||
(TCP_CLIENT(client) ?
|
||||
ISC_TRUE : ISC_FALSE));
|
||||
result = get_client(client->manager, client->interface,
|
||||
client->dispatch, TCP_CLIENT(client));
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
@ -2437,9 +2444,7 @@ clientmgr_destroy(ns_clientmgr_t *manager) {
|
||||
int i;
|
||||
#endif
|
||||
|
||||
REQUIRE(ISC_LIST_EMPTY(manager->active));
|
||||
REQUIRE(ISC_LIST_EMPTY(manager->inactive));
|
||||
REQUIRE(ISC_LIST_EMPTY(manager->recursing));
|
||||
REQUIRE(ISC_LIST_EMPTY(manager->clients));
|
||||
|
||||
MTRACE("clientmgr_destroy");
|
||||
|
||||
@ -2450,7 +2455,10 @@ clientmgr_destroy(ns_clientmgr_t *manager) {
|
||||
}
|
||||
#endif
|
||||
|
||||
ISC_QUEUE_DESTROY(manager->inactive);
|
||||
DESTROYLOCK(&manager->lock);
|
||||
DESTROYLOCK(&manager->listlock);
|
||||
DESTROYLOCK(&manager->reclock);
|
||||
manager->magic = 0;
|
||||
isc_mem_put(manager->mctx, manager, sizeof(*manager));
|
||||
}
|
||||
@ -2473,13 +2481,21 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_manager;
|
||||
|
||||
result = isc_mutex_init(&manager->listlock);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_lock;
|
||||
|
||||
result = isc_mutex_init(&manager->reclock);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_listlock;
|
||||
|
||||
manager->mctx = mctx;
|
||||
manager->taskmgr = taskmgr;
|
||||
manager->timermgr = timermgr;
|
||||
manager->exiting = ISC_FALSE;
|
||||
ISC_LIST_INIT(manager->active);
|
||||
ISC_LIST_INIT(manager->inactive);
|
||||
ISC_LIST_INIT(manager->clients);
|
||||
ISC_LIST_INIT(manager->recursing);
|
||||
ISC_QUEUE_INIT(manager->inactive, ilink);
|
||||
#if NMCTXS > 0
|
||||
manager->nextmctx = 0;
|
||||
for (i = 0; i < NMCTXS; i++)
|
||||
@ -2493,6 +2509,12 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
cleanup_listlock:
|
||||
(void) isc_mutex_destroy(&manager->listlock);
|
||||
|
||||
cleanup_lock:
|
||||
(void) isc_mutex_destroy(&manager->lock);
|
||||
|
||||
cleanup_manager:
|
||||
isc_mem_put(manager->mctx, manager, sizeof(*manager));
|
||||
|
||||
@ -2501,9 +2523,10 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
|
||||
|
||||
void
|
||||
ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
|
||||
isc_result_t result;
|
||||
ns_clientmgr_t *manager;
|
||||
ns_client_t *client;
|
||||
isc_boolean_t need_destroy = ISC_FALSE;
|
||||
isc_boolean_t need_destroy = ISC_FALSE, unlock = ISC_FALSE;
|
||||
|
||||
REQUIRE(managerp != NULL);
|
||||
manager = *managerp;
|
||||
@ -2511,31 +2534,27 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
|
||||
|
||||
MTRACE("destroy");
|
||||
|
||||
LOCK(&manager->lock);
|
||||
/*
|
||||
* Check for success because we may already be task-exclusive
|
||||
* at this point. Only if we succeed at obtaining an exclusive
|
||||
* lock now will we need to relinquish it later.
|
||||
*/
|
||||
result = isc_task_beginexclusive(ns_g_server->task);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
unlock = ISC_TRUE;
|
||||
|
||||
manager->exiting = ISC_TRUE;
|
||||
|
||||
for (client = ISC_LIST_HEAD(manager->recursing);
|
||||
for (client = ISC_LIST_HEAD(manager->clients);
|
||||
client != NULL;
|
||||
client = ISC_LIST_NEXT(client, link))
|
||||
isc_task_shutdown(client->task);
|
||||
|
||||
for (client = ISC_LIST_HEAD(manager->active);
|
||||
client != NULL;
|
||||
client = ISC_LIST_NEXT(client, link))
|
||||
isc_task_shutdown(client->task);
|
||||
|
||||
for (client = ISC_LIST_HEAD(manager->inactive);
|
||||
client != NULL;
|
||||
client = ISC_LIST_NEXT(client, link))
|
||||
isc_task_shutdown(client->task);
|
||||
|
||||
if (ISC_LIST_EMPTY(manager->active) &&
|
||||
ISC_LIST_EMPTY(manager->inactive) &&
|
||||
ISC_LIST_EMPTY(manager->recursing))
|
||||
if (ISC_LIST_EMPTY(manager->clients))
|
||||
need_destroy = ISC_TRUE;
|
||||
|
||||
UNLOCK(&manager->lock);
|
||||
if (unlock)
|
||||
isc_task_endexclusive(ns_g_server->task);
|
||||
|
||||
if (need_destroy)
|
||||
clientmgr_destroy(manager);
|
||||
@ -2543,81 +2562,86 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
|
||||
*managerp = NULL;
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
||||
dns_dispatch_t *disp, isc_boolean_t tcp)
|
||||
{
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_event_t *ev;
|
||||
ns_client_t *client;
|
||||
MTRACE("get client");
|
||||
|
||||
REQUIRE(manager != NULL);
|
||||
|
||||
if (manager->exiting)
|
||||
return (ISC_R_SHUTTINGDOWN);
|
||||
|
||||
/*
|
||||
* Allocate a client. First try to get a recycled one;
|
||||
* if that fails, make a new one.
|
||||
*/
|
||||
client = NULL;
|
||||
if (!ns_g_clienttest)
|
||||
ISC_QUEUE_POP(manager->inactive, ilink, client);
|
||||
|
||||
if (client != NULL)
|
||||
MTRACE("recycle");
|
||||
else {
|
||||
MTRACE("create new");
|
||||
|
||||
LOCK(&manager->lock);
|
||||
result = client_create(manager, &client);
|
||||
UNLOCK(&manager->lock);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
LOCK(&manager->listlock);
|
||||
ISC_LIST_APPEND(manager->clients, client, link);
|
||||
UNLOCK(&manager->listlock);
|
||||
}
|
||||
|
||||
client->manager = manager;
|
||||
ns_interface_attach(ifp, &client->interface);
|
||||
client->state = NS_CLIENTSTATE_READY;
|
||||
INSIST(client->recursionquota == NULL);
|
||||
|
||||
if (tcp) {
|
||||
client->attributes |= NS_CLIENTATTR_TCP;
|
||||
isc_socket_attach(ifp->tcpsocket,
|
||||
&client->tcplistener);
|
||||
} else {
|
||||
isc_socket_t *sock;
|
||||
|
||||
dns_dispatch_attach(disp, &client->dispatch);
|
||||
sock = dns_dispatch_getsocket(client->dispatch);
|
||||
isc_socket_attach(sock, &client->udpsocket);
|
||||
}
|
||||
|
||||
INSIST(client->nctls == 0);
|
||||
client->nctls++;
|
||||
ev = &client->ctlevent;
|
||||
isc_task_send(client->task, &ev);
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
|
||||
ns_interface_t *ifp, isc_boolean_t tcp)
|
||||
{
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
unsigned int i;
|
||||
ns_client_t *client;
|
||||
unsigned int disp;
|
||||
|
||||
REQUIRE(VALID_MANAGER(manager));
|
||||
REQUIRE(n > 0);
|
||||
|
||||
MTRACE("createclients");
|
||||
|
||||
/*
|
||||
* We MUST lock the manager lock for the entire client creation
|
||||
* process. If we didn't do this, then a client could get a
|
||||
* shutdown event and disappear out from under us.
|
||||
*/
|
||||
|
||||
LOCK(&manager->lock);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
isc_event_t *ev;
|
||||
/*
|
||||
* Allocate a client. First try to get a recycled one;
|
||||
* if that fails, make a new one.
|
||||
*/
|
||||
client = NULL;
|
||||
if (!ns_g_clienttest)
|
||||
client = ISC_LIST_HEAD(manager->inactive);
|
||||
if (client != NULL) {
|
||||
MTRACE("recycle");
|
||||
ISC_LIST_UNLINK(manager->inactive, client, link);
|
||||
client->list = NULL;
|
||||
} else {
|
||||
MTRACE("create new");
|
||||
result = client_create(manager, &client);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
break;
|
||||
}
|
||||
|
||||
ns_interface_attach(ifp, &client->interface);
|
||||
client->state = NS_CLIENTSTATE_READY;
|
||||
INSIST(client->recursionquota == NULL);
|
||||
|
||||
if (tcp) {
|
||||
client->attributes |= NS_CLIENTATTR_TCP;
|
||||
isc_socket_attach(ifp->tcpsocket,
|
||||
&client->tcplistener);
|
||||
} else {
|
||||
isc_socket_t *sock;
|
||||
|
||||
dns_dispatch_attach(ifp->udpdispatch,
|
||||
&client->dispatch);
|
||||
sock = dns_dispatch_getsocket(client->dispatch);
|
||||
isc_socket_attach(sock, &client->udpsocket);
|
||||
}
|
||||
client->manager = manager;
|
||||
ISC_LIST_APPEND(manager->active, client, link);
|
||||
client->list = &manager->active;
|
||||
|
||||
INSIST(client->nctls == 0);
|
||||
client->nctls++;
|
||||
ev = &client->ctlevent;
|
||||
isc_task_send(client->task, &ev);
|
||||
for (disp = 0; disp < n; disp++) {
|
||||
result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
break;
|
||||
}
|
||||
if (i != 0) {
|
||||
/*
|
||||
* We managed to create at least one client, so we
|
||||
* declare victory.
|
||||
*/
|
||||
result = ISC_R_SUCCESS;
|
||||
}
|
||||
|
||||
UNLOCK(&manager->lock);
|
||||
|
||||
return (result);
|
||||
}
|
||||
@ -2702,19 +2726,41 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
|
||||
{
|
||||
char msgbuf[2048];
|
||||
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
|
||||
const char *name = "";
|
||||
const char *sep = "";
|
||||
char signerbuf[DNS_NAME_FORMATSIZE], qnamebuf[DNS_NAME_FORMATSIZE];
|
||||
const char *viewname = "";
|
||||
const char *sep1 = "", *sep2 = "", *sep3 = "", *sep4 = "";
|
||||
const char *signer = "", *qname = "";
|
||||
dns_name_t *q = NULL;
|
||||
|
||||
vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
|
||||
|
||||
ns_client_name(client, peerbuf, sizeof(peerbuf));
|
||||
|
||||
if (client->signer != NULL) {
|
||||
dns_name_format(client->signer, signerbuf, sizeof(signerbuf));
|
||||
sep1 = "/key ";
|
||||
signer = signerbuf;
|
||||
}
|
||||
|
||||
q = client->query.origqname != NULL
|
||||
? client->query.origqname : client->query.qname;
|
||||
if (q != NULL) {
|
||||
dns_name_format(q, qnamebuf, sizeof(qnamebuf));
|
||||
sep2 = " (";
|
||||
sep3 = ")";
|
||||
qname = qnamebuf;
|
||||
}
|
||||
|
||||
if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
|
||||
strcmp(client->view->name, "_default") != 0) {
|
||||
name = client->view->name;
|
||||
sep = ": view ";
|
||||
sep4 = ": view ";
|
||||
viewname = client->view->name;
|
||||
}
|
||||
|
||||
isc_log_write(ns_g_lctx, category, module, level,
|
||||
"client %s%s%s: %s", peerbuf, sep, name, msgbuf);
|
||||
"client %s%s%s%s%s%s%s%s: %s",
|
||||
peerbuf, sep1, signer, sep2, qname, sep3,
|
||||
sep4, viewname, msgbuf);
|
||||
}
|
||||
|
||||
void
|
||||
@ -2796,9 +2842,11 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
|
||||
|
||||
REQUIRE(VALID_MANAGER(manager));
|
||||
|
||||
LOCK(&manager->lock);
|
||||
LOCK(&manager->reclock);
|
||||
client = ISC_LIST_HEAD(manager->recursing);
|
||||
while (client != NULL) {
|
||||
INSIST(client->state == NS_CLIENTSTATE_RECURSING);
|
||||
|
||||
ns_client_name(client, peerbuf, sizeof(peerbuf));
|
||||
if (client->view != NULL &&
|
||||
strcmp(client->view->name, "_bind") != 0 &&
|
||||
@ -2809,6 +2857,9 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
|
||||
name = "";
|
||||
sep = "";
|
||||
}
|
||||
|
||||
LOCK(&client->query.fetchlock);
|
||||
INSIST(client->query.qname != NULL);
|
||||
dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
|
||||
if (client->query.qname != client->query.origqname &&
|
||||
client->query.origqname != NULL) {
|
||||
@ -2831,20 +2882,19 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
|
||||
strcpy(typebuf, "-");
|
||||
strcpy(classbuf, "-");
|
||||
}
|
||||
UNLOCK(&client->query.fetchlock);
|
||||
fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
|
||||
"requesttime %d\n", peerbuf, sep, name,
|
||||
client->message->id, namebuf, typebuf, classbuf,
|
||||
origfor, original, client->requesttime);
|
||||
client = ISC_LIST_NEXT(client, link);
|
||||
client = ISC_LIST_NEXT(client, rlink);
|
||||
}
|
||||
UNLOCK(&manager->lock);
|
||||
UNLOCK(&manager->reclock);
|
||||
}
|
||||
|
||||
void
|
||||
ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
|
||||
|
||||
if (client->manager != NULL)
|
||||
LOCK(&client->manager->lock);
|
||||
LOCK(&client->query.fetchlock);
|
||||
if (client->query.restarts > 0) {
|
||||
/*
|
||||
* client->query.qname was dynamically allocated.
|
||||
@ -2853,6 +2903,16 @@ ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
|
||||
&client->query.qname);
|
||||
}
|
||||
client->query.qname = name;
|
||||
if (client->manager != NULL)
|
||||
UNLOCK(&client->manager->lock);
|
||||
UNLOCK(&client->query.fetchlock);
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp) {
|
||||
ns_client_t *client = (ns_client_t *) ci->data;
|
||||
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
REQUIRE(addrp != NULL);
|
||||
|
||||
*addrp = &client->peeraddr;
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */
|
||||
/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -73,6 +73,7 @@ options {\n\
|
||||
listen-on {any;};\n\
|
||||
listen-on-v6 {none;};\n\
|
||||
match-mapped-addresses no;\n\
|
||||
max-rsa-exponent-size 0; /* no limit */\n\
|
||||
memstatistics-file \"named.memstats\";\n\
|
||||
multiple-cnames no;\n\
|
||||
# named-xfer <obsolete>;\n\
|
||||
@ -90,7 +91,7 @@ options {\n\
|
||||
"\
|
||||
recursive-clients 1000;\n\
|
||||
resolver-query-timeout 10;\n\
|
||||
rrset-order {type NS order random; order cyclic; };\n\
|
||||
rrset-order { order random; };\n\
|
||||
serial-queries 20;\n\
|
||||
serial-query-rate 20;\n\
|
||||
server-id none;\n\
|
||||
@ -200,7 +201,8 @@ options {\n\
|
||||
sig-signing-nodes 100;\n\
|
||||
sig-signing-signatures 10;\n\
|
||||
sig-signing-type 65534;\n\
|
||||
zone-statistics false;\n\
|
||||
inline-signing no;\n\
|
||||
zone-statistics terse;\n\
|
||||
max-journal-size unlimited;\n\
|
||||
ixfr-from-differences false;\n\
|
||||
check-wildcard yes;\n\
|
||||
@ -210,7 +212,10 @@ options {\n\
|
||||
check-srv-cname warn;\n\
|
||||
zero-no-soa-ttl yes;\n\
|
||||
update-check-ksk yes;\n\
|
||||
serial-update-method increment;\n\
|
||||
dnssec-update-mode maintain;\n\
|
||||
dnssec-dnskey-kskonly no;\n\
|
||||
dnssec-loadkeys-interval 60;\n\
|
||||
try-tcp-refresh yes; /* BIND 8 compat */\n\
|
||||
};\n\
|
||||
"
|
||||
@ -292,7 +297,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
|
||||
if (maps[i] == NULL)
|
||||
return (ISC_R_NOTFOUND);
|
||||
checknames = NULL;
|
||||
if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
|
||||
if (cfg_map_get(maps[i], "check-names",
|
||||
&checknames) == ISC_R_SUCCESS) {
|
||||
/*
|
||||
* Zone map entry is not a list.
|
||||
*/
|
||||
@ -305,7 +311,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
|
||||
element = cfg_list_next(element)) {
|
||||
value = cfg_listelt_value(element);
|
||||
type = cfg_tuple_get(value, "type");
|
||||
if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
|
||||
if (strcasecmp(cfg_obj_asstring(type),
|
||||
which) == 0) {
|
||||
*obj = cfg_tuple_get(value, "mode");
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
@ -378,6 +385,8 @@ ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
|
||||
ztype = dns_zone_stub;
|
||||
else if (strcasecmp(str, "static-stub") == 0)
|
||||
ztype = dns_zone_staticstub;
|
||||
else if (strcasecmp(str, "redirect") == 0)
|
||||
ztype = dns_zone_redirect;
|
||||
else
|
||||
INSIST(0);
|
||||
return (ztype);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: control.c,v 1.41 2010/12/03 22:05:19 each Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -154,7 +154,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
|
||||
result = ns_server_dumpstats(ns_g_server);
|
||||
} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
|
||||
result = ns_server_togglequerylog(ns_g_server);
|
||||
result = ns_server_togglequerylog(ns_g_server, command);
|
||||
} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
|
||||
ns_server_dumpdb(ns_g_server, command);
|
||||
result = ISC_R_SUCCESS;
|
||||
@ -169,7 +169,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
} else if (command_compare(command, NS_COMMAND_FLUSH)) {
|
||||
result = ns_server_flushcache(ns_g_server, command);
|
||||
} else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
|
||||
result = ns_server_flushname(ns_g_server, command);
|
||||
result = ns_server_flushnode(ns_g_server, command, ISC_FALSE);
|
||||
} else if (command_compare(command, NS_COMMAND_FLUSHTREE)) {
|
||||
result = ns_server_flushnode(ns_g_server, command, ISC_TRUE);
|
||||
} else if (command_compare(command, NS_COMMAND_STATUS)) {
|
||||
result = ns_server_status(ns_g_server, text);
|
||||
} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
|
||||
@ -183,6 +185,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
command_compare(command, NS_COMMAND_THAW)) {
|
||||
result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
|
||||
text);
|
||||
} else if (command_compare(command, NS_COMMAND_SYNC)) {
|
||||
result = ns_server_sync(ns_g_server, command, text);
|
||||
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
|
||||
result = ns_server_dumprecursing(ns_g_server);
|
||||
} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
|
||||
@ -201,6 +205,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
result = ns_server_add_zone(ns_g_server, command);
|
||||
} else if (command_compare(command, NS_COMMAND_DELZONE)) {
|
||||
result = ns_server_del_zone(ns_g_server, command);
|
||||
} else if (command_compare(command, NS_COMMAND_SIGNING)) {
|
||||
result = ns_server_signing(ns_g_server, command, text);
|
||||
} else {
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: controlconf.c,v 1.60.544.3 2011/12/22 08:10:09 marka Exp $ */
|
||||
/* $Id: controlconf.c,v 1.63 2011/12/22 08:07:48 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011/03/17 09:41:06 fdupont Exp $ */
|
||||
/* $Id: dlz_dlopen_driver.h,v 1.4 2011/03/17 09:25:53 fdupont Exp $ */
|
||||
|
||||
#ifndef DLZ_DLOPEN_DRIVER_H
|
||||
#define DLZ_DLOPEN_DRIVER_H
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: client.h,v 1.91.278.2 2012/01/31 23:46:39 tbox Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#ifndef NAMED_CLIENT_H
|
||||
#define NAMED_CLIENT_H 1
|
||||
@ -66,7 +66,9 @@
|
||||
#include <isc/magic.h>
|
||||
#include <isc/stdtime.h>
|
||||
#include <isc/quota.h>
|
||||
#include <isc/queue.h>
|
||||
|
||||
#include <dns/db.h>
|
||||
#include <dns/fixedname.h>
|
||||
#include <dns/name.h>
|
||||
#include <dns/rdataclass.h>
|
||||
@ -81,8 +83,6 @@
|
||||
*** Types
|
||||
***/
|
||||
|
||||
typedef ISC_LIST(ns_client_t) client_list_t;
|
||||
|
||||
/*% nameserver client structure */
|
||||
struct ns_client {
|
||||
unsigned int magic;
|
||||
@ -155,13 +155,15 @@ struct ns_client {
|
||||
isc_stdtime_t time;
|
||||
dns_messageid_t id;
|
||||
} formerrcache;
|
||||
|
||||
ISC_LINK(ns_client_t) link;
|
||||
/*%
|
||||
* The list 'link' is part of, or NULL if not on any list.
|
||||
*/
|
||||
client_list_t *list;
|
||||
ISC_LINK(ns_client_t) rlink;
|
||||
ISC_QLINK(ns_client_t) ilink;
|
||||
};
|
||||
|
||||
typedef ISC_QUEUE(ns_client_t) client_queue_t;
|
||||
typedef ISC_LIST(ns_client_t) client_list_t;
|
||||
|
||||
#define NS_CLIENT_MAGIC ISC_MAGIC('N','S','C','c')
|
||||
#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
|
||||
|
||||
@ -379,4 +381,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
|
||||
* Isself callback.
