mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
Code Issues Releases Activity

Vendor import of BIND 9.6.3

Browse Source
This commit is contained in:
Doug Barton 2011-02-05 03:14:55 +00:00
parent f805c4c116
commit fccc60c828
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/bind9/dist/; revision=218308
svn path=/vendor/bind9/9.6.3/; revision=218309; tag=vendor/bind9/9.6.3
142 changed files with 10608 additions and 8867 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
CHANGES
View File

@ -1,5 +1,54 @@
--- 9.6.3 released ---
--- 9.6-ESV-R3 released ---
3009. [bug] clients-per-query code didn't work as expected with
particular query patterns. [RT #22972]
--- 9.6.3rc1 released ---
3007. [bug] Named failed to preserve the case of domain names in
rdata which is not compressible when writing master
files. [RT #22863]
3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
[RT #22766]
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
2995. [bug] The Kerberos realm was not being correctly extracted
from the signer's identity. [RT #22770]
2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
do not use threads on earlier versions. Also kill
the unproven-pthreads, mit-pthreads, and ptl2 support.
2984. [bug] Don't run MX checks when the target of the MX record
is ".". [RT #22645]
2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
[RT #20768]
--- 9.6.3b1 released ---
2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.
Note: dns_tsigkey_createfromkey() callers should now
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672]
2979. [bug] named could deadlock during shutdown if two
"rndc stop" commands were issued at the same
time. [RT #22108]
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2976. [bug] named could die on exit after negotiating a GSS-TSIG
key. [RT #22573]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
wrong lock which could lead to server deadlock.
[RT #22614]
2972. [bug] win32: address windows socket errors. [RT #21906]
@ -36,6 +85,9 @@
justified character with a non zero width,
(e.g. "%-1c"). [RT #22270]
2965. [func] Test HMAC functions using test data from RFC 2104 and
RFC 4634. [RT #21702]
2964. [bug] view->queryacl was being overloaded. Seperate the
usage into view->queryacl, view->cacheacl and
view->queryonacl. [RT #22114]
@ -43,6 +95,25 @@
2962. [port] win32: add more dependencies to BINDBuild.dsw.
[RT #22062]
2960. [func] Check that named accepts non-authoritative answers.
[RT #21594]
2959. [func] Check that named starts with a missing masterfile.
[RT #22076]
2957. [bug] entropy_get() and entropy_getpseudo() failed to match
the API for RAND_bytes() and RAND_pseudo_bytes()
respectively. [RT #21962]
2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
build_sqldbinstance failure. [RT #21623]
2953. [bug] Silence spurious "expected covering NSEC3, got an
exact match" message when returning a wildcard
no data response. [RT #21744]
2952. [port] win32: named-checkzone and named-checkconf failed
to initialise winsock. [RT #21932]
@ -50,7 +121,23 @@
in a optout, delegation only zone with no secure
delegations. [RT #22007]
--- 9.6-ESV-R2 released ---
2950. [bug] named failed to perform a SOA up to date check when
falling back to TCP on UDP timeouts when
ixfr-from-differences was set. [RT #21595]
2946. [doc] Document the default values for the minimum and maximum
zone refresh and retry values in the ARM. [RT #21886]
2945. [doc] Update empty-zones list in ARM. [RT #21772]
2944. [maint] Remove ORCHID prefix from built in empty zones.
[RT #21772]
2942. [contrib] zone2sqlite failed to setup the entropy sources.
[RT #21610]
2941. [bug] sdb and sdlz (dlz's zone database) failed to support
DNAME at the zone apex. [RT #21610]
2939. [func] Check that named successfully skips NSEC3 records
that fail to match the NSEC3PARAM record currently
@ -73,31 +160,173 @@
likely that the bug happens only when enabling threads,
but it's not confirmed yet. [RT #21818]
2935. [bug] nsupdate: improve 'file not found' error message.
[RT #21871]
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
[RT #21871]
2933. [bug] 'dig +nsid' used stack memory after it went out of
scope. This could potentially result in a unknown,
potentially malformed, EDNS option being sent instead
of the desired NSID option. [RT #21781]
2932. [cleanup] Corrected a numbering error in the "dnssec" test.
[RT #21597]
2931. [bug] Temporarily and partially disable change 2864
because it would cause infinite attempts of RRSIG
queries. This is an urgent care fix; we'll
revisit the issue and complete the fix later.
[RT #21710]
2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737]
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
2923. [bug] 'dig +trace' could drop core after "connection
timeout". [RT #21514]
2922. [contrib] Update zkt to version 1.0.
2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
2916. [func] Add framework to use IPv6 in tests.
fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]
2912. [func] Windows clients don't like UPDATE responses that clear
the zone section. [RT #20986]
2911. [bug] dnssec-signzone didn't handle out of zone records well.
[RT #21367]
2910. [func] Sanity check Kerberos credentials. [RT #20986]
2908. [bug] It was possible for re-signing to stop after removing
a DNSKEY. [RT #21384]
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]
2899. [port] win32: Support linking against OpenSSL 1.0.0.
2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]
2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]
--- 9.6-ESV-R1 released ---
2888. [bug] Only the first EDNS option was displayed. [RT #21273]
2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]
2884. [bug] Insufficient validation in dns_name_getlabelsequence().
[RT #21283]
2883. [bug] 'dig +short' failed to handle really large datasets.
[RT #21113]
2882. [bug] Remove memory context from list of active contexts
before clearing 'magic'. [RT #21274]
2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]
2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
--- 9.6-ESV released ---
2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]
2874. [bug] Cache lack of EDNS support only after the server
successfully responds to the query using plain DNS.
[RT #20930]
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]
2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
don't like it. [RT #20986]
2866. [bug] Windows does not like the TSIG name being compressed.
[RT #20986]
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
[RT #21050]
2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
[RT #21056]
2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]
2859. [bug] When cancelling validation it was possible to leak
memory. [RT #20800]
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
[RT #20772]
2857. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]
2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]
2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
2851. [doc] nslookup.1, removed <informalexample> from the docbook
source as it produced bad nroff. [RT #21007]
--- 9.6.2 released ---
2850. [bug] If isc_heap_insert() failed due to memory shortage
@ -138,10 +367,10 @@
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
[RT #20771]
2818. [cleanup] rndc could return an incorrect error code
2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]
2815. [bug] Exclusively lock the task when freezing a zone.
@ -357,7 +586,7 @@
2621. [doc] Made copyright boilterplate consistent. [RT #19833]
2920. [bug] Delay thawing the zone until the reload of it has
2620. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2618. [bug] The sdb and sdlz db_interator_seek() methods could

4
COPYRIGHT
View File

@ -1,4 +1,4 @@
Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.14.176.2 2010/01/07 23:47:36 tbox Exp $
$Id: COPYRIGHT,v 1.14.176.3 2011-01-04 23:45:42 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.

6
README
View File

@ -42,11 +42,9 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
BIND 9.6-ESV (Extended Support Version)
BIND 9.6.3
BIND 9.6-ESV will be supported until March 31, 2013, at
which time you will need to upgrade to the current release
of BIND.
BIND 9.6.3 is a maintenance release, fixing bugs in 9.6.2.
BIND 9.6.2

225
RELEASE-NOTES-BIND-9.6-ESV.html
View File

@ -1,225 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
- Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.2.2 2010/11/29 01:16:39 tbox Exp $ -->
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" type="text/css" href="release-notes.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article"><div class="titlepage"><hr /></div>
<div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111950"></a>Introduction</h2></div></div></div>
<p>
BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV.
</p>
<p>
This document summarizes changes from BIND 9.6-ESV-R1 to BIND 9.6-ESV-R3.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
<div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112014"></a>Download</h2></div></div></div>
<p>
The latest release of BIND 9 software can always be found
on our web site at
<a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</p>
</div>
<div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112037"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
for paid support options. Free support is provided by our user
community via a mailing list. Information on all public email
lists is available at
<a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
</p>
</div>
<div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111986"></a>New Features</h2></div></div></div>
<div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112025"></a>9.6-ESV-R2</h3></div></div></div>
<p>None.</p>
</div>
<div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112098"></a>9.6-ESV-R3</h3></div></div></div>
<p>None.</p>
</div>
</div>
<div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112120"></a>Feature Changes</h2></div></div></div>
<div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112125"></a>9.6-ESV-R2</h3></div></div></div>
<p>None.</p>
</div>
<div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112135"></a>9.6-ESV-R3</h3></div></div></div>
<p>None.</p>
</div>
</div>
<div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112146"></a>Security Fixes</h2></div></div></div>
<div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112151"></a>9.6-ESV-R2</h3></div></div></div>
<p>None.</p>
</div>
<div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112160"></a>9.6-ESV-R3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Adding a NO DATA signed negative response to cache failed to clear
any matching RRSIG records already in cache. A subsequent lookup
of the cached NO DATA entry could crash named (INSIST) when the
unexpected RRSIG was also returned with the NO DATA cache entry.
[RT #22288] [CVE-2010-3613] [VU#706148]
</li><li class="listitem">
BIND, acting as a DNSSEC validator, was determining if the NS RRset
is insecure based on a value that could mean either that the RRset
is actually insecure or that there wasn't a matching key for the RRSIG
in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
This can happen when in the middle of a DNSKEY algorithm rollover,
when two different algorithms were used to sign a zone but only the
new set of keys are in the zone DNSKEY RRset.
[RT #22309] [CVE-2010-3614] [VU#837744]
</li></ul></div>
</div>
</div>
<div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112186"></a>Bug Fixes</h2></div></div></div>
<div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112191"></a>9.6-ESV-R2</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Check that named successfully skips NSEC3 records
that fail to match the NSEC3PARAM record currently
in use.
[RT #21868]
</li><li class="listitem">
Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could
incorrectly stay in an over memory state, effectively refusing
further caching, which subsequently made a BIND 9 caching
server unworkable.
[RT #21818]
</li><li class="listitem">
BIND did not properly handle non-cacheable negative responses
from insecure zones. This caused several non-protocol-compliant
zones to become unresolvable. BIND is now more accepting of
responses it receives from less strict servers.
[RT #21555]
</li><li class="listitem">
The resolver could attempt to destroy a fetch context too
soon, resulting in a crash.
[RT #19878]
</li><li class="listitem">
The placeholder negative caching element was not
properly constructed triggering a crash (INSIST) in
dns_ncache_towire().
[RT #21346]
</li><li class="listitem">
Handle the introduction of new trusted-keys and
DS, DLV RRsets better.
[RT #21097]
</li><li class="listitem">
Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
</li></ul></div>
</div>
<div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112232"></a>9.6-ESV-R3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Microsoft changed the behavior of sockets between NT/XP based
stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
behavior, 2008r2 has the new behavior. With the change, different
error results are possible, so ISC adapted BIND to handle the new
error results.
This resolves an issue where sockets would shut down on
Windows servers causing named to stop responding to queries.
[RT #21906]
</li><li class="listitem">
Windows has non-POSIX compliant behavior in its rename() and unlink()
calls. This caused journal compaction to fail on Windows BIND servers
with the log error: "dns_journal_compact failed: failure".
[RT #22434]
</li><li class="listitem">
'host -D' now turns on debugging messages earlier.
[RT #22361]
</li><li class="listitem">
isc_print_vsnprintf() failed to check if there was
space available in the buffer when adding a left
justified character with a non zero width,
(e.g. "%-1c").
[RT #22270]
</li><li class="listitem">
view-&gt;queryacl was being overloaded. Seperate the
usage into view-&gt;queryacl, view-&gt;cacheacl and
view-&gt;queryonacl.
[RT #22114]
</li><li class="listitem">
win32: add more dependencies to BINDBuild.dsw.
[RT #22062]
</li><li class="listitem">
win32: named-checkzone and named-checkconf failed
to initialise winsock.
[RT #21932]
</li><li class="listitem">
named failed to generate a correct signed response
in a optout, delegation only zone with no secure
delegations.
[RT #22007]
</li></ul></div>
</div>
</div>
<div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112280"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
<p>
"make test" will fail on OSX and possibly other operating systems.
The failure occurs in a new test to check for allow-query ACLs.
The failure is caused because the source address is not specified on
the dig commands issued in the test.
</p>
<p>
If running "make test" is part of your usual acceptance process,
please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
and add
</p><p>
<code class="code">-b 10.53.0.2</code>
</p><p>
to the <code class="code">DIGOPTS</code> line.
</p>
</li></ul></div>
</div>
<div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112315"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at
<a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
</p>
</div>
</div></body></html>

BIN
RELEASE-NOTES-BIND-9.6-ESV.pdf
View File

Binary file not shown.

133
RELEASE-NOTES-BIND-9.6-ESV.txt
View File

@ -1,133 +0,0 @@
__________________________________________________________________
Introduction
BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV.
This document summarizes changes from BIND 9.6-ESV-R1 to BIND
9.6-ESV-R3. Please see the CHANGES file in the source code release for
a complete list of all changes.
Download
The latest release of BIND 9 software can always be found on our web
site at http://www.isc.org/software/bind. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
Support
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.
New Features
9.6-ESV-R2
None.
9.6-ESV-R3
None.
Feature Changes
9.6-ESV-R2
None.
9.6-ESV-R3
None.
Security Fixes
9.6-ESV-R2
None.
9.6-ESV-R3
* Adding a NO DATA signed negative response to cache failed to clear
any matching RRSIG records already in cache. A subsequent lookup of
the cached NO DATA entry could crash named (INSIST) when the
unexpected RRSIG was also returned with the NO DATA cache entry.
[RT #22288] [CVE-2010-3613] [VU#706148]
* BIND, acting as a DNSSEC validator, was determining if the NS RRset
is insecure based on a value that could mean either that the RRset
is actually insecure or that there wasn't a matching key for the
RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
RRset. This can happen when in the middle of a DNSKEY algorithm
rollover, when two different algorithms were used to sign a zone
but only the new set of keys are in the zone DNSKEY RRset. [RT
#22309] [CVE-2010-3614] [VU#837744]
Bug Fixes
9.6-ESV-R2
* Check that named successfully skips NSEC3 records that fail to
match the NSEC3PARAM record currently in use. [RT #21868]
* Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could incorrectly
stay in an over memory state, effectively refusing further caching,
which subsequently made a BIND 9 caching server unworkable. [RT
#21818]
* BIND did not properly handle non-cacheable negative responses from
insecure zones. This caused several non-protocol-compliant zones to
become unresolvable. BIND is now more accepting of responses it
receives from less strict servers. [RT #21555]
* The resolver could attempt to destroy a fetch context too soon,
resulting in a crash. [RT #19878]
* The placeholder negative caching element was not properly
constructed triggering a crash (INSIST) in dns_ncache_towire(). [RT
#21346]
* Handle the introduction of new trusted-keys and DS, DLV RRsets
better. [RT #21097]
* Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877]
9.6-ESV-R3
* Microsoft changed the behavior of sockets between NT/XP based
stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
behavior, 2008r2 has the new behavior. With the change, different
error results are possible, so ISC adapted BIND to handle the new
error results. This resolves an issue where sockets would shut down
on Windows servers causing named to stop responding to queries. [RT
#21906]
* Windows has non-POSIX compliant behavior in its rename() and
unlink() calls. This caused journal compaction to fail on Windows
BIND servers with the log error: "dns_journal_compact failed:
failure". [RT #22434]
* 'host -D' now turns on debugging messages earlier. [RT #22361]
* isc_print_vsnprintf() failed to check if there was space available
in the buffer when adding a left justified character with a non
zero width, (e.g. "%-1c"). [RT #22270]
* view->queryacl was being overloaded. Seperate the usage into
view->queryacl, view->cacheacl and view->queryonacl. [RT #22114]
* win32: add more dependencies to BINDBuild.dsw. [RT #22062]
* win32: named-checkzone and named-checkconf failed to initialise
winsock. [RT #21932]
* named failed to generate a correct signed response in a optout,
delegation only zone with no secure delegations. [RT #22007]
Known issues in this release
* "make test" will fail on OSX and possibly other operating systems.
The failure occurs in a new test to check for allow-query ACLs. The
failure is caused because the source address is not specified on
the dig commands issued in the test.
If running "make test" is part of your usual acceptance process,
please edit the file bin/tests/system/allow_query/test.sh and add
-b 10.53.0.2
to the DIGOPTS line.
Thank You
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.