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp);
|
||||
|
||||
#endif /* NAMED_CLIENT_H */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: control.h,v 1.31 2010/08/16 22:21:06 marka Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#ifndef NAMED_CONTROL_H
|
||||
#define NAMED_CONTROL_H 1
|
||||
@ -47,6 +47,7 @@
|
||||
#define NS_COMMAND_NOTRACE "notrace"
|
||||
#define NS_COMMAND_FLUSH "flush"
|
||||
#define NS_COMMAND_FLUSHNAME "flushname"
|
||||
#define NS_COMMAND_FLUSHTREE "flushtree"
|
||||
#define NS_COMMAND_STATUS "status"
|
||||
#define NS_COMMAND_TSIGLIST "tsig-list"
|
||||
#define NS_COMMAND_TSIGDELETE "tsig-delete"
|
||||
@ -62,6 +63,8 @@
|
||||
#define NS_COMMAND_LOADKEYS "loadkeys"
|
||||
#define NS_COMMAND_ADDZONE "addzone"
|
||||
#define NS_COMMAND_DELZONE "delzone"
|
||||
#define NS_COMMAND_SYNC "sync"
|
||||
#define NS_COMMAND_SIGNING "signing"
|
||||
|
||||
isc_result_t
|
||||
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: globals.h,v 1.89.54.2 2011/06/17 23:47:10 tbox Exp $ */
|
||||
/* $Id: globals.h,v 1.92 2011/11/09 18:44:04 each Exp $ */
|
||||
|
||||
#ifndef NAMED_GLOBALS_H
|
||||
#define NAMED_GLOBALS_H 1
|
||||
@ -51,6 +51,7 @@
|
||||
|
||||
EXTERN isc_mem_t * ns_g_mctx INIT(NULL);
|
||||
EXTERN unsigned int ns_g_cpus INIT(0);
|
||||
EXTERN unsigned int ns_g_udpdisp INIT(0);
|
||||
EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL);
|
||||
EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL);
|
||||
EXTERN isc_entropy_t * ns_g_entropy INIT(NULL);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
|
||||
/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
|
||||
|
||||
#ifndef NAMED_INTERFACEMGR_H
|
||||
#define NAMED_INTERFACEMGR_H 1
|
||||
@ -65,7 +65,8 @@
|
||||
#define NS_INTERFACE_VALID(t) ISC_MAGIC_VALID(t, IFACE_MAGIC)
|
||||
|
||||
#define NS_INTERFACEFLAG_ANYADDR 0x01U /*%< bound to "any" address */
|
||||
|
||||
#define MAX_UDP_DISPATCH 128 /*%< Maximum number of UDP dispatchers
|
||||
to start per interface */
|
||||
/*% The nameserver interface structure */
|
||||
struct ns_interface {
|
||||
unsigned int magic; /*%< Magic number. */
|
||||
@ -76,11 +77,13 @@ struct ns_interface {
|
||||
isc_sockaddr_t addr; /*%< Address and port. */
|
||||
unsigned int flags; /*%< Interface characteristics */
|
||||
char name[32]; /*%< Null terminated. */
|
||||
dns_dispatch_t * udpdispatch; /*%< UDP dispatcher. */
|
||||
dns_dispatch_t * udpdispatch[MAX_UDP_DISPATCH];
|
||||
/*%< UDP dispatchers. */
|
||||
isc_socket_t * tcpsocket; /*%< TCP socket. */
|
||||
int ntcptarget; /*%< Desired number of concurrent
|
||||
TCP accepts */
|
||||
int ntcpcurrent; /*%< Current ditto, locked */
|
||||
int nudpdispatch; /*%< Number of UDP dispatches */
|
||||
ns_clientmgr_t * clientmgr; /*%< Client manager. */
|
||||
ISC_LINK(ns_interface_t) link;
|
||||
};
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: server.h,v 1.110 2010/08/16 23:46:52 tbox Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#ifndef NAMED_SERVER_H
|
||||
#define NAMED_SERVER_H 1
|
||||
@ -230,9 +230,10 @@ ns_server_retransfercommand(ns_server_t *server, char *args);
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
ns_server_togglequerylog(ns_server_t *server);
|
||||
ns_server_togglequerylog(ns_server_t *server, char *args);
|
||||
/*%<
|
||||
* Toggle logging of queries, as in BIND 8.
|
||||
* Enable/disable logging of queries. (Takes "yes" or "no" argument,
|
||||
* but can also be used as a toggle for backward comptibility.)
|
||||
*/
|
||||
|
||||
/*%
|
||||
@ -266,10 +267,12 @@ isc_result_t
|
||||
ns_server_flushcache(ns_server_t *server, char *args);
|
||||
|
||||
/*%
|
||||
* Flush a particular name from the server's cache(s)
|
||||
* Flush a particular name from the server's cache. If 'tree' is false,
|
||||
* also flush the name from the ADB and badcache. If 'tree' is true, also
|
||||
* flush all the names under the specified name.
|
||||
*/
|
||||
isc_result_t
|
||||
ns_server_flushname(ns_server_t *server, char *args);
|
||||
ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree);
|
||||
|
||||
/*%
|
||||
* Report the server's status.
|
||||
@ -296,6 +299,12 @@ isc_result_t
|
||||
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
|
||||
isc_buffer_t *text);
|
||||
|
||||
/*%
|
||||
* Dump zone updates to disk, optionally removing the journal file
|
||||
*/
|
||||
isc_result_t
|
||||
ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text);
|
||||
|
||||
/*%
|
||||
* Update a zone's DNSKEY set from the key repository. If
|
||||
* the command that triggered the call to this function was "sign",
|
||||
@ -336,4 +345,9 @@ ns_server_add_zone(ns_server_t *server, char *args);
|
||||
isc_result_t
|
||||
ns_server_del_zone(ns_server_t *server, char *args);
|
||||
|
||||
/*%
|
||||
* Lists the status of the signing records for a given zone.
|
||||
*/
|
||||
isc_result_t
|
||||
ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text);
|
||||
#endif /* NAMED_SERVER_H */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zoneconf.h,v 1.28 2010/12/20 23:47:20 tbox Exp $ */
|
||||
/* $Id: zoneconf.h,v 1.30 2011/08/30 23:46:51 tbox Exp $ */
|
||||
|
||||
#ifndef NS_ZONECONF_H
|
||||
#define NS_ZONECONF_H 1
|
||||
@ -33,7 +33,7 @@ ISC_LANG_BEGINDECLS
|
||||
isc_result_t
|
||||
ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
|
||||
dns_zone_t *zone);
|
||||
dns_zone_t *zone, dns_zone_t *raw);
|
||||
/*%<
|
||||
* Configure or reconfigure a zone according to the named.conf
|
||||
* data in 'cctx' and 'czone'.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,13 +15,14 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: interfacemgr.c,v 1.95.426.2 2011/03/12 04:59:14 tbox Exp $ */
|
||||
/* $Id: interfacemgr.c,v 1.101 2011/11/09 18:44:03 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <isc/interfaceiter.h>
|
||||
#include <isc/os.h>
|
||||
#include <isc/string.h>
|
||||
#include <isc/task.h>
|
||||
#include <isc/util.h>
|
||||
@ -185,11 +186,14 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
||||
{
|
||||
ns_interface_t *ifp;
|
||||
isc_result_t result;
|
||||
int disp;
|
||||
|
||||
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
|
||||
|
||||
ifp = isc_mem_get(mgr->mctx, sizeof(*ifp));
|
||||
if (ifp == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
|
||||
ifp->mgr = NULL;
|
||||
ifp->generation = mgr->generation;
|
||||
ifp->addr = *addr;
|
||||
@ -212,9 +216,11 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
||||
goto clientmgr_create_failure;
|
||||
}
|
||||
|
||||
ifp->udpdispatch = NULL;
|
||||
for (disp = 0; disp < MAX_UDP_DISPATCH; disp++)
|
||||
ifp->udpdispatch[disp] = NULL;
|
||||
|
||||
ifp->tcpsocket = NULL;
|
||||
|
||||
/*
|
||||
* Create a single TCP client object. It will replace itself
|
||||
* with a new one as soon as it gets a connection, so the actual
|
||||
@ -223,6 +229,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
||||
*/
|
||||
ifp->ntcptarget = 1;
|
||||
ifp->ntcpcurrent = 0;
|
||||
ifp->nudpdispatch = 0;
|
||||
|
||||
ISC_LINK_INIT(ifp, link);
|
||||
|
||||
@ -237,6 +244,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
||||
|
||||
clientmgr_create_failure:
|
||||
DESTROYLOCK(&ifp->lock);
|
||||
|
||||
lock_create_failure:
|
||||
ifp->magic = 0;
|
||||
isc_mem_put(mgr->mctx, ifp, sizeof(*ifp));
|
||||
@ -249,6 +257,7 @@ ns_interface_listenudp(ns_interface_t *ifp) {
|
||||
isc_result_t result;
|
||||
unsigned int attrs;
|
||||
unsigned int attrmask;
|
||||
int disp, i;
|
||||
|
||||
attrs = 0;
|
||||
attrs |= DNS_DISPATCHATTR_UDP;
|
||||
@ -260,18 +269,28 @@ ns_interface_listenudp(ns_interface_t *ifp) {
|
||||
attrmask = 0;
|
||||
attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
|
||||
attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
|
||||
result = dns_dispatch_getudp(ifp->mgr->dispatchmgr, ns_g_socketmgr,
|
||||
ns_g_taskmgr, &ifp->addr,
|
||||
4096, 1000, 32768, 8219, 8237,
|
||||
attrs, attrmask, &ifp->udpdispatch);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
|
||||
"could not listen on UDP socket: %s",
|
||||
isc_result_totext(result));
|
||||
goto udp_dispatch_failure;
|
||||
|
||||
ifp->nudpdispatch = ISC_MIN(ns_g_udpdisp, MAX_UDP_DISPATCH);
|
||||
for (disp = 0; disp < ifp->nudpdispatch; disp++) {
|
||||
result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr,
|
||||
ns_g_socketmgr,
|
||||
ns_g_taskmgr, &ifp->addr,
|
||||
4096, 1000, 32768, 8219, 8237,
|
||||
attrs, attrmask,
|
||||
&ifp->udpdispatch[disp],
|
||||
disp == 0
|
||||
? NULL
|
||||
: ifp->udpdispatch[0]);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
|
||||
"could not listen on UDP socket: %s",
|
||||
isc_result_totext(result));
|
||||
goto udp_dispatch_failure;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
result = ns_clientmgr_createclients(ifp->clientmgr, ns_g_cpus,
|
||||
result = ns_clientmgr_createclients(ifp->clientmgr, ifp->nudpdispatch,
|
||||
ifp, ISC_FALSE);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
||||
@ -279,12 +298,17 @@ ns_interface_listenudp(ns_interface_t *ifp) {
|
||||
isc_result_totext(result));
|
||||
goto addtodispatch_failure;
|
||||
}
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
addtodispatch_failure:
|
||||
dns_dispatch_changeattributes(ifp->udpdispatch, 0,
|
||||
DNS_DISPATCHATTR_NOLISTEN);
|
||||
dns_dispatch_detach(&ifp->udpdispatch);
|
||||
for (i = disp - 1; i <= 0; i--) {
|
||||
dns_dispatch_changeattributes(ifp->udpdispatch[i], 0,
|
||||
DNS_DISPATCHATTR_NOLISTEN);
|
||||
dns_dispatch_detach(&(ifp->udpdispatch[i]));
|
||||
}
|
||||
ifp->nudpdispatch = 0;
|
||||
|
||||
udp_dispatch_failure:
|
||||
return (result);
|
||||
}
|
||||
@ -398,15 +422,19 @@ ns_interface_shutdown(ns_interface_t *ifp) {
|
||||
static void
|
||||
ns_interface_destroy(ns_interface_t *ifp) {
|
||||
isc_mem_t *mctx = ifp->mgr->mctx;
|
||||
int disp;
|
||||
|
||||
REQUIRE(NS_INTERFACE_VALID(ifp));
|
||||
|
||||
ns_interface_shutdown(ifp);
|
||||
|
||||
if (ifp->udpdispatch != NULL) {
|
||||
dns_dispatch_changeattributes(ifp->udpdispatch, 0,
|
||||
DNS_DISPATCHATTR_NOLISTEN);
|
||||
dns_dispatch_detach(&ifp->udpdispatch);
|
||||
}
|
||||
for (disp = 0; disp < ifp->nudpdispatch; disp++)
|
||||
if (ifp->udpdispatch[disp] != NULL) {
|
||||
dns_dispatch_changeattributes(ifp->udpdispatch[disp], 0,
|
||||
DNS_DISPATCHATTR_NOLISTEN);
|
||||
dns_dispatch_detach(&(ifp->udpdispatch[disp]));
|
||||
}
|
||||
|
||||
if (ifp->tcpsocket != NULL)
|
||||
isc_socket_detach(&ifp->tcpsocket);
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: logconf.c,v 1.42.816.3 2011/03/05 23:52:06 tbox Exp $ */
|
||||
/* $Id: logconf.c,v 1.45 2011/03/05 23:52:29 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: main.c,v 1.180.14.4 2011/11/05 00:45:52 each Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -418,7 +418,7 @@ parse_command_line(int argc, char *argv[]) {
|
||||
isc_commandline_errprint = ISC_FALSE;
|
||||
while ((ch = isc_commandline_parse(argc, argv,
|
||||
"46c:C:d:E:fFgi:lm:n:N:p:P:"
|
||||
"sS:t:T:u:vVx:")) != -1) {
|
||||
"sS:t:T:U:u:vVx:")) != -1) {
|
||||
switch (ch) {
|
||||
case '4':
|
||||
if (disable4)
|
||||
@ -531,6 +531,11 @@ parse_command_line(int argc, char *argv[]) {
|
||||
fprintf(stderr, "unknown -T flag '%s\n",
|
||||
isc_commandline_argument);
|
||||
break;
|
||||
case 'U':
|
||||
ns_g_udpdisp = parse_int(isc_commandline_argument,
|
||||
"number of UDP listeners "
|
||||
"per interface");
|
||||
break;
|
||||
case 'u':
|
||||
ns_g_username = isc_commandline_argument;
|
||||
break;
|
||||
@ -595,6 +600,18 @@ create_managers(void) {
|
||||
#else
|
||||
ns_g_cpus = 1;
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
ns_g_udpdisp = 1;
|
||||
#else
|
||||
if (ns_g_udpdisp == 0)
|
||||
ns_g_udpdisp = ns_g_cpus_detected;
|
||||
if (ns_g_udpdisp > ns_g_cpus)
|
||||
ns_g_udpdisp = ns_g_cpus;
|
||||
#endif
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_INFO, "using %u UDP listener%s per interface",
|
||||
ns_g_udpdisp, ns_g_udpdisp == 1 ? "" : "s");
|
||||
|
||||
result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,7 +33,7 @@
|
||||
named \- Internet domain name server
|
||||
.SH "SYNOPSIS"
|
||||
.HP 6
|
||||
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
|
||||
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBnamed\fR
|
||||
@ -168,6 +168,19 @@ is defined allows a process with root privileges to escape a chroot jail.
|
||||
.RE
|
||||
.RE
|
||||
.PP
|
||||
\-U \fI#listeners\fR
|
||||
.RS 4
|
||||
Use
|
||||
\fI#listeners\fR
|
||||
worker threads to listen for incoming UDP packets on each address. If not specified,
|
||||
\fBnamed\fR
|
||||
will use the number of detected CPUs. If
|
||||
\fB\-n\fR
|
||||
has been set to a higher value than the number of CPUs, then
|
||||
\fB\-U\fR
|
||||
may be increased as high as that value, but no higher.
|
||||
.RE
|
||||
.PP
|
||||
\-u \fIuser\fR
|
||||
.RS 4
|
||||
Setuid to
|
||||
@ -267,7 +280,7 @@ BIND 9 Administrator Reference Manual.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -289,7 +289,8 @@ options {
|
||||
notify\-delay \fIseconds\fR;
|
||||
notify\-to\-soa \fIboolean\fR;
|
||||
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
||||
[ port \fIinteger\fR ]; ... };
|
||||
[ port \fIinteger\fR ]; ...
|
||||
[ key \fIkeyname\fR ] ... };
|
||||
allow\-notify { \fIaddress_match_element\fR; ... };
|
||||
forward ( first | only );
|
||||
forwarders [ port \fIinteger\fR ] {
|
||||
@ -458,7 +459,8 @@ view \fIstring\fR \fIoptional_class\fR {
|
||||
notify\-delay \fIseconds\fR;
|
||||
notify\-to\-soa \fIboolean\fR;
|
||||
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
||||
[ port \fIinteger\fR ]; ... };
|
||||
[ port \fIinteger\fR ]; ...
|
||||
[ key \fIkeyname\fR ] ... };
|
||||
allow\-notify { \fIaddress_match_element\fR; ... };
|
||||
forward ( first | only );
|
||||
forwarders [ port \fIinteger\fR ] {
|
||||
@ -502,7 +504,7 @@ view \fIstring\fR \fIoptional_class\fR {
|
||||
.RS 4
|
||||
.nf
|
||||
zone \fIstring\fR \fIoptional_class\fR {
|
||||
type ( master | slave | stub | hint |
|
||||
type ( master | slave | stub | hint | redirect |
|
||||
forward | delegation\-only );
|
||||
file \fIquoted_string\fR;
|
||||
masters [ port \fIinteger\fR ] {
|
||||
@ -544,7 +546,8 @@ zone \fIstring\fR \fIoptional_class\fR {
|
||||
notify\-delay \fIseconds\fR;
|
||||
notify\-to\-soa \fIboolean\fR;
|
||||
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
||||
[ port \fIinteger\fR ]; ... };
|
||||
[ port \fIinteger\fR ]; ...
|
||||
[ key \fIkeyname\fR ] ... };
|
||||
allow\-notify { \fIaddress_match_element\fR; ... };
|
||||
forward ( first | only );
|
||||
forwarders [ port \fIinteger\fR ] {
|
||||
@ -560,6 +563,7 @@ zone \fIstring\fR \fIoptional_class\fR {
|
||||
max\-refresh\-time \fIinteger\fR;
|
||||
min\-refresh\-time \fIinteger\fR;
|
||||
multi\-master \fIboolean\fR;
|
||||
request\-ixfr \fIboolean\fR;
|
||||
sig\-validity\-interval \fIinteger\fR;
|
||||
transfer\-source ( \fIipv4_address\fR | * )
|
||||
[ port ( \fIinteger\fR | * ) ];
|
||||
|
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ -->
|
||||
<!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ -->
|
||||
<refentry>
|
||||
<refentryinfo>
|
||||
<date>Aug 13, 2004</date>
|
||||
@ -326,7 +326,8 @@ options {
|
||||
notify-delay <replaceable>seconds</replaceable>;
|
||||
notify-to-soa <replaceable>boolean</replaceable>;
|
||||
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ...
|
||||
<optional> key <replaceable>keyname</replaceable> </optional> ... };
|
||||
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
||||
|
||||
forward ( first | only );
|
||||
@ -513,7 +514,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
notify-delay <replaceable>seconds</replaceable>;
|
||||
notify-to-soa <replaceable>boolean</replaceable>;
|
||||
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ...
|
||||
<optional> key <replaceable>keyname</replaceable> </optional> ... };
|
||||
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
||||
|
||||
forward ( first | only );
|
||||
@ -563,7 +565,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
<title>ZONE</title>
|
||||
<literallayout>
|
||||
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
||||
type ( master | slave | stub | hint |
|
||||
type ( master | slave | stub | hint | redirect |
|
||||
forward | delegation-only );
|
||||
file <replaceable>quoted_string</replaceable>;
|
||||
|
||||
@ -609,7 +611,8 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
notify-delay <replaceable>seconds</replaceable>;
|
||||
notify-to-soa <replaceable>boolean</replaceable>;
|
||||
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
||||
<optional> port <replaceable>integer</replaceable> </optional>; ...
|
||||
<optional> key <replaceable>keyname</replaceable> </optional> ... };
|
||||
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
||||
|
||||
forward ( first | only );
|
||||
@ -627,6 +630,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
max-refresh-time <replaceable>integer</replaceable>;
|
||||
min-refresh-time <replaceable>integer</replaceable>;
|
||||
multi-master <replaceable>boolean</replaceable>;
|
||||
request-ixfr <replaceable>boolean</replaceable>;
|
||||
sig-validity-interval <replaceable>integer</replaceable>;
|
||||
|
||||
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
||||
|
@ -21,7 +21,7 @@
|
||||
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
|
||||
</head>
|
||||
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
|
||||
<a name="id2476275"></a><div class="titlepage"></div>
|
||||
<a name="id2476274"></a><div class="titlepage"></div>
|
||||
<div class="refnamediv">
|
||||
<h2>Name</h2>
|
||||
<p><code class="filename">named.conf</code> — configuration file for named</p>
|
||||
@ -31,7 +31,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543356"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543357"></a><h2>DESCRIPTION</h2>
|
||||
<p><code class="filename">named.conf</code> is the configuration file
|
||||
for
|
||||
<span><strong class="command">named</strong></span>. Statements are enclosed
|
||||
@ -50,14 +50,14 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543384"></a><h2>ACL</h2>
|
||||
<a name="id2543385"></a><h2>ACL</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
<br>
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543400"></a><h2>KEY</h2>
|
||||
<a name="id2543401"></a><h2>KEY</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
key <em class="replaceable"><code>domain_name</code></em> {<br>
|
||||
algorithm <em class="replaceable"><code>string</code></em>;<br>
|
||||
@ -66,7 +66,7 @@ key
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543419"></a><h2>MASTERS</h2>
|
||||
<a name="id2543420"></a><h2>MASTERS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
|
||||
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
|
||||
@ -75,7 +75,7 @@ masters
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543465"></a><h2>SERVER</h2>
|
||||
<a name="id2543466"></a><h2>SERVER</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
|
||||
bogus <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
@ -97,7 +97,7 @@ server
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543533"></a><h2>TRUSTED-KEYS</h2>
|
||||
<a name="id2543534"></a><h2>TRUSTED-KEYS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
trusted-keys {<br>
|
||||
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
|
||||
@ -105,7 +105,7 @@ trusted-keys
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543559"></a><h2>MANAGED-KEYS</h2>
|
||||
<a name="id2543560"></a><h2>MANAGED-KEYS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
managed-keys {<br>
|
||||
<em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
|
||||
@ -113,7 +113,7 @@ managed-keys
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543588"></a><h2>CONTROLS</h2>
|
||||
<a name="id2543589"></a><h2>CONTROLS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
controls {<br>
|
||||
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
|
||||
@ -125,7 +125,7 @@ controls
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543623"></a><h2>LOGGING</h2>
|
||||
<a name="id2543624"></a><h2>LOGGING</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
logging {<br>
|
||||
channel <em class="replaceable"><code>string</code></em> {<br>
|
||||
@ -143,7 +143,7 @@ logging
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543661"></a><h2>LWRES</h2>
|
||||
<a name="id2543662"></a><h2>LWRES</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
lwres {<br>
|
||||
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
|
||||
@ -156,7 +156,7 @@ lwres
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543703"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543704"></a><h2>OPTIONS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
options {<br>
|
||||
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
|
||||
@ -291,7 +291,8 @@ options
|
||||
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
|
||||
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
|
||||
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
|
||||
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
<br>
|
||||
forward ( first | only );<br>
|
||||
@ -360,7 +361,7 @@ options
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544578"></a><h2>VIEW</h2>
|
||||
<a name="id2544585"></a><h2>VIEW</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
|
||||
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
@ -477,7 +478,8 @@ view
|
||||
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
|
||||
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
|
||||
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
|
||||
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
<br>
|
||||
forward ( first | only );<br>
|
||||
@ -523,10 +525,10 @@ view
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545287"></a><h2>ZONE</h2>
|
||||
<a name="id2545301"></a><h2>ZONE</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
|
||||
type ( master | slave | stub | hint |<br>
|
||||
type ( master | slave | stub | hint | redirect |<br>
|
||||
forward | delegation-only );<br>
|
||||
file <em class="replaceable"><code>quoted_string</code></em>;<br>
|
||||
<br>
|
||||
@ -572,7 +574,8 @@ zone
|
||||
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
|
||||
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
|
||||
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
|
||||
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
|
||||
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
<br>
|
||||
forward ( first | only );<br>
|
||||
@ -590,6 +593,7 @@ zone
|
||||
max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
|
||||
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
|
||||
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
|
||||
<br>
|
||||
transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
|
||||
@ -618,12 +622,12 @@ zone
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545667"></a><h2>FILES</h2>
|
||||
<a name="id2545690"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/named.conf</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545678"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2545702"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: named.docbook,v 1.26 2009/10/05 17:30:49 fdupont Exp $ -->
|
||||
<!-- $Id: named.docbook,v 1.28 2011/11/09 23:46:23 tbox Exp $ -->
|
||||
<refentry id="man.named">
|
||||
<refentryinfo>
|
||||
<date>May 21, 2009</date>
|
||||
@ -43,6 +43,8 @@
|
||||
<year>2007</year>
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2011</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -69,6 +71,7 @@
|
||||
<arg><option>-s</option></arg>
|
||||
<arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
|
||||
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg>
|
||||
<arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
|
||||
<arg><option>-v</option></arg>
|
||||
<arg><option>-V</option></arg>
|
||||
@ -281,6 +284,21 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-U <replaceable class="parameter">#listeners</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Use <replaceable class="parameter">#listeners</replaceable>
|
||||
worker threads to listen for incoming UDP packets on each
|
||||
address. If not specified, <command>named</command> will
|
||||
use the number of detected CPUs. If <option>-n</option>
|
||||
has been set to a higher value than the number of CPUs,
|
||||
then <option>-U</option> may be increased as high as that
|
||||
value, but no higher.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-u <replaceable class="parameter">user</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -29,10 +29,10 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543482"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543497"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named</strong></span>
|
||||
is a Domain Name System (DNS) server,
|
||||
part of the BIND 9 distribution from ISC. For more
|
||||
@ -47,7 +47,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543507"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543522"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-4</span></dt>
|
||||
<dd><p>
|
||||
@ -178,6 +178,16 @@
|
||||
</p>
|
||||
</div>
|
||||
</dd>
|
||||
<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
|
||||
<dd><p>
|
||||
Use <em class="replaceable"><code>#listeners</code></em>
|
||||
worker threads to listen for incoming UDP packets on each
|
||||
address. If not specified, <span><strong class="command">named</strong></span> will
|
||||
use the number of detected CPUs. If <code class="option">-n</code>
|
||||
has been set to a higher value than the number of CPUs,
|
||||
then <code class="option">-U</code> may be increased as high as that
|
||||
value, but no higher.
|
||||
</p></dd>
|
||||
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
|
||||
<dd>
|
||||
<p>Setuid
|
||||
@ -228,7 +238,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543964"></a><h2>SIGNALS</h2>
|
||||
<a name="id2544012"></a><h2>SIGNALS</h2>
|
||||
<p>
|
||||
In routine operation, signals should not be used to control
|
||||
the nameserver; <span><strong class="command">rndc</strong></span> should be used
|
||||
@ -249,7 +259,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544012"></a><h2>CONFIGURATION</h2>
|
||||
<a name="id2544060"></a><h2>CONFIGURATION</h2>
|
||||
<p>
|
||||
The <span><strong class="command">named</strong></span> configuration file is too complex
|
||||
to describe in detail here. A complete description is provided
|
||||
@ -266,7 +276,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544049"></a><h2>FILES</h2>
|
||||
<a name="id2544233"></a><h2>FILES</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
|
||||
<dd><p>
|
||||
@ -279,7 +289,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544088"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2544273"></a><h2>SEE ALSO</h2>
|
||||
<p><em class="citetitle">RFC 1033</em>,
|
||||
<em class="citetitle">RFC 1034</em>,
|
||||
<em class="citetitle">RFC 1035</em>,
|
||||
@ -292,7 +302,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544295"></a><h2>AUTHOR</h2>
|
||||
<a name="id2544343"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: query.c,v 1.353.8.24 2012/02/07 01:14:39 marka Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -172,39 +172,66 @@ rpz_st_clear(ns_client_t *client);
|
||||
static inline void
|
||||
inc_stats(ns_client_t *client, isc_statscounter_t counter) {
|
||||
dns_zone_t *zone = client->query.authzone;
|
||||
isc_stats_t *zonestats;
|
||||
#ifdef NEWSTATS
|
||||
dns_rdatatype_t qtype;
|
||||
dns_rdataset_t *rdataset;
|
||||
dns_stats_t *querystats = NULL;
|
||||
#endif
|
||||
|
||||
isc_stats_increment(ns_g_server->nsstats, counter);
|
||||
|
||||
if (zone != NULL) {
|
||||
isc_stats_t *zonestats = dns_zone_getrequeststats(zone);
|
||||
if (zonestats != NULL)
|
||||
isc_stats_increment(zonestats, counter);
|
||||
if (zone == NULL)
|
||||
return;
|
||||
|
||||
/* Do regular response type stats */
|
||||
zonestats = dns_zone_getrequeststats(zone);
|
||||
|
||||
if (zonestats != NULL)
|
||||
isc_stats_increment(zonestats, counter);
|
||||
|
||||
#ifdef NEWSTATS
|
||||
/* Do query type statistics
|
||||
*
|
||||
* We only increment per-type if we're using the authoriative
|
||||
* answer counter, preventing double-counting.
|
||||
*/
|
||||
if (counter == dns_nsstatscounter_authans) {
|
||||
querystats = dns_zone_getrcvquerystats(zone);
|
||||
if (querystats != NULL) {
|
||||
rdataset = ISC_LIST_HEAD(client->query.qname->list);
|
||||
if (rdataset != NULL) {
|
||||
qtype = rdataset->type;
|
||||
dns_rdatatypestats_increment(querystats, qtype);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
query_send(ns_client_t *client) {
|
||||
isc_statscounter_t counter;
|
||||
|
||||
if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0)
|
||||
inc_stats(client, dns_nsstatscounter_nonauthans);
|
||||
else
|
||||
inc_stats(client, dns_nsstatscounter_authans);
|
||||
|
||||
if (client->message->rcode == dns_rcode_noerror) {
|
||||
if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
|
||||
if (client->query.isreferral) {
|
||||
dns_section_t answer = DNS_SECTION_ANSWER;
|
||||
if (ISC_LIST_EMPTY(client->message->sections[answer])) {
|
||||
if (client->query.isreferral)
|
||||
counter = dns_nsstatscounter_referral;
|
||||
} else {
|
||||
else
|
||||
counter = dns_nsstatscounter_nxrrset;
|
||||
}
|
||||
} else {
|
||||
} else
|
||||
counter = dns_nsstatscounter_success;
|
||||
}
|
||||
} else if (client->message->rcode == dns_rcode_nxdomain) {
|
||||
} else if (client->message->rcode == dns_rcode_nxdomain)
|
||||
counter = dns_nsstatscounter_nxdomain;
|
||||
} else {
|
||||
/* We end up here in case of YXDOMAIN, and maybe others */
|
||||
else /* We end up here in case of YXDOMAIN, and maybe others */
|
||||
counter = dns_nsstatscounter_failure;
|
||||
}
|
||||
|
||||
inc_stats(client, counter);
|
||||
ns_client_send(client);
|
||||
}
|
||||
@ -1180,6 +1207,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
isc_boolean_t added_something, need_addname;
|
||||
dns_zone_t *zone;
|
||||
dns_rdatatype_t type;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
REQUIRE(qtype != dns_rdatatype_any);
|
||||
@ -1204,6 +1233,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
need_addname = ISC_FALSE;
|
||||
zone = NULL;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* We treat type A additional section processing as if it
|
||||
* were "any address type" additional section processing.
|
||||
@ -1248,9 +1280,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
* necessarily in the same database.
|
||||
*/
|
||||
node = NULL;
|
||||
result = dns_db_find(db, name, version, type, client->query.dboptions,
|
||||
client->now, &node, fname, rdataset,
|
||||
sigrdataset);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
rdataset, sigrdataset);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
if (sigrdataset != NULL && !dns_db_issecure(db) &&
|
||||
dns_rdataset_isassociated(sigrdataset))
|
||||
@ -1286,11 +1319,11 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
if (sigrdataset == NULL)
|
||||
goto cleanup;
|
||||
}
|
||||
result = dns_db_find(db, name, version, type,
|
||||
client->query.dboptions |
|
||||
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
|
||||
client->now, &node, fname, rdataset,
|
||||
sigrdataset);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions |
|
||||
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
rdataset, sigrdataset);
|
||||
if (result == DNS_R_GLUE &&
|
||||
validate(client, db, fname, rdataset, sigrdataset))
|
||||
result = ISC_R_SUCCESS;
|
||||
@ -1333,10 +1366,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
goto cleanup;
|
||||
|
||||
dns_db_attach(client->query.gluedb, &db);
|
||||
result = dns_db_find(db, name, version, type,
|
||||
client->query.dboptions | DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, fname, rdataset,
|
||||
sigrdataset);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions | DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
rdataset, sigrdataset);
|
||||
if (!(result == ISC_R_SUCCESS ||
|
||||
result == DNS_R_ZONECUT ||
|
||||
result == DNS_R_GLUE))
|
||||
@ -1410,8 +1443,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
goto aaaa_lookup;
|
||||
result = dns_db_findrdataset(db, node, version,
|
||||
dns_rdatatype_a, 0,
|
||||
client->now, rdataset,
|
||||
sigrdataset);
|
||||
client->now,
|
||||
rdataset, sigrdataset);
|
||||
if (result == DNS_R_NCACHENXDOMAIN)
|
||||
goto addname;
|
||||
if (result == DNS_R_NCACHENXRRSET) {
|
||||
@ -1461,8 +1494,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
goto addname;
|
||||
result = dns_db_findrdataset(db, node, version,
|
||||
dns_rdatatype_aaaa, 0,
|
||||
client->now, rdataset,
|
||||
sigrdataset);
|
||||
client->now,
|
||||
rdataset, sigrdataset);
|
||||
if (result == DNS_R_NCACHENXDOMAIN)
|
||||
goto addname;
|
||||
if (result == DNS_R_NCACHENXRRSET) {
|
||||
@ -1636,6 +1669,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
dns_zone_t *zone;
|
||||
dns_rdatatype_t type;
|
||||
dns_rdatasetadditional_t additionaltype;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
/*
|
||||
* If we don't have an additional cache call query_addadditional.
|
||||
@ -1674,6 +1709,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
POST(needadditionalcache);
|
||||
additionaltype = dns_rdatasetadditional_fromauth;
|
||||
dns_name_init(&cfname, NULL);
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
CTRACE("query_addadditional2");
|
||||
|
||||
@ -1776,8 +1813,10 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
* necessarily in the same database.
|
||||
*/
|
||||
node = NULL;
|
||||
result = dns_db_find(db, name, version, type, client->query.dboptions,
|
||||
client->now, &node, fname, NULL, NULL);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
NULL, NULL);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
goto found;
|
||||
|
||||
@ -1804,10 +1843,11 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
*/
|
||||
goto try_glue;
|
||||
|
||||
result = dns_db_find(db, name, version, type,
|
||||
client->query.dboptions |
|
||||
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
|
||||
client->now, &node, fname, NULL, NULL);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions |
|
||||
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
NULL, NULL);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
goto found;
|
||||
|
||||
@ -1876,9 +1916,10 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
|
||||
|
||||
findglue:
|
||||
dns_db_attach(client->query.gluedb, &db);
|
||||
result = dns_db_find(db, name, version, type,
|
||||
client->query.dboptions | DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, fname, NULL, NULL);
|
||||
result = dns_db_findext(db, name, version, type,
|
||||
client->query.dboptions | DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, fname, &cm, &ci,
|
||||
NULL, NULL);
|
||||
if (!(result == ISC_R_SUCCESS ||
|
||||
result == DNS_R_ZONECUT ||
|
||||
result == DNS_R_GLUE)) {
|
||||
@ -2528,6 +2569,8 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
|
||||
isc_result_t result, eresult;
|
||||
dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
|
||||
dns_rdataset_t **sigrdatasetp = NULL;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
CTRACE("query_addsoa");
|
||||
/*
|
||||
@ -2538,6 +2581,9 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
|
||||
rdataset = NULL;
|
||||
node = NULL;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Don't add the SOA record for test which set "-T nosoa".
|
||||
*/
|
||||
@ -2571,9 +2617,8 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
|
||||
result = dns_db_getoriginnode(db, &node);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = dns_db_findrdataset(db, node, version,
|
||||
dns_rdatatype_soa,
|
||||
0, client->now, rdataset,
|
||||
sigrdataset);
|
||||
dns_rdatatype_soa, 0, client->now,
|
||||
rdataset, sigrdataset);
|
||||
} else {
|
||||
dns_fixedname_t foundname;
|
||||
dns_name_t *fname;
|
||||
@ -2581,9 +2626,9 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
|
||||
dns_fixedname_init(&foundname);
|
||||
fname = dns_fixedname_name(&foundname);
|
||||
|
||||
result = dns_db_find(db, name, version, dns_rdatatype_soa,
|
||||
client->query.dboptions, 0, &node,
|
||||
fname, rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, name, version, dns_rdatatype_soa,
|
||||
client->query.dboptions, 0, &node,
|
||||
fname, &cm, &ci, rdataset, sigrdataset);
|
||||
}
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
/*
|
||||
@ -2648,6 +2693,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
|
||||
dns_fixedname_t foundname;
|
||||
dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
|
||||
dns_rdataset_t **sigrdatasetp = NULL;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
CTRACE("query_addns");
|
||||
/*
|
||||
@ -2659,6 +2706,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
|
||||
node = NULL;
|
||||
dns_fixedname_init(&foundname);
|
||||
fname = dns_fixedname_name(&foundname);
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Get resources and make 'name' be the database origin.
|
||||
@ -2691,14 +2740,13 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
|
||||
result = dns_db_getoriginnode(db, &node);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = dns_db_findrdataset(db, node, version,
|
||||
dns_rdatatype_ns,
|
||||
0, client->now, rdataset,
|
||||
sigrdataset);
|
||||
dns_rdatatype_ns, 0, client->now,
|
||||
rdataset, sigrdataset);
|
||||
} else {
|
||||
CTRACE("query_addns: calling dns_db_find");
|
||||
result = dns_db_find(db, name, NULL, dns_rdatatype_ns,
|
||||
client->query.dboptions, 0, &node,
|
||||
fname, rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, name, NULL, dns_rdatatype_ns,
|
||||
client->query.dboptions, 0, &node,
|
||||
fname, &cm, &ci, rdataset, sigrdataset);
|
||||
CTRACE("query_addns: dns_db_find complete");
|
||||
}
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
@ -2820,15 +2868,19 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_dbnode_t *node = NULL;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
isc_stdtime_t now;
|
||||
|
||||
rdataset->trust = dns_trust_secure;
|
||||
sigrdataset->trust = dns_trust_secure;
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Save the updated secure state. Ignore failures.
|
||||
*/
|
||||
result = dns_db_findnode(db, name, ISC_TRUE, &node);
|
||||
result = dns_db_findnodeext(db, name, ISC_TRUE, &cm, &ci, &node);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return;
|
||||
|
||||
@ -2856,9 +2908,15 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
|
||||
isc_result_t result;
|
||||
dns_dbnode_t *node = NULL;
|
||||
isc_boolean_t secure = ISC_FALSE;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
if (!dns_rdataset_isassociated(keyrdataset)) {
|
||||
result = dns_db_findnode(db, &rrsig->signer, ISC_FALSE, &node);
|
||||
result = dns_db_findnodeext(db, &rrsig->signer, ISC_FALSE,
|
||||
&cm, &ci, &node);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (ISC_FALSE);
|
||||
|
||||
@ -2901,7 +2959,7 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
|
||||
|
||||
static isc_boolean_t
|
||||
verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
dns_rdata_t *rdata, isc_mem_t *mctx, isc_boolean_t acceptexpired)
|
||||
dns_rdata_t *rdata, ns_client_t *client)
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_fixedname_t fixed;
|
||||
@ -2910,9 +2968,10 @@ verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
dns_fixedname_init(&fixed);
|
||||
|
||||
again:
|
||||
result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx,
|
||||
result = dns_dnssec_verify3(name, rdataset, key, ignore,
|
||||
client->view->maxbits, client->mctx,
|
||||
rdata, NULL);
|
||||
if (result == DNS_R_SIGEXPIRED && acceptexpired) {
|
||||
if (result == DNS_R_SIGEXPIRED && client->view->acceptexpired) {
|
||||
ignore = ISC_TRUE;
|
||||
goto again;
|
||||
}
|
||||
@ -2955,8 +3014,7 @@ validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
|
||||
do {
|
||||
if (!get_key(client, db, &rrsig, &keyrdataset, &key))
|
||||
break;
|
||||
if (verify(key, name, rdataset, &rdata, client->mctx,
|
||||
client->view->acceptexpired)) {
|
||||
if (verify(key, name, rdataset, &rdata, client)) {
|
||||
dst_key_free(&key);
|
||||
dns_rdataset_disassociate(&keyrdataset);
|
||||
mark_secure(client, db, name, &rrsig,
|
||||
@ -2983,6 +3041,8 @@ query_addbestns(ns_client_t *client) {
|
||||
dns_dbversion_t *version;
|
||||
dns_zone_t *zone;
|
||||
isc_buffer_t b;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
CTRACE("query_addbestns");
|
||||
fname = NULL;
|
||||
@ -2999,6 +3059,9 @@ query_addbestns(ns_client_t *client) {
|
||||
is_zone = ISC_FALSE;
|
||||
use_zone = ISC_FALSE;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Find the right database.
|
||||
*/
|
||||
@ -3032,10 +3095,11 @@ query_addbestns(ns_client_t *client) {
|
||||
* Now look for the zonecut.
|
||||
*/
|
||||
if (is_zone) {
|
||||
result = dns_db_find(db, client->query.qname, version,
|
||||
dns_rdatatype_ns, client->query.dboptions,
|
||||
client->now, &node, fname,
|
||||
rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, client->query.qname, version,
|
||||
dns_rdatatype_ns,
|
||||
client->query.dboptions,
|
||||
client->now, &node, fname,
|
||||
&cm, &ci, rdataset, sigrdataset);
|
||||
if (result != DNS_R_DELEGATION)
|
||||
goto cleanup;
|
||||
if (USECACHE(client)) {
|
||||
@ -3312,6 +3376,8 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
|
||||
int order;
|
||||
dns_fixedname_t cfixed;
|
||||
dns_name_t *cname;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
CTRACE("query_addwildcardproof");
|
||||
fname = NULL;
|
||||
@ -3319,6 +3385,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
|
||||
sigrdataset = NULL;
|
||||
node = NULL;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Get the NOQNAME proof then if !ispositive
|
||||
* get the NOWILDCARD proof.
|
||||
@ -3378,8 +3447,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
|
||||
if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
|
||||
goto cleanup;
|
||||
|
||||
result = dns_db_find(db, name, version, dns_rdatatype_nsec, options,
|
||||
0, &node, fname, rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, name, version, dns_rdatatype_nsec,
|
||||
options, 0, &node, fname, &cm, &ci,
|
||||
rdataset, sigrdataset);
|
||||
if (node != NULL)
|
||||
dns_db_detachnode(db, &node);
|
||||
|
||||
@ -3401,10 +3471,10 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
|
||||
if (labels == 0U)
|
||||
goto cleanup;
|
||||
dns_name_split(cname, labels, NULL, cname);
|
||||
result = dns_db_find(db, cname, version,
|
||||
dns_rdatatype_nsec,
|
||||
options, 0, NULL, fname,
|
||||
NULL, NULL);
|
||||
result = dns_db_findext(db, cname, version,
|
||||
dns_rdatatype_nsec,
|
||||
options, 0, NULL, fname,
|
||||
&cm, &ci, NULL, NULL);
|
||||
}
|
||||
/*
|
||||
* Add closest (provable) encloser NSEC3.
|
||||
@ -3904,6 +3974,11 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
|
||||
dns_fixedname_t fixed;
|
||||
dns_name_t *found;
|
||||
isc_result_t result;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
st = client->query.rpz_st;
|
||||
if ((st->state & DNS_RPZ_RECURSING) != 0) {
|
||||
@ -3959,8 +4034,9 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
|
||||
node = NULL;
|
||||
dns_fixedname_init(&fixed);
|
||||
found = dns_fixedname_name(&fixed);
|
||||
result = dns_db_find(*dbp, name, version, type, DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, found, *rdatasetp, NULL);
|
||||
result = dns_db_findext(*dbp, name, version, type, DNS_DBFIND_GLUEOK,
|
||||
client->now, &node, found,
|
||||
&cm, &ci, *rdatasetp, NULL);
|
||||
if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) {
|
||||
/*
|
||||
* Try the cache if we're authoritative for an
|
||||
@ -3969,9 +4045,9 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
|
||||
rpz_clean(NULL, dbp, &node, rdatasetp);
|
||||
version = NULL;
|
||||
dns_db_attach(client->view->cachedb, dbp);
|
||||
result = dns_db_find(*dbp, name, version, dns_rdatatype_ns,
|
||||
0, client->now, &node, found,
|
||||
*rdatasetp, NULL);
|
||||
result = dns_db_findext(*dbp, name, version, dns_rdatatype_ns,
|
||||
0, client->now, &node, found,
|
||||
&cm, &ci, *rdatasetp, NULL);
|
||||
}
|
||||
rpz_clean(NULL, dbp, &node, NULL);
|
||||
if (result == DNS_R_DELEGATION) {
|
||||
@ -4169,9 +4245,14 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
dns_fixedname_t fixed;
|
||||
dns_name_t *found;
|
||||
isc_result_t result;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
REQUIRE(nodep != NULL);
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
result = rpz_ready(client, zonep, dbp, nodep, rdatasetp);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
*policyp = DNS_RPZ_POLICY_ERROR;
|
||||
@ -4191,8 +4272,9 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
|
||||
dns_fixedname_init(&fixed);
|
||||
found = dns_fixedname_name(&fixed);
|
||||
result = dns_db_find(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
|
||||
client->now, nodep, found, *rdatasetp, NULL);
|
||||
result = dns_db_findext(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
|
||||
client->now, nodep, found, &cm, &ci,
|
||||
*rdatasetp, NULL);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
dns_rdatasetiter_t *rdsiter;
|
||||
|
||||
@ -4236,10 +4318,10 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
qtype == dns_rdatatype_sig)
|
||||
result = DNS_R_NXRRSET;
|
||||
else
|
||||
result = dns_db_find(*dbp, qnamef, *versionp,
|
||||
qtype, 0, client->now,
|
||||
nodep, found, *rdatasetp,
|
||||
NULL);
|
||||
result = dns_db_findext(*dbp, qnamef, *versionp,
|
||||
qtype, 0, client->now,
|
||||
nodep, found, &cm, &ci,
|
||||
*rdatasetp, NULL);
|
||||
}
|
||||
}
|
||||
switch (result) {
|
||||
@ -5183,6 +5265,8 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||
dns_rdata_nsec3_t nsec3;
|
||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||
isc_boolean_t optout;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
salt_length = sizeof(salt);
|
||||
result = dns_db_getnsec3parameters(db, version, &hash, NULL,
|
||||
@ -5192,6 +5276,8 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||
|
||||
dns_name_init(&name, NULL);
|
||||
dns_name_clone(qname, &name);
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
/*
|
||||
* Map unknown algorithm to known value.
|
||||
@ -5208,9 +5294,9 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||
return;
|
||||
|
||||
dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3;
|
||||
result = dns_db_find(db, dns_fixedname_name(&fixed), version,
|
||||
dns_rdatatype_nsec3, dboptions, client->now,
|
||||
NULL, fname, rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, dns_fixedname_name(&fixed), version,
|
||||
dns_rdatatype_nsec3, dboptions, client->now,
|
||||
NULL, fname, &cm, &ci, rdataset, sigrdataset);
|
||||
|
||||
if (result == DNS_R_NXDOMAIN) {
|
||||
if (!dns_rdataset_isassociated(rdataset)) {
|
||||
@ -5349,6 +5435,121 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Look for the name and type in the redirection zone. If found update
|
||||
* the arguments as appropriate. Return ISC_TRUE if a update was
|
||||
* performed.
|
||||
*
|
||||
* Only perform the update if the client is in the allow query acl and
|
||||
* returning the update would not cause a DNSSEC validation failure.