165
RELEASE-NOTES-BIND-9.6.3.html Normal file
View File

@ -0,0 +1,165 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
<div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026830"></a>Introduction</h2></div></div></div>
<p>
BIND 9.6.3 is the current release of BIND 9.6.
</p>
<p>
This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
<div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893341"></a>Download</h2></div></div></div>
<p>
The latest development version of BIND 9 software can always be found
on our web site at
<a class="ulink" href="http://www.isc.org/downloads/development" target="_top">http://www.isc.org/downloads/development</a>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</p>
</div>
<div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026768"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
for paid support options. Free support is provided by our user
community via a mailing list. Information on all public email
lists is available at
<a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
</p>
</div>
<div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893404"></a>New Features</h2></div></div></div>
<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893409"></a>9.6.3</h3></div></div></div>
<p>None.</p>
</div>
</div>
<div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893420"></a>Feature Changes</h2></div></div></div>
<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893425"></a>9.6.3</h3></div></div></div>
<p>None.</p>
</div>
</div>
<div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893436"></a>Security Fixes</h2></div></div></div>
<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893441"></a>9.6.2-P3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Adding a NO DATA signed negative response to cache failed to clear
any matching RRSIG records already in cache. A subsequent lookup
of the cached NO DATA entry could crash named (INSIST) when the
unexpected RRSIG was also returned with the NO DATA cache entry.
[RT #22288] [CVE-2010-3613] [VU#706148]
</li><li class="listitem">
BIND, acting as a DNSSEC validator, was determining if the NS RRset
is insecure based on a value that could mean either that the RRset
is actually insecure or that there wasn't a matching key for the RRSIG
in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
This can happen when in the middle of a DNSKEY algorithm rollover,
when two different algorithms were used to sign a zone but only the
new set of keys are in the zone DNSKEY RRset.
[RT #22309] [CVE-2010-3614] [VU#837744]
</li></ul></div>
</div>
</div>
<div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3026756"></a>Bug Fixes</h2></div></div></div>
<div class="section" title="9.6.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3026817"></a>9.6.3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
BIND now builds with threads disabled in versions of NetBSD earlier
than 5.0 and with pthreads enabled by default in NetBSD versions 5.0
and higher. Also removes support for unproven-pthreads, mit-pthreads
and ptl2. [RT #19203]
</li><li class="listitem">
HPUX now correctly defaults to using /dev/poll, which should
increase performance. [RT #21919]
</li><li class="listitem">
If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
</li><li class="listitem">
When performing a GSS-TSIG signed dynamic zone update, memory could be
leaked. This causes an unclean shutdown and may affect long-running
servers. [RT #22573]
</li><li class="listitem">
A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
SO_ACCEPTFILTER support in BIND. [RT #22589]
</li><li class="listitem">
Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
</li><li class="listitem">
Don't run MX checks (check-mx) when the MX record points to ".".
[RT #22645]
</li><li class="listitem">
DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
</li><li class="listitem">
isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy attr. [RT #22766]
</li><li class="listitem">
The Kerberos realm was being truncated when being pulled from the
the host prinicipal, make krb5-self updates fail. [RT #22770]
</li><li class="listitem">
named failed to preserve the case of domain names in RDATA which is not compressible when writing master files. [RT #22863]
</li><li class="listitem">
There was a bug in how the clients-per-query code worked with some
query patterns. This could result, in rare circumstances, in having all
the client query slots filled with queries for the same DNS label,
essentially ignoring the max-clients-per-query setting.
[RT #22972]
</li></ul></div>
</div>
<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3893557"></a>9.6.2-P3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could
incorrectly stay in an over memory state, effectively refusing
further caching, which subsequently made a BIND 9 caching
server unworkable.
[RT #21818]
</li><li class="listitem">
Microsoft changed the behavior of sockets between NT/XP based
stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
behavior, 2008r2 has the new behavior. With the change, different
error results are possible, so ISC adapted BIND to handle the new
error results.
This resolves an issue where sockets would shut down on
Windows servers causing named to stop responding to queries.
[RT #21906]
</li><li class="listitem">
Windows has non-POSIX compliant behavior in its rename() and unlink()
calls. This caused journal compaction to fail on Windows BIND servers
with the log error: "dns_journal_compact failed: failure".
[RT #22434]
</li></ul></div>
</div>
</div>
<div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3893594"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at
<a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
</p>
</div>
</div></body></html>

BIN
RELEASE-NOTES-BIND-9.6.3.pdf Normal file
View File

Binary file not shown.

118
RELEASE-NOTES-BIND-9.6.3.txt Normal file
View File

@ -0,0 +1,118 @@
__________________________________________________________________
Introduction
BIND 9.6.3 is the current release of BIND 9.6.
This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
Please see the CHANGES file in the source code release for a complete
list of all changes.
Download
The latest development version of BIND 9 software can always be found
on our web site at http://www.isc.org/downloads/development. There you
will find additional information about each release, source code, and
some pre-compiled versions for certain operating systems.
Support
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.
New Features
9.6.3
None.
Feature Changes
9.6.3
None.
Security Fixes
9.6.2-P3
* Adding a NO DATA signed negative response to cache failed to clear
any matching RRSIG records already in cache. A subsequent lookup of
the cached NO DATA entry could crash named (INSIST) when the
unexpected RRSIG was also returned with the NO DATA cache entry.
[RT #22288] [CVE-2010-3613] [VU#706148]
* BIND, acting as a DNSSEC validator, was determining if the NS RRset
is insecure based on a value that could mean either that the RRset
is actually insecure or that there wasn't a matching key for the
RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
RRset. This can happen when in the middle of a DNSKEY algorithm
rollover, when two different algorithms were used to sign a zone
but only the new set of keys are in the zone DNSKEY RRset. [RT
#22309] [CVE-2010-3614] [VU#837744]
Bug Fixes
9.6.3
* BIND now builds with threads disabled in versions of NetBSD earlier
than 5.0 and with pthreads enabled by default in NetBSD versions
5.0 and higher. Also removes support for unproven-pthreads,
mit-pthreads and ptl2. [RT #19203]
* HPUX now correctly defaults to using /dev/poll, which should
increase performance. [RT #21919]
* If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
* When performing a GSS-TSIG signed dynamic zone update, memory could
be leaked. This causes an unclean shutdown and may affect
long-running servers. [RT #22573]
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
* Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
* Don't run MX checks (check-mx) when the MX record points to ".".
[RT #22645]
* DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
* isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
attr. [RT #22766]
* The Kerberos realm was being truncated when being pulled from the
the host prinicipal, make krb5-self updates fail. [RT #22770]
* named failed to preserve the case of domain names in RDATA which is
not compressible when writing master files. [RT #22863]
* There was a bug in how the clients-per-query code worked with some
query patterns. This could result, in rare circumstances, in having
all the client query slots filled with queries for the same DNS
label, essentially ignoring the max-clients-per-query setting. [RT
#22972]
9.6.2-P3
* Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could incorrectly
stay in an over memory state, effectively refusing further caching,
which subsequently made a BIND 9 caching server unworkable. [RT
#21818]
* Microsoft changed the behavior of sockets between NT/XP based
stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
behavior, 2008r2 has the new behavior. With the change, different
error results are possible, so ISC adapted BIND to handle the new
error results. This resolves an issue where sockets would shut down
on Windows servers causing named to stop responding to queries. [RT
#21906]
* Windows has non-POSIX compliant behavior in its rename() and
unlink() calls. This caused journal compaction to fail on Windows
BIND servers with the log error: "dns_journal_compact failed:
failure". [RT #22434]
Thank You
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.

2
bin/check/check-tool.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.35.36.3.24.2 2010/09/07 23:46:25 tbox Exp $ */
/* $Id: check-tool.c,v 1.35.36.5 2010-09-07 23:46:05 tbox Exp $ */
/*! \file */

2
bin/check/check-tool.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.h,v 1.14.628.2 2010/09/07 23:46:26 tbox Exp $ */
/* $Id: check-tool.h,v 1.14.334.2 2010-09-07 23:46:05 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H

2
bin/check/named-checkconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.46.222.2.24.2 2010/09/07 23:46:26 tbox Exp $ */
/* $Id: named-checkconf.c,v 1.46.222.4 2010-09-07 23:46:05 tbox Exp $ */
/*! \file */

2
bin/check/named-checkzone.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.51.34.4.10.2 2010/09/07 23:46:26 tbox Exp $ */
/* $Id: named-checkzone.c,v 1.51.34.6 2010-09-07 23:46:06 tbox Exp $ */
/*! \file */

14
bin/dig/dig.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.225.26.4 2009/05/06 10:18:33 fdupont Exp $ */
/* $Id: dig.c,v 1.225.26.7 2010-05-13 00:43:37 marka Exp $ */
/*! \file */
@ -306,6 +306,8 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
ADD_STRING(buf, " ");
}
result = dns_rdata_totext(rdata, NULL, buf);
if (result == ISC_R_NOSPACE)
return (result);
check_result(result, "dns_rdata_totext");
if (query->lookup->identify) {
TIME_NOW(&now);
@ -328,10 +330,8 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
{
dns_name_t *name;
dns_rdataset_t *rdataset;
isc_buffer_t target;
isc_result_t result, loopresult;
dns_name_t empty_name;
char t[4096];
dns_rdata_t rdata = DNS_RDATA_INIT;
UNUSED(flags);
@ -347,8 +347,6 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
name = NULL;
dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
isc_buffer_init(&target, t, sizeof(t));
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
@ -357,6 +355,8 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
dns_rdataset_current(rdataset, &rdata);
result = say_message(&rdata, query,
buf);
if (result == ISC_R_NOSPACE)
return (result);
check_result(result, "say_message");
loopresult = dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
@ -505,6 +505,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
printf(" ad");
if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0)
printf(" cd");
if ((msg->flags & 0x0040U) != 0)
printf("; MBZ: 0x4");
printf("; QUERY: %u, ANSWER: %u, "
"AUTHORITY: %u, ADDITIONAL: %u\n",

69
bin/dig/dighost.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.311.70.11 2009/11/10 17:27:13 each Exp $ */
/* $Id: dighost.c,v 1.311.70.17 2010-12-09 01:12:54 marka Exp $ */
/*! \file
* \note
@ -246,7 +246,7 @@ isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
char **tempp, FILE **fp);
isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
void clean_trustedkey(void);
void insert_trustedkey(dst_key_t * key);
void insert_trustedkey(dst_key_t **key);
#if DIG_SIGCHASE_BU
isc_result_t getneededrr(dns_message_t *msg);
void sigchase_bottom_up(dns_message_t *msg);
@ -970,7 +970,6 @@ setup_file_key(void) {
keynametext, isc_result_totext(result));
goto failure;
}
dstkey = NULL;
failure:
if (dstkey != NULL)
dst_key_free(&dstkey);
@ -989,13 +988,22 @@ make_searchlist_entry(char *domain) {
return (search);
}
static void
clear_searchlist(void) {
dig_searchlist_t *search;
while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
ISC_LIST_UNLINK(search_list, search, link);
isc_mem_free(mctx, search);
}
}
static void
create_search_list(lwres_conf_t *confdata) {
int i;
dig_searchlist_t *search;
debug("create_search_list()");
ISC_LIST_INIT(search_list);
clear_searchlist();
for (i = 0; i < confdata->searchnxt; i++) {
search = make_searchlist_entry(confdata->search[i]);
@ -1038,7 +1046,7 @@ setup_system(void) {
else { /* No search list. Use the domain name if any */
if (lwconf->domainname != NULL) {
domain = make_searchlist_entry(lwconf->domainname);
ISC_LIST_INITANDAPPEND(search_list, domain, link);
ISC_LIST_APPEND(search_list, domain, link);
domain = NULL;
}
}
@ -1093,15 +1101,6 @@ setup_system(void) {
}
static void
clear_searchlist(void) {
dig_searchlist_t *search;
while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
ISC_LIST_UNLINK(search_list, search, link);
isc_mem_free(mctx, search);
}
}
/*%
* Override the search list derived from resolv.conf by 'domain'.
*/
@ -1201,14 +1200,15 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
if (dnssec)
rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
if (nsid) {
unsigned char data[4];
isc_buffer_t buf;
isc_buffer_t *b = NULL;
isc_buffer_init(&buf, data, sizeof(data));
isc_buffer_putuint16(&buf, DNS_OPT_NSID);
isc_buffer_putuint16(&buf, 0);
rdata->data = data;
rdata->length = sizeof(data);
result = isc_buffer_allocate(mctx, &b, 4);
check_result(result, "isc_buffer_allocate");
isc_buffer_putuint16(b, DNS_OPT_NSID);
isc_buffer_putuint16(b, 0);
rdata->data = isc_buffer_base(b);
rdata->length = isc_buffer_usedlength(b);
dns_message_takebuffer(msg, &b);
} else {
rdata->data = NULL;
rdata->length = 0;
@ -2218,6 +2218,15 @@ force_timeout(dig_lookup_t *l, dig_query_t *query) {
isc_result_totext(ISC_R_NOMEMORY));
}
isc_task_send(global_task, &event);
/*
* The timer may have expired if, for example, get_address() takes
* long time and the timer was running on a different thread.
* We need to cancel the possible timeout event not to confuse
* ourselves due to the duplicate events.
*/
if (l->timer != NULL)
isc_timer_detach(&l->timer);
}
@ -2241,7 +2250,7 @@ send_tcp_connect(dig_query_t *query) {
query->waiting_connect = ISC_TRUE;
query->lookup->current_query = query;
result = get_address(query->servname, port, &query->sockaddr);
if (result == ISC_R_NOTFOUND) {
if (result != ISC_R_SUCCESS) {
/*
* This servname doesn't have an address. Try the next server
* by triggering an immediate 'timeout' (we lie, but the effect
@ -2323,7 +2332,7 @@ send_udp(dig_query_t *query) {
/* XXX Check the sense of this, need assertion? */
query->waiting_connect = ISC_FALSE;
result = get_address(query->servname, port, &query->sockaddr);
if (result == ISC_R_NOTFOUND) {
if (result != ISC_R_SUCCESS) {
/* This servname doesn't have an address. */
force_timeout(l, query);
return;
@ -3858,14 +3867,15 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
}
void
insert_trustedkey(dst_key_t * key)
insert_trustedkey(dst_key_t **keyp)
{
if (key == NULL)
if (*keyp == NULL)
return;
if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
return;
tk_list.key[tk_list.nb_tk++] = key;
tk_list.key[tk_list.nb_tk++] = *keyp;
*keyp = NULL;
return;
}
@ -4039,11 +4049,12 @@ get_trusted_key(isc_mem_t *mctx)
fclose(fp);
return (ISC_R_FAILURE);
}
insert_trustedkey(key);
#if 0
dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
#endif
key = NULL;
insert_trustedkey(&key);
if (key != NULL)
dst_key_free(&key);
}
return (ISC_R_SUCCESS);
}

2
bin/dig/host.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.116.216.3.10.2 2010/10/19 23:46:25 tbox Exp $ */
/* $Id: host.c,v 1.116.216.5 2010-10-19 23:45:58 tbox Exp $ */
/*! \file */

14
bin/dig/nslookup.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nslookup.1,v 1.14.354.1 2009/07/11 01:55:20 tbox Exp $
.\" $Id: nslookup.1,v 1.14.354.2 2010-02-23 01:56:02 tbox Exp $
.\"
.hy 0
.ad l
@ -54,7 +54,13 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
.PP
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
.sp
.RS 4
.nf
nslookup \-query=hinfo \-timeout=10
.fi
.RE
.sp
.SH "INTERACTIVE COMMANDS"
.PP
\fBhost\fR [server]
@ -248,5 +254,5 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
.PP
Andrew Cherenson
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
.br

9
bin/dig/nslookup.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nslookup.docbook,v 1.16 2007/06/18 23:47:17 tbox Exp $ -->
<!-- $Id: nslookup.docbook,v 1.16.334.2 2010-02-22 23:47:53 tbox Exp $ -->
<!--
- Copyright (c) 1985, 1989
- The Regents of the University of California. All rights reserved.
@ -73,6 +73,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@ -129,11 +130,11 @@
arguments and are prefixed with a hyphen. For example, to
change the default query type to host information, and the initial
timeout to 10 seconds, type:
<informalexample>
<!-- <informalexample> produces bad nroff. -->
<programlisting>
nslookup -query=hinfo -timeout=10
</programlisting>
</informalexample>
<!-- </informalexample> -->
</para>
</refsect1>

24
bin/dig/nslookup.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nslookup.html,v 1.21.354.1 2009/07/11 01:55:20 tbox Exp $ -->
<!-- $Id: nslookup.html,v 1.21.354.2 2010-02-23 01:56:02 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543355"></a><h2>DESCRIPTION</h2>
<a name="id2543358"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">Nslookup</strong></span>
is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
has two modes: interactive and non-interactive. Interactive mode allows
@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543371"></a><h2>ARGUMENTS</h2>
<a name="id2543374"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
@ -68,15 +68,17 @@
arguments and are prefixed with a hyphen. For example, to
change the default query type to host information, and the initial
timeout to 10 seconds, type:
</p>
<div class="informalexample"><pre class="programlisting">
</p>
<pre class="programlisting">
nslookup -query=hinfo -timeout=10
</pre></div>
</pre>
<p>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543413"></a><h2>INTERACTIVE COMMANDS</h2>
<a name="id2543418"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
<dd>
@ -286,19 +288,19 @@ nslookup -query=hinfo -timeout=10
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2546279"></a><h2>FILES</h2>
<a name="id2546284"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2546291"></a><h2>SEE ALSO</h2>
<a name="id2546296"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2546325"></a><h2>Author</h2>
<a name="id2546330"></a><h2>Author</h2>
<p>
Andrew Cherenson
</p>

10
bin/dnssec/dnssec-dsfromkey.8
View File

@ -1,18 +1,18 @@
.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-dsfromkey.8,v 1.5 2008/11/08 01:11:47 tbox Exp $
.\" $Id: dnssec-dsfromkey.8,v 1.5.14.1 2010-05-19 02:06:11 tbox Exp $
.\"
.hy 0
.ad l

25
bin/dnssec/dnssec-dsfromkey.html
View File

@ -1,20 +1,19 @@
<!--
- Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.html,v 1.5.110.2 2010/03/03 23:32:17 tbox Exp $ -->
<!-- $Id: dnssec-dsfromkey.html,v 1.5.14.1 2010-05-19 02:06:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -33,14 +32,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543421"></a><h2>DESCRIPTION</h2>
<a name="id2543424"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543433"></a><h2>OPTIONS</h2>
<a name="id2543435"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -81,7 +80,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543561"></a><h2>EXAMPLE</h2>
<a name="id2543563"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -96,7 +95,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543591"></a><h2>FILES</h2>
<a name="id2543593"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -110,13 +109,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543626"></a><h2>CAVEAT</h2>
<a name="id2543628"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543636"></a><h2>SEE ALSO</h2>
<a name="id2543638"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -125,7 +124,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543672"></a><h2>AUTHOR</h2>
<a name="id2543674"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
bin/dnssec/dnssec-keyfromlabel.html
View File

@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3.4.1 2010/03/03 22:19:19 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010-01-16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543414"></a><h2>DESCRIPTION</h2>
<a name="id2543416"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -39,7 +39,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543426"></a><h2>OPTIONS</h2>
<a name="id2543428"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -120,7 +120,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543629"></a><h2>GENERATED KEY FILES</h2>
<a name="id2543632"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -161,7 +161,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543702"></a><h2>SEE ALSO</h2>
<a name="id2543704"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -169,7 +169,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543735"></a><h2>AUTHOR</h2>
<a name="id2543737"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
bin/dnssec/dnssec-keygen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.html,v 1.32.44.4.4.1 2010/03/03 22:19:19 tbox Exp $ -->
<!-- $Id: dnssec-keygen.html,v 1.32.44.4 2010-01-16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543481"></a><h2>DESCRIPTION</h2>
<a name="id2543483"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -45,7 +45,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543499"></a><h2>OPTIONS</h2>
<a name="id2543501"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -155,7 +155,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543834"></a><h2>GENERATED KEYS</h2>
<a name="id2543836"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543916"></a><h2>EXAMPLE</h2>
<a name="id2543918"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -222,7 +222,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544028"></a><h2>SEE ALSO</h2>
<a name="id2544030"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -231,7 +231,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544059"></a><h2>AUTHOR</h2>
<a name="id2544061"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

145
bin/dnssec/dnssec-signzone.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.209.12.18 2009/11/03 23:47:45 tbox Exp $ */
/* $Id: dnssec-signzone.c,v 1.209.12.20 2010-06-03 23:47:48 tbox Exp $ */
/*! \file */
@ -1606,6 +1606,15 @@ verifyzone(void) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
if (!dns_name_issubdomain(name, gorigin)) {
dns_db_detachnode(gdb, &node);
result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE)
done = ISC_TRUE;
else
check_result(result, "dns_dbiterator_next()");
continue;
}
if (delegation(name, node, NULL)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(name, zonecut, NULL);
@ -1931,6 +1940,40 @@ add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
}
}
/*
* Remove records of the given type and their signatures.
*/
static void
remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
isc_result_t result;
dns_rdatatype_t type, covers;
dns_rdatasetiter_t *rdsiter = NULL;
dns_rdataset_t rdataset;
dns_rdataset_init(&rdataset);
/*
* Delete any NSEC records at the apex.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets()");
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
dns_rdatasetiter_current(rdsiter, &rdataset);
type = rdataset.type;
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
if (type == which || covers == which) {
result = dns_db_deleterdataset(gdb, node, gversion,
type, covers);
check_result(result, "dns_db_deleterdataset()");
continue;
}
}
dns_rdatasetiter_destroy(&rdsiter);
}
/*%
* Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
*/
@ -1990,35 +2033,25 @@ nsecify(void) {
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first()");
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
/*
* Delete any NSEC3PARAM records at the apex.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets()");
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
dns_rdatasetiter_current(rdsiter, &rdataset);
type = rdataset.type;
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
if (type == dns_rdatatype_nsec3param ||
covers == dns_rdatatype_nsec3param) {
result = dns_db_deleterdataset(gdb, node, gversion,
type, covers);
check_result(result,
"dns_db_deleterdataset(nsec3param/rrsig)");
continue;
}
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(gdb, &node);
while (!done) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
/*
* Skip out-of-zone records.
*/
if (!dns_name_issubdomain(name, gorigin)) {
result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE)
done = ISC_TRUE;
else
check_result(result, "dns_dbiterator_next()");
dns_db_detachnode(gdb, &node);
continue;
}
if (dns_name_equal(name, gorigin))
remove_records(node, dns_rdatatype_nsec3param);
if (delegation(name, node, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(name, zonecut, NULL);
@ -2299,8 +2332,6 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
dns_fixedname_t fname, fnextname, fzonecut;
dns_name_t *name, *nextname, *zonecut;
dns_rdataset_t rdataset;
dns_rdatasetiter_t *rdsiter = NULL;
dns_rdatatype_t type, covers;
int order;
isc_boolean_t active;
isc_boolean_t done = ISC_FALSE;
@ -2325,35 +2356,25 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first()");
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
/*
* Delete any NSEC records at the apex.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets()");
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
dns_rdatasetiter_current(rdsiter, &rdataset);
type = rdataset.type;
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
if (type == dns_rdatatype_nsec ||
covers == dns_rdatatype_nsec) {
result = dns_db_deleterdataset(gdb, node, gversion,
type, covers);
check_result(result,
"dns_db_deleterdataset(nsec3param/rrsig)");
continue;
}
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(gdb, &node);
while (!done) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
/*
* Skip out-of-zone records.
*/
if (!dns_name_issubdomain(name, gorigin)) {
result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE)
done = ISC_TRUE;
else
check_result(result, "dns_dbiterator_next()");
dns_db_detachnode(gdb, &node);
continue;
}
if (dns_name_equal(name, gorigin))
remove_records(node, dns_rdatatype_nsec);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
while (result == ISC_R_SUCCESS) {
@ -2470,6 +2491,18 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
while (!done) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
/*
* Skip out-of-zone records.
*/
if (!dns_name_issubdomain(name, gorigin)) {
result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE)
done = ISC_TRUE;
else
check_result(result, "dns_dbiterator_next()");
dns_db_detachnode(gdb, &node);
continue;
}
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
while (result == ISC_R_SUCCESS) {

14
bin/dnssec/dnssec-signzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.html,v 1.33.44.8.10.1 2010/03/03 22:19:19 tbox Exp $ -->
<!-- $Id: dnssec-signzone.html,v 1.33.44.8 2009-11-07 01:56:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543556"></a><h2>DESCRIPTION</h2>
<a name="id2543558"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543574"></a><h2>OPTIONS</h2>
<a name="id2543576"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -273,7 +273,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544433"></a><h2>EXAMPLE</h2>
<a name="id2544503"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -302,7 +302,7 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2544552"></a><h2>KNOWN BUGS</h2>
<a name="id2544554"></a><h2>KNOWN BUGS</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
sign a zone partially, using only a subset of the DNSSEC keys
@ -327,14 +327,14 @@ db.example.com.signed
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544714"></a><h2>SEE ALSO</h2>
<a name="id2544716"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544739"></a><h2>AUTHOR</h2>
<a name="id2544741"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

11
bin/named/builtin.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: builtin.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
/* $Id: builtin.c,v 1.12.334.3 2010-08-03 23:45:47 tbox Exp $ */
/*! \file
* \brief
@ -95,7 +95,7 @@ put_txt(dns_sdblookup_t *lookup, const char *text) {
static isc_result_t
do_version_lookup(dns_sdblookup_t *lookup) {
if (ns_g_server->version_set) {
if (ns_g_server->version_set) {
if (ns_g_server->version == NULL)
return (ISC_R_SUCCESS);
else
@ -132,6 +132,7 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
"Michael Graff",
"Andreas Gustafsson",
"Bob Halley",
"JINMEI Tatuya",
"David Lawrence",
"Danny Mayer",
"Damien Neil",
@ -198,7 +199,7 @@ builtin_authority(const char *zone, void *dbdata, dns_sdblookup_t *lookup) {
if (b->contact != NULL)
contact = b->contact;
}
result = dns_sdb_putsoa(lookup, server, contact, 0);
if (result != ISC_R_SUCCESS)
return (ISC_R_FAILURE);
@ -233,7 +234,7 @@ builtin_create(const char *zone, int argc, char **argv,
*dbdata = &authors_builtin;
else if (strcmp(argv[0], "id") == 0)
*dbdata = &id_builtin;
else if (strcmp(argv[0], "empty") == 0) {
else if (strcmp(argv[0], "empty") == 0) {
builtin_t *empty;
char *server;
char *contact;

2
bin/named/client.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.259.12.3.24.2 2010/09/29 23:46:31 tbox Exp $ */
/* $Id: client.c,v 1.259.12.5 2010-09-24 08:30:27 tbox Exp $ */
#include <config.h>

9
bin/named/control.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.33.266.2 2009/07/11 23:47:17 tbox Exp $ */
/* $Id: control.c,v 1.33.266.4 2010-12-03 23:45:46 tbox Exp $ */
/*! \file */
@ -129,11 +129,16 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
* isc_app_shutdown below.
*/
#endif
/* Do not flush master files */
ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
ns_os_shutdownmsg(command, text);
isc_app_shutdown();
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_STOP)) {
/*
* "stop" is the same as "halt" except it does
* flush master files.
*/
#ifdef HAVE_LIBSCF
if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
result = ns_smf_add_message(text);

3
bin/named/include/named/globals.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.80.84.2 2010/06/26 23:46:15 tbox Exp $ */
/* $Id: globals.h,v 1.80.12.3 2010-09-15 12:16:50 marka Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@ -133,6 +133,7 @@ EXTERN isc_time_t ns_g_boottime;
EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_nosoa INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_noaa INIT(ISC_FALSE);
#undef EXTERN
#undef INIT

2
bin/named/include/named/query.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.h,v 1.40.626.2 2010/09/29 23:46:31 tbox Exp $ */
/* $Id: query.h,v 1.40.332.2 2010-09-24 08:30:28 tbox Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1

4
bin/named/main.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: main.c,v 1.166.34.3.24.3 2010/09/06 03:58:32 marka Exp $ */
/* $Id: main.c,v 1.166.34.7 2010-09-15 12:16:49 marka Exp $ */
/*! \file */
@ -455,6 +455,8 @@ parse_command_line(int argc, char *argv[]) {
ns_g_clienttest = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "nosoa"))
ns_g_nosoa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "noaa"))
ns_g_noaa = ISC_TRUE;
else
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);

36
bin/named/query.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.313.20.16.10.3 2010/09/29 00:03:32 marka Exp $ */
/* $Id: query.c,v 1.313.20.24 2010-09-24 08:09:07 marka Exp $ */
/*! \file */
@ -2796,7 +2796,7 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
static void
query_addwildcardproof(ns_client_t *client, dns_db_t *db,
dns_dbversion_t *version, dns_name_t *name,
isc_boolean_t ispositive)
isc_boolean_t ispositive, isc_boolean_t nodata)
{
isc_buffer_t *dbuf, b;
dns_name_t *fname;
@ -2984,7 +2984,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
goto cleanup;
query_findclosestnsec3(wname, db, NULL, client, rdataset,
sigrdataset, fname, ISC_FALSE, NULL);
sigrdataset, fname, nodata, NULL);
if (!dns_rdataset_isassociated(rdataset))
goto cleanup;
query_addrrset(client, &fname, &rdataset, &sigrdataset,
@ -3087,7 +3087,7 @@ query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db,
/* XXX */
query_addwildcardproof(client, db, version, client->query.qname,
ISC_TRUE);
ISC_TRUE, ISC_FALSE);
/*
* We'll need some resources...
@ -4307,7 +4307,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
query_releasename(client, &fname);
query_addwildcardproof(client, db, version,
client->query.qname,
ISC_FALSE);
ISC_FALSE, ISC_TRUE);
}
}
if (dns_rdataset_isassociated(rdataset)) {
@ -4396,7 +4396,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
&sigrdataset,
NULL, DNS_SECTION_AUTHORITY);
query_addwildcardproof(client, db, version,
client->query.qname, ISC_FALSE);
client->query.qname, ISC_FALSE,
ISC_FALSE);
}
/*
@ -4715,7 +4716,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* We didn't match any rdatasets.
*/
if (qtype == dns_rdatatype_rrsig &&
if ((qtype == dns_rdatatype_rrsig ||
qtype == dns_rdatatype_sig) &&
result == ISC_R_NOMORE) {
/*
* XXXRTH If this is a secure zone and we
@ -4724,6 +4726,18 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* glue. Ugh.
*/
if (!is_zone) {
/*
* Note: this is dead code because
* is_zone is always true due to the
* condition above. But naive
* recursion would cause infinite
* attempts of recursion because
* the answer to (RR)SIG queries
* won't be cached. Until we figure
* out what we should do and implement
* it we intentionally keep this code
* dead.
*/
authoritative = ISC_FALSE;
dns_rdatasetiter_destroy(&rdsiter);
if (RECURSIONOK(client)) {
@ -4822,7 +4836,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (need_wildcardproof && dns_db_issecure(db))
query_addwildcardproof(client, db, version,
dns_fixedname_name(&wildcardname),
ISC_TRUE);
ISC_TRUE, ISC_FALSE);
cleanup:
CTRACE("query_find: cleanup");
/*
@ -5189,8 +5203,12 @@ ns_query_start(ns_client_t *client) {
/*
* Assume authoritative response until it is known to be
* otherwise.
*
* If "-T noaa" has been set on the command line don't set
* AA on authoritative answers.
*/
message->flags |= DNS_MESSAGEFLAG_AA;
if (!ns_g_noaa)
message->flags |= DNS_MESSAGEFLAG_AA;
/*
* Set AD. We must clear it if we add non-validated data to a