|
||||
*/
|
||||
static isc_boolean_t
|
||||
redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
dns_dbnode_t **nodep, dns_db_t **dbp, dns_dbversion_t **versionp,
|
||||
dns_rdatatype_t qtype)
|
||||
{
|
||||
dns_db_t *db = NULL;
|
||||
dns_dbnode_t *node = NULL;
|
||||
dns_fixedname_t fixed;
|
||||
dns_name_t *found;
|
||||
dns_rdataset_t trdataset;
|
||||
isc_result_t result;
|
||||
dns_rdatatype_t type;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
ns_dbversion_t *dbversion;
|
||||
|
||||
CTRACE("redirect");
|
||||
|
||||
if (client->view->redirect == NULL)
|
||||
return (ISC_FALSE);
|
||||
|
||||
dns_fixedname_init(&fixed);
|
||||
found = dns_fixedname_name(&fixed);
|
||||
dns_rdataset_init(&trdataset);
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
|
||||
return (ISC_FALSE);
|
||||
|
||||
if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
|
||||
if (rdataset->trust == dns_trust_secure)
|
||||
return (ISC_FALSE);
|
||||
if (rdataset->trust == dns_trust_ultimate &&
|
||||
(rdataset->type == dns_rdatatype_nsec ||
|
||||
rdataset->type == dns_rdatatype_nsec3))
|
||||
return (ISC_FALSE);
|
||||
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
|
||||
for (result = dns_rdataset_first(rdataset);
|
||||
result == ISC_R_SUCCESS;
|
||||
result = dns_rdataset_next(rdataset)) {
|
||||
dns_ncache_current(rdataset, found, &trdataset);
|
||||
type = trdataset.type;
|
||||
dns_rdataset_disassociate(&trdataset);
|
||||
if (type == dns_rdatatype_nsec ||
|
||||
type == dns_rdatatype_nsec3 ||
|
||||
type == dns_rdatatype_rrsig)
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
result = ns_client_checkaclsilent(client, NULL,
|
||||
dns_zone_getqueryacl(client->view->redirect),
|
||||
ISC_TRUE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (ISC_FALSE);
|
||||
|
||||
result = dns_zone_getdb(client->view->redirect, &db);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (ISC_FALSE);
|
||||
|
||||
dbversion = query_findversion(client, db);
|
||||
if (dbversion == NULL) {
|
||||
dns_db_detach(&db);
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Lookup the requested data in the redirect zone.
|
||||
*/
|
||||
result = dns_db_findext(db, client->query.qname, dbversion->version,
|
||||
qtype, 0, client->now, &node, found, &cm, &ci,
|
||||
&trdataset, NULL);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
if (dns_rdataset_isassociated(&trdataset))
|
||||
dns_rdataset_disassociate(&trdataset);
|
||||
if (node != NULL)
|
||||
dns_db_detachnode(db, &node);
|
||||
dns_db_detach(&db);
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
CTRACE("redirect: found data: done");
|
||||
|
||||
dns_name_copy(found, name, NULL);
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
dns_rdataset_disassociate(rdataset);
|
||||
if (dns_rdataset_isassociated(&trdataset)) {
|
||||
dns_rdataset_clone(&trdataset, rdataset);
|
||||
dns_rdataset_disassociate(&trdataset);
|
||||
}
|
||||
if (*nodep != NULL)
|
||||
dns_db_detachnode(*dbp, nodep);
|
||||
dns_db_detach(dbp);
|
||||
dns_db_attachnode(db, node, nodep);
|
||||
dns_db_attach(db, dbp);
|
||||
dns_db_detachnode(db, &node);
|
||||
dns_db_detach(&db);
|
||||
*versionp = dbversion->version;
|
||||
|
||||
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
|
||||
NS_QUERYATTR_NOADDITIONAL);
|
||||
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Do the bulk of query processing for the current query of 'client'.
|
||||
* If 'event' is non-NULL, we are returning from recursion and 'qtype'
|
||||
@ -5387,6 +5588,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
isc_boolean_t resuming;
|
||||
int line = -1;
|
||||
isc_boolean_t dns64_exclude, dns64;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
|
||||
CTRACE("query_find");
|
||||
|
||||
@ -5418,6 +5621,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
is_zone = ISC_FALSE;
|
||||
is_staticstub_zone = ISC_FALSE;
|
||||
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
if (event != NULL) {
|
||||
/*
|
||||
* We're returning from recursion. Restore the query context
|
||||
@ -5652,9 +5858,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* Now look for an answer in the database.
|
||||
*/
|
||||
result = dns_db_find(db, client->query.qname, version, type,
|
||||
client->query.dboptions, client->now,
|
||||
&node, fname, rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, client->query.qname, version, type,
|
||||
client->query.dboptions, client->now,
|
||||
&node, fname, &cm, &ci, rdataset, sigrdataset);
|
||||
|
||||
resume:
|
||||
CTRACE("query_find: resume");
|
||||
@ -5828,10 +6034,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
result = ISC_R_FAILURE;
|
||||
} else {
|
||||
dns_db_attach(client->view->hints, &db);
|
||||
result = dns_db_find(db, dns_rootname,
|
||||
NULL, dns_rdatatype_ns,
|
||||
0, client->now, &node, fname,
|
||||
rdataset, sigrdataset);
|
||||
result = dns_db_findext(db, dns_rootname,
|
||||
NULL, dns_rdatatype_ns,
|
||||
0, client->now, &node,
|
||||
fname, &cm, &ci,
|
||||
rdataset, sigrdataset);
|
||||
}
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
/*
|
||||
@ -6301,6 +6508,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
|
||||
case DNS_R_NXDOMAIN:
|
||||
INSIST(is_zone);
|
||||
if (!empty_wild &&
|
||||
redirect(client, fname, rdataset, &node, &db, &version,
|
||||
type))
|
||||
break;
|
||||
if (dns_rdataset_isassociated(rdataset)) {
|
||||
/*
|
||||
* If we've got a NSEC record, we need to save the
|
||||
@ -6360,6 +6571,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
goto cleanup;
|
||||
|
||||
case DNS_R_NCACHENXDOMAIN:
|
||||
if (redirect(client, fname, rdataset, &node, &db, &version,
|
||||
type))
|
||||
break;
|
||||
case DNS_R_NCACHENXRRSET:
|
||||
ncache_nxrrset:
|
||||
INSIST(!is_zone);
|
||||
@ -6862,9 +7076,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
if (qtype == dns_rdatatype_aaaa) {
|
||||
trdataset = query_newrdataset(client);
|
||||
result = dns_db_findrdataset(db, node, version,
|
||||
dns_rdatatype_a, 0,
|
||||
client->now,
|
||||
trdataset, NULL);
|
||||
dns_rdatatype_a, 0,
|
||||
client->now,
|
||||
trdataset, NULL);
|
||||
if (dns_rdataset_isassociated(trdataset))
|
||||
dns_rdataset_disassociate(trdataset);
|
||||
query_putrdataset(client, &trdataset);
|
||||
@ -7340,6 +7554,7 @@ ns_query_start(ns_client_t *client) {
|
||||
INSIST(rdataset != NULL);
|
||||
qtype = rdataset->type;
|
||||
dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype);
|
||||
|
||||
if (dns_rdatatype_ismeta(qtype)) {
|
||||
switch (qtype) {
|
||||
case dns_rdatatype_any:
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: statschannel.c,v 1.26.150.2 2011/03/12 04:59:14 tbox Exp $ */
|
||||
/* $Id: statschannel.c,v 1.28 2011/03/12 04:59:46 tbox Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -43,7 +43,11 @@
|
||||
#include <named/server.h>
|
||||
#include <named/statschannel.h>
|
||||
|
||||
#include "bind9.xsl.h"
|
||||
#ifdef NEWSTATS
|
||||
#include "bind9.ver3.xsl.h"
|
||||
#else /* OLDSTATS */
|
||||
#include "bind9.xsl.h"
|
||||
#endif /* NEWSTATS */
|
||||
|
||||
struct ns_statschannel {
|
||||
/* Unlocked */
|
||||
@ -187,7 +191,7 @@ init_desc(void) {
|
||||
SET_NSSTATDESC(servfail, "queries resulted in SERVFAIL", "QrySERVFAIL");
|
||||
SET_NSSTATDESC(formerr, "queries resulted in FORMERR", "QryFORMERR");
|
||||
SET_NSSTATDESC(nxdomain, "queries resulted in NXDOMAIN", "QryNXDOMAIN");
|
||||
SET_NSSTATDESC(recursion, "queries caused recursion","QryRecursion");
|
||||
SET_NSSTATDESC(recursion, "queries caused recursion", "QryRecursion");
|
||||
SET_NSSTATDESC(duplicate, "duplicate queries received", "QryDuplicate");
|
||||
SET_NSSTATDESC(dropped, "queries dropped", "QryDropped");
|
||||
SET_NSSTATDESC(failure, "other query failures", "QryFailure");
|
||||
@ -304,7 +308,8 @@ init_desc(void) {
|
||||
SET_ZONESTATDESC(axfrreqv6, "IPv6 AXFR requested", "AXFRReqv6");
|
||||
SET_ZONESTATDESC(ixfrreqv4, "IPv4 IXFR requested", "IXFRReqv4");
|
||||
SET_ZONESTATDESC(ixfrreqv6, "IPv6 IXFR requested", "IXFRReqv6");
|
||||
SET_ZONESTATDESC(xfrsuccess, "transfer requests succeeded","XfrSuccess");
|
||||
SET_ZONESTATDESC(xfrsuccess, "transfer requests succeeded",
|
||||
"XfrSuccess");
|
||||
SET_ZONESTATDESC(xfrfail, "transfer requests failed", "XfrFail");
|
||||
INSIST(i == dns_zonestatscounter_max);
|
||||
|
||||
@ -427,7 +432,7 @@ init_desc(void) {
|
||||
do { \
|
||||
set_desc(dns_dnssecstats_ ## counterid, \
|
||||
dns_dnssecstats_max, \
|
||||
desc, dnssecstats_desc,\
|
||||
desc, dnssecstats_desc, \
|
||||
xmldesc, dnssecstats_xmldesc); \
|
||||
dnssecstats_index[i++] = dns_dnssecstats_ ## counterid; \
|
||||
} while (0)
|
||||
@ -519,6 +524,51 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
|
||||
break;
|
||||
case statsformat_xml:
|
||||
#ifdef HAVE_LIBXML2
|
||||
#ifdef NEWSTATS
|
||||
writer = arg;
|
||||
|
||||
if (category != NULL) {
|
||||
/* <NameOfCategory> */
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR
|
||||
category));
|
||||
/* <name> inside category */
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR
|
||||
"name"));
|
||||
TRY0(xmlTextWriterWriteString(writer,
|
||||
ISC_XMLCHAR
|
||||
desc[index]));
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
/* </name> */
|
||||
|
||||
/* <counter> */
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR
|
||||
"counter"));
|
||||
TRY0(xmlTextWriterWriteFormatString(writer,
|
||||
"%" ISC_PRINT_QUADFORMAT "u", value));
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
/* </counter> */
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
/* </NameOfCategory> */
|
||||
|
||||
} else {
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR
|
||||
"counter"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer,
|
||||
ISC_XMLCHAR
|
||||
"name",
|
||||
ISC_XMLCHAR
|
||||
desc[index]));
|
||||
TRY0(xmlTextWriterWriteFormatString(writer,
|
||||
"%" ISC_PRINT_QUADFORMAT "u", value));
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
/* counter */
|
||||
}
|
||||
#else /* !NEWSTATS */
|
||||
writer = arg;
|
||||
|
||||
if (category != NULL) {
|
||||
@ -548,17 +598,73 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counter */
|
||||
if (category != NULL)
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* category */
|
||||
#endif
|
||||
#endif /* NEWSTATS */
|
||||
#endif /* LIBXML2 */
|
||||
break;
|
||||
}
|
||||
}
|
||||
return (ISC_R_SUCCESS);
|
||||
#ifdef HAVE_LIBXML2
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "failed at dump_counters()");
|
||||
return (ISC_R_FAILURE);
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef NEWSTATS
|
||||
static void
|
||||
rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
|
||||
char typebuf[64];
|
||||
const char *typestr;
|
||||
stats_dumparg_t *dumparg = arg;
|
||||
FILE *fp;
|
||||
#ifdef HAVE_LIBXML2
|
||||
xmlTextWriterPtr writer;
|
||||
int xmlrc;
|
||||
#endif
|
||||
|
||||
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
|
||||
== 0) {
|
||||
dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
|
||||
sizeof(typebuf));
|
||||
typestr = typebuf;
|
||||
} else
|
||||
typestr = "Others";
|
||||
|
||||
switch (dumparg->type) {
|
||||
case statsformat_file:
|
||||
fp = dumparg->arg;
|
||||
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr);
|
||||
break;
|
||||
case statsformat_xml:
|
||||
#ifdef HAVE_LIBXML2
|
||||
|
||||
writer = dumparg->arg;
|
||||
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
|
||||
ISC_XMLCHAR typestr));
|
||||
|
||||
TRY0(xmlTextWriterWriteFormatString(writer,
|
||||
"%" ISC_PRINT_QUADFORMAT "u",
|
||||
val));
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* type */
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
return;
|
||||
#ifdef HAVE_LIBXML2
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "failed at rdtypestat_dump()");
|
||||
dumparg->result = ISC_R_FAILURE;
|
||||
return;
|
||||
#endif
|
||||
}
|
||||
#else /* NEWSTATS */
|
||||
static void
|
||||
rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
|
||||
char typebuf[64];
|
||||
@ -610,6 +716,7 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
|
||||
return;
|
||||
#endif
|
||||
}
|
||||
#endif /* NEWSTATS */
|
||||
|
||||
static void
|
||||
rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
|
||||
@ -668,11 +775,58 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
|
||||
return;
|
||||
#ifdef HAVE_LIBXML2
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "failed at rdatasetstats_dump()");
|
||||
dumparg->result = ISC_R_FAILURE;
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
#ifdef NEWSTATS
|
||||
static void
|
||||
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
|
||||
FILE *fp;
|
||||
isc_buffer_t b;
|
||||
char codebuf[64];
|
||||
stats_dumparg_t *dumparg = arg;
|
||||
#ifdef HAVE_LIBXML2
|
||||
xmlTextWriterPtr writer;
|
||||
int xmlrc;
|
||||
#endif
|
||||
|
||||
isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1);
|
||||
dns_opcode_totext(code, &b);
|
||||
codebuf[isc_buffer_usedlength(&b)] = '\0';
|
||||
|
||||
switch (dumparg->type) {
|
||||
case statsformat_file:
|
||||
fp = dumparg->arg;
|
||||
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, codebuf);
|
||||
break;
|
||||
case statsformat_xml:
|
||||
#ifdef HAVE_LIBXML2
|
||||
writer = dumparg->arg;
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
|
||||
ISC_XMLCHAR codebuf ));
|
||||
TRY0(xmlTextWriterWriteFormatString(writer,
|
||||
"%" ISC_PRINT_QUADFORMAT "u",
|
||||
val));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counter */
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
return;
|
||||
|
||||
#ifdef HAVE_LIBXML2
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "failed at opcodestat_dump()");
|
||||
dumparg->result = ISC_R_FAILURE;
|
||||
return;
|
||||
#endif
|
||||
}
|
||||
#else /* NEWSTATS */
|
||||
static void
|
||||
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
|
||||
FILE *fp;
|
||||
@ -721,12 +875,96 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
|
||||
return;
|
||||
#endif
|
||||
}
|
||||
#endif /* NEWSTATS */
|
||||
|
||||
#ifdef HAVE_LIBXML2
|
||||
|
||||
/* XXXMLG below here sucks. */
|
||||
/* XXXMLG below here sucks. (not so much) */
|
||||
|
||||
#ifdef NEWSTATS
|
||||
static isc_result_t
|
||||
zone_xmlrender(dns_zone_t *zone, void *arg) {
|
||||
isc_result_t result;
|
||||
char buf[1024 + 32]; /* sufficiently large for zone name and class */
|
||||
char *zone_name_only = NULL;
|
||||
dns_rdataclass_t rdclass;
|
||||
isc_uint32_t serial;
|
||||
xmlTextWriterPtr writer = arg;
|
||||
isc_stats_t *zonestats;
|
||||
dns_stats_t *rcvquerystats;
|
||||
dns_zonestat_level_t statlevel;
|
||||
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
|
||||
int xmlrc;
|
||||
stats_dumparg_t dumparg;
|
||||
|
||||
statlevel = dns_zone_getstatlevel(zone);
|
||||
if (statlevel == dns_zonestat_none)
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
dumparg.type = statsformat_xml;
|
||||
dumparg.arg = writer;
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone"));
|
||||
dns_zone_name(zone, buf, sizeof(buf));
|
||||
zone_name_only = strtok(buf, "/");
|
||||
if(zone_name_only == NULL)
|
||||
zone_name_only = buf;
|
||||
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
|
||||
ISC_XMLCHAR zone_name_only));
|
||||
rdclass = dns_zone_getclass(zone);
|
||||
dns_rdataclass_format(rdclass, buf, sizeof(buf));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "rdataclass",
|
||||
ISC_XMLCHAR buf));
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial"));
|
||||
if (dns_zone_getserial2(zone, &serial) == ISC_R_SUCCESS)
|
||||
TRY0(xmlTextWriterWriteFormatString(writer, "%u", serial));
|
||||
else
|
||||
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR "-"));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* serial */
|
||||
|
||||
zonestats = dns_zone_getrequeststats(zone);
|
||||
rcvquerystats = dns_zone_getrcvquerystats(zone);
|
||||
if (statlevel == dns_zonestat_full && zonestats != NULL) {
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "rcode"));
|
||||
|
||||
result = dump_counters(zonestats, statsformat_xml, writer,
|
||||
NULL, nsstats_xmldesc,
|
||||
dns_nsstatscounter_max, nsstats_index,
|
||||
nsstat_values, ISC_STATSDUMP_VERBOSE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
/* counters type="rcode"*/
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
}
|
||||
|
||||
if (statlevel == dns_zonestat_full && rcvquerystats != NULL) {
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "qtype"));
|
||||
|
||||
dumparg.result = ISC_R_SUCCESS;
|
||||
dns_rdatatypestats_dump(rcvquerystats, rdtypestat_dump,
|
||||
&dumparg, 0);
|
||||
if(dumparg.result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
/* counters type="qtype"*/
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
}
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* zone */
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "Failed at zone_xmlrender()");
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
#else /* NEWSTATS */
|
||||
static isc_result_t
|
||||
zone_xmlrender(dns_zone_t *zone, void *arg) {
|
||||
char buf[1024 + 32]; /* sufficiently large for zone name and class */
|
||||
@ -776,7 +1014,237 @@ zone_xmlrender(dns_zone_t *zone, void *arg) {
|
||||
error:
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
#endif /* NEWSTATS */
|
||||
|
||||
#ifdef NEWSTATS
|
||||
static isc_result_t
|
||||
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
|
||||
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
|
||||
char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"];
|
||||
isc_time_t now;
|
||||
xmlTextWriterPtr writer = NULL;
|
||||
xmlDocPtr doc = NULL;
|
||||
int xmlrc;
|
||||
dns_view_t *view;
|
||||
stats_dumparg_t dumparg;
|
||||
dns_stats_t *cacherrstats;
|
||||
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
|
||||
isc_uint64_t resstat_values[dns_resstatscounter_max];
|
||||
isc_uint64_t zonestat_values[dns_zonestatscounter_max];
|
||||
isc_uint64_t sockstat_values[isc_sockstatscounter_max];
|
||||
isc_result_t result;
|
||||
|
||||
isc_time_now(&now);
|
||||
isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime);
|
||||
isc_time_formatISO8601(&now, nowstr, sizeof nowstr);
|
||||
|
||||
writer = xmlNewTextWriterDoc(&doc, 0);
|
||||
if (writer == NULL)
|
||||
goto error;
|
||||
TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL));
|
||||
TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet",
|
||||
ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.ver3.xsl\""));
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
|
||||
ISC_XMLCHAR "3.0"));
|
||||
|
||||
/* Set common fields for statistics dump */
|
||||
dumparg.type = statsformat_xml;
|
||||
dumparg.arg = writer;
|
||||
|
||||
/*
|
||||
* Start by rendering the views we know of here. For each view we
|
||||
* know of, call its rendering function.
|
||||
*/
|
||||
view = ISC_LIST_HEAD(server->viewlist);
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views"));
|
||||
while (view != NULL) {
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "view"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
|
||||
ISC_XMLCHAR view->name));
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones"));
|
||||
result = dns_zt_apply(view->zonetable, ISC_TRUE, zone_xmlrender,
|
||||
writer);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* zones */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "resqtype"));
|
||||
|
||||
if (view->resquerystats != NULL) {
|
||||
dumparg.result = ISC_R_SUCCESS;
|
||||
dns_rdatatypestats_dump(view->resquerystats,
|
||||
rdtypestat_dump, &dumparg, 0);
|
||||
if (dumparg.result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
}
|
||||
TRY0(xmlTextWriterEndElement(writer));
|
||||
|
||||
/* <resstats> */
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "resstats"));
|
||||
if (view->resstats != NULL) {
|
||||
result = dump_counters(view->resstats,
|
||||
statsformat_xml, writer,
|
||||
NULL, resstats_xmldesc,
|
||||
dns_resstatscounter_max,
|
||||
resstats_index, resstat_values,
|
||||
ISC_STATSDUMP_VERBOSE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
}
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* </resstats> */
|
||||
|
||||
cacherrstats = dns_db_getrrsetstats(view->cachedb);
|
||||
if (cacherrstats != NULL) {
|
||||
TRY0(xmlTextWriterStartElement(writer,
|
||||
ISC_XMLCHAR "cache"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer,
|
||||
ISC_XMLCHAR "name",
|
||||
ISC_XMLCHAR
|
||||
dns_cache_getname(view->cache)));
|
||||
dumparg.result = ISC_R_SUCCESS;
|
||||
dns_rdatasetstats_dump(cacherrstats, rdatasetstats_dump,
|
||||
&dumparg, 0);
|
||||
if (dumparg.result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* cache */
|
||||
}
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* view */
|
||||
|
||||
view = ISC_LIST_NEXT(view, link);
|
||||
}
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* views */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr"));
|
||||
isc_socketmgr_renderxml(ns_g_socketmgr, writer);
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr"));
|
||||
isc_taskmgr_renderxml(ns_g_taskmgr, writer);
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time"));
|
||||
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* boot-time */
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time"));
|
||||
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* current-time */
|
||||
|
||||
dumparg.result = ISC_R_SUCCESS;
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "opcode"));
|
||||
|
||||
dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg,
|
||||
0);
|
||||
if (dumparg.result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters type=opcode */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "qtype"));
|
||||
|
||||
dumparg.result = ISC_R_SUCCESS;
|
||||
dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
|
||||
&dumparg, 0);
|
||||
if (dumparg.result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "nsstat"));
|
||||
|
||||
result = dump_counters(server->nsstats, statsformat_xml,
|
||||
writer, NULL, nsstats_xmldesc,
|
||||
dns_nsstatscounter_max,
|
||||
nsstats_index, nsstat_values,
|
||||
ISC_STATSDUMP_VERBOSE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters type=nsstat */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "zonestat"));
|
||||
|
||||
result = dump_counters(server->zonestats, statsformat_xml, writer,
|
||||
NULL, zonestats_xmldesc,
|
||||
dns_zonestatscounter_max, zonestats_index,
|
||||
zonestat_values, ISC_STATSDUMP_VERBOSE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters type=zonestat */
|
||||
|
||||
/*
|
||||
* Most of the common resolver statistics entries are 0, so we don't
|
||||
* use the verbose dump here.