19
bin/named/server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.520.12.11.10.4 2010/11/16 22:42:03 marka Exp $ */
/* $Id: server.c,v 1.520.12.21 2011-01-14 23:45:49 tbox Exp $ */
/*! \file */
@ -205,11 +205,13 @@ static const struct {
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
#endif
/* RFC 3330 */
/* RFC 5735 and RFC 5737 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
{ "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
{ "100.51.198.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET 2 */
{ "113.0.203.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET 3 */
{ "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE }, /* BROADCAST */
/* Local IPv6 Unicast Addresses */
@ -222,6 +224,9 @@ static const struct {
{ "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
/* Example Prefix, RFC 3849. */
{ "8.B.D.0.1.0.0.2.IP6.ARPA", ISC_FALSE },
{ NULL, ISC_FALSE }
};
@ -5277,10 +5282,8 @@ ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) {
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"%d tsig keys deleted.\n", foundkeys);
if (n >= isc_buffer_availablelength(text)) {
isc_task_endexclusive(server->task);
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
}
isc_buffer_add(text, n);
return (ISC_R_SUCCESS);
@ -5396,10 +5399,8 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"no tsig keys found.\n");
if (n >= isc_buffer_availablelength(text)) {
isc_task_endexclusive(server->task);
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
}
isc_buffer_add(text, n);
}

5
bin/named/update.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.151.12.9 2009/12/30 04:02:56 marka Exp $ */
/* $Id: update.c,v 1.151.12.11 2010-02-26 23:48:43 tbox Exp $ */
#include <config.h>
@ -1945,6 +1945,7 @@ add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADDRESIGN, name,
rdataset.ttl, &sig_rdata));
dns_rdata_reset(&sig_rdata);
isc_buffer_init(&buffer, data, sizeof(data));
added_sig = ISC_TRUE;
}
if (!added_sig) {

22
bin/named/xfrout.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: xfrout.c,v 1.131.26.4 2009/01/29 22:40:34 jinmei Exp $ */
/* $Id: xfrout.c,v 1.131.26.6 2010-05-27 23:48:18 tbox Exp $ */
#include <config.h>
@ -985,11 +985,13 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
#ifdef DLZ
{
/*
* Normal zone table does not have a match. Try the DLZ database
* Normal zone table does not have a match.
* Try the DLZ database
*/
if (client->view->dlzdatabase != NULL) {
result = dns_dlzallowzonexfr(client->view,
question_name, &client->peeraddr,
question_name,
&client->peeraddr,
&db);
if (result == ISC_R_NOPERM) {
@ -1228,9 +1230,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
#ifdef DLZ
if (is_dlz)
CHECK(xfrout_ctx_create(mctx, client, request->id, question_name,
reqtype, question_class, zone, db, ver,
quota, stream,
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
dns_message_gettsigkey(request),
tsigbuf,
3600,
@ -1240,9 +1242,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
&xfr));
else
#endif
CHECK(xfrout_ctx_create(mctx, client, request->id, question_name,
reqtype, question_class, zone, db, ver,
quota, stream,
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
dns_message_gettsigkey(request),
tsigbuf,
dns_zone_getmaxxfrout(zone),

28
bin/nsupdate/nsupdate.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nsupdate.1,v 1.3.48.3 2009/07/11 01:55:21 tbox Exp $
.\" $Id: nsupdate.1,v 1.3.48.4 2010-07-10 02:06:17 tbox Exp $
.\"
.hy 0
.ad l
@ -213,6 +213,28 @@ or
\fB\-k\fR.
.RE
.PP
\fBgsstsig\fR
.RS 4
Use GSS\-TSIG to sign the updated. This is equivalent to specifying
\fB\-g\fR
on the commandline.
.RE
.PP
\fBoldgsstsig\fR
.RS 4
Use the Windows 2000 version of GSS\-TSIG to sign the updated. This is equivalent to specifying
\fB\-o\fR
on the commandline.
.RE
.PP
\fBrealm\fR {[realm_name]}
.RS 4
When using GSS\-TSIG use
\fIrealm_name\fR
rather than the default realm in
\fIkrb5.conf\fR. If no realm is specified the saved realm is cleared.
.RE
.PP
\fBprereq nxdomain\fR {domain\-name}
.RS 4
Requires that no resource record of any type exists with name
@ -379,7 +401,7 @@ base\-64 encoding of HMAC\-MD5 key created by
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

88
bin/nsupdate/nsupdate.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.163.48.3 2009/04/30 07:12:49 marka Exp $ */
/* $Id: nsupdate.c,v 1.163.48.15 2010-12-09 04:30:57 tbox Exp $ */
/*! \file */
@ -38,6 +38,7 @@
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/print.h>
#include <isc/random.h>
#include <isc/region.h>
#include <isc/sockaddr.h>
@ -185,6 +186,7 @@ ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
#ifdef GSSAPI
static dns_fixedname_t fkname;
static isc_sockaddr_t *kserver = NULL;
static char *realm = NULL;
static char servicename[DNS_NAME_FORMATSIZE];
static dns_name_t *keyname;
typedef struct nsu_gssinfo {
@ -539,7 +541,8 @@ setup_keystr(void) {
debug("keycreate");
result = dns_tsigkey_create(keyname, hmacname, secret, secretlen,
ISC_TRUE, NULL, 0, 0, mctx, NULL, &tsigkey);
ISC_FALSE, NULL, 0, 0, mctx, NULL,
&tsigkey);
if (result != ISC_R_SUCCESS)
fprintf(stderr, "could not create key from %s: %s\n",
keystr, dns_result_totext(result));
@ -550,6 +553,19 @@ setup_keystr(void) {
isc_mem_free(mctx, secret);
}
static int
basenamelen(const char *file) {
int len = strlen(file);
if (len > 1 && file[len - 1] == '.')
len -= 1;
else if (len > 8 && strcmp(file + len - 8, ".private") == 0)
len -= 8;
else if (len > 4 && strcmp(file + len - 4, ".key") == 0)
len -= 4;
return (len);
}
static void
setup_keyfile(void) {
dst_key_t *dstkey = NULL;
@ -558,12 +574,16 @@ setup_keyfile(void) {
debug("Creating key...");
if (sig0key != NULL)
dst_key_free(&sig0key);
result = dst_key_fromnamedfile(keyfile,
DST_TYPE_PRIVATE | DST_TYPE_KEY, mctx,
&dstkey);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not read key from %s: %s\n",
keyfile, isc_result_totext(result));
fprintf(stderr, "could not read key from %.*s.{private,key}: "
"%s\n", basenamelen(keyfile), keyfile,
isc_result_totext(result));
return;
}
switch (dst_key_alg(dstkey)) {
@ -591,14 +611,14 @@ setup_keyfile(void) {
hmacname, dstkey, ISC_FALSE,
NULL, 0, 0, mctx, NULL,
&tsigkey);
dst_key_free(&dstkey);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not create key from %s: %s\n",
keyfile, isc_result_totext(result));
dst_key_free(&dstkey);
return;
}
} else
sig0key = dstkey;
dst_key_attach(dstkey, &sig0key);
}
static void
@ -1349,7 +1369,7 @@ evaluate_key(char *cmdline) {
if (tsigkey != NULL)
dns_tsigkey_detach(&tsigkey);
result = dns_tsigkey_create(keyname, hmacname, secret, secretlen,
ISC_TRUE, NULL, 0, 0, mctx, NULL,
ISC_FALSE, NULL, 0, 0, mctx, NULL,
&tsigkey);
isc_mem_free(mctx, secret);
if (result != ISC_R_SUCCESS) {
@ -1388,6 +1408,31 @@ evaluate_zone(char *cmdline) {
return (STATUS_MORE);
}
static isc_uint16_t
evaluate_realm(char *cmdline) {
#ifdef GSSAPI
char *word;
char buf[1024];
word = nsu_strsep(&cmdline, " \t\r\n");
if (*word == 0) {
if (realm != NULL)
isc_mem_free(mctx, realm);
realm = NULL;
return (STATUS_MORE);
}
snprintf(buf, sizeof(buf), "@%s", word);
realm = isc_mem_strdup(mctx, buf);
if (realm == NULL)
fatal("out of memory");
return (STATUS_MORE);
#else
UNUSED(cmdline);
return (STATUS_SYNTAX);
#endif
}
static isc_uint16_t
evaluate_ttl(char *cmdline) {
char *word;
@ -1779,6 +1824,8 @@ get_next_command(void) {
usegsstsig = ISC_FALSE;
return (evaluate_key(cmdline));
}
if (strcasecmp(word, "realm") == 0)
return (evaluate_realm(cmdline));
if (strcasecmp(word, "gsstsig") == 0) {
#ifdef GSSAPI
usegsstsig = ISC_TRUE;
@ -1985,6 +2032,10 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master,
fprintf(stderr, "Sending update to %s\n", addrbuf);
}
/* Windows doesn't like the tsig name to be compressed. */
if (updatemsg->tsigname)
updatemsg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
result = dns_request_createvia3(requestmgr, updatemsg, srcaddr,
master, options, tsigkey, timeout,
udp_timeout, udp_retries, global_task,
@ -2307,7 +2358,7 @@ start_gssrequest(dns_name_t *master)
servname = dns_fixedname_name(&fname);
result = isc_string_printf(servicename, sizeof(servicename),
"DNS/%s", namestr);
"DNS/%s%s", namestr, realm ? realm : "");
if (result != ISC_R_SUCCESS)
fatal("isc_string_printf(servicename) failed: %s",
isc_result_totext(result));
@ -2347,7 +2398,6 @@ start_gssrequest(dns_name_t *master)
isc_result_totext(result));
/* Build first request. */
context = GSS_C_NO_CONTEXT;
result = dns_tkey_buildgssquery(rmsg, keyname, servname, NULL, 0,
&context, use_win2k_gsstsig);
@ -2585,6 +2635,7 @@ start_update(void) {
dns_name_init(name, NULL);
dns_name_clone(userzone, name);
} else {
dns_rdataset_t *tmprdataset;
result = dns_message_firstname(updatemsg, section);
if (result == ISC_R_NOMORE) {
section = DNS_SECTION_PREREQUISITE;
@ -2602,6 +2653,19 @@ start_update(void) {
dns_message_currentname(updatemsg, section, &firstname);
dns_name_init(name, NULL);
dns_name_clone(firstname, name);
/*
* Looks to see if the first name references a DS record
* and if that name is not the root remove a label as DS
* records live in the parent zone so we need to start our
* search one label up.
*/
tmprdataset = ISC_LIST_HEAD(firstname->list);
if (section == DNS_SECTION_UPDATE &&
!dns_name_equal(firstname, dns_rootname) &&
tmprdataset->type == dns_rdatatype_ds) {
unsigned int labels = dns_name_countlabels(name);
dns_name_getlabelsequence(name, 1, labels - 1, name);
}
}
ISC_LIST_INIT(name->list);
@ -2636,6 +2700,10 @@ cleanup(void) {
isc_mem_put(mctx, kserver, sizeof(isc_sockaddr_t));
kserver = NULL;
}
if (realm != NULL) {
isc_mem_free(mctx, realm);
realm = NULL;
}
#endif
ddebug("Shutting down task manager");

44
bin/nsupdate/nsupdate.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.docbook,v 1.34.48.3 2009/03/09 04:21:56 marka Exp $ -->
<!-- $Id: nsupdate.docbook,v 1.34.48.5 2010-07-09 23:45:50 tbox Exp $ -->
<refentry id="man.nsupdate">
<refentryinfo>
<date>Jun 30, 2000</date>
@ -41,6 +41,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -358,6 +359,45 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>gsstsig</command>
</term>
<listitem>
<para>
Use GSS-TSIG to sign the updated. This is equivalent to
specifying <option>-g</option> on the commandline.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>oldgsstsig</command>
</term>
<listitem>
<para>
Use the Windows 2000 version of GSS-TSIG to sign the updated.
This is equivalent to specifying <option>-o</option> on the
commandline.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>realm</command>
<arg choice="req"><optional>realm_name</optional></arg>
</term>
<listitem>
<para>
When using GSS-TSIG use <parameter>realm_name</parameter> rather
than the default realm in <filename>krb5.conf</filename>. If no
realm is specified the saved realm is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>prereq nxdomain</command>

40
bin/nsupdate/nsupdate.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.html,v 1.40.48.3.10.1 2010/03/03 22:19:19 tbox Exp $ -->
<!-- $Id: nsupdate.html,v 1.40.48.4 2010-07-10 02:06:17 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543447"></a><h2>DESCRIPTION</h2>
<a name="id2543452"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
@ -169,7 +169,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543724"></a><h2>INPUT FORMAT</h2>
<a name="id2543730"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -283,6 +283,30 @@
overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
<span><strong class="command">gsstsig</strong></span>
</span></dt>
<dd><p>
Use GSS-TSIG to sign the updated. This is equivalent to
specifying <code class="option">-g</code> on the commandline.
</p></dd>
<dt><span class="term">
<span><strong class="command">oldgsstsig</strong></span>
</span></dt>
<dd><p>
Use the Windows 2000 version of GSS-TSIG to sign the updated.
This is equivalent to specifying <code class="option">-o</code> on the
commandline.
</p></dd>
<dt><span class="term">
<span><strong class="command">realm</strong></span>
{[<span class="optional">realm_name</span>]}
</span></dt>
<dd><p>
When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
than the default realm in <code class="filename">krb5.conf</code>. If no
realm is specified the saved realm is cleared.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxdomain</strong></span>
{domain-name}
@ -433,7 +457,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544565"></a><h2>EXAMPLES</h2>
<a name="id2544642"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -487,7 +511,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544609"></a><h2>FILES</h2>
<a name="id2544685"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -506,7 +530,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544678"></a><h2>SEE ALSO</h2>
<a name="id2544755"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@ -519,7 +543,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2542154"></a><h2>BUGS</h2>
<a name="id2542163"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

23
config.h.in
View File

@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h.in,v 1.106.40.11 2010/01/15 19:38:52 each Exp $ */
/* $Id: config.h.in,v 1.106.40.24 2010-12-21 04:33:58 marka Exp $ */
/*! \file */
@ -160,9 +160,21 @@ int sigwait(const unsigned int *set, int *sig);
/* Solaris hack to get select_large_fdset. */
#undef FD_SETSIZE
/* Define to nothing if C supports flexible array members, and to 1 if it does
not. That way, with a declaration like `struct s { int n; double
d[FLEXIBLE_ARRAY_MEMBER]; };', the struct hack can be used with pre-C99
compilers. When computing the size of such an object, don't use 'sizeof
(struct s)' as it overestimates the size. Use 'offsetof (struct s, d)'
instead. Don't use 'offsetof (struct s, d[0])', as this doesn't work with
MSVC and with C++ compilers. */
#undef FLEXIBLE_ARRAY_MEMBER
/* Define to 1 if you have the `chroot' function. */
#undef HAVE_CHROOT
/* Define to 1 if you have the <devpoll.h> header file. */
#undef HAVE_DEVPOLL_H
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
@ -184,6 +196,15 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the <kerberosv5/krb5.h> header file. */
#undef HAVE_KERBEROSV5_KRB5_H
/* Define to 1 if you have the <krb5.h> header file. */
#undef HAVE_KRB5_H
/* Define to 1 if you have the <krb5/krb5.h> header file. */
#undef HAVE_KRB5_KRB5_H
/* Define to 1 if you have the `c' library (-lc). */
#undef HAVE_LIBC