|
||||
*/
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "resstat"));
|
||||
result = dump_counters(server->resolverstats, statsformat_xml,
|
||||
writer, NULL, resstats_xmldesc,
|
||||
dns_resstatscounter_max, resstats_index,
|
||||
resstat_values, 0);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters type=resstat */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
|
||||
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
|
||||
ISC_XMLCHAR "sockstat"));
|
||||
|
||||
result = dump_counters(server->sockstats, statsformat_xml,
|
||||
writer, NULL, sockstats_xmldesc,
|
||||
isc_sockstatscounter_max, sockstats_index,
|
||||
sockstat_values, ISC_STATSDUMP_VERBOSE);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto error;
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* counters type=sockstat */
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* server */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
|
||||
isc_mem_renderxml(writer);
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* memory */
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* statistics */
|
||||
|
||||
TRY0(xmlTextWriterEndDocument(writer));
|
||||
|
||||
xmlFreeTextWriter(writer);
|
||||
|
||||
xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 0);
|
||||
xmlFreeDoc(doc);
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
error:
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_ERROR, "failed generating XML response");
|
||||
if (writer != NULL)
|
||||
xmlFreeTextWriter(writer);
|
||||
if (doc != NULL)
|
||||
xmlFreeDoc(doc);
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
#else /* OLDSTATS */
|
||||
static isc_result_t
|
||||
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
|
||||
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
|
||||
@ -968,6 +1436,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
|
||||
xmlFreeDoc(doc);
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
#endif /* NEWSTATS */
|
||||
|
||||
static void
|
||||
wrap_xmlfree(isc_buffer_t *buffer, void *arg) {
|
||||
@ -1000,7 +1469,10 @@ render_index(const char *url, const char *querystring, void *arg,
|
||||
isc_buffer_add(b, msglen);
|
||||
*freecb = wrap_xmlfree;
|
||||
*freecb_args = NULL;
|
||||
}
|
||||
} else
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
|
||||
"failed at rendering XML()");
|
||||
|
||||
return (result);
|
||||
}
|
||||
@ -1032,7 +1504,7 @@ static void
|
||||
shutdown_listener(ns_statschannel_t *listener) {
|
||||
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
||||
isc_sockaddr_format(&listener->address, socktext, sizeof(socktext));
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,NS_LOGMODULE_SERVER,
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
|
||||
ISC_LOG_NOTICE, "stopping statistics channel on %s",
|
||||
socktext);
|
||||
|
||||
@ -1150,10 +1622,22 @@ add_listener(ns_server_t *server, ns_statschannel_t **listenerp,
|
||||
|
||||
#ifdef HAVE_LIBXML2
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/", render_index, server);
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/xml", render_index, server);
|
||||
#ifdef NEWSTATS
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/xml/v3", render_index,
|
||||
server);
|
||||
#else /* OLDSTATS */
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/xml/v2", render_index,
|
||||
server);
|
||||
#endif /* NEWSTATS */
|
||||
#endif
|
||||
#ifdef NEWSTATS
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.ver3.xsl", render_xsl,
|
||||
server);
|
||||
#else /* OLDSTATS */
|
||||
isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.xsl", render_xsl,
|
||||
server);
|
||||
|
||||
#endif /* NEWSTATS */
|
||||
*listenerp = listener;
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER, ISC_LOG_NOTICE,
|
||||
@ -1285,7 +1769,8 @@ ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
|
||||
obj = cfg_tuple_get(listen_params, "address");
|
||||
addr = *cfg_obj_assockaddr(obj);
|
||||
if (isc_sockaddr_getport(&addr) == 0)
|
||||
isc_sockaddr_setport(&addr, NS_STATSCHANNEL_HTTPPORT);
|
||||
isc_sockaddr_setport(&addr,
|
||||
NS_STATSCHANNEL_HTTPPORT);
|
||||
|
||||
isc_sockaddr_format(&addr, socktext,
|
||||
sizeof(socktext));
|
||||
|
@ -13,7 +13,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: Makefile.in,v 1.13.244.2 2011/03/10 23:47:26 tbox Exp $
|
||||
# $Id: Makefile.in,v 1.15 2011/03/10 23:47:49 tbox Exp $
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
|
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: dlz_dlopen_driver.c,v 1.1.4.6 2012/02/22 23:46:35 tbox Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -143,7 +143,7 @@ dlopen_dlz_allowzonexfr(void *driverarg, void *dbdata, const char *name,
|
||||
|
||||
static isc_result_t
|
||||
dlopen_dlz_authority(const char *zone, void *driverarg, void *dbdata,
|
||||
dns_sdlzlookup_t *lookup)
|
||||
dns_sdlzlookup_t *lookup)
|
||||
{
|
||||
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
|
||||
isc_result_t result;
|
||||
@ -177,7 +177,9 @@ dlopen_dlz_findzonedb(void *driverarg, void *dbdata, const char *name)
|
||||
|
||||
static isc_result_t
|
||||
dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
|
||||
void *dbdata, dns_sdlzlookup_t *lookup)
|
||||
void *dbdata, dns_sdlzlookup_t *lookup,
|
||||
dns_clientinfomethods_t *methods,
|
||||
dns_clientinfo_t *clientinfo)
|
||||
{
|
||||
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
|
||||
isc_result_t result;
|
||||
@ -185,7 +187,8 @@ dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
|
||||
UNUSED(driverarg);
|
||||
|
||||
MAYBE_LOCK(cd);
|
||||
result = cd->dlz_lookup(zone, name, cd->dbdata, lookup);
|
||||
result = cd->dlz_lookup(zone, name, cd->dbdata, lookup,
|
||||
methods, clientinfo);
|
||||
MAYBE_UNLOCK(cd);
|
||||
return (result);
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: os.c,v 1.104.38.3 2011/03/02 00:04:01 marka Exp $ */
|
||||
/* $Id: os.c,v 1.107 2011/03/02 00:02:54 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: xfrout.c,v 1.139.16.4 2011/12/01 01:00:50 marka Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -247,12 +247,13 @@ ixfr_rrstream_create(isc_mem_t *mctx,
|
||||
s = isc_mem_get(mctx, sizeof(*s));
|
||||
if (s == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
s->common.mctx = mctx;
|
||||
s->common.mctx = NULL;
|
||||
isc_mem_attach(mctx, &s->common.mctx);
|
||||
s->common.methods = &ixfr_rrstream_methods;
|
||||
s->journal = NULL;
|
||||
|
||||
CHECK(dns_journal_open(mctx, journal_filename,
|
||||
ISC_FALSE, &s->journal));
|
||||
DNS_JOURNAL_READ, &s->journal));
|
||||
CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
|
||||
|
||||
*sp = (rrstream_t *) s;
|
||||
@ -289,7 +290,7 @@ ixfr_rrstream_destroy(rrstream_t **rsp) {
|
||||
ixfr_rrstream_t *s = (ixfr_rrstream_t *) *rsp;
|
||||
if (s->journal != 0)
|
||||
dns_journal_destroy(&s->journal);
|
||||
isc_mem_put(s->common.mctx, s, sizeof(*s));
|
||||
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
|
||||
}
|
||||
|
||||
static rrstream_methods_t ixfr_rrstream_methods = {
|
||||
@ -335,7 +336,8 @@ axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
|
||||
s = isc_mem_get(mctx, sizeof(*s));
|
||||
if (s == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
s->common.mctx = mctx;
|
||||
s->common.mctx = NULL;
|
||||
isc_mem_attach(mctx, &s->common.mctx);
|
||||
s->common.methods = &axfr_rrstream_methods;
|
||||
s->it_valid = ISC_FALSE;
|
||||
|
||||
@ -413,7 +415,7 @@ axfr_rrstream_destroy(rrstream_t **rsp) {
|
||||
axfr_rrstream_t *s = (axfr_rrstream_t *) *rsp;
|
||||
if (s->it_valid)
|
||||
dns_rriterator_destroy(&s->it);
|
||||
isc_mem_put(s->common.mctx, s, sizeof(*s));
|
||||
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
|
||||
}
|
||||
|
||||
static rrstream_methods_t axfr_rrstream_methods = {
|
||||
@ -455,7 +457,8 @@ soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
|
||||
s = isc_mem_get(mctx, sizeof(*s));
|
||||
if (s == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
s->common.mctx = mctx;
|
||||
s->common.mctx = NULL;
|
||||
isc_mem_attach(mctx, &s->common.mctx);
|
||||
s->common.methods = &soa_rrstream_methods;
|
||||
s->soa_tuple = NULL;
|
||||
|
||||
@ -497,7 +500,7 @@ soa_rrstream_destroy(rrstream_t **rsp) {
|
||||
soa_rrstream_t *s = (soa_rrstream_t *) *rsp;
|
||||
if (s->soa_tuple != NULL)
|
||||
dns_difftuple_free(&s->soa_tuple);
|
||||
isc_mem_put(s->common.mctx, s, sizeof(*s));
|
||||
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
|
||||
}
|
||||
|
||||
static rrstream_methods_t soa_rrstream_methods = {
|
||||
@ -561,7 +564,8 @@ compound_rrstream_create(isc_mem_t *mctx, rrstream_t **soa_stream,
|
||||
s = isc_mem_get(mctx, sizeof(*s));
|
||||
if (s == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
s->common.mctx = mctx;
|
||||
s->common.mctx = NULL;
|
||||
isc_mem_attach(mctx, &s->common.mctx);
|
||||
s->common.methods = &compound_rrstream_methods;
|
||||
s->components[0] = *soa_stream;
|
||||
s->components[1] = *data_stream;
|
||||
@ -634,7 +638,7 @@ compound_rrstream_destroy(rrstream_t **rsp) {
|
||||
s->components[0]->methods->destroy(&s->components[0]);
|
||||
s->components[1]->methods->destroy(&s->components[1]);
|
||||
s->components[2] = NULL; /* Copy of components[0]. */
|
||||
isc_mem_put(s->common.mctx, s, sizeof(*s));
|
||||
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
|
||||
}
|
||||
|
||||
static rrstream_methods_t compound_rrstream_methods = {
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zoneconf.c,v 1.170.14.7 2012/01/31 23:46:39 tbox Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*% */
|
||||
|
||||
@ -792,7 +792,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
|
||||
isc_result_t
|
||||
ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
|
||||
dns_zone_t *zone)
|
||||
dns_zone_t *zone, dns_zone_t *raw)
|
||||
{
|
||||
isc_result_t result;
|
||||
const char *zname;
|
||||
@ -824,8 +824,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
isc_boolean_t ixfrdiff;
|
||||
dns_masterformat_t masterformat;
|
||||
isc_stats_t *zoneqrystats;
|
||||
isc_boolean_t zonestats_on;
|
||||
#ifdef NEWSTATS
|
||||
dns_stats_t *rcvquerystats;
|
||||
#endif
|
||||
dns_zonestat_level_t statlevel;
|
||||
int seconds;
|
||||
dns_zone_t *mayberaw = (raw != NULL) ? raw : zone;
|
||||
|
||||
i = 0;
|
||||
if (zconfig != NULL) {
|
||||
@ -857,9 +861,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
RETERR(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
|
||||
vclass, &zclass));
|
||||
dns_zone_setclass(zone, zclass);
|
||||
if (raw != NULL)
|
||||
dns_zone_setclass(raw, zclass);
|
||||
|
||||
ztype = zonetype_fromconfig(zoptions);
|
||||
dns_zone_settype(zone, ztype);
|
||||
if (raw != NULL) {
|
||||
dns_zone_settype(raw, ztype);
|
||||
dns_zone_settype(zone, dns_zone_master);
|
||||
} else
|
||||
dns_zone_settype(zone, ztype);
|
||||
|
||||
|
||||
obj = NULL;
|
||||
result = cfg_map_get(zoptions, "database", &obj);
|
||||
@ -907,7 +918,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
|
||||
masterformat = dns_masterformat_text;
|
||||
if (ztype == dns_zone_slave)
|
||||
masterformat = dns_masterformat_raw;
|
||||
else
|
||||
masterformat = dns_masterformat_text;
|
||||
obj = NULL;
|
||||
result= ns_config_get(maps, "masterfile-format", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
@ -920,18 +934,40 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
else
|
||||
INSIST(0);
|
||||
}
|
||||
RETERR(dns_zone_setfile2(zone, filename, masterformat));
|
||||
|
||||
if (raw != NULL && filename != NULL) {
|
||||
#define SIGNED ".signed"
|
||||
size_t signedlen = strlen(filename) + sizeof(SIGNED);
|
||||
char *signedname;
|
||||
|
||||
RETERR(dns_zone_setfile2(raw, filename, masterformat));
|
||||
signedname = isc_mem_get(mctx, signedlen);
|
||||
if (signedname == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
|
||||
(void)snprintf(signedname, signedlen, "%s" SIGNED, filename);
|
||||
result = dns_zone_setfile2(zone, signedname,
|
||||
dns_masterformat_raw);
|
||||
isc_mem_put(mctx, signedname, signedlen);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
} else
|
||||
RETERR(dns_zone_setfile2(zone, filename, masterformat));
|
||||
|
||||
obj = NULL;
|
||||
result = cfg_map_get(zoptions, "journal", &obj);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
RETERR(dns_zone_setjournal(zone, cfg_obj_asstring(obj)));
|
||||
RETERR(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj)));
|
||||
|
||||
/*
|
||||
* Notify messages are processed by the raw zone if it exists.
|
||||
*/
|
||||
if (ztype == dns_zone_slave)
|
||||
RETERR(configure_zone_acl(zconfig, vconfig, config,
|
||||
allow_notify, ac, zone,
|
||||
allow_notify, ac, mayberaw,
|
||||
dns_zone_setnotifyacl,
|
||||
dns_zone_clearnotifyacl));
|
||||
|
||||
/*
|
||||
* XXXAG This probably does not make sense for stubs.
|
||||
*/
|
||||
@ -966,27 +1002,63 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
else
|
||||
INSIST(0);
|
||||
}
|
||||
if (raw != NULL)
|
||||
dns_zone_setdialup(raw, dialup);
|
||||
dns_zone_setdialup(zone, dialup);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "zone-statistics", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
zonestats_on = cfg_obj_asboolean(obj);
|
||||
zoneqrystats = NULL;
|
||||
if (zonestats_on) {
|
||||
if (cfg_obj_isboolean(obj)) {
|
||||
if (cfg_obj_asboolean(obj))
|
||||
statlevel = dns_zonestat_full;
|
||||
else
|
||||
statlevel = dns_zonestat_terse; /* XXX */
|
||||
} else {
|
||||
const char *levelstr = cfg_obj_asstring(obj);
|
||||
if (strcasecmp(levelstr, "full") == 0)
|
||||
statlevel = dns_zonestat_full;
|
||||
else if (strcasecmp(levelstr, "terse") == 0)
|
||||
statlevel = dns_zonestat_terse;
|
||||
else if (strcasecmp(levelstr, "none") == 0)
|
||||
statlevel = dns_zonestat_none;
|
||||
else
|
||||
INSIST(0);
|
||||
}
|
||||
dns_zone_setstatlevel(zone, statlevel);
|
||||
|
||||
zoneqrystats = NULL;
|
||||
#ifdef NEWSTATS
|
||||
rcvquerystats = NULL;
|
||||
#endif
|
||||
if (statlevel == dns_zonestat_full) {
|
||||
RETERR(isc_stats_create(mctx, &zoneqrystats,
|
||||
dns_nsstatscounter_max));
|
||||
#ifdef NEWSTATS
|
||||
RETERR(dns_rdatatypestats_create(mctx,
|
||||
&rcvquerystats));
|
||||
#endif
|
||||
}
|
||||
dns_zone_setrequeststats(zone, zoneqrystats);
|
||||
dns_zone_setrequeststats(zone, zoneqrystats );
|
||||
#ifdef NEWSTATS
|
||||
dns_zone_setrcvquerystats(zone, rcvquerystats);
|
||||
#endif
|
||||
|
||||
if (zoneqrystats != NULL)
|
||||
isc_stats_detach(&zoneqrystats);
|
||||
|
||||
#ifdef NEWSTATS
|
||||
if(rcvquerystats != NULL)
|
||||
dns_stats_detach(&rcvquerystats);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Configure master functionality. This applies
|
||||
* to primary masters (type "master") and slaves
|
||||
* acting as masters (type "slave"), but not to stubs.
|
||||
*/
|
||||
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) {
|
||||
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub &&
|
||||
ztype != dns_zone_redirect) {
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "notify", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
@ -1004,22 +1076,28 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
else
|
||||
INSIST(0);
|
||||
}
|
||||
if (raw != NULL)
|
||||
dns_zone_setnotifytype(raw, dns_notifytype_no);
|
||||
dns_zone_setnotifytype(zone, notifytype);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "also-notify", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
isc_sockaddr_t *addrs = NULL;
|
||||
isc_uint32_t addrcount;
|
||||
result = ns_config_getiplist(config, obj, 0, mctx,
|
||||
&addrs, &addrcount);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
result = dns_zone_setalsonotify(zone, addrs,
|
||||
addrcount);
|
||||
ns_config_putiplist(mctx, &addrs, addrcount);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
addrs = NULL;
|
||||
keynames = NULL;
|
||||
RETERR(ns_config_getipandkeylist(config, obj, mctx,
|
||||
&addrs, &keynames,
|
||||
&addrcount));
|
||||
result = dns_zone_setalsonotifywithkeys(zone, addrs,
|
||||
keynames,
|
||||
addrcount);
|
||||
if (addrcount != 0)
|
||||
ns_config_putipandkeylist(mctx, &addrs,
|
||||
&keynames, addrcount);
|
||||
else
|
||||
INSIST(addrs == NULL && keynames == NULL);
|
||||
RETERR(result);
|
||||
} else
|
||||
RETERR(dns_zone_setalsonotify(zone, NULL, 0));
|
||||
|
||||
@ -1059,8 +1137,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-journal-size", &obj);
|
||||
result = ns_config_get(maps, "max-journal-size", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (raw != NULL)
|
||||
dns_zone_setjournalsize(raw, -1);
|
||||
dns_zone_setjournalsize(zone, -1);
|
||||
if (cfg_obj_isstring(obj)) {
|
||||
const char *str = cfg_obj_asstring(obj);
|
||||
@ -1080,6 +1160,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
}
|
||||
journal_size = (isc_uint32_t)value;
|
||||
}
|
||||
if (raw != NULL)
|
||||
dns_zone_setjournalsize(raw, journal_size);
|
||||
dns_zone_setjournalsize(zone, journal_size);
|
||||
|
||||
obj = NULL;
|
||||
@ -1095,7 +1177,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
ixfrdiff = ISC_TRUE;
|
||||
else
|
||||
ixfrdiff = ISC_FALSE;
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff);
|
||||
if (raw != NULL) {
|
||||
dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS,
|
||||
ISC_TRUE);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
|
||||
ISC_TRUE);
|
||||
} else
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
|
||||
ixfrdiff);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "request-ixfr", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS);
|
||||
dns_zone_setrequestixfr(zone, cfg_obj_asboolean(obj));
|
||||
|
||||
checknames(ztype, maps, &obj);
|
||||
INSIST(obj != NULL);
|
||||
@ -1108,8 +1202,21 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
fail = check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail);
|
||||
if (raw != NULL) {
|
||||
dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMES,
|
||||
check);
|
||||
dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMESFAIL,
|
||||
fail);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
|
||||
ISC_FALSE);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
|
||||
ISC_FALSE);
|
||||
} else {
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
|
||||
check);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
|
||||
fail);
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "notify-delay", &obj);
|
||||
@ -1143,6 +1250,32 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
|
||||
cfg_obj_asboolean(obj));
|
||||
} else if (ztype == dns_zone_redirect) {
|
||||
dns_zone_setnotifytype(zone, dns_notifytype_no);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-journal-size", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setjournalsize(zone, -1);
|
||||
if (cfg_obj_isstring(obj)) {
|
||||
const char *str = cfg_obj_asstring(obj);
|
||||
INSIST(strcasecmp(str, "unlimited") == 0);
|
||||
journal_size = ISC_UINT32_MAX / 2;
|
||||
} else {
|
||||
isc_resourcevalue_t value;
|
||||
value = cfg_obj_asuint64(obj);
|
||||
if (value > ISC_UINT32_MAX / 2) {
|
||||
cfg_obj_log(obj, ns_g_lctx,
|
||||
ISC_LOG_ERROR,
|
||||
"'max-journal-size "
|
||||
"%" ISC_PRINT_QUADFORMAT "d' "
|
||||
"is too large",
|
||||
value);
|
||||
RETERR(ISC_R_RANGE);
|
||||
}
|
||||
journal_size = (isc_uint32_t)value;
|
||||
}
|
||||
dns_zone_setjournalsize(zone, journal_size);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1153,11 +1286,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
dns_acl_t *updateacl;
|
||||
|
||||
RETERR(configure_zone_acl(zconfig, vconfig, config,
|
||||
allow_update, ac, zone,
|
||||
allow_update, ac, mayberaw,
|
||||
dns_zone_setupdateacl,
|
||||
dns_zone_clearupdateacl));
|
||||
|
||||
updateacl = dns_zone_getupdateacl(zone);
|
||||
updateacl = dns_zone_getupdateacl(mayberaw);
|
||||
if (updateacl != NULL && dns_acl_isinsecure(updateacl))
|
||||
isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
|
||||
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
|
||||
@ -1165,7 +1298,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
"address, which is insecure",
|
||||
zname);
|
||||
|
||||
RETERR(configure_zone_ssutable(zoptions, zone, zname));
|
||||
RETERR(configure_zone_ssutable(zoptions, mayberaw, zname));
|
||||
}
|
||||
|
||||
if (ztype == dns_zone_master || raw != NULL) {
|
||||
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "sig-validity-interval", &obj);
|
||||
@ -1224,98 +1361,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY,
|
||||
cfg_obj_asboolean(obj));
|
||||
} else if (ztype == dns_zone_slave) {
|
||||
RETERR(configure_zone_acl(zconfig, vconfig, config,
|
||||
allow_update_forwarding, ac, zone,
|
||||
dns_zone_setforwardacl,
|
||||
dns_zone_clearforwardacl));
|
||||
}
|
||||
|
||||
/*%
|
||||
* Primary master functionality.
|
||||
*/
|
||||
if (ztype == dns_zone_master) {
|
||||
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-wildcard", &obj);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
check = cfg_obj_asboolean(obj);
|
||||
else
|
||||
check = ISC_FALSE;
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-dup-records", &obj);
|
||||
result = ns_config_get(maps, "dnssec-loadkeys-interval", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
fail = ISC_FALSE;
|
||||
check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
fail = check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
fail = check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKDUPRR, check);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKDUPRRFAIL, fail);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-mx", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
fail = ISC_FALSE;
|
||||
check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
fail = check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
fail = check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-integrity", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
|
||||
cfg_obj_asboolean(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-mx-cname", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
warn = ISC_TRUE;
|
||||
ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
warn = ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
warn = ignore = ISC_TRUE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-srv-cname", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
warn = ISC_TRUE;
|
||||
ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
warn = ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
warn = ignore = ISC_TRUE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_SECURETOINSECURE,
|
||||
cfg_obj_asboolean(obj));
|
||||
RETERR(dns_zone_setrefreshkeyinterval(zone,
|
||||
cfg_obj_asuint32(obj)));
|
||||
|
||||
obj = NULL;
|
||||
result = cfg_map_get(zoptions, "auto-dnssec", &obj);
|
||||
@ -1334,12 +1385,129 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
}
|
||||
}
|
||||
|
||||
if (ztype == dns_zone_slave) {
|
||||
RETERR(configure_zone_acl(zconfig, vconfig, config,
|
||||
allow_update_forwarding, ac,
|
||||
mayberaw, dns_zone_setforwardacl,
|
||||
dns_zone_clearforwardacl));
|
||||
}
|
||||
|
||||
/*%
|
||||
* Primary master functionality.
|
||||
*/
|
||||
if (ztype == dns_zone_master) {
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-wildcard", &obj);
|
||||
if (result == ISC_R_SUCCESS)
|
||||
check = cfg_obj_asboolean(obj);
|
||||
else
|
||||
check = ISC_FALSE;
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKWILDCARD, check);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-dup-records", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
fail = ISC_FALSE;
|
||||
check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
fail = check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
fail = check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRR, check);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRRFAIL, fail);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-mx", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
fail = ISC_FALSE;
|
||||
check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
fail = check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
fail = check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMX, check);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMXFAIL, fail);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-integrity", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKINTEGRITY,
|
||||
cfg_obj_asboolean(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-mx-cname", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
warn = ISC_TRUE;
|
||||
ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
warn = ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
warn = ignore = ISC_TRUE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNMXCNAME, warn);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-srv-cname", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
warn = ISC_TRUE;
|
||||
ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
|
||||
warn = ignore = ISC_FALSE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
warn = ignore = ISC_TRUE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNSRVCNAME, warn);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNORESRVCNAME,
|
||||
ignore);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_SECURETOINSECURE,
|
||||
cfg_obj_asboolean(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = cfg_map_get(zoptions, "dnssec-update-mode", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
const char *arg = cfg_obj_asstring(obj);
|
||||
if (strcasecmp(arg, "no-resign") == 0)
|
||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_NORESIGN,
|
||||
ISC_TRUE);
|
||||
else if (strcasecmp(arg, "maintain") == 0)
|
||||
;
|
||||
else
|
||||
INSIST(0);
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "serial-update-method", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0)
|
||||
dns_zone_setserialupdatemethod(zone,
|
||||
dns_updatemethod_unixtime);
|
||||
else
|
||||
dns_zone_setserialupdatemethod(zone,
|
||||
dns_updatemethod_increment);
|
||||
}
|
||||
|
||||
/*
|
||||
* Configure slave functionality.