60
config.threads.in
View File

@ -33,15 +33,11 @@ case $host in
*-*-sysv*OpenUNIX*)
# UnixWare
use_threads=true ;;
*-netbsd[1234].*)
# NetBSD earlier than NetBSD 5.0 has poor pthreads. Don't use it by default.
use_threads=false ;;
*-netbsd*)
if test -r /usr/lib/libpthread.so ; then
use_threads=true
else
# Socket I/O optimizations introduced in 9.2 expose a
# bug in unproven-pthreads; see PR #12650
use_threads=false
fi
;;
use_threads=true ;;
*-openbsd*)
# OpenBSD users have reported that named dumps core on
# startup when built with threads.
@ -92,54 +88,6 @@ then
# Search for / configure pthreads in a system-dependent fashion.
#
case "$host" in
*-netbsd*)
# NetBSD has multiple pthreads implementations. The
# recommended one to use is "unproven-pthreads". The
# older "mit-pthreads" may also work on some NetBSD
# versions. The PTL2 thread library does not
# currently work with bind9, but can be chosen with
# the --with-ptl2 option for those who wish to
# experiment with it.
CC="gcc"
AC_MSG_CHECKING(which NetBSD thread library to use)
AC_ARG_WITH(ptl2,
[ --with-ptl2 on NetBSD, use the ptl2 thread library (experimental)],
use_ptl2="$withval", use_ptl2="no")
: ${LOCALBASE:=/usr/pkg}
if test "X$use_ptl2" = "Xyes"
then
AC_MSG_RESULT(PTL2)
AC_MSG_WARN(
[linking with PTL2 is highly experimental and not expected to work])
CC=ptlgcc
else
if test -r /usr/lib/libpthread.so
then
AC_MSG_RESULT(native)
LIBS="-lpthread $LIBS"
else
if test ! -d $LOCALBASE/pthreads
then
AC_MSG_RESULT(none)
AC_MSG_ERROR("could not find thread libraries")
fi
if $use_threads
then
AC_MSG_RESULT(mit-pthreads/unproven-pthreads)
pkg="$LOCALBASE/pthreads"
lib1="-L$pkg/lib -Wl,-R$pkg/lib"
lib2="-lpthread -lm -lgcc -lpthread"
LIBS="$lib1 $lib2 $LIBS"
CPPFLAGS="$CPPFLAGS -I$pkg/include"
STD_CINCLUDES="$STD_CINCLUDES -I$pkg/include"
fi
fi
fi
;;
*-freebsd*)
# We don't want to set -lpthread as that break
# the ability to choose threads library at final

52
configure.in
View File

@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.457.26.16 $)
AC_REVISION($Revision: 1.457.26.28 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@ -280,6 +280,7 @@ AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
AC_C_FLEXIBLE_ARRAY_MEMBER
#
# UnixWare 7.1.1 with the feature supplement to the UDK compiler
@ -414,7 +415,7 @@ AC_ARG_ENABLE(devpoll,
want_devpoll="$enableval", want_devpoll="yes")
case $want_devpoll in
yes)
AC_CHECK_HEADERS(sys/devpoll.h,
AC_CHECK_HEADERS(sys/devpoll.h devpoll.h,
ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1"
,
ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
@ -499,10 +500,14 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
USE_OPENSSL=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
;;
auto)
DST_OPENSSL_INC=""
USE_OPENSSL=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl])
@ -647,6 +652,8 @@ esac
AC_CHECK_FUNCS(EVP_sha256 EVP_sha512)
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
;;
esac
@ -658,6 +665,8 @@ esac
AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
AC_SUBST(OPENSSLLINKOBJS)
AC_SUBST(OPENSSLLINKSRCS)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#
@ -722,6 +731,13 @@ case "$use_gssapi" in
AC_MSG_ERROR([gssapi.h not found])
fi
AC_CHECK_HEADERS(krb5.h krb5/krb5.h kerberosv5/krb5.h,
[ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"])
if test "$ISC_PLATFORM_KRB5HEADER" = ""; then
AC_MSG_ERROR([krb5.h not found])
fi
CPPFLAGS="$saved_cppflags"
#
@ -752,7 +768,7 @@ case "$use_gssapi" in
"-lgssapi" \
"-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
"-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
"-lgss"
"-lgss -lkrb5"
do
# Note that this does not include $saved_libs, because
# on FreeBSD machines this configure script has added
@ -761,7 +777,7 @@ case "$use_gssapi" in
# when you are trying to build with KTH in /usr/lib.
LIBS="-L$use_gssapi/lib $TRY_LIBS"
AC_MSG_CHECKING(linking as $TRY_LIBS)
AC_TRY_LINK( , [gss_acquire_cred();],
AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()],
gssapi_linked=yes, gssapi_linked=no)
case $gssapi_linked in
yes) AC_MSG_RESULT(yes); break ;;
@ -823,6 +839,7 @@ esac
AC_SUBST(ISC_PLATFORM_HAVEGSSAPI)
AC_SUBST(ISC_PLATFORM_GSSAPIHEADER)
AC_SUBST(ISC_PLATFORM_KRB5HEADER)
AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
@ -922,6 +939,8 @@ then
fi
ALWAYS_DEFINES="-D_REENTRANT"
ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1"
THREADOPTOBJS='${THREADOPTOBJS}'
THREADOPTSRCS='${THREADOPTSRCS}'
thread_dir=pthreads
#
# We'd like to use sigwait() too
@ -1000,11 +1019,15 @@ then
else
ISC_PLATFORM_USETHREADS="#undef ISC_PLATFORM_USETHREADS"
thread_dir=nothreads
THREADOPTOBJS=""
THREADOPTSRCS=""
ALWAYS_DEFINES=""
fi
AC_SUBST(ALWAYS_DEFINES)
AC_SUBST(ISC_PLATFORM_USETHREADS)
AC_SUBST(THREADOPTOBJS)
AC_SUBST(THREADOPTSRCS)
ISC_THREAD_DIR=$thread_dir
AC_SUBST(ISC_THREAD_DIR)
@ -1100,7 +1123,7 @@ IRIX_DNSSEC_WARNINGS_HACK=""
if test "X$GCC" = "Xyes"; then
AC_MSG_CHECKING(if "$CC" supports -fno-strict-aliasing)
SAVE_CFLAGS=$CFLAGS
CFLAGS=-fno-strict-aliasing
CFLAGS="$CFLAGS -fno-strict-aliasing"
AC_TRY_COMPILE(,, [FNOSTRICTALIASING=yes],[FNOSTRICTALIASING=no])
CFLAGS=$SAVE_CFLAGS
if test "$FNOSTRICTALIASING" = "yes"; then
@ -2252,6 +2275,8 @@ case "$enable_atomic" in
use_atomic=yes])
]
)
else
use_atomic=yes
fi
;;
*)
@ -2298,7 +2323,7 @@ main() {
alpha*-*)
arch=alpha
;;
powerpc-*)
powerpc-*|powerpc64-*)
arch=powerpc
;;
mips-*|mipsel-*|mips64-*|mips64el-*)
@ -2771,6 +2796,7 @@ DLZ_DRIVER_INCLUDES=""
DLZ_DRIVER_LIBS=""
DLZ_DRIVER_SRCS=""
DLZ_DRIVER_OBJS=""
DLZ_SYSTEM_TEST=""
sinclude(contrib/dlz/config.dlz.in)
@ -2792,6 +2818,7 @@ AC_SUBST(DLZ_DRIVER_INCLUDES)
AC_SUBST(DLZ_DRIVER_LIBS)
AC_SUBST(DLZ_DRIVER_SRCS)
AC_SUBST(DLZ_DRIVER_OBJS)
AC_SUBST(DLZ_SYSTEM_TEST)
AC_SUBST_FILE(DLZ_DRIVER_RULES)
if test "$cross_compiling" = "yes"; then
@ -2980,6 +3007,7 @@ AC_CONFIG_FILES([
bin/tests/timers/Makefile
bin/tests/dst/Makefile
bin/tests/mem/Makefile
bin/tests/hashes/Makefile
bin/tests/net/Makefile
bin/tests/sockaddr/Makefile
bin/tests/system/Makefile
@ -3008,6 +3036,18 @@ AC_CONFIG_FILES([
AC_OUTPUT
#
# Now that the Makefiles exist we can ensure that everything is rebuilt.
#
AC_ARG_WITH(make-clean,
[ --with-make-clean Run "make clean" at end of configure [[yes|no]].],
make_clean="$withval", make_clean="yes")
case "$make_clean" in
yes)
make clean
;;
esac
if test "X$USE_OPENSSL" = "X"; then
cat << \EOF
BIND is being built without OpenSSL. This means it will not have DNSSEC support.

15
doc/arm/Bv9ARM-book.xml
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.24.4.1 2010/03/03 22:06:36 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.28 2010-08-20 01:38:26 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@ -4983,7 +4983,7 @@ category notify { null; };
the server can acquire through the default system
key file, normally <filename>/etc/krb5.keytab</filename>.
Normally this principal is of the form
"<userinput>dns/</userinput><varname>server.domain</varname>".
"<userinput>DNS/</userinput><varname>server.domain</varname>".
To use GSS-TSIG, <command>tkey-domain</command>
must also be set.
</para>
@ -7860,6 +7860,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
and clamp the SOA refresh and retry times to the specified
values.
</para>
<para>
The following defaults apply.
<command>min-refresh-time</command> 300 seconds,
<command>max-refresh-time</command> 2419200 seconds
(4 weeks), <command>min-retry-time</command> 500 seconds,
and <command>max-retry-time</command> 1209600 seconds
(2 weeks).
</para>
</listitem>
</varlistentry>
@ -8102,9 +8110,12 @@ XXX: end of RFC1918 addresses #defined out -->
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
<listitem>2.0.192.IN-ADDR.ARPA</listitem>
<listitem>100.51.198.IN-ADDR.ARPA</listitem>
<listitem>113.0.203.IN-ADDR.ARPA</listitem>
<listitem>255.255.255.255.IN-ADDR.ARPA</listitem>
<listitem>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>8.B.D.0.1.0.0.2.IP6.ARPA</listitem>
<listitem>D.F.IP6.ARPA</listitem>
<listitem>8.E.F.IP6.ARPA</listitem>
<listitem>9.E.F.IP6.ARPA</listitem>

83
doc/arm/Bv9ARM.ch06.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.18.4.1 2010/03/03 22:06:37 marka Exp $ -->
<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.21 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -78,25 +78,25 @@
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586877"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586907"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586964"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587083"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587062"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587113"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587165"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587195"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588638"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588600"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591117">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591216">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593348">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593378">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593895">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594090">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594500"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593993">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594188">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594461"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -2252,7 +2252,7 @@ category notify { null; };
the server can acquire through the default system
key file, normally <code class="filename">/etc/krb5.keytab</code>.
Normally this principal is of the form
"<strong class="userinput"><code>dns/</code></strong><code class="varname">server.domain</code>".
"<strong class="userinput"><code>DNS/</code></strong><code class="varname">server.domain</code>".
To use GSS-TSIG, <span><strong class="command">tkey-domain</strong></span>
must also be set.
</p></dd>
@ -4527,6 +4527,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
and clamp the SOA refresh and retry times to the specified
values.
</p>
<p>
The following defaults apply.
<span><strong class="command">min-refresh-time</strong></span> 300 seconds,
<span><strong class="command">max-refresh-time</strong></span> 2419200 seconds
(4 weeks), <span><strong class="command">min-retry-time</strong></span> 500 seconds,
and <span><strong class="command">max-retry-time</strong></span> 1209600 seconds
(2 weeks).
</p>
</dd>
<dt><span class="term"><span><strong class="command">edns-udp-size</strong></span></span></dt>
<dd><p>
@ -4707,9 +4715,12 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
<li>2.0.192.IN-ADDR.ARPA</li>
<li>100.51.198.IN-ADDR.ARPA</li>
<li>113.0.203.IN-ADDR.ARPA</li>
<li>255.255.255.255.IN-ADDR.ARPA</li>
<li>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>8.B.D.0.1.0.0.2.IP6.ARPA</li>
<li>D.F.IP6.ARPA</li>
<li>8.E.F.IP6.ARPA</li>
<li>9.E.F.IP6.ARPA</li>
@ -5068,7 +5079,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586877"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<a name="id2586907"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@ -5119,7 +5130,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586964"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2587062"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@ -5128,7 +5139,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2587083"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2587113"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@ -5174,7 +5185,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2587165"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2587195"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@ -5440,10 +5451,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2588638"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2588600"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2588646"></a>Zone Types</h4></div></div></div>
<a name="id2588608"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -5654,7 +5665,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2589005"></a>Class</h4></div></div></div>
<a name="id2589104"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@ -5676,7 +5687,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2589038"></a>Zone Options</h4></div></div></div>
<a name="id2589137"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@ -6255,7 +6266,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2591117"></a>Zone File</h2></div></div></div>
<a name="id2591216"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@ -6268,7 +6279,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591204"></a>Resource Records</h4></div></div></div>
<a name="id2591234"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@ -7005,7 +7016,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592759"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2592857"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@ -7208,7 +7219,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593348"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2593378"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@ -7464,7 +7475,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593895"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2593993"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@ -7525,7 +7536,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2594090"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2594188"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@ -7540,7 +7551,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594113"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2594211"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@ -7551,7 +7562,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594129"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2594227"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@ -7580,7 +7591,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594326"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2594356"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@ -7616,7 +7627,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2594395"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2594425"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@ -7635,7 +7646,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2594500"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2594461"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@ -8026,7 +8037,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2595428"></a>Name Server Statistics Counters</h4></div></div></div>
<a name="id2595458"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -8583,7 +8594,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596901"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<a name="id2596931"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -8737,7 +8748,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597284"></a>Resolver Statistics Counters</h4></div></div></div>
<a name="id2597314"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -9113,7 +9124,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2598302"></a>Socket I/O Statistics Counters</h4></div></div></div>
<a name="id2598332"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@ -9268,7 +9279,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2598812"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<a name="id2598842"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in

14
doc/arm/Bv9ARM.ch07.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.13.4.1 2010/03/03 22:06:37 marka Exp $ -->
<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.15 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599054"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599016"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599136">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599264">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599234">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599362">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@ -119,7 +119,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599054"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
<a name="id2599016"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@ -145,7 +145,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599136"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2599234"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@ -173,7 +173,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599264"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2599362"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

18
doc/arm/Bv9ARM.ch08.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.13.4.1 2010/03/03 22:06:37 marka Exp $ -->
<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.15 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599344">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599349">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599361">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599378">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599442">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599447">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599459">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599476">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599344"></a>Common Problems</h2></div></div></div>
<a name="id2599442"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2599349"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2599447"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599361"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2599459"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599378"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2599476"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

180
doc/arm/Bv9ARM.ch09.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.16 2010-08-20 02:05:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599508">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599606">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599748">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599778">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603028">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603126">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599508"></a>Acknowledgments</h2></div></div></div>
<a name="id2599606"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@ -162,7 +162,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599748"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<a name="id2599778"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@ -250,17 +250,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2599936"></a>Bibliography</h4></div></div></div>
<a name="id2599897"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2599946"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2599908"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2599970"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2599931"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2599993"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2600023"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@ -268,42 +268,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2600029"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2600059"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600056"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2600086"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2600082"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600112"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600106"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600136"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600130"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2600160"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600185"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2600215"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2600212"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2600242"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2600238"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2600268"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600300"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2600330"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600330"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2600360"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600360"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2600390"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2600387"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2600417"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@ -312,19 +312,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2600469"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2600499"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2600496"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2600525"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2600532"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2600562"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2600597"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2600627"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2600662"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2600692"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@ -332,146 +332,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2600736"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2600765"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2600761"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2600791"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2600829"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2600859"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2600865"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2600894"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2600910"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2600940"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2600968"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2600998"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2601005"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2601035"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2601041"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2601070"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601095"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2601125"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601133"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2601163"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2601159"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2601189"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2601185"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601214"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601211"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601241"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601238"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601268"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601277"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601307"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601307"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2601337"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2601337"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2601367"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601380"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2601410"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601413"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2601443"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2601440"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2601469"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2601463"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2601493"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2601589"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2601619"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2601621"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2601651"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2601646"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2601676"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2601669"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2601699"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2601692"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2601790"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2601738"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2601836"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2601762"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2601860"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2601819"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2601917"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2601843"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2601941"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2601869"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2601968"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601896"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2601994"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2601932"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2602030"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2601978"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2602076"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2602010"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2602108"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602124"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2602154"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602160"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2602189"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@ -487,47 +487,47 @@
</p>
</div>
<div class="biblioentry">
<a name="id2602204"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2602234"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2602227"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2602257"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2602252"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2602282"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2602278"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2602308"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602301"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2602331"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2602347"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2602377"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2602371"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2602401"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2602397"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2602427"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2602423"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2602453"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2602467"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2602497"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2602524"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2602554"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2602551"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2602581"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@ -541,39 +541,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2602667"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2602629"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602707"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2602737"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2602733"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2602763"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2602763"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2602793"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2602789"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2602819"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2602816"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2602845"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2602852"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2602950"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602888"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2602986"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2602915"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2603013"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2602941"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2603040"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2602986"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2603084"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@ -594,14 +594,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2603028"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2603126"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2603037"></a>Bibliography</h4></div></div></div>
<a name="id2603136"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2603040"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2603138"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>

42
doc/arm/Bv9ARM.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.html,v 1.193.14.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: Bv9ARM.html,v 1.193.14.16 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -157,25 +157,25 @@
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586877"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586907"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586964"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587083"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587062"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587113"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587165"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587195"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588638"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588600"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591117">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591216">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593348">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593378">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593895">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594090">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594500"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593993">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594188">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594461"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@ -184,31 +184,31 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599054"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599016"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599136">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599264">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599234">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599362">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599344">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599349">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599361">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599378">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599442">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599447">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599459">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599476">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599508">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599606">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599748">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599778">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603028">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603126">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>

15743
doc/arm/Bv9ARM.pdf
View File

File diff suppressed because one or more lines are too long

20
doc/arm/man.dig.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dig.html,v 1.93.14.15.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.dig.html,v 1.93.14.17 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2563895"></a><h2>DESCRIPTION</h2>
<a name="id2575940"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -98,7 +98,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2575937"></a><h2>SIMPLE USAGE</h2>
<a name="id2576035"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2576048"></a><h2>OPTIONS</h2>
<a name="id2576146"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -248,7 +248,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2630184"></a><h2>QUERY OPTIONS</h2>
<a name="id2630214"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -573,7 +573,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631253"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2631283"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631406"></a><h2>IDN SUPPORT</h2>
<a name="id2631436"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631435"></a><h2>FILES</h2>
<a name="id2631465"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631457"></a><h2>SEE ALSO</h2>
<a name="id2631486"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631494"></a><h2>BUGS</h2>
<a name="id2631524"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

16
doc/arm/man.dnssec-dsfromkey.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.16 2010-08-20 02:05:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,14 +51,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604060"></a><h2>DESCRIPTION</h2>
<a name="id2604158"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604074"></a><h2>OPTIONS</h2>
<a name="id2604172"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -99,7 +99,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604204"></a><h2>EXAMPLE</h2>
<a name="id2604302"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -114,7 +114,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604241"></a><h2>FILES</h2>
<a name="id2604407"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -128,13 +128,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604282"></a><h2>CAVEAT</h2>
<a name="id2604449"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604292"></a><h2>SEE ALSO</h2>
<a name="id2604458"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -143,7 +143,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604328"></a><h2>AUTHOR</h2>
<a name="id2604494"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-keyfromlabel.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.17.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.19 2010-08-20 02:05:37 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604588"></a><h2>DESCRIPTION</h2>
<a name="id2604823"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604602"></a><h2>OPTIONS</h2>
<a name="id2604837"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -139,7 +139,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604945"></a><h2>GENERATED KEY FILES</h2>
<a name="id2605316"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -180,7 +180,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605038"></a><h2>SEE ALSO</h2>
<a name="id2605410"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -188,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605072"></a><h2>AUTHOR</h2>
<a name="id2605443"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-keygen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keygen.html,v 1.97.14.17.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.dnssec-keygen.html,v 1.97.14.19 2010-08-20 02:05:37 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2605799"></a><h2>DESCRIPTION</h2>
<a name="id2605897"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -63,7 +63,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605819"></a><h2>OPTIONS</h2>
<a name="id2605917"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -173,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2607528"></a><h2>GENERATED KEYS</h2>
<a name="id2606397"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608865"></a><h2>EXAMPLE</h2>
<a name="id2606505"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -240,7 +240,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608921"></a><h2>SEE ALSO</h2>
<a name="id2608814"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -249,7 +249,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608952"></a><h2>AUTHOR</h2>
<a name="id2608845"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-signzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-signzone.html,v 1.94.14.23.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.dnssec-signzone.html,v 1.94.14.25 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2608017"></a><h2>DESCRIPTION</h2>
<a name="id2607637"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608041"></a><h2>OPTIONS</h2>
<a name="id2607661"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -291,7 +291,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2658773"></a><h2>EXAMPLE</h2>
<a name="id2659554"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -320,7 +320,7 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2658845"></a><h2>KNOWN BUGS</h2>
<a name="id2659694"></a><h2>KNOWN BUGS</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
sign a zone partially, using only a subset of the DNSSEC keys
@ -345,14 +345,14 @@ db.example.com.signed
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658877"></a><h2>SEE ALSO</h2>
<a name="id2659726"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658902"></a><h2>AUTHOR</h2>
<a name="id2659751"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.host.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.host.html,v 1.93.14.15.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.host.html,v 1.93.14.17 2010-08-20 02:05:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603353"></a><h2>DESCRIPTION</h2>
<a name="id2603383"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -202,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603867"></a><h2>IDN SUPPORT</h2>
<a name="id2603897"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -216,12 +216,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603896"></a><h2>FILES</h2>
<a name="id2603926"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603910"></a><h2>SEE ALSO</h2>
<a name="id2603940"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

12
doc/arm/man.named-checkconf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkconf.html,v 1.92.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.named-checkconf.html,v 1.92.14.22 2010-08-20 02:05:39 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,14 +50,14 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2609121"></a><h2>DESCRIPTION</h2>
<a name="id2608468"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a named
configuration file.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609134"></a><h2>OPTIONS</h2>
<a name="id2608482"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -92,21 +92,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2609319"></a><h2>RETURN VALUES</h2>
<a name="id2608598"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609333"></a><h2>SEE ALSO</h2>
<a name="id2608885"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609363"></a><h2>AUTHOR</h2>
<a name="id2608915"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.named-checkzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkzone.html,v 1.98.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.named-checkzone.html,v 1.98.14.22 2010-08-20 02:05:37 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2609973"></a><h2>DESCRIPTION</h2>
<a name="id2609661"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610023"></a><h2>OPTIONS</h2>
<a name="id2609712"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -257,14 +257,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2659640"></a><h2>RETURN VALUES</h2>
<a name="id2660557"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659654"></a><h2>SEE ALSO</h2>
<a name="id2660571"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -272,7 +272,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659755"></a><h2>AUTHOR</h2>
<a name="id2660604"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
doc/arm/man.named.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named.html,v 1.99.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.named.html,v 1.99.14.22 2010-08-20 02:05:37 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2610525"></a><h2>DESCRIPTION</h2>
<a name="id2610009"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2610556"></a><h2>OPTIONS</h2>
<a name="id2610040"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -238,7 +238,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2652594"></a><h2>SIGNALS</h2>
<a name="id2612619"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -259,7 +259,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652644"></a><h2>CONFIGURATION</h2>
<a name="id2652264"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -276,7 +276,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652693"></a><h2>FILES</h2>
<a name="id2652313"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -289,7 +289,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2659836"></a><h2>SEE ALSO</h2>
<a name="id2652357"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -302,7 +302,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659907"></a><h2>AUTHOR</h2>
<a name="id2652427"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

38
doc/arm/man.nsupdate.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.nsupdate.html,v 1.22.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.nsupdate.html,v 1.22.14.24 2010-08-20 02:05:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2611204"></a><h2>DESCRIPTION</h2>
<a name="id2610983"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
@ -187,7 +187,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611667"></a><h2>INPUT FORMAT</h2>
<a name="id2611378"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -301,6 +301,30 @@
overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
<span><strong class="command">gsstsig</strong></span>
</span></dt>
<dd><p>
Use GSS-TSIG to sign the updated. This is equivalent to
specifying <code class="option">-g</code> on the commandline.
</p></dd>
<dt><span class="term">
<span><strong class="command">oldgsstsig</strong></span>
</span></dt>
<dd><p>
Use the Windows 2000 version of GSS-TSIG to sign the updated.
This is equivalent to specifying <code class="option">-o</code> on the
commandline.
</p></dd>
<dt><span class="term">
<span><strong class="command">realm</strong></span>
{[<span class="optional">realm_name</span>]}
</span></dt>
<dd><p>
When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
than the default realm in <code class="filename">krb5.conf</code>. If no
realm is specified the saved realm is cleared.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxdomain</strong></span>
{domain-name}
@ -451,7 +475,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660691"></a><h2>EXAMPLES</h2>
<a name="id2667517"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -505,7 +529,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660741"></a><h2>FILES</h2>
<a name="id2667568"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -524,7 +548,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2660810"></a><h2>SEE ALSO</h2>
<a name="id2667637"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@ -537,7 +561,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660881"></a><h2>BUGS</h2>
<a name="id2667776"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

12
doc/arm/man.rndc-confgen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc-confgen.html,v 1.102.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.rndc-confgen.html,v 1.102.14.24 2010-08-20 02:05:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2633104"></a><h2>DESCRIPTION</h2>
<a name="id2613082"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2633170"></a><h2>OPTIONS</h2>
<a name="id2613148"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -171,7 +171,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2634989"></a><h2>EXAMPLES</h2>
<a name="id2624525"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -188,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2635046"></a><h2>SEE ALSO</h2>
<a name="id2628541"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -196,7 +196,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2635084"></a><h2>AUTHOR</h2>
<a name="id2628580"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.conf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.conf.html,v 1.103.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
<!-- $Id: man.rndc.conf.html,v 1.103.14.24 2010-08-20 02:05:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2606202"></a><h2>DESCRIPTION</h2>
<a name="id2608299"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613269"></a><h2>EXAMPLE</h2>
<a name="id2612294"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2628000"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2612416"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2628025"></a><h2>SEE ALSO</h2>
<a name="id2612714"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2628064"></a><h2>AUTHOR</h2>
<a name="id2612753"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.101.14.21.4.1 2010/03/03 22:06:39 marka Exp $ -->
<!-- $Id: man.rndc.html,v 1.101.14.24 2010-08-20 02:05:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2612248"></a><h2>DESCRIPTION</h2>
<a name="id2611614"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612298"></a><h2>OPTIONS</h2>
<a name="id2611665"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612523"></a><h2>LIMITATIONS</h2>
<a name="id2612026"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612554"></a><h2>SEE ALSO</h2>
<a name="id2612057"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -175,7 +175,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613088"></a><h2>AUTHOR</h2>
<a name="id2612113"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

2
doc/misc/options
View File

@ -174,7 +174,7 @@ options {
<quoted_string> ] <string> <string>; ... };
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none |;
server-id ( <quoted_string> | none | hostname );
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;

2
lib/bind9/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 50
LIBREVISION = 3
LIBREVISION = 4
LIBAGE = 0

93
lib/bind9/check.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.95.12.4 2009/06/03 00:06:01 marka Exp $ */
/* $Id: check.c,v 1.95.12.6 2010-03-04 23:47:53 tbox Exp $ */
/*! \file */
@ -23,6 +23,7 @@
#include <stdlib.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/mem.h>
@ -41,6 +42,8 @@
#include <dns/rdatatype.h>
#include <dns/secalg.h>
#include <dst/dst.h>
#include <isccfg/aclconf.h>
#include <isccfg/cfg.h>
@ -1666,6 +1669,63 @@ check_servers(const cfg_obj_t *config, const cfg_obj_t *voptions,
return (result);
}
static isc_result_t
check_trusted_key(const cfg_obj_t *key, isc_log_t *logctx)
{
const char *keystr, *keynamestr;
dns_fixedname_t fkeyname;
dns_name_t *keyname;
isc_buffer_t keydatabuf;
isc_region_t r;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
isc_uint32_t flags, proto, alg;
unsigned char keydata[4096];
flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
keyname = dns_fixedname_name(&fkeyname);
keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
if (flags > 0xffff) {
cfg_obj_log(key, logctx, ISC_LOG_WARNING,
"flags too big: %u\n", flags);
result = ISC_R_FAILURE;
}
if (proto > 0xff) {
cfg_obj_log(key, logctx, ISC_LOG_WARNING,
"protocol too big: %u\n", proto);
result = ISC_R_FAILURE;
}
if (alg > 0xff) {
cfg_obj_log(key, logctx, ISC_LOG_WARNING,
"algorithm too big: %u\n", alg);
result = ISC_R_FAILURE;
}
isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
tresult = isc_base64_decodestring(keystr, &keydatabuf);
if (tresult != ISC_R_SUCCESS) {
cfg_obj_log(key, logctx, ISC_LOG_ERROR,
"%s", isc_result_totext(tresult));
result = ISC_R_FAILURE;
} else {
isc_buffer_usedregion(&keydatabuf, &r);
if ((alg == DST_ALG_RSASHA1 || alg == DST_ALG_RSAMD5) &&
r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
cfg_obj_log(key, logctx, ISC_LOG_WARNING,
"trusted key '%s' has a weak exponent",
keynamestr);
}
return (result);
}
static isc_result_t
check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
const char *viewname, dns_rdataclass_t vclass,
@ -1673,7 +1733,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
{
const cfg_obj_t *zones = NULL;
const cfg_obj_t *keys = NULL;
const cfg_listelt_t *element;
const cfg_listelt_t *element, *element2;
isc_symtab_t *symtab = NULL;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult = ISC_R_SUCCESS;
@ -1814,6 +1874,33 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"'dnssec-validation yes;' and 'dnssec-enable no;'");
/*
* Check trusted-keys and managed-keys.
*/
keys = NULL;
if (voptions != NULL)
(void)cfg_map_get(voptions, "trusted-keys", &keys);
if (keys == NULL)
(void)cfg_map_get(config, "trusted-keys", &keys);
for (element = cfg_list_first(keys);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *keylist = cfg_listelt_value(element);
for (element2 = cfg_list_first(keylist);
element2 != NULL;
element2 = cfg_list_next(element2)) {
obj = cfg_listelt_value(element2);
tresult = check_trusted_key(obj, logctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
}
}
/*
* Check options.
*/
if (voptions != NULL)
tresult = check_options(voptions, logctx, mctx);
else

22
lib/dns/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.163 2008/09/24 02:46:22 marka Exp $
# $Id: Makefile.in,v 1.163.50.2 2010-06-09 23:48:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -47,11 +47,12 @@ LIBS = @LIBS@
# Alphabetically
DSTOBJS = @DST_EXTRA_OBJS@ \
OPENSSLLINKOBJS = openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@ \
opensslrsa_link.@O@
DSTOBJS = @DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ \
dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \
gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@ \
openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@ \
opensslrsa_link.@O@
gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@
# Alphabetically
DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
@ -73,12 +74,13 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS}
# Alphabetically
DSTSRCS = @DST_EXTRA_SRCS@ \
OPENSSLLINKSRCS = openssl_link.c openssldh_link.c \
openssldsa_link.c opensslrsa_link.c
DSTSRCS = @DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@ \
dst_api.c dst_lib.c dst_parse.c \
dst_result.c gssapi_link.c gssapictx.c \
hmac_link.c key.c \
openssl_link.c openssldh_link.c \
openssldsa_link.c opensslrsa_link.c
hmac_link.c key.c
DNSSRCS = acache.c acl.c adb.c byaddr.c \
cache.c callbacks.c compress.c \

2
lib/dns/adb.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: adb.c,v 1.243.42.4.24.2 2010/08/12 23:46:24 tbox Exp $ */
/* $Id: adb.c,v 1.243.42.6 2010-08-11 23:45:49 tbox Exp $ */
/*! \file
*

6
lib/dns/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 58
LIBREVISION = 0
LIBAGE = 0
LIBINTERFACE = 59
LIBREVISION = 2
LIBAGE = 1