|
||||
*/
|
||||
switch (ztype) {
|
||||
case dns_zone_slave:
|
||||
case dns_zone_stub:
|
||||
case dns_zone_redirect:
|
||||
count = 0;
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(zoptions, "masters", &obj);
|
||||
@ -1349,7 +1517,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
RETERR(ns_config_getipandkeylist(config, obj, mctx,
|
||||
&addrs, &keynames,
|
||||
&count));
|
||||
result = dns_zone_setmasterswithkeys(zone, addrs,
|
||||
result = dns_zone_setmasterswithkeys(mayberaw, addrs,
|
||||
keynames, count);
|
||||
if (count != 0)
|
||||
ns_config_putipandkeylist(mctx, &addrs,
|
||||
@ -1357,7 +1525,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
else
|
||||
INSIST(addrs == NULL && keynames == NULL);
|
||||
} else
|
||||
result = dns_zone_setmasters(zone, NULL, 0);
|
||||
result = dns_zone_setmasters(mayberaw, NULL, 0);
|
||||
RETERR(result);
|
||||
|
||||
multi = ISC_FALSE;
|
||||
@ -1367,59 +1535,63 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
multi = cfg_obj_asboolean(obj);
|
||||
}
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-transfer-time-in", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
|
||||
dns_zone_setmaxxfrin(mayberaw, cfg_obj_asuint32(obj) * 60);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-transfer-idle-in", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
|
||||
dns_zone_setidlein(mayberaw, cfg_obj_asuint32(obj) * 60);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-refresh-time", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
|
||||
dns_zone_setmaxrefreshtime(mayberaw, cfg_obj_asuint32(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "min-refresh-time", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
|
||||
dns_zone_setminrefreshtime(mayberaw, cfg_obj_asuint32(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "max-retry-time", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
|
||||
dns_zone_setmaxretrytime(mayberaw, cfg_obj_asuint32(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "min-retry-time", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
|
||||
dns_zone_setminretrytime(mayberaw, cfg_obj_asuint32(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "transfer-source", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
|
||||
RETERR(dns_zone_setxfrsource4(mayberaw,
|
||||
cfg_obj_assockaddr(obj)));
|
||||
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "transfer-source-v6", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
|
||||
RETERR(dns_zone_setxfrsource6(mayberaw,
|
||||
cfg_obj_assockaddr(obj)));
|
||||
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "alt-transfer-source", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
|
||||
RETERR(dns_zone_setaltxfrsource4(mayberaw,
|
||||
cfg_obj_assockaddr(obj)));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
|
||||
RETERR(dns_zone_setaltxfrsource6(mayberaw,
|
||||
cfg_obj_assockaddr(obj)));
|
||||
|
||||
obj = NULL;
|
||||
(void)ns_config_get(maps, "use-alt-transfer-source", &obj);
|
||||
@ -1435,11 +1607,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
alt = ISC_FALSE;
|
||||
} else
|
||||
alt = cfg_obj_asboolean(obj);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt);
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_USEALTXFRSRC, alt);
|
||||
|
||||
obj = NULL;
|
||||
(void)ns_config_get(maps, "try-tcp-refresh", &obj);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_TRYTCPREFRESH,
|
||||
dns_zone_setoption(mayberaw, DNS_ZONEOPT_TRYTCPREFRESH,
|
||||
cfg_obj_asboolean(obj));
|
||||
break;
|
||||
|
||||
@ -1472,10 +1644,10 @@ ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
|
||||
dns_zone_settype(zone, dns_zone_dlz);
|
||||
result = dns_sdlz_setdb(dlzdatabase, rdclass, name, &db);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return result;
|
||||
return (result);
|
||||
result = dns_zone_dlzpostload(zone, db);
|
||||
dns_db_detach(&db);
|
||||
return result;
|
||||
return (result);
|
||||
}
|
||||
|
||||
isc_boolean_t
|
||||
@ -1484,15 +1656,12 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
|
||||
const cfg_obj_t *obj = NULL;
|
||||
const char *cfilename;
|
||||
const char *zfilename;
|
||||
dns_zone_t *raw = NULL;
|
||||
isc_boolean_t has_raw;
|
||||
dns_zonetype_t ztype;
|
||||
|
||||
zoptions = cfg_tuple_get(zconfig, "options");
|
||||
|
||||
if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone)) {
|
||||
dns_zone_log(zone, ISC_LOG_DEBUG(1),
|
||||
"not reusable: type mismatch");
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* We always reconfigure a static-stub zone for simplicity, assuming
|
||||
* the amount of data to be loaded is small.
|
||||
@ -1503,18 +1672,49 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
/* If there's a raw zone, use that for filename and type comparison */
|
||||
dns_zone_getraw(zone, &raw);
|
||||
if (raw != NULL) {
|
||||
zfilename = dns_zone_getfile(raw);
|
||||
ztype = dns_zone_gettype(raw);
|
||||
dns_zone_detach(&raw);
|
||||
has_raw = ISC_TRUE;
|
||||
} else {
|
||||
zfilename = dns_zone_getfile(zone);
|
||||
ztype = dns_zone_gettype(zone);
|
||||
has_raw = ISC_FALSE;
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(zoptions, "inline-signing", &obj);
|
||||
if ((obj == NULL || !cfg_obj_asboolean(obj)) && has_raw) {
|
||||
dns_zone_log(zone, ISC_LOG_DEBUG(1),
|
||||
"not reusable: old zone was inline-signing");
|
||||
return (ISC_FALSE);
|
||||
} else if ((obj != NULL && cfg_obj_asboolean(obj)) && !has_raw) {
|
||||
dns_zone_log(zone, ISC_LOG_DEBUG(1),
|
||||
"not reusable: old zone was not inline-signing");
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
if (zonetype_fromconfig(zoptions) != ztype) {
|
||||
dns_zone_log(zone, ISC_LOG_DEBUG(1),
|
||||
"not reusable: type mismatch");
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(zoptions, "file", &obj);
|
||||
if (obj != NULL)
|
||||
cfilename = cfg_obj_asstring(obj);
|
||||
else
|
||||
cfilename = NULL;
|
||||
zfilename = dns_zone_getfile(zone);
|
||||
if (!((cfilename == NULL && zfilename == NULL) ||
|
||||
(cfilename != NULL && zfilename != NULL &&
|
||||
strcmp(cfilename, zfilename) == 0))) {
|
||||
strcmp(cfilename, zfilename) == 0)))
|
||||
{
|
||||
dns_zone_log(zone, ISC_LOG_DEBUG(1),
|
||||
"not reusable: filename mismatch");
|
||||
"not reusable: filename mismatch");
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004, 2006-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2006-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -23,6 +23,8 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
READLINE_LIB = @READLINE_LIB@
|
||||
|
||||
CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
|
||||
${ISC_INCLUDES} ${ISCCFG_INCLUDES} @DST_GSSAPI_INC@
|
||||
|
||||
@ -72,7 +74,7 @@ nsupdate.@O@: nsupdate.c
|
||||
-c ${srcdir}/nsupdate.c
|
||||
|
||||
nsupdate@EXEEXT@: nsupdate.@O@ ${UOBJS} ${DEPLIBS}
|
||||
export BASEOBJS="nsupdate.@O@ ${UOBJS}"; \
|
||||
export BASEOBJS="nsupdate.@O@ ${READLINE_LIB} ${UOBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
doc man:: ${MANOBJS}
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -263,20 +263,20 @@ rather than the default realm in
|
||||
\fIkrb5.conf\fR. If no realm is specified the saved realm is cleared.
|
||||
.RE
|
||||
.PP
|
||||
\fBprereq nxdomain\fR {domain\-name}
|
||||
\fB[prereq]\fR\fB nxdomain\fR {domain\-name}
|
||||
.RS 4
|
||||
Requires that no resource record of any type exists with name
|
||||
\fIdomain\-name\fR.
|
||||
.RE
|
||||
.PP
|
||||
\fBprereq yxdomain\fR {domain\-name}
|
||||
\fB[prereq]\fR\fB yxdomain\fR {domain\-name}
|
||||
.RS 4
|
||||
Requires that
|
||||
\fIdomain\-name\fR
|
||||
exists (has as at least one resource record, of any type).
|
||||
.RE
|
||||
.PP
|
||||
\fBprereq nxrrset\fR {domain\-name} [class] {type}
|
||||
\fB[prereq]\fR\fB nxrrset\fR {domain\-name} [class] {type}
|
||||
.RS 4
|
||||
Requires that no resource record exists of the specified
|
||||
\fItype\fR,
|
||||
@ -287,7 +287,7 @@ and
|
||||
is omitted, IN (internet) is assumed.
|
||||
.RE
|
||||
.PP
|
||||
\fBprereq yxrrset\fR {domain\-name} [class] {type}
|
||||
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type}
|
||||
.RS 4
|
||||
This requires that a resource record of the specified
|
||||
\fItype\fR,
|
||||
@ -299,7 +299,7 @@ must exist. If
|
||||
is omitted, IN (internet) is assumed.
|
||||
.RE
|
||||
.PP
|
||||
\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
|
||||
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type} {data...}
|
||||
.RS 4
|
||||
The
|
||||
\fIdata\fR
|
||||
@ -315,7 +315,7 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of
|
||||
are written in the standard text representation of the resource record's RDATA.
|
||||
.RE
|
||||
.PP
|
||||
\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
|
||||
\fB[update]\fR\fB del\fR\fB[ete]\fR {domain\-name} [ttl] [class] [type\ [data...]]
|
||||
.RS 4
|
||||
Deletes any resource records named
|
||||
\fIdomain\-name\fR. If
|
||||
@ -329,7 +329,7 @@ is not supplied. The
|
||||
is ignored, and is only allowed for compatibility.
|
||||
.RE
|
||||
.PP
|
||||
\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
|
||||
\fB[update]\fR\fB add\fR {domain\-name} {ttl} [class] {type} {data...}
|
||||
.RS 4
|
||||
Adds a new resource record with the specified
|
||||
\fIttl\fR,
|
||||
@ -435,7 +435,7 @@ RFC 2931,
|
||||
.PP
|
||||
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2003 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nsupdate.c,v 1.193.12.4 2011/11/03 04:30:09 each Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -85,6 +85,10 @@
|
||||
#endif
|
||||
#include <bind9/getaddresses.h>
|
||||
|
||||
#if defined(HAVE_READLINE)
|
||||
#include <readline/readline.h>
|
||||
#include <readline/history.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ADDRINFO
|
||||
#ifdef HAVE_GETADDRINFO
|
||||
@ -1805,6 +1809,8 @@ evaluate_update(char *cmdline) {
|
||||
}
|
||||
if (strcasecmp(word, "delete") == 0)
|
||||
isdelete = ISC_TRUE;
|
||||
else if (strcasecmp(word, "del") == 0)
|
||||
isdelete = ISC_TRUE;
|
||||
else if (strcasecmp(word, "add") == 0)
|
||||
isdelete = ISC_FALSE;
|
||||
else {
|
||||
@ -1883,35 +1889,13 @@ show_message(FILE *stream, dns_message_t *msg, const char *description) {
|
||||
isc_buffer_free(&buf);
|
||||
}
|
||||
|
||||
|
||||
static isc_uint16_t
|
||||
get_next_command(void) {
|
||||
char cmdlinebuf[MAXCMD];
|
||||
char *cmdline;
|
||||
do_next_command(char *cmdline) {
|
||||
char *word;
|
||||
char *tmp;
|
||||
|
||||
ddebug("get_next_command()");
|
||||
if (interactive) {
|
||||
fprintf(stdout, "> ");
|
||||
fflush(stdout);
|
||||
}
|
||||
isc_app_block();
|
||||
cmdline = fgets(cmdlinebuf, MAXCMD, input);
|
||||
isc_app_unblock();
|
||||
if (cmdline == NULL)
|
||||
return (STATUS_QUIT);
|
||||
|
||||
/*
|
||||
* Normalize input by removing any eol.
|
||||
*/
|
||||
tmp = cmdline;
|
||||
(void)nsu_strsep(&tmp, "\r\n");
|
||||
|
||||
ddebug("do_next_command()");
|
||||
word = nsu_strsep(&cmdline, " \t\r\n");
|
||||
|
||||
if (feof(input))
|
||||
return (STATUS_QUIT);
|
||||
if (word == NULL || *word == 0)
|
||||
return (STATUS_SEND);
|
||||
if (word[0] == ';')
|
||||
@ -1920,8 +1904,22 @@ get_next_command(void) {
|
||||
return (STATUS_QUIT);
|
||||
if (strcasecmp(word, "prereq") == 0)
|
||||
return (evaluate_prereq(cmdline));
|
||||
if (strcasecmp(word, "nxdomain") == 0)
|
||||
return (make_prereq(cmdline, ISC_FALSE, ISC_FALSE));
|
||||
if (strcasecmp(word, "yxdomain") == 0)
|
||||
return (make_prereq(cmdline, ISC_TRUE, ISC_FALSE));
|
||||
if (strcasecmp(word, "nxrrset") == 0)
|
||||
return (make_prereq(cmdline, ISC_FALSE, ISC_TRUE));
|
||||
if (strcasecmp(word, "yxrrset") == 0)
|
||||
return (make_prereq(cmdline, ISC_TRUE, ISC_TRUE));
|
||||
if (strcasecmp(word, "update") == 0)
|
||||
return (evaluate_update(cmdline));
|
||||
if (strcasecmp(word, "delete") == 0)
|
||||
return (update_addordelete(cmdline, ISC_TRUE));
|
||||
if (strcasecmp(word, "del") == 0)
|
||||
return (update_addordelete(cmdline, ISC_TRUE));
|
||||
if (strcasecmp(word, "add") == 0)
|
||||
return (update_addordelete(cmdline, ISC_FALSE));
|
||||
if (strcasecmp(word, "server") == 0)
|
||||
return (evaluate_server(cmdline));
|
||||
if (strcasecmp(word, "local") == 0)
|
||||
@ -1988,18 +1986,55 @@ get_next_command(void) {
|
||||
"oldgsstsig (use Microsoft's GSS_TSIG to sign the request)\n"
|
||||
"zone name (set the zone to be updated)\n"
|
||||
"class CLASS (set the zone's DNS class, e.g. IN (default), CH)\n"
|
||||
"prereq nxdomain name (does this name not exist)\n"
|
||||
"prereq yxdomain name (does this name exist)\n"
|
||||
"prereq nxrrset .... (does this RRset exist)\n"
|
||||
"prereq yxrrset .... (does this RRset not exist)\n"
|
||||
"update add .... (add the given record to the zone)\n"
|
||||
"update delete .... (remove the given record(s) from the zone)\n");
|
||||
"[prereq] nxdomain name (does this name not exist)\n"
|
||||
"[prereq] yxdomain name (does this name exist)\n"
|
||||
"[prereq] nxrrset .... (does this RRset exist)\n"
|
||||
"[prereq] yxrrset .... (does this RRset not exist)\n"
|
||||
"[update] add .... (add the given record to the zone)\n"
|
||||
"[update] del[ete] .... (remove the given record(s) from the zone)\n");
|
||||
return (STATUS_MORE);
|
||||
}
|
||||
fprintf(stderr, "incorrect section name: %s\n", word);
|
||||
return (STATUS_SYNTAX);
|
||||
}
|
||||
|
||||
static isc_uint16_t
|
||||
get_next_command(void) {
|
||||
isc_uint16_t result = STATUS_QUIT;
|
||||
char cmdlinebuf[MAXCMD];
|
||||
char *cmdline;
|
||||
|
||||
isc_app_block();
|
||||
if (interactive) {
|
||||
#ifdef HAVE_READLINE
|
||||
cmdline = readline("> ");
|
||||
add_history(cmdline);
|
||||
#else
|
||||
fprintf(stdout, "> ");
|
||||
fflush(stdout);
|
||||
cmdline = fgets(cmdlinebuf, MAXCMD, input);
|
||||
#endif
|
||||
} else
|
||||
cmdline = fgets(cmdlinebuf, MAXCMD, input);
|
||||
isc_app_unblock();
|
||||
|
||||
if (cmdline != NULL) {
|
||||
char *tmp = cmdline;
|
||||
|
||||
/*
|
||||
* Normalize input by removing any eol as readline()
|
||||
* removes eol but fgets doesn't.
|
||||
*/
|
||||
(void)nsu_strsep(&tmp, "\r\n");
|
||||
result = do_next_command(cmdline);
|
||||
}
|
||||
#ifdef HAVE_READLINE
|
||||
if (interactive)
|
||||
free(cmdline);
|
||||
#endif
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
user_interaction(void) {
|
||||
isc_uint16_t result = STATUS_MORE;
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -18,7 +18,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: nsupdate.docbook,v 1.44 2010/07/09 23:46:51 tbox Exp $ -->
|
||||
<!-- $Id$ -->
|
||||
<refentry id="man.nsupdate">
|
||||
<refentryinfo>
|
||||
<date>Aug 25, 2009</date>
|
||||
@ -42,6 +42,8 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2012</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -424,7 +426,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>prereq nxdomain</command>
|
||||
<command><optional>prereq</optional> nxdomain</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
</term>
|
||||
<listitem>
|
||||
@ -438,7 +440,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>prereq yxdomain</command>
|
||||
<command><optional>prereq</optional> yxdomain</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
</term>
|
||||
<listitem>
|
||||
@ -452,7 +454,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>prereq nxrrset</command>
|
||||
<command><optional>prereq</optional> nxrrset</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
<arg choice="opt">class</arg>
|
||||
<arg choice="req">type</arg>
|
||||
@ -474,7 +476,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>prereq yxrrset</command>
|
||||
<command><optional>prereq</optional> yxrrset</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
<arg choice="opt">class</arg>
|
||||
<arg choice="req">type</arg>
|
||||
@ -496,7 +498,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>prereq yxrrset</command>
|
||||
<command><optional>prereq</optional> yxrrset</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
<arg choice="opt">class</arg>
|
||||
<arg choice="req">type</arg>
|
||||
@ -530,7 +532,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>update delete</command>
|
||||
<command><optional>update</optional> del<optional>ete</optional></command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
<arg choice="opt">ttl</arg>
|
||||
<arg choice="opt">class</arg>
|
||||
@ -556,7 +558,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>update add</command>
|
||||
<command><optional>update</optional> add</command>
|
||||
<arg choice="req">domain-name</arg>
|
||||
<arg choice="req">ttl</arg>
|
||||
<arg choice="opt">class</arg>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -32,7 +32,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543459"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543464"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">nsupdate</strong></span>
|
||||
is used to submit Dynamic DNS Update requests as defined in RFC 2136
|
||||
to a name server.
|
||||
@ -192,7 +192,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543790"></a><h2>INPUT FORMAT</h2>
|
||||
<a name="id2543796"></a><h2>INPUT FORMAT</h2>
|
||||
<p><span><strong class="command">nsupdate</strong></span>
|
||||
reads input from
|
||||
<em class="parameter"><code>filename</code></em>
|
||||
@ -331,7 +331,7 @@
|
||||
realm is specified the saved realm is cleared.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">prereq nxdomain</strong></span>
|
||||
<span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
|
||||
{domain-name}
|
||||
</span></dt>
|
||||
<dd><p>
|
||||
@ -339,7 +339,7 @@
|
||||
<em class="parameter"><code>domain-name</code></em>.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">prereq yxdomain</strong></span>
|
||||
<span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
|
||||
{domain-name}
|
||||
</span></dt>
|
||||
<dd><p>
|
||||
@ -348,7 +348,7 @@
|
||||
exists (has as at least one resource record, of any type).
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">prereq nxrrset</strong></span>
|
||||
<span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
|
||||
{domain-name}
|
||||
[class]
|
||||
{type}
|
||||
@ -364,7 +364,7 @@
|
||||
is omitted, IN (internet) is assumed.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">prereq yxrrset</strong></span>
|
||||
<span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
|
||||
{domain-name}
|
||||
[class]
|
||||
{type}
|
||||
@ -381,7 +381,7 @@
|
||||
is omitted, IN (internet) is assumed.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">prereq yxrrset</strong></span>
|
||||
<span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
|
||||
{domain-name}
|
||||
[class]
|
||||
{type}
|
||||
@ -410,7 +410,7 @@
|
||||
RDATA.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">update delete</strong></span>
|
||||
<span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
|
||||
{domain-name}
|
||||
[ttl]
|
||||
[class]
|
||||
@ -431,7 +431,7 @@
|
||||
is ignored, and is only allowed for compatibility.
|
||||
</p></dd>
|
||||
<dt><span class="term">
|
||||
<span><strong class="command">update add</strong></span>
|
||||
<span><strong class="command">[<span class="optional">update</span>] add</strong></span>
|
||||
{domain-name}
|
||||
{ttl}
|
||||
[class]
|
||||
@ -480,7 +480,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544702"></a><h2>EXAMPLES</h2>
|
||||
<a name="id2544725"></a><h2>EXAMPLES</h2>
|
||||
<p>
|
||||
The examples below show how
|
||||
<span><strong class="command">nsupdate</strong></span>
|
||||
@ -534,7 +534,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544746"></a><h2>FILES</h2>
|
||||
<a name="id2544769"></a><h2>FILES</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
|
||||
<dd><p>
|
||||
@ -557,7 +557,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544829"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2542121"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">RFC 2136</em>,
|
||||
<em class="citetitle">RFC 3007</em>,
|
||||
@ -572,7 +572,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2542156"></a><h2>BUGS</h2>
|
||||
<a name="id2542179"></a><h2>BUGS</h2>
|
||||
<p>
|
||||
The TSIG key is redundantly stored in two separate files.
|
||||
This is a consequence of nsupdate using the DST library
|
||||
|
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: rndc.c,v 1.131.20.3 2011/11/03 22:06:31 each Exp $ */
|
||||
/* $Id$ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@ -114,6 +114,11 @@ command is one of the following:\n\
|
||||
thaw Enable updates to all dynamic zones and reload them.\n\
|
||||
thaw zone [class [view]]\n\
|
||||
Enable updates to a frozen dynamic zone and reload it.\n\
|
||||
sync [-clean] Dump changes to all dynamic zones to disk, and optionally\n\
|
||||
remove their journal files.\n\
|
||||
sync [-clean] zone [class [view]]\n\
|
||||
Dump a single zone's changes to disk, and optionally\n\
|
||||
remove its journal file.\n\
|
||||
notify zone [class [view]]\n\
|
||||
Resend NOTIFY messages for the zone.\n\
|
||||
reconfig Reload configuration file and new zones only.\n\
|
||||
@ -122,7 +127,8 @@ command is one of the following:\n\
|
||||
loadkeys zone [class [view]]\n\
|
||||
Update keys without signing immediately.\n\
|
||||
stats Write server statistics to the statistics file.\n\
|
||||
querylog Toggle query logging.\n\
|
||||
querylog newstate\n\
|
||||
Enable / disable query logging.\n\
|
||||
dumpdb [-all|-cache|-zones] [view ...]\n\
|
||||
Dump cache(s) to the dump file (named_dump.db).\n\
|
||||
secroots [view ...]\n\
|
||||
@ -140,6 +146,8 @@ command is one of the following:\n\
|
||||
flush [view] Flushes the server's cache for a view.\n\
|
||||
flushname name [view]\n\
|
||||
Flush the given name from the server's cache(s)\n\
|
||||
flushtree name [view]\n\
|
||||
Flush all names under the given name from the server's cache(s)\n\
|
||||
status Display status of the server.\n\
|
||||
recursing Dump the queries that are currently recursing (named.recursing)\n\
|
||||
tsig-list List all currently active TSIG keys, including both statically\n\
|
||||
@ -152,6 +160,20 @@ command is one of the following:\n\
|
||||
Add zone to given view. Requires new-zone-file option.\n\
|
||||
delzone [\"file\"] zone [class [view]]\n\
|
||||
Removes zone from given view. Requires new-zone-file option.\n\
|
||||
signing -list zone [class [view]]\n\
|
||||
List the private records showing the state of DNSSEC\n\
|
||||
signing in the given zone.\n\
|
||||
signing -clear <keyid>/<algorithm> zone [class [view]]\n\
|
||||
Remove the private record that indicating the given key\n\
|
||||
has finished signing the given zone.\n\
|
||||
signing -clear all zone [class [view]]\n\
|
||||
Remove the private records for all keys that have\n\
|
||||
finished signing the given zone.\n\
|
||||
signing -nsec3param none zone [class [view]]\n\
|
||||
Remove NSEC3 chains from zone.\n\
|
||||
signing -nsec3param hash flags iterations salt zone [class [view]]\n\
|
||||
Add NSEC3 chain to zone if already signed.\n\
|
||||
Prime zone with NSEC3 chain if not yet signed.\n\
|
||||
*restart Restart the server.\n\
|
||||
\n\
|
||||
* == not yet implemented\n\
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@ -65,5 +65,5 @@ The file name into which random data should be written.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2009\-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -17,7 +17,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id$ -->
|
||||
<!-- $Id: genrandom.docbook,v 1.8 2011/08/08 23:46:41 tbox Exp $ -->
|
||||
<refentry id="man.genrandom">
|
||||
<refentryinfo>
|
||||
<date>Feb 19, 2009</date>
|
||||
@ -39,7 +39,6 @@
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2012</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
</docinfo>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -31,7 +31,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543370"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543368"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
<span><strong class="command">genrandom</strong></span>
|
||||
generates a file or a set of files containing a specified quantity
|
||||
@ -40,7 +40,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543383"></a><h2>ARGUMENTS</h2>
|
||||
<a name="id2543381"></a><h2>ARGUMENTS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
|
||||
<dd><p>
|
||||
@ -58,14 +58,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543444"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543442"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543470"></a><h2>AUTHOR</h2>
|
||||
<a name="id2543468"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2006, 2008, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2006, 2008, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
/* $Id: nsec3hash.c,v 1.8 2011/11/02 23:46:24 tbox Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
|
@ -289,6 +289,9 @@ int sigwait(const unsigned int *set, int *sig);
|
||||
/* Define if your OpenSSL version supports GOST. */
|
||||
#undef HAVE_OPENSSL_GOST
|
||||
|
||||
/* Define to 1 if you have the `readline' function. */
|
||||
#undef HAVE_READLINE
|
||||
|
||||
/* Define to 1 if you have the <regex.h> header file. */
|
||||
#undef HAVE_REGEX_H
|
||||
|
||||
@ -361,6 +364,9 @@ int sigwait(const unsigned int *set, int *sig);
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#undef HAVE_UNISTD_H
|
||||
|
||||
/* Define to 1 if you have the `usleep' function. */
|
||||
#undef HAVE_USLEEP
|
||||
|
||||
/* return type of gai_strerror */
|
||||
#undef IRS_GAISTRERROR_RETURN_T
|
||||
|
||||
@ -384,6 +390,9 @@ int sigwait(const unsigned int *set, int *sig);
|
||||
*/
|
||||
#undef NEED_SECURE_DIRECTORY
|
||||
|
||||
/* Use the new XML schema for statistics */
|
||||
#undef NEWSTATS
|
||||
|
||||
/* Define to the address where bug reports for this package should be sent. */
|
||||
#undef PACKAGE_BUGREPORT
|
||||
|
||||
|
@ -43,8 +43,13 @@ case $host in
|
||||
# OpenBSD users have reported that named dumps core on
|
||||
# startup when built with threads.
|
||||
use_threads=false ;;
|
||||
*-freebsd*)
|
||||
[*-freebsd[1234567].*])
|
||||
# Threads are broken at least up to FreeBSD 4.11.
|
||||
# FreeBSD 5, 6 and 7 we have never officially supported threads
|
||||
# on. YMMV
|
||||
use_threads=false ;;
|
||||
*-freebsd*)
|
||||
use_threads=true ;;
|
||||
[*-bsdi[234]*])
|
||||
# Thread signals do not work reliably on some versions of BSD/OS.
|
||||
use_threads=false ;;
|
||||
@ -55,6 +60,10 @@ case $host in
|
||||
# Linux kernels produce unusable core dumps from multithreaded
|
||||
# programs, and because of limitations in setuid().
|
||||
use_threads=false ;;
|
||||
*-darwin[[123456789]].*)
|
||||
use_threads=false ;;
|
||||
*-darwin*.*)
|
||||
use_threads=true ;;
|
||||
*)
|
||||
use_threads=false ;;
|
||||
esac
|
||||
|
@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
|
||||
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
|
||||
AC_DIVERT_POP()dnl
|
||||
|
||||
AC_REVISION($Revision: 1.512.8.15 $)
|
||||
AC_REVISION($Revision: 1.533 $)
|
||||
|
||||
AC_INIT(lib/dns/name.c)
|
||||
AC_PREREQ(2.59)
|
||||
@ -37,7 +37,7 @@ case $build_os in
|
||||
sunos*)
|
||||
# Just set the maximum command line length for sunos as it otherwise
|
||||
# takes a exceptionally long time to work it out. Required for libtool.
|
||||
|
||||
|
||||
lt_cv_sys_max_cmd_len=4096;
|
||||
;;
|
||||
esac
|
||||
@ -136,6 +136,73 @@ AC_SUBST(ETAGS)
|
||||
AC_PATH_PROGS(PERL, perl5 perl)
|
||||
AC_SUBST(PERL)
|
||||
|
||||
#
|
||||
# Python is also optional; it is used by the tools in bin/python.
|
||||
# If python is unavailable, we simply don't build those.
|
||||
#
|
||||
AC_ARG_WITH(python,
|
||||
[ --with-python=PATH Specify path to python interpreter],
|
||||
use_python="$withval", use_python="unspec")
|
||||
|
||||
case "$use_python" in
|
||||
no)
|
||||
AC_MSG_RESULT(disabled)
|
||||
;;
|
||||
unspec|yes|*)
|
||||
case "$use_python" in
|
||||
unspec|yes|'')
|
||||
AC_PATH_PROGS(PYTHON, python)
|
||||
;;
|
||||
*)
|
||||
AC_PATH_PROGS(PYTHON, $use_python)
|
||||
;;
|
||||
esac
|
||||
if test "X$PYTHON" == "X"
|
||||
then
|
||||
case "$use_python" in
|
||||
unspec)
|
||||
AC_MSG_RESULT(disabled)
|
||||
;;
|
||||
yes|*)
|
||||
AC_MSG_ERROR([missing python])
|
||||
;;
|
||||
esac
|
||||
break
|
||||
fi
|
||||
testscript='try: import argparse
|
||||
except: exit(1)'
|
||||
AC_MSG_CHECKING([python module 'argparse'])
|
||||
if $PYTHON -c "$testscript"; then
|
||||
AC_MSG_RESULT([found, using $PYTHON])
|
||||
else
|
||||
case "$use_python" in
|
||||
unspec)
|
||||
PYTHON=""
|
||||
AC_SUBST(CHECKDS)
|
||||
AC_SUBST(COVERAGE)
|
||||
AC_MSG_RESULT([not found, python disabled])
|
||||
;;
|
||||
yes)
|
||||
AC_MSG_RESULT([no found])
|
||||
AC_MSG_ERROR([python 'argparse' module not supported])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
PYTHON_TOOLS=''
|
||||
CHECKDS=''
|
||||
COVERAGE=''
|
||||
if test "X$PYTHON" != "X"; then
|
||||
PYTHON_TOOLS=python
|
||||
CHECKDS=checkds
|
||||
COVERAGE=coverage
|
||||
fi
|
||||
AC_SUBST(CHECKDS)
|
||||
AC_SUBST(COVERAGE)
|
||||
AC_SUBST(PYTHON_TOOLS)
|
||||
|
||||
#
|
||||
# Special processing of paths depending on whether --prefix,
|
||||
# --sysconfdir or --localstatedir arguments were given. What's
|
||||
@ -398,6 +465,19 @@ lifconf.lifc_len = 0;
|
||||
ISC_PLATFORM_HAVELIFCONF="#undef ISC_PLATFORM_HAVELIFCONF"])
|
||||
AC_SUBST(ISC_PLATFORM_HAVELIFCONF)
|
||||
|
||||
#
|
||||
# check if we want the new statistics
|
||||
#
|
||||
AC_ARG_ENABLE(newstats,
|
||||
[ --enable-newstats use the new statistics])
|
||||
case "$enable_newstats" in
|
||||
yes)
|
||||
AC_DEFINE(NEWSTATS, 1, [Use the new XML schema for statistics])
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
#
|
||||
# check if we have kqueue
|
||||
#
|
||||
@ -662,7 +742,7 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
|
||||
],
|
||||
[AC_MSG_RESULT(assuming it does work on target platform)]
|
||||
)
|
||||
|
||||
|
||||
AC_ARG_ENABLE(openssl-version-check,
|
||||
[AC_HELP_STRING([--enable-openssl-version-check],
|
||||
[Check OpenSSL Version @<:@default=yes@:>@])])
|
||||
@ -1334,7 +1414,7 @@ AC_CHECK_LIB(scf, smf_enable_instance)
|
||||
AC_CHECK_FUNC(flockfile, AC_DEFINE(HAVE_FLOCKFILE),)
|
||||
AC_CHECK_FUNC(getc_unlocked, AC_DEFINE(HAVE_GETCUNLOCKED),)
|
||||
|
||||
#
|
||||
#
|
||||
# Indicate what the final decision was regarding threads.
|
||||
#
|
||||
AC_MSG_CHECKING(whether to build with threads)
|
||||
@ -1344,7 +1424,7 @@ else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
|
||||
#
|
||||
#
|
||||
# End of pthreads stuff.
|
||||
#
|
||||
|
||||
@ -1975,7 +2055,7 @@ AC_TRY_RUN([
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
main() { char a[16]; return (inet_pton(AF_INET, "1.2.3", a) == 1 ? 1 :
|
||||
inet_pton(AF_INET, "1.2.3.04", a) == 1 ? 1 :
|
||||
inet_pton(AF_INET, "1.2.3.04", a) == 1 ? 1 :
|
||||
(inet_pton(AF_INET6, "::1.2.3.4", a) != 1)); }],
|
||||
[AC_MSG_RESULT(yes)
|
||||
ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"],
|
||||
@ -2216,7 +2296,7 @@ AC_ARG_ENABLE(getifaddrs,
|
||||
# This interface iteration code for getifaddrs() will fall back to using
|
||||
# /proc/net/if_inet6 if getifaddrs() in glibc doesn't return any IPv6
|
||||
# addresses.
|
||||
#
|
||||
#
|
||||
case $want_getifaddrs in
|
||||
glibc)
|
||||
AC_MSG_WARN("--enable-getifaddrs=glibc is no longer required")
|
||||
@ -2291,6 +2371,29 @@ AC_CHECK_FUNC(strlcat,
|
||||
[ISC_PLATFORM_NEEDSTRLCAT="#define ISC_PLATFORM_NEEDSTRLCAT 1"])
|
||||
AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT)
|
||||
|
||||
|
||||
AC_SUBST(READLINE_LIB)
|
||||
AC_ARG_WITH(readline,
|
||||
[ --with-readline[=LIBSPEC] specify readline library [default -lreadline]],
|
||||
readline="$withval", readline="-lreadline")
|
||||
case "$readline" in
|
||||
no) ;;
|
||||
*)
|
||||
if test "x$readline" = "xyes"
|
||||
then
|
||||
readline=-lreadline
|
||||
fi
|
||||
saved_LIBS="$LIBS"
|
||||
LIBS="$readline"
|
||||
AC_CHECK_FUNCS(readline)
|
||||
if test "$ac_cv_func_readline" = "yes"
|
||||
then
|
||||
READLINE_LIB="$readline"
|
||||
fi
|
||||
LIBS="$saved_LIBS"
|
||||
;;
|
||||
esac
|
||||
|
||||
ISC_PRINT_OBJS=
|
||||
ISC_PRINT_SRCS=
|
||||
AC_MSG_CHECKING(sprintf)
|
||||
@ -2376,7 +2479,7 @@ main() {
|
||||
sprintf(buf, "%lld", j);
|
||||
exit((sizeof(long long int) != sizeof(long int))? 0 :
|
||||
(strcmp(buf, "0") != 0));
|
||||
}
|
||||
}
|
||||
],
|
||||
[AC_MSG_RESULT(ll)
|
||||
ISC_PLATFORM_QUADFORMAT='#define ISC_PLATFORM_QUADFORMAT "ll"'
|
||||
@ -2641,7 +2744,7 @@ yes)
|
||||
esac
|
||||
AC_SUBST(ISC_PLATFORM_HAVEIFNAMETOINDEX)
|
||||
|
||||
AC_CHECK_FUNCS(nanosleep)
|
||||
AC_CHECK_FUNCS(nanosleep usleep)
|
||||
|
||||
#
|
||||
# Machine architecture dependent features
|
||||
@ -2768,7 +2871,7 @@ if test "$have_atomic" = "yes"; then
|
||||
else
|
||||
case "$host" in
|
||||
alpha*-dec-osf*)
|
||||
# Tru64 compiler has its own syntax for inline
|
||||
# Tru64 compiler has its own syntax for inline
|
||||
# assembly.
|
||||
AC_TRY_COMPILE(, [
|
||||
#ifndef __DECC
|
||||
@ -2990,11 +3093,11 @@ AC_SUBST(DOXYGEN)
|
||||
# NOM_PATH_FILE(VARIABLE, FILENAME, DIRECTORIES)
|
||||
#
|
||||
# If the file FILENAME is found in one of the DIRECTORIES, the shell
|
||||
# variable VARIABLE is defined to its absolute pathname. Otherwise,
|
||||
# variable VARIABLE is defined to its absolute pathname. Otherwise,
|
||||
# it is set to FILENAME, with no directory prefix (that's not terribly
|
||||
# useful, but looks less confusing in substitutions than leaving it
|
||||
# empty). The variable VARIABLE will be substituted into output files.
|
||||
#
|
||||
#
|
||||
|
||||
AC_DEFUN(NOM_PATH_FILE, [
|
||||
$1=""
|
||||
@ -3304,7 +3407,7 @@ DLZ_DRIVER_SRCS=""
|
||||
DLZ_DRIVER_OBJS=""
|
||||
DLZ_SYSTEM_TEST=""
|
||||
|
||||
#
|
||||
#
|
||||
# Configure support for building a shared library object
|
||||
#
|
||||
# Even when libtool is available it can't always be relied upon
|
||||
@ -3415,8 +3518,8 @@ if test "$cross_compiling" = "yes"; then
|
||||
BUILD_LDFLAGS="$BUILD_LDFLAGS"
|
||||
BUILD_LIBS="$BUILD_LIBS"
|
||||
else
|
||||
BUILD_CC="$CC"
|
||||
BUILD_CFLAGS="$CFLAGS"
|
||||
BUILD_CC="$CC"
|
||||
BUILD_CFLAGS="$CFLAGS"
|
||||
BUILD_CPPFLAGS="$CPPFLAGS $GEN_NEED_OPTARG"
|
||||
BUILD_LDFLAGS="$LDFLAGS"
|
||||
BUILD_LIBS="$LIBS"
|
||||
@ -3545,6 +3648,9 @@ AC_CONFIG_FILES([
|
||||
bin/named/unix/Makefile
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/python/Makefile
|
||||
bin/python/dnssec-checkds.py
|
||||
bin/python/dnssec-coverage.py
|
||||
bin/rndc/Makefile
|
||||
bin/tests/Makefile
|
||||
bin/tests/atomic/Makefile
|
||||
@ -3584,6 +3690,7 @@ AC_CONFIG_FILES([
|
||||
bin/tests/system/gost/prereq.sh
|
||||
bin/tests/system/lwresd/Makefile
|
||||
bin/tests/system/rpz/Makefile
|
||||
bin/tests/system/rsabigexponent/Makefile
|
||||
bin/tests/system/tkey/Makefile
|
||||
bin/tests/system/tsiggss/Makefile
|
||||
bin/tests/tasks/Makefile
|
||||
@ -3698,7 +3805,7 @@ yes)
|
||||
esac
|
||||
|
||||
if test "X$USE_OPENSSL" = "X"; then
|
||||
cat << \EOF
|
||||
cat << \EOF
|
||||
BIND is being built without OpenSSL. This means it will not have DNSSEC support.
|
||||
EOF
|
||||
fi
|
||||
|
@ -72,7 +72,7 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This version of the manual corresponds to BIND version 9.8.
|
||||
This version of the manual corresponds to BIND version 9.9.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
@ -1237,15 +1237,12 @@ zone "eng.example.com" {
|
||||
<listitem>
|
||||
<para>
|
||||
Suspend updates to a dynamic zone. If no zone is
|
||||
specified,
|
||||
then all zones are suspended. This allows manual
|
||||
edits to be made to a zone normally updated by dynamic
|
||||
update. It
|
||||
also causes changes in the journal file to be synced
|
||||
into the master
|
||||
and the journal file to be removed. All dynamic
|
||||
update attempts will
|
||||
be refused while the zone is frozen.
|
||||
specified, then all zones are suspended. This allows
|
||||
manual edits to be made to a zone normally updated by
|
||||
dynamic update. It also causes changes in the
|
||||
journal file to be synced into the master file.
|
||||
All dynamic update attempts will be refused while
|
||||
the zone is frozen.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1257,15 +1254,34 @@ zone "eng.example.com" {
|
||||
<optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Enable updates to a frozen dynamic zone. If no zone
|
||||
is
|
||||
specified, then all frozen zones are enabled. This
|
||||
causes
|
||||
the server to reload the zone from disk, and
|
||||
re-enables dynamic updates
|
||||
after the load has completed. After a zone is thawed,
|
||||
dynamic updates
|
||||
will no longer be refused.
|
||||
Enable updates to a frozen dynamic zone. If no
|
||||
zone is specified, then all frozen zones are
|
||||
enabled. This causes the server to reload the zone
|
||||
from disk, and re-enables dynamic updates after the
|
||||
load has completed. After a zone is thawed,
|
||||
dynamic updates will no longer be refused. If
|
||||
the zone has changed and the
|
||||
<command>ixfr-from-differences</command> option is
|
||||
in use, then the journal file will be updated to
|
||||
reflect changes in the zone. Otherwise, if the
|
||||
zone has changed, any existing journal file will be
|
||||
removed.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><userinput>sync
|
||||
<optional>-clean</optional>
|
||||
<optional><replaceable>zone</replaceable>
|
||||
<optional><replaceable>class</replaceable>
|
||||
<optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Sync changes in the journal file for a dynamic zone
|
||||
to the master file. If the "-clean" option is
|
||||
specified, the journal file is also removed. If
|
||||
no zone is specified, then all zones are synced.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1306,10 +1322,17 @@ zone "eng.example.com" {
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><userinput>querylog</userinput></term>
|
||||
<term><userinput>querylog</userinput>
|
||||
<optional>on|off</optional>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Toggle query logging. Query logging can also be enabled
|
||||
Enable or disable query logging. (For backward
|
||||
compatibility, this command can also be used without
|
||||
an argument to toggle query logging on and off.)
|
||||
</para>
|
||||
<para>
|
||||
Query logging can also be enabled
|
||||
by explicitly directing the <command>queries</command>
|
||||
<command>category</command> to a
|
||||
<command>channel</command> in the
|
||||
@ -1417,10 +1440,29 @@ zone "eng.example.com" {
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><userinput>flushname</userinput> <replaceable>name</replaceable></term>
|
||||
<term><userinput>flushname</userinput>
|
||||
<replaceable>name</replaceable>
|
||||
<optional><replaceable>view</replaceable></optional>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Flushes the given name from the server's cache.
|
||||
Flushes the given name from the server's DNS cache,
|
||||
and from the server's nameserver address database
|
||||
if applicable.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><userinput>flushtree</userinput>
|
||||
<replaceable>name</replaceable>
|
||||
<optional><replaceable>view</replaceable></optional>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Flushes the given name, and all of its subdomains,
|
||||
from the server's DNS cache. (The server's
|
||||
nameserver address database is not affected.)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1547,6 +1589,75 @@ zone "eng.example.com" {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><userinput>signing
|
||||
<optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional>
|
||||
<replaceable>zone</replaceable>
|
||||
<optional><replaceable>class</replaceable>
|
||||
<optional><replaceable>view</replaceable></optional></optional>
|
||||
</userinput></term>
|
||||
<listitem>
|
||||
<para>
|
||||
List, edit, or remove the DNSSEC signing state for
|
||||
the specified zone. The status of ongoing DNSSEC
|
||||
operations (such as signing or generating
|
||||
NSEC3 chains) is stored in the zone in the form
|
||||
of DNS resource records of type
|
||||
<command>sig-signing-type</command>.
|
||||
<command>rndc signing -list</command> converts
|
||||
these records into a human-readable form,
|
||||
indicating which keys are currently signing
|
||||
or have finished signing the zone, and which NSEC3
|
||||
NSEC3 chains are being created or removed.
|
||||
</para>
|
||||
<para>
|
||||
<command>rndc signing -clear</command> can remove
|
||||
a single key (specified in the same format that
|
||||
<command>rndc signing -list</command> uses to
|
||||
display it), or all keys. In either case, only
|
||||
completed keys are removed; any record indicating
|
||||
that a key has not yet finished signing the zone
|
||||
will be retained.
|
||||
</para>
|
||||
<para>
|
||||
<command>rndc signing -nsec3param</command> sets
|
||||
the NSEC3 parameters for a zone. This is the
|
||||
only supported mechanism for using NSEC3 with
|
||||
<command>inline-signing</command> zones.
|
||||
Parameters are specified in the same format as
|
||||
an NSEC3PARAM resource record: hash algorithm,
|
||||
flags, iterations, and salt, in that order.
|
||||
</para>
|
||||
<para>
|
||||
Currently, the only defined value for hash algorithm
|
||||
is <literal>1</literal>, representing SHA-1.
|
||||
The <option>flags</option> may be set to
|
||||
<literal>0</literal> or <literal>1</literal>,
|
||||
depending on whether you wish to set the opt-out
|
||||
bit in the NSEC3 chain. <option>iterations</option>
|
||||
defines the number of additional times to apply
|
||||
the algorithm when generating an NSEC3 hash. The
|
||||
<option>salt</option> is a string of data expressed
|
||||
in hexidecimal, or a hyphen (`-') if no salt is
|
||||
to be used.
|
||||
</para>
|
||||
<para>
|
||||
So, for example, to create an NSEC3 chain using
|
||||
the SHA-1 hash algorithm, no opt-out flag,
|
||||
10 iterations, and a salt value of "FFFF", use:
|
||||
<command>rndc signing -nsec3param 1 0 10 FFFF <zone></command>.
|
||||
To set the opt-out flag, 15 iterations, and no
|
||||
salt, use:
|
||||
<command>rndc signing -nsec3param 1 1 15 - <zone></command>.
|
||||
</para>
|
||||
<para>
|
||||
<command>rndc signing -nsec3param none</command>
|
||||
removes an existing NSEC3 chain and replaces it
|
||||
with NSEC.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
@ -1925,13 +2036,11 @@ controls {
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When acting as a slave, <acronym>BIND</acronym> 9 will attempt
|
||||
to use IXFR unless it is explicitly disabled via the
|
||||
<command>request-ixfr</command> option or the use of
|
||||
<command>ixfr-from-differences</command>. For
|
||||
more information about disabling IXFR, see the description
|
||||
of the <command>request-ixfr</command> clause of the
|
||||
<command>server</command> statement.
|
||||
When acting as a slave, <acronym>BIND</acronym> 9 will
|
||||
attempt to use IXFR unless
|
||||
it is explicitly disabled. For more information about disabling
|
||||
IXFR, see the description of the <command>request-ixfr</command> clause
|
||||
of the <command>server</command> statement.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
@ -3649,7 +3758,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
|
||||
<entry colname="2">
|
||||
<para>
|
||||
defines a named masters list for
|
||||
inclusion in stub and slave zone masters clauses.
|
||||
inclusion in stub and slave zones'
|
||||
<command>masters</command> or
|
||||
<command>also-notify</command> lists.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
@ -4589,11 +4700,17 @@ category notify { null; };
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<computeroutput>client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</computeroutput>
|
||||
<computeroutput>client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</computeroutput>
|
||||
</para>
|
||||
<para>
|
||||
<computeroutput>client ::1#62537: query: www.example.net IN AAAA -SE</computeroutput>
|
||||
<computeroutput>client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</computeroutput>
|
||||
</para>
|
||||
<para>
|
||||
(The first part of this log message, showing the
|
||||
client address/port number and query name, is
|
||||
repeated in all subsequent log messages related
|
||||
to the same query.)