29
lib/dns/dst_api.c
View File

@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.16.12.10 2010/01/15 19:38:53 each Exp $
* $Id: dst_api.c,v 1.16.12.12 2010-12-09 01:12:55 marka Exp $
*/
/*! \file */
@ -49,6 +49,7 @@
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/print.h>
#include <isc/refcount.h>
#include <isc/random.h>
#include <isc/string.h>
#include <isc/time.h>
@ -503,6 +504,7 @@ dst_key_fromnamedfile(const char *filename, int type, isc_mem_t *mctx,
*keyp = key;
return (ISC_R_SUCCESS);
out:
if (newfilename != NULL)
isc_mem_put(mctx, newfilename, newfilenamelen);
@ -799,10 +801,22 @@ dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_FALSE);
}
void
dst_key_attach(dst_key_t *source, dst_key_t **target) {
REQUIRE(dst_initialized == ISC_TRUE);
REQUIRE(target != NULL && *target == NULL);
REQUIRE(VALID_KEY(source));
isc_refcount_increment(&source->refs, NULL);
*target = source;
}
void
dst_key_free(dst_key_t **keyp) {
isc_mem_t *mctx;
dst_key_t *key;
unsigned int refs;
REQUIRE(dst_initialized == ISC_TRUE);
REQUIRE(keyp != NULL && VALID_KEY(*keyp));
@ -810,6 +824,11 @@ dst_key_free(dst_key_t **keyp) {
key = *keyp;
mctx = key->mctx;
isc_refcount_decrement(&key->refs, &refs);
if (refs != 0)
return;
isc_refcount_destroy(&key->refs);
if (key->keydata.generic != NULL) {
INSIST(key->func->destroy != NULL);
key->func->destroy(key);
@ -927,14 +946,22 @@ get_key_struct(dns_name_t *name, unsigned int alg,
memset(key, 0, sizeof(dst_key_t));
key->magic = KEY_MAGIC;
result = isc_refcount_init(&key->refs, 1);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
if (key->key_name == NULL) {
isc_refcount_destroy(&key->refs);
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
dns_name_init(key->key_name, NULL);
result = dns_name_dup(name, mctx, key->key_name);
if (result != ISC_R_SUCCESS) {
isc_refcount_destroy(&key->refs);
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);

4
lib/dns/dst_internal.h
View File

@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_internal.h,v 1.11.120.2 2010/01/15 23:47:33 tbox Exp $ */
/* $Id: dst_internal.h,v 1.11.120.3 2010-12-09 01:12:55 marka Exp $ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
@ -41,6 +41,7 @@
#include <isc/region.h>
#include <isc/types.h>
#include <isc/md5.h>
#include <isc/refcount.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/hmacmd5.h>
@ -83,6 +84,7 @@ typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
/*% DST Key Structure */
struct dst_key {
unsigned int magic;
isc_refcount_t refs;
dns_name_t * key_name; /*%< name of the key */
unsigned int key_size; /*%< size of the key in bits */
unsigned int key_proto; /*%< protocols this key is used for */

88
lib/dns/gssapictx.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gssapictx.c,v 1.12 2008/04/03 06:09:04 tbox Exp $ */
/* $Id: gssapictx.c,v 1.12.118.5 2010-12-22 02:37:55 marka Exp $ */
#include <config.h>
@ -29,6 +29,7 @@
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/print.h>
#include <isc/platform.h>
#include <isc/random.h>
#include <isc/string.h>
#include <isc/time.h>
@ -66,6 +67,7 @@
* we include SPNEGO's OID.
*/
#if defined(GSSAPI)
#include ISC_PLATFORM_KRB5HEADER
static unsigned char krb5_mech_oid_bytes[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02
@ -130,7 +132,7 @@ name_to_gbuffer(dns_name_t *name, isc_buffer_t *buffer,
namep = &tname;
}
result = dns_name_totext(namep, ISC_FALSE, buffer);
result = dns_name_toprincipal(namep, buffer);
isc_buffer_putuint8(buffer, 0);
isc_buffer_usedregion(buffer, &r);
REGION_TO_GBUFFER(r, *gbuffer);
@ -191,6 +193,54 @@ log_cred(const gss_cred_id_t cred) {
}
#endif
#ifdef GSSAPI
/*
* check for the most common configuration errors.
*
* The errors checked for are:
* - tkey-gssapi-credential doesn't start with DNS/
* - the default realm in /etc/krb5.conf and the
* tkey-gssapi-credential bind config option don't match
*/
static void
dst_gssapi_check_config(const char *gss_name) {
const char *p;
krb5_context krb5_ctx;
char *krb5_realm = NULL;
if (strncasecmp(gss_name, "DNS/", 4) != 0) {
gss_log(ISC_LOG_ERROR, "tkey-gssapi-credential (%s) "
"should start with 'DNS/'", gss_name);
return;
}
if (krb5_init_context(&krb5_ctx) != 0) {
gss_log(ISC_LOG_ERROR, "Unable to initialise krb5 context");
return;
}
if (krb5_get_default_realm(krb5_ctx, &krb5_realm) != 0) {
gss_log(ISC_LOG_ERROR, "Unable to get krb5 default realm");
krb5_free_context(krb5_ctx);
return;
}
p = strchr(gss_name, '/');
if (p == NULL) {
gss_log(ISC_LOG_ERROR, "badly formatted "
"tkey-gssapi-credentials (%s)", gss_name);
krb5_free_context(krb5_ctx);
return;
}
if (strcasecmp(p + 1, krb5_realm) != 0) {
gss_log(ISC_LOG_ERROR, "default realm from krb5.conf (%s) "
"does not match tkey-gssapi-credential (%s)",
krb5_realm, gss_name);
krb5_free_context(krb5_ctx);
return;
}
krb5_free_context(krb5_ctx);
}
#endif
isc_result_t
dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
gss_cred_id_t *cred)
@ -223,6 +273,8 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
gret = gss_import_name(&minor, &gnamebuf,
GSS_C_NO_OID, &gname);
if (gret != GSS_S_COMPLETE) {
dst_gssapi_check_config((char *)array);
gss_log(3, "failed gss_import_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
@ -254,6 +306,7 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
initiate ? "initiate" : "accept",
(char *)gnamebuf.value,
gss_error_tostring(gret, minor, buf, sizeof(buf)));
dst_gssapi_check_config((char *)array);
return (ISC_R_FAILURE);
}
@ -283,12 +336,15 @@ dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name,
char rbuf[DNS_NAME_FORMATSIZE];
char *sname;
char *rname;
isc_buffer_t buffer;
/*
* It is far, far easier to write the names we are looking at into
* a string, and do string operations on them.
*/
dns_name_format(signer, sbuf, sizeof(sbuf));
isc_buffer_init(&buffer, sbuf, sizeof(sbuf));
dns_name_toprincipal(signer, &buffer);
isc_buffer_putuint8(&buffer, 0);
if (name != NULL)
dns_name_format(name, nbuf, sizeof(nbuf));
dns_name_format(realm, rbuf, sizeof(rbuf));
@ -298,11 +354,11 @@ dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name,
* does not exist, we don't have something we like, so we fail our
* compare.
*/
rname = strstr(sbuf, "\\@");
rname = strchr(sbuf, '@');
if (rname == NULL)
return (isc_boolean_false);
*rname = '\0';
rname += 2;
rname++;
/*
* Find the host portion of the signer's name. We do this by
@ -352,12 +408,15 @@ dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name,
char *sname;
char *nname;
char *rname;
isc_buffer_t buffer;
/*
* It is far, far easier to write the names we are looking at into
* a string, and do string operations on them.
*/
dns_name_format(signer, sbuf, sizeof(sbuf));
isc_buffer_init(&buffer, sbuf, sizeof(sbuf));
dns_name_toprincipal(signer, &buffer);
isc_buffer_putuint8(&buffer, 0);
if (name != NULL)
dns_name_format(name, nbuf, sizeof(nbuf));
dns_name_format(realm, rbuf, sizeof(rbuf));
@ -367,17 +426,17 @@ dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name,
* does not exist, we don't have something we like, so we fail our
* compare.
*/
rname = strstr(sbuf, "\\@");
rname = strchr(sbuf, '@');
if (rname == NULL)
return (isc_boolean_false);
sname = strstr(sbuf, "\\$");
sname = strchr(sbuf, '$');
if (sname == NULL)
return (isc_boolean_false);
/*
* Verify that the $ and @ follow one another.
*/
if (rname - sname != 2)
if (rname - sname != 1)
return (isc_boolean_false);
/*
@ -389,8 +448,7 @@ dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name,
* machinename$@EXAMPLE.COM
* format.
*/
*rname = '\0';
rname += 2;
rname++;
*sname = '\0';
sname = sbuf;
@ -488,8 +546,12 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
gintokenp = NULL;
}
/*
* Note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
* servers don't like it.
*/
flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
GSS_C_INTEG_FLAG;
gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
gname, GSS_SPNEGO_MECHANISM, flags,

2
lib/dns/include/dns/diff.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: diff.h,v 1.15.120.2.24.2 2010/06/04 23:49:23 tbox Exp $ */
/* $Id: diff.h,v 1.15.120.4 2010-06-04 23:48:25 tbox Exp $ */
#ifndef DNS_DIFF_H
#define DNS_DIFF_H 1

6
lib/dns/include/dns/events.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: events.h,v 1.49.332.2 2009/05/07 23:47:12 tbox Exp $ */
/* $Id: events.h,v 1.49.332.4 2010-05-10 23:48:14 tbox Exp $ */
#ifndef DNS_EVENTS_H
#define DNS_EVENTS_H 1
@ -58,7 +58,7 @@
#define DNS_EVENT_MASTERNEXTZONE (ISC_EVENTCLASS_DNS + 28)
#define DNS_EVENT_IOREADY (ISC_EVENTCLASS_DNS + 29)
#define DNS_EVENT_LOOKUPDONE (ISC_EVENTCLASS_DNS + 30)
/* #define DNS_EVENT_unused (ISC_EVENTCLASS_DNS + 31) */
#define DNS_EVENT_RBTDEADNODES (ISC_EVENTCLASS_DNS + 31)
#define DNS_EVENT_DISPATCHCONTROL (ISC_EVENTCLASS_DNS + 32)
#define DNS_EVENT_REQUESTCONTROL (ISC_EVENTCLASS_DNS + 33)
#define DNS_EVENT_DUMPQUANTUM (ISC_EVENTCLASS_DNS + 34)

19
lib/dns/include/dns/name.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: name.h,v 1.126.332.3 2009/12/24 00:34:59 each Exp $ */
/* $Id: name.h,v 1.126.332.5 2010-07-09 23:45:55 tbox Exp $ */
#ifndef DNS_NAME_H
#define DNS_NAME_H 1
@ -796,9 +796,18 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
*\li #ISC_R_UNEXPECTEDEND
*/
#define DNS_NAME_OMITFINALDOT 0x01U
#define DNS_NAME_MASTERFILE 0x02U /* escape $ and @ */
isc_result_t
dns_name_toprincipal(dns_name_t *name, isc_buffer_t *target);
isc_result_t
dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
isc_buffer_t *target);
isc_result_t
dns_name_totext2(dns_name_t *name, unsigned int options, isc_buffer_t *target);
/*%<
* Convert 'name' into text format, storing the result in 'target'.
*
@ -806,6 +815,12 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
*\li If 'omit_final_dot' is true, then the final '.' in absolute
* names other than the root name will be omitted.
*
*\li If DNS_NAME_OMITFINALDOT is set in options, then the final '.'
* in absolute names other than the root name will be omitted.
*
*\li If DNS_NAME_MASTERFILE is set in options, '$' and '@' will also
* be escaped.
*
*\li If dns_name_countlabels == 0, the name will be "@", representing the
* current origin as described by RFC1035.
*

2
lib/dns/include/dns/ncache.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ncache.h,v 1.25.48.2.10.2 2010/05/14 23:48:44 tbox Exp $ */
/* $Id: ncache.h,v 1.25.48.4 2010-05-14 23:47:50 tbox Exp $ */
#ifndef DNS_NCACHE_H
#define DNS_NCACHE_H 1

2
lib/dns/include/dns/rdataset.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdataset.h,v 1.65.50.2.24.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: rdataset.h,v 1.65.50.4 2010-02-25 10:56:41 tbox Exp $ */
#ifndef DNS_RDATASET_H
#define DNS_RDATASET_H 1

2
lib/dns/include/dns/resolver.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.h,v 1.60.56.3.24.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: resolver.h,v 1.60.56.5 2010-02-25 10:56:41 tbox Exp $ */
#ifndef DNS_RESOLVER_H
#define DNS_RESOLVER_H 1

2
lib/dns/include/dns/result.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.h,v 1.116.228.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: result.h,v 1.116.48.2 2010-02-25 10:56:41 tbox Exp $ */
#ifndef DNS_RESULT_H
#define DNS_RESULT_H 1

21
lib/dns/include/dns/tsig.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsig.h,v 1.51 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: tsig.h,v 1.51.332.4 2010-12-09 01:12:55 marka Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
@ -62,6 +62,13 @@ struct dns_tsig_keyring {
unsigned int writecount;
isc_rwlock_t lock;
isc_mem_t *mctx;
/*
* LRU list of generated key along with a count of the keys on the
* list and a maximum size.
*/
unsigned int generated;
unsigned int maxgenerated;
ISC_LIST(dns_tsigkey_t) lru;
};
struct dns_tsigkey {
@ -77,12 +84,13 @@ struct dns_tsigkey {
isc_stdtime_t expire; /*%< end of validity period */
dns_tsig_keyring_t *ring; /*%< the enclosing keyring */
isc_refcount_t refs; /*%< reference counter */
ISC_LINK(dns_tsigkey_t) link;
};
#define dns_tsigkey_identity(tsigkey) \
((tsigkey) == NULL ? NULL : \
(tsigkey)->generated ? ((tsigkey)->creator) : \
(&((tsigkey)->name)))
(tsigkey)->generated ? ((tsigkey)->creator) : \
(&((tsigkey)->name)))
ISC_LANG_BEGINDECLS
@ -109,12 +117,15 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
* allows a transient key with an invalid algorithm to exist long enough
* to generate a BADKEY response.
*
* If dns_tsigkey_createfromkey is successful a new reference to 'dstkey'
* will have been made.
*
* Requires:
*\li 'name' is a valid dns_name_t
*\li 'algorithm' is a valid dns_name_t
*\li 'secret' is a valid pointer
*\li 'length' is an integer >= 0
*\li 'key' is a valid dst key or NULL
*\li 'dstkey' is a valid dst key or NULL
*\li 'creator' points to a valid dns_name_t or is NULL
*\li 'mctx' is a valid memory context
*\li 'ring' is a valid TSIG keyring or NULL

2
lib/dns/include/dns/types.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: types.h,v 1.130.50.5.10.2 2010/05/14 23:48:44 tbox Exp $ */
/* $Id: types.h,v 1.130.50.7 2010-05-14 23:47:50 tbox Exp $ */
#ifndef DNS_TYPES_H
#define DNS_TYPES_H 1

2
lib/dns/include/dns/validator.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.h,v 1.41.48.3.24.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: validator.h,v 1.41.48.5 2010-02-25 10:56:41 tbox Exp $ */
#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1

2
lib/dns/include/dns/view.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.111.88.4.24.2 2010/09/29 23:46:31 tbox Exp $ */
/* $Id: view.h,v 1.111.88.6 2010-09-24 08:30:28 tbox Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1

10
lib/dns/include/dns/zone.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.h,v 1.160.50.6 2009/10/05 21:57:00 each Exp $ */
/* $Id: zone.h,v 1.160.50.8 2010-12-14 23:46:09 tbox Exp $ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
@ -1654,7 +1654,7 @@ void
dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx);
/*%<
* Set the post load integrity callback function 'checkmx'.
* 'checkmx' will be called if the MX is not within the zone.
* 'checkmx' will be called if the MX TARGET is not within the zone.
*
* Require:
* 'zone' to be a valid zone.
@ -1673,8 +1673,8 @@ dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv);
void
dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns);
/*%<
* Set the post load integrity callback function 'checkmx'.
* 'checkmx' will be called if the MX is not within the zone.
* Set the post load integrity callback function 'checkns'.
* 'checkns' will be called if the NS TARGET is not within the zone.
*
* Require:
* 'zone' to be a valid zone.