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row rowsep="0">
|
||||
@ -5021,7 +5138,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
Usage</title>
|
||||
<para><command>masters</command>
|
||||
lists allow for a common set of masters to be easily used by
|
||||
multiple stub and slave zones.
|
||||
multiple stub and slave zones in their <command>masters</command>
|
||||
or <command>also-notify</command> lists.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
@ -5058,7 +5176,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> pid-file <replaceable>path_name</replaceable>; </optional>
|
||||
<optional> recursing-file <replaceable>path_name</replaceable>; </optional>
|
||||
<optional> statistics-file <replaceable>path_name</replaceable>; </optional>
|
||||
<optional> zone-statistics <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> zone-statistics <replaceable>full</replaceable> | <replaceable>terse</replaceable> | <replaceable>none</replaceable>; </optional>
|
||||
<optional> auth-nxdomain <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> deallocate-on-exit <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dialup <replaceable>dialup_option</replaceable>; </optional>
|
||||
@ -5112,7 +5230,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-update-mode ( <replaceable>maintain</replaceable> | <replaceable>no-resign</replaceable> ); </optional>
|
||||
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-loadkeys-interval <replaceable>number</replaceable>; </optional>
|
||||
<optional> dnssec-secure-to-insecure <replaceable>yes_or_no</replaceable> ;</optional>
|
||||
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
@ -5158,8 +5278,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> notify-to-soa <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
|
||||
<optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
|
||||
<optional> also-notify { <replaceable>ip_addr</replaceable>
|
||||
<optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>keyname</replaceable></optional> ;
|
||||
<optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>keyname</replaceable></optional> ; ... </optional> }; </optional>
|
||||
<optional> max-ixfr-log-size <replaceable>number</replaceable>; </optional>
|
||||
<optional> max-journal-size <replaceable>size_spec</replaceable>; </optional>
|
||||
<optional> coresize <replaceable>size_spec</replaceable> ; </optional>
|
||||
@ -5210,6 +5331,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> preferred-glue ( <replaceable>A</replaceable> | <replaceable>AAAA</replaceable> | <replaceable>NONE</replaceable> ); </optional>
|
||||
<optional> edns-udp-size <replaceable>number</replaceable>; </optional>
|
||||
<optional> max-udp-size <replaceable>number</replaceable>; </optional>
|
||||
<optional> max-rsa-exponent-size <replaceable>number</replaceable>; </optional>
|
||||
<optional> root-delegation-only <optional> exclude { <replaceable>namelist</replaceable> } </optional> ; </optional>
|
||||
<optional> querylog <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> disable-algorithms <replaceable>domain</replaceable> { <replaceable>algorithm</replaceable>;
|
||||
@ -5905,6 +6027,73 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>dnssec-update-mode</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If this option is set to its default value of
|
||||
<literal>maintain</literal> in a zone of type
|
||||
<literal>master</literal> which is DNSSEC-signed
|
||||
and configured to allow dynamic updates (see
|
||||
<xref linkend="dynamic_update_policies"/>), and
|
||||
if <command>named</command> has access to the
|
||||
private signing key(s) for the zone, then
|
||||
<command>named</command> will automatically sign all new
|
||||
or changed records and maintain signatures for the zone
|
||||
by regenerating RRSIG records whenever they approach
|
||||
their expiration date.
|
||||
</para>
|
||||
<para>
|
||||
If the option is changed to <literal>no-resign</literal>,
|
||||
then <command>named</command> will sign all new or
|
||||
changed records, but scheduled maintenance of
|
||||
signatures is disabled.
|
||||
</para>
|
||||
<para>
|
||||
With either of these settings, <command>named</command>
|
||||
will reject updates to a DNSSEC-signed zone when the
|
||||
signing keys are inactive or unavailable to
|
||||
<command>named</command>. (A planned third option,
|
||||
<literal>external</literal>, will disable all automatic
|
||||
signing and allow DNSSEC data to be submitted into a zone
|
||||
via dyanmic update; this is not yet implemented.)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>zone-statistics</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If <userinput>full</userinput>, the server will collect
|
||||
statistical data on all zones (unless specifically
|
||||
turned off on a per-zone basis by specifying
|
||||
<command>zone-statistics terse</command> or
|
||||
<command>zone-statistics none</command>
|
||||
in the <command>zone</command> statement).
|
||||
The default is <userinput>terse</userinput>, providing
|
||||
minimal statistics on zones (including name and
|
||||
current serial number, but not query type
|
||||
counters).
|
||||
</para>
|
||||
<para>
|
||||
These statistics may be accessed via the
|
||||
<command>statistics-channel</command> or
|
||||
using <command>rndc stats</command>, which
|
||||
will dump them to the file listed
|
||||
in the <command>statistics-file</command>. See
|
||||
also <xref linkend="statsfile"/>.
|
||||
</para>
|
||||
<para>
|
||||
For backward compatibility with earlier versions
|
||||
of BIND 9, the <command>zone-statistics</command>
|
||||
option can also accept <userinput>yes</userinput>
|
||||
or <userinput>no</userinput>, which have the same
|
||||
effect as <userinput>full</userinput> and
|
||||
<userinput>terse</userinput>, respectively.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<sect3 id="boolean_options">
|
||||
@ -6418,25 +6607,6 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>zone-statistics</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If <userinput>yes</userinput>, the server will collect
|
||||
statistical data on all zones (unless specifically turned
|
||||
off
|
||||
on a per-zone basis by specifying <command>zone-statistics no</command>
|
||||
in the <command>zone</command> statement).
|
||||
The default is <userinput>no</userinput>.
|
||||
These statistics may be accessed
|
||||
using <command>rndc stats</command>, which will
|
||||
dump them to the file listed
|
||||
in the <command>statistics-file</command>. See
|
||||
also <xref linkend="statsfile"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>use-ixfr</command></term>
|
||||
<listitem>
|
||||
@ -6658,13 +6828,14 @@ options {
|
||||
<term><command>ixfr-from-differences</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
When <userinput>yes</userinput> and the server loads a new version of a master
|
||||
zone from its zone file or receives a new version of a slave
|
||||
file by a non-incremental zone transfer, it will compare
|
||||
the new version to the previous one and calculate a set
|
||||
of differences. The differences are then logged in the
|
||||
zone's journal file such that the changes can be transmitted
|
||||
to downstream slaves as an incremental zone transfer.
|
||||
When <userinput>yes</userinput> and the server loads a new
|
||||
version of a master zone from its zone file or receives a
|
||||
new version of a slave file via zone transfer, it will
|
||||
compare the new version to the previous one and calculate
|
||||
a set of differences. The differences are then logged in
|
||||
the zone's journal file such that the changes can be
|
||||
transmitted to downstream slaves as an incremental zone
|
||||
transfer.
|
||||
</para>
|
||||
<para>
|
||||
By allowing incremental zone transfers to be used for
|
||||
@ -6978,6 +7149,26 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>dnssec-loadkeys-interval</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
When a zone is configured with <command>auto-dnssec
|
||||
maintain;</command> its key repository must be checked
|
||||
periodically to see if any new keys have been added
|
||||
or any existing keys' timing metadata has been updated
|
||||
(see <xref linkend="man.dnssec-keygen"/> and
|
||||
<xref linkend="man.dnssec-settime"/>). The
|
||||
<command>dnssec-loadkeys-interval</command> option
|
||||
sets the frequency of autoatic repository checks, in
|
||||
minutes. The default is <literal>60</literal> (1 hour),
|
||||
the minimum is <literal>1</literal> (1 minute), and the
|
||||
maximum is <literal>1440</literal> (24 hours); any higher
|
||||
value is silently reduced.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>try-tcp-refresh</command></term>
|
||||
<listitem>
|
||||
@ -7633,6 +7824,13 @@ avoid-v6-udp-ports {};
|
||||
<command>also-notify</command> address to send
|
||||
the notify messages to a port other than the
|
||||
default of 53.
|
||||
An optional TSIG key can also be specified with each
|
||||
address to cause the notify messages to be signed; this
|
||||
can be useful when sending notifies to multiple views.
|
||||
In place of explicit addresses, one or more named
|
||||
<command>masters</command> lists can be used.
|
||||
</para>
|
||||
<para>
|
||||
If an <command>also-notify</command> list
|
||||
is given in a <command>zone</command> statement,
|
||||
it will override
|
||||
@ -8099,8 +8297,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
approaches
|
||||
the specified size, some of the oldest transactions in the
|
||||
journal
|
||||
will be automatically removed. The default is
|
||||
<literal>unlimited</literal>.
|
||||
will be automatically removed. The largest permitted
|
||||
value is 2 gigabytes. The default is
|
||||
<literal>unlimited</literal>, which also
|
||||
means 2 gigabytes.
|
||||
This may also be set on a per-zone basis.
|
||||
</para>
|
||||
</listitem>
|
||||
@ -8547,8 +8747,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</para>
|
||||
<para>
|
||||
If multiple <command>rrset-order</command> statements
|
||||
appear,
|
||||
they are not combined — the last one applies.
|
||||
appear, they are not combined — the last one applies.
|
||||
</para>
|
||||
<para>
|
||||
By default, all records are returned in random order.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
@ -8706,6 +8908,15 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
It is expected that this parameter may be removed
|
||||
in a future version once there is a standard type.
|
||||
</para>
|
||||
<para>
|
||||
These records can be removed from the zone once named
|
||||
has completed signing the zone with the matching key
|
||||
using <command>nsupdate</command> or
|
||||
<command>rndc signing -clear</command>.
|
||||
<command>rndc signing -clear</command> is the only supported
|
||||
way to remove these records from
|
||||
<command>inline-signing</command> zones.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -8799,9 +9010,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
the file format of zone files (see
|
||||
<xref linkend="zonefile_format"/>).
|
||||
The default value is <constant>text</constant>, which is the
|
||||
standard textual representation. Files in other formats
|
||||
than <constant>text</constant> are typically expected
|
||||
to be generated by the <command>named-compilezone</command> tool.
|
||||
standard textual representation, except for slave zones,
|
||||
in which the default value is <constant>raw</constant>.
|
||||
Files in other formats than <constant>text</constant> are
|
||||
typically expected to be generated by the
|
||||
<command>named-compilezone</command> tool, or dumped by
|
||||
<command>named</command>.
|
||||
</para>
|
||||
<para>
|
||||
Note that when a zone file in a different format than
|
||||
<constant>text</constant> is loaded, <command>named</command>
|
||||
may omit some of the checks which would be performed for a
|
||||
@ -8870,6 +9086,18 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>max-rsa-exponent-size</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The maximum RSA exponent size, in bits, that will
|
||||
be accepted when validating. Valid values are 35
|
||||
to 4096 bits. The default zero (0) is also accepted
|
||||
and is equivalent to 4096.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</sect3>
|
||||
@ -9759,8 +9987,9 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
the local server, acting as a slave, will request incremental zone
|
||||
transfers from the given remote server, a master. If not set, the
|
||||
value of the <command>request-ixfr</command> option in
|
||||
the view or
|
||||
global options block is used as a default.
|
||||
the view or global options block is used as a default. It may
|
||||
also be set in the zone block and, if set there, it will
|
||||
override the global or view setting for that zone.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@ -9952,6 +10181,35 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
<command>named</command> will not open any communication channels.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If the statistics channel is configured to listen on 127.0.0.1
|
||||
port 8888, then the statistics are accessible in XML format at
|
||||
<ulink url="http://127.0.0.1:8888/"
|
||||
>http://127.0.0.1:8888/</ulink> or
|
||||
<ulink url="http://127.0.0.1:8888/xml"
|
||||
>http://127.0.0.1:8888/xml</ulink>. A CSS file is
|
||||
included which can format the XML statistics into tables
|
||||
when viewed with a stylesheet-capable browser. When
|
||||
<acronym>BIND</acronym> 9 is configured with --enable-newstats,
|
||||
a new XML schema is used (version 3) which adds additional
|
||||
zone statistics and uses a flatter tree for more efficient
|
||||
parsing. The stylesheet included uses the Google Charts API
|
||||
to render data into into charts and graphs when using a
|
||||
javascript-capable browser.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Applications that depend on a particular XML schema
|
||||
can request
|
||||
<ulink url="http://127.0.0.1:8888/xml/v2"
|
||||
>http://127.0.0.1:8888/xml/v2</ulink> for version 2
|
||||
of the statistics XML schema or
|
||||
<ulink url="http://127.0.0.1:8888/xml/v3"
|
||||
>http://127.0.0.1:8888/xml/v3</ulink> for version 3.
|
||||
If the requested schema is supported by the server, then
|
||||
it will respond; if not, it will return a "page not found"
|
||||
error.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="trusted-keys">
|
||||
@ -10283,6 +10541,9 @@ view "external" {
|
||||
<optional> allow-query-on { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-loadkeys-interval <replaceable>number</replaceable>; </optional>
|
||||
<optional> update-policy <replaceable>local</replaceable> | { <replaceable>update_policy_rule</replaceable> <optional>...</optional> }; </optional>
|
||||
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
|
||||
<optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
|
||||
@ -10301,6 +10562,7 @@ view "external" {
|
||||
<optional> ixfr-base <replaceable>string</replaceable> ; </optional>
|
||||
<optional> ixfr-from-differences <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> ixfr-tmp-file <replaceable>string</replaceable> ; </optional>
|
||||
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> max-ixfr-log-size <replaceable>number</replaceable> ; </optional>
|
||||
<optional> max-transfer-idle-out <replaceable>number</replaceable> ; </optional>
|
||||
@ -10311,7 +10573,7 @@ view "external" {
|
||||
<optional> pubkey <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; </optional>
|
||||
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> zone-statistics <replaceable>full</replaceable> | <replaceable>terse</replaceable> | <replaceable>none</replaceable>; </optional>
|
||||
<optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
|
||||
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
|
||||
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
|
||||
@ -10323,7 +10585,9 @@ view "external" {
|
||||
<optional> max-retry-time <replaceable>number</replaceable> ; </optional>
|
||||
<optional> key-directory <replaceable>path_name</replaceable>; </optional>
|
||||
<optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
|
||||
<optional> inline-signing <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> serial-update-method <constant>increment</constant>|<constant>unixtime</constant>; </optional>
|
||||
};
|
||||
|
||||
zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
|
||||
@ -10333,13 +10597,15 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
<optional> allow-query-on { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-update-mode ( <replaceable>maintain</replaceable> | <replaceable>no-resign</replaceable> ); </optional>
|
||||
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> dnssec-loadkeys-interval <replaceable>number</replaceable>; </optional>
|
||||
<optional> dnssec-secure-to-insecure <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
|
||||
<optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
|
||||
<optional> also-notify <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable>
|
||||
<optional>port <replaceable>ip_port</replaceable></optional>
|
||||
<optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
|
||||
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
|
||||
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
|
||||
<optional> file <replaceable>string</replaceable> ; </optional>
|
||||
@ -10372,12 +10638,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
|
||||
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> zone-statistics <replaceable>full</replaceable> | <replaceable>terse</replaceable> | <replaceable>none</replaceable>; </optional>
|
||||
<optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
|
||||
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
|
||||
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
|
||||
<optional> sig-signing-type <replaceable>number</replaceable> ; </optional>
|
||||
<optional> database <replaceable>string</replaceable> ; </optional>
|
||||
<optional> min-refresh-time <replaceable>number</replaceable> ; </optional>
|
||||
<optional> max-refresh-time <replaceable>number</replaceable> ; </optional>
|
||||
<optional> min-retry-time <replaceable>number</replaceable> ; </optional>
|
||||
<optional> max-retry-time <replaceable>number</replaceable> ; </optional>
|
||||
<optional> key-directory <replaceable>path_name</replaceable>; </optional>
|
||||
<optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
|
||||
<optional> inline-signing <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> multi-master <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
};
|
||||
@ -10437,6 +10710,13 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
<optional> delegation-only <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
};
|
||||
|
||||
zone <replaceable>"."</replaceable> <optional><replaceable>class</replaceable></optional> {
|
||||
type redirect;
|
||||
file <replaceable>string</replaceable> ;
|
||||
<optional> masterfile-format (<constant>text</constant>|<constant>raw</constant>) ; </optional>
|
||||
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
};
|
||||
|
||||
zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
|
||||
type delegation-only;
|
||||
};
|
||||
@ -10677,6 +10957,64 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row rowsep="0">
|
||||
<entry colname="1">
|
||||
<para>
|
||||
<varname>redirect</varname>
|
||||
</para>
|
||||
</entry>
|
||||
<entry colname="2">
|
||||
<para>
|
||||
Redirect zones are used to provide answers to
|
||||
queries when normal resolution would result in
|
||||
NXDOMAIN being returned.
|
||||
Only one redirect zone is supported
|
||||
per view. <command>allow-query</command> can be
|
||||
used to restrict which clients see these answers.
|
||||
</para>
|
||||
<para>
|
||||
If the client has requested DNSSEC records (DO=1) and
|
||||
the NXDOMAIN response is signed then no substitution
|
||||
will occur.
|
||||
</para>
|
||||
<para>
|
||||
To redirect all NXDOMAIN responses to
|
||||
100.100.100.2 and
|
||||
2001:ffff:ffff::100.100.100.2, one would
|
||||
configure a type redirect zone named ".",
|
||||
with the zone file containing wildcard records
|
||||
that point to the desired addresses:
|
||||
<literal>"*. IN A 100.100.100.2"</literal>
|
||||
and
|
||||
<literal>"*. IN AAAA 2001:ffff:ffff::100.100.100.2"</literal>.
|
||||
</para>
|
||||
<para>
|
||||
To redirect all Spanish names (under .ES) one
|
||||
would use similar entries but with the names
|
||||
"*.ES." instead of "*.". To redirect all
|
||||
commercial Spanish names (under COM.ES) one
|
||||
would use wildcard entries called "*.COM.ES.".
|
||||
</para>
|
||||
<para>
|
||||
Note that the redirect zone supports all
|
||||
possible types; it is not limited to A and
|
||||
AAAA records.
|
||||
</para>
|
||||
<para>
|
||||
Because redirect zones are not referenced
|
||||
directly by name, they are not kept in the
|
||||
zone lookup table with normal master and slave
|
||||
zones. Consequently, it is not currently possible
|
||||
to use
|
||||
<command>rndc reload
|
||||
<replaceable>zonename</replaceable></command>
|
||||
to reload a redirect zone. However, when using
|
||||
<command>rndc reload</command> without specifying
|
||||
a zone name, redirect zones will be reloaded along
|
||||
with other zones.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row rowsep="0">
|
||||
<entry colname="1">
|
||||
<para>
|
||||
@ -10823,6 +11161,9 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
with each <command>also-notify</command>
|
||||
address to send the notify
|
||||
messages to a port other than the default of 53.
|
||||
A TSIG key may also be specified to cause the
|
||||
<literal>NOTIFY</literal> to be signed by the
|
||||
given key.
|
||||
<command>also-notify</command> is not
|
||||
meaningful for stub zones.
|
||||
The default is the empty list.
|
||||
@ -10915,6 +11256,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>dnssec-update-mode</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
See the description of
|
||||
<command>dnssec-update-mode</command> in <xref linkend="options"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>dnssec-dnskey-kskonly</command></term>
|
||||
<listitem>
|
||||
@ -11418,15 +11769,8 @@ example.com. NS ns2.example.net.
|
||||
zone the first time, the repository will be searched
|
||||
for changes periodically, regardless of whether
|
||||
<command>rndc loadkeys</command> is used. The recheck
|
||||
interval is hard-coded to
|
||||
one hour.
|
||||
</para>
|
||||
<para>
|
||||
<command>auto-dnssec create;</command> includes the
|
||||
above, but also allows <command>named</command>
|
||||
to create new keys in the key repository when needed.
|
||||
(NOTE: This option is not yet implemented; the syntax is
|
||||
being reserved for future use.)
|
||||
interval is defined by
|
||||
<command>dnssec-loadkeys-interval</command>.)
|
||||
</para>
|
||||
<para>
|
||||
The default setting is <command>auto-dnssec off</command>.
|
||||
@ -11434,6 +11778,45 @@ example.com. NS ns2.example.net.
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>serial-update-method</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Zones configured for dynamic DNS may use this
|
||||
option to set the update method that will be used for
|
||||
the zone serial number in the SOA record.
|
||||
</para>
|
||||
<para>
|
||||
With the default setting of
|
||||
<command>serial-update-method increment;</command>, the
|
||||
SOA serial number will be incremented by one each time
|
||||
the zone is updated.
|
||||
</para>
|
||||
<para>
|
||||
When set to
|
||||
<command>serial-update-method unixtime;</command>, the
|
||||
SOA serial number will be set to the number of seconds
|
||||
since the UNIX epoch, unless the serial number is
|
||||
already greater than or equal to that value, in which
|
||||
case it is simply incremented by one.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>inline-signing</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If <literal>yes</literal>, this enables
|
||||
"bump in the wire" signing of a zone, where a
|
||||
unsigned zone is transferred in or loaded from
|
||||
disk and a signed version of the zone is served,
|
||||
with possibly, a different serial number. This
|
||||
behaviour is disabled by default.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>multi-master</command></term>
|
||||
<listitem>
|
||||
@ -16709,12 +17092,15 @@ zone "example.com" {
|
||||
<title>Manual pages</title>
|
||||
<xi:include href="../../bin/dig/dig.docbook"/>
|
||||
<xi:include href="../../bin/dig/host.docbook"/>
|
||||
<xi:include href="../../bin/python/dnssec-checkds.docbook"/>
|
||||
<xi:include href="../../bin/python/dnssec-coverage.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-dsfromkey.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-keyfromlabel.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-keygen.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-revoke.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-settime.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-signzone.docbook"/>
|
||||
<xi:include href="../../bin/dnssec/dnssec-verify.docbook"/>
|
||||
<xi:include href="../../bin/check/named-checkconf.docbook"/>
|
||||
<xi:include href="../../bin/check/named-checkzone.docbook"/>
|
||||
<xi:include href="../../bin/named/named.docbook"/>
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user