12
lib/dns/include/dst/dst.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst.h,v 1.12.50.2 2010/01/15 23:47:34 tbox Exp $ */
/* $Id: dst.h,v 1.12.50.3 2010-12-09 01:12:55 marka Exp $ */
#ifndef DST_DST_H
#define DST_DST_H 1
@ -508,6 +508,16 @@ dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2);
* \li ISC_FALSE
*/
void
dst_key_attach(dst_key_t *source, dst_key_t **target);
/*
* Attach to a existing key increasing the reference count.
*
* Requires:
*\li 'source' to be a valid key.
*\li 'target' to be non-NULL and '*target' to be NULL.
*/
void
dst_key_free(dst_key_t **keyp);
/*%<

2
lib/dns/journal.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: journal.c,v 1.103.48.6.10.2 2010/11/17 23:46:16 tbox Exp $ */
/* $Id: journal.c,v 1.103.48.8 2010-11-17 23:45:45 tbox Exp $ */
#include <config.h>

94
lib/dns/message.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.c,v 1.245.50.3 2009/11/24 03:25:53 marka Exp $ */
/* $Id: message.c,v 1.245.50.7 2010-06-03 05:29:03 marka Exp $ */
/*! \file */
@ -1531,6 +1531,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
} else if (rdtype == dns_rdatatype_tsig && msg->tsig == NULL) {
msg->tsig = rdataset;
msg->tsigname = name;
/* Windows doesn't like TSIG names to be compressed. */
msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
rdataset = NULL;
free_rdataset = ISC_FALSE;
free_name = ISC_FALSE;
@ -2478,7 +2480,9 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
if (msg->opcode != dns_opcode_query &&
msg->opcode != dns_opcode_notify)
want_question_section = ISC_FALSE;
if (want_question_section) {
if (msg->opcode == dns_opcode_update)
first_section = DNS_SECTION_ADDITIONAL;
else if (want_question_section) {
if (!msg->question_ok)
return (DNS_R_FORMERR);
first_section = DNS_SECTION_ANSWER;
@ -3155,7 +3159,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
ADD_STRING(target, ", flags:");
if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0)
ADD_STRING(target, " do");
mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff;
mbz = ps->ttl & 0xffff;
mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */
if (mbz != 0) {
ADD_STRING(target, "; MBZ: ");
snprintf(buf, sizeof(buf), "%.4x ", mbz);
@ -3173,42 +3178,46 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
/* Print EDNS info, if any */
dns_rdata_init(&rdata);
dns_rdataset_current(ps, &rdata);
if (rdata.length < 4)
return (ISC_R_SUCCESS);
isc_buffer_init(&optbuf, rdata.data, rdata.length);
isc_buffer_add(&optbuf, rdata.length);
optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf);
while (isc_buffer_remaininglength(&optbuf) != 0) {
INSIST(isc_buffer_remaininglength(&optbuf) >= 4U);
optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf);
INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
if (optcode == DNS_OPT_NSID) {
ADD_STRING(target, "; NSID");
} else {
ADD_STRING(target, "; OPT=");
sprintf(buf, "%u", optcode);
ADD_STRING(target, buf);
}
if (optlen != 0) {
int i;
ADD_STRING(target, ": ");
optdata = rdata.data + 4;
for (i = 0; i < optlen; i++) {
sprintf(buf, "%02x ", optdata[i]);
if (optcode == DNS_OPT_NSID) {
ADD_STRING(target, "; NSID");
} else {
ADD_STRING(target, "; OPT=");
sprintf(buf, "%u", optcode);
ADD_STRING(target, buf);
}
for (i = 0; i < optlen; i++) {
ADD_STRING(target, " (");
if (isprint(optdata[i]))
isc_buffer_putmem(target, &optdata[i],
1);
else
isc_buffer_putstr(target, ".");
ADD_STRING(target, ")");
if (optlen != 0) {
int i;
ADD_STRING(target, ": ");
optdata = isc_buffer_current(&optbuf);
for (i = 0; i < optlen; i++) {
sprintf(buf, "%02x ", optdata[i]);
ADD_STRING(target, buf);
}
for (i = 0; i < optlen; i++) {
ADD_STRING(target, " (");
if (isprint(optdata[i]))
isc_buffer_putmem(target,
&optdata[i],
1);
else
isc_buffer_putstr(target, ".");
ADD_STRING(target, ")");
}
isc_buffer_forward(&optbuf, optlen);
}
ADD_STRING(target, "\n");
}
ADD_STRING(target, "\n");
return (ISC_R_SUCCESS);
case DNS_PSEUDOSECTION_TSIG:
ps = dns_message_gettsig(msg, &name);
@ -3258,21 +3267,26 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, ", id: ");
snprintf(buf, sizeof(buf), "%6u", msg->id);
ADD_STRING(target, buf);
ADD_STRING(target, "\n;; flags: ");
ADD_STRING(target, "\n;; flags:");
if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
ADD_STRING(target, "qr ");
ADD_STRING(target, " qr");
if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0)
ADD_STRING(target, "aa ");
ADD_STRING(target, " aa");
if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0)
ADD_STRING(target, "tc ");
ADD_STRING(target, " tc");
if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0)
ADD_STRING(target, "rd ");
ADD_STRING(target, " rd");
if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0)
ADD_STRING(target, "ra ");
ADD_STRING(target, " ra");
if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0)
ADD_STRING(target, "ad ");
ADD_STRING(target, " ad");
if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0)
ADD_STRING(target, "cd ");
ADD_STRING(target, " cd");
/*
* The final unnamed flag must be zero.
*/
if ((msg->flags & 0x0040U) != 0)
ADD_STRING(target, "; MBZ: 0x4");
if (msg->opcode != dns_opcode_update) {
ADD_STRING(target, "; QUESTION: ");
} else {

32
lib/dns/name.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: name.c,v 1.165 2008/04/01 23:47:10 tbox Exp $ */
/* $Id: name.c,v 1.165.120.3 2010-07-09 05:15:05 each Exp $ */
/*! \file */
@ -901,7 +901,7 @@ dns_name_getlabelsequence(const dns_name_t *source,
REQUIRE(VALID_NAME(source));
REQUIRE(VALID_NAME(target));
REQUIRE(first <= source->labels);
REQUIRE(first + n <= source->labels);
REQUIRE(n <= source->labels - first); /* note first+n could overflow */
REQUIRE(BINDABLE(target));
SETUP_OFFSETS(source, offsets, odata);
@ -1323,6 +1323,21 @@ totext_filter_proc_key_init(void) {
isc_result_t
dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
isc_buffer_t *target)
{
unsigned int options = DNS_NAME_MASTERFILE;
if (omit_final_dot)
options |= DNS_NAME_OMITFINALDOT;
return (dns_name_totext2(name, options, target));
}
isc_result_t
dns_name_toprincipal(dns_name_t *name, isc_buffer_t *target) {
return (dns_name_totext2(name, DNS_NAME_OMITFINALDOT, target));
}
isc_result_t
dns_name_totext2(dns_name_t *name, unsigned int options, isc_buffer_t *target)
{
unsigned char *ndata;
char *tdata;
@ -1337,6 +1352,8 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
dns_name_totextfilter_t totext_filter_proc = NULL;
isc_result_t result;
#endif
isc_boolean_t omit_final_dot =
ISC_TF(options & DNS_NAME_OMITFINALDOT);
/*
* This function assumes the name is in proper uncompressed
@ -1412,15 +1429,17 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
while (count > 0) {
c = *ndata;
switch (c) {
/* Special modifiers in zone files. */
case 0x40: /* '@' */
case 0x24: /* '$' */
if ((options & DNS_NAME_MASTERFILE) == 0)
goto no_escape;
case 0x22: /* '"' */
case 0x28: /* '(' */
case 0x29: /* ')' */
case 0x2E: /* '.' */
case 0x3B: /* ';' */
case 0x5C: /* '\\' */
/* Special modifiers in zone files. */
case 0x40: /* '@' */
case 0x24: /* '$' */
if (trem < 2)
return (ISC_R_NOSPACE);
*tdata++ = '\\';
@ -1430,6 +1449,7 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot,
trem -= 2;
nlen--;
break;
no_escape:
default:
if (c > 0x20 && c < 0x7f) {
if (trem == 0)

2
lib/dns/ncache.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ncache.c,v 1.43.336.5 2010/05/19 09:56:44 marka Exp $ */
/* $Id: ncache.c,v 1.43.48.7 2010-05-19 09:53:46 marka Exp $ */
/*! \file */

8
lib/dns/openssl_link.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.22.112.3 2009/02/11 03:07:01 jinmei Exp $
* $Id: openssl_link.c,v 1.22.112.5 2010-09-15 12:37:35 tbox Exp $
*/
#ifdef OPENSSL
@ -91,7 +91,7 @@ entropy_get(unsigned char *buf, int num) {
if (num < 0)
return (-1);
result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE);
return (result == ISC_R_SUCCESS ? num : -1);
return (result == ISC_R_SUCCESS ? 1 : -1);
}
static int
@ -105,7 +105,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
if (num < 0)
return (-1);
result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE);
return (result == ISC_R_SUCCESS ? num : -1);
return (result == ISC_R_SUCCESS ? 1 : -1);
}
static void

74
lib/dns/rbtdb.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.270.12.16.10.6 2010/11/16 07:46:23 marka Exp $ */
/* $Id: rbtdb.c,v 1.270.12.26 2010-12-02 05:09:58 marka Exp $ */
/*! \file */
@ -2089,6 +2089,34 @@ setnsec3parameters(dns_db_t *db, rbtdb_version_t *version,
RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
}
static void
cleanup_dead_nodes_callback(isc_task_t *task, isc_event_t *event) {
dns_rbtdb_t *rbtdb = event->ev_arg;
isc_boolean_t again = ISC_FALSE;
unsigned int locknum;
unsigned int refs;
RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
for (locknum = 0; locknum < rbtdb->node_lock_count; locknum++) {
NODE_LOCK(&rbtdb->node_locks[locknum].lock,
isc_rwlocktype_write);
cleanup_dead_nodes(rbtdb, locknum);
if (ISC_LIST_HEAD(rbtdb->deadnodes[locknum]) != NULL)
again = ISC_TRUE;
NODE_UNLOCK(&rbtdb->node_locks[locknum].lock,
isc_rwlocktype_write);
}
RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
if (again)
isc_task_send(task, &event);
else {
isc_event_free(&event);
isc_refcount_decrement(&rbtdb->references, &refs);
if (refs == 0)
maybe_free_rbtdb(rbtdb);
}
}
static void
closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
@ -2289,15 +2317,28 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
}
if (!EMPTY(cleanup_list)) {
/*
* We acquire a tree write lock here in order to make sure
* that stale nodes will be removed in decrement_reference().
* If we didn't have the lock, those nodes could miss the
* chance to be removed until the server stops. The write lock
* is expensive, but this event should be rare enough to justify
* the cost.
*/
RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
isc_event_t *event = NULL;
isc_rwlocktype_t tlock = isc_rwlocktype_none;
if (rbtdb->task != NULL)
event = isc_event_allocate(rbtdb->common.mctx, NULL,
DNS_EVENT_RBTDEADNODES,
cleanup_dead_nodes_callback,
rbtdb, sizeof(isc_event_t));
if (event == NULL) {
/*
* We acquire a tree write lock here in order to make
* sure that stale nodes will be removed in
* decrement_reference(). If we didn't have the lock,
* those nodes could miss the chance to be removed
* until the server stops. The write lock is
* expensive, but this event should be rare enough
* to justify the cost.
*/
RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
tlock = isc_rwlocktype_write;
}
for (changed = HEAD(cleanup_list);
changed != NULL;
changed = next_changed) {
@ -2312,20 +2353,25 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
* This is a good opportunity to purge any dead nodes,
* so use it.
*/
cleanup_dead_nodes(rbtdb, rbtnode->locknum);
if (event == NULL)
cleanup_dead_nodes(rbtdb, rbtnode->locknum);
if (rollback)
rollback_node(rbtnode, serial);
decrement_reference(rbtdb, rbtnode, least_serial,
isc_rwlocktype_write,
isc_rwlocktype_write, ISC_FALSE);
isc_rwlocktype_write, tlock,
ISC_FALSE);
NODE_UNLOCK(lock, isc_rwlocktype_write);
isc_mem_put(rbtdb->common.mctx, changed,
sizeof(*changed));
}
RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
if (event != NULL) {
isc_refcount_increment(&rbtdb->references, NULL);
isc_task_send(rbtdb->task, &event);
} else
RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
}
end:

9
lib/dns/rdata.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdata.c,v 1.199.50.2 2009/02/16 23:47:15 tbox Exp $ */
/* $Id: rdata.c,v 1.199.50.4 2011-01-13 04:48:21 tbox Exp $ */
/*! \file */
@ -1135,6 +1135,11 @@ name_prefix(dns_name_t *name, dns_name_t *origin, dns_name_t *target) {
if (l1 == l2)
goto return_false;
/* Master files should be case preserving. */
dns_name_getlabelsequence(name, l1 - l2, l2, target);
if (!dns_name_caseequal(origin, target))
goto return_false;
dns_name_getlabelsequence(name, 0, l1 - l2, target);
return (ISC_TRUE);

10
lib/dns/rdata/generic/ipseckey_45.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ipseckey_45.c,v 1.4.332.3 2009/09/18 21:55:48 jinmei Exp $ */
/* $Id: ipseckey_45.c,v 1.4.332.5 2011-01-13 04:48:23 tbox Exp $ */
#ifndef RDATA_GENERIC_IPSECKEY_45_C
#define RDATA_GENERIC_IPSECKEY_45_C
@ -120,8 +120,6 @@ static inline isc_result_t
totext_ipseckey(ARGS_TOTEXT) {
isc_region_t region;
dns_name_t name;
dns_name_t prefix;
isc_boolean_t sub;
char buf[sizeof("255 ")];
unsigned short num;
unsigned short gateway;
@ -130,7 +128,6 @@ totext_ipseckey(ARGS_TOTEXT) {
REQUIRE(rdata->length >= 3);
dns_name_init(&name, NULL);
dns_name_init(&prefix, NULL);
if (rdata->data[1] > 3U)
return (ISC_R_NOTIMPLEMENTED);
@ -183,8 +180,7 @@ totext_ipseckey(ARGS_TOTEXT) {
case 3:
dns_name_fromregion(&name, &region);
sub = name_prefix(&name, tctx->origin, &prefix);
RETERR(dns_name_totext(&prefix, sub, target));
RETERR(dns_name_totext(&name, ISC_FALSE, target));
isc_region_consume(&region, name_length(&name));
break;
}

12
lib/dns/rdata/generic/nsec_47.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2007, 2008, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsec_47.c,v 1.11 2008/07/15 23:47:21 tbox Exp $ */
/* $Id: nsec_47.c,v 1.11.82.2 2011-01-13 04:48:23 tbox Exp $ */
/* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
@ -88,20 +88,18 @@ totext_nsec(ARGS_TOTEXT) {
isc_region_t sr;
unsigned int i, j, k;
dns_name_t name;
dns_name_t prefix;
isc_boolean_t sub;
unsigned int window, len;
REQUIRE(rdata->type == 47);
REQUIRE(rdata->length != 0);
UNUSED(tctx);
dns_name_init(&name, NULL);
dns_name_init(&prefix, NULL);
dns_rdata_toregion(rdata, &sr);
dns_name_fromregion(&name, &sr);
isc_region_consume(&sr, name_length(&name));
sub = name_prefix(&name, tctx->origin, &prefix);
RETERR(dns_name_totext(&prefix, sub, target));
RETERR(dns_name_totext(&name, ISC_FALSE, target));
for (i = 0; i < sr.length; i += len) {

10
lib/dns/rdata/generic/rrsig_46.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rrsig_46.c,v 1.10 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: rrsig_46.c,v 1.10.332.2 2011-01-13 04:48:23 tbox Exp $ */
/* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */
@ -134,8 +134,6 @@ totext_rrsig(ARGS_TOTEXT) {
unsigned long exp;
unsigned long foot;
dns_name_t name;
dns_name_t prefix;
isc_boolean_t sub;
REQUIRE(rdata->type == 46);
REQUIRE(rdata->length != 0);
@ -217,11 +215,9 @@ totext_rrsig(ARGS_TOTEXT) {
* Signer.
*/
dns_name_init(&name, NULL);
dns_name_init(&prefix, NULL);
dns_name_fromregion(&name, &sr);
isc_region_consume(&sr, name_length(&name));
sub = name_prefix(&name, tctx->origin, &prefix);
RETERR(dns_name_totext(&prefix, sub, target));
RETERR(dns_name_totext(&name, ISC_FALSE, target));
/*
* Sig.

2
lib/dns/rdatalist.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdatalist.c,v 1.36.338.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: rdatalist.c,v 1.36.50.2 2010-02-25 10:56:41 tbox Exp $ */
/*! \file */

2
lib/dns/rdataset.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdataset.c,v 1.82.50.2.24.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: rdataset.c,v 1.82.50.4 2010-02-25 10:56:41 tbox Exp $ */
/*! \file */

2
lib/dns/rdataslab.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdataslab.c,v 1.48.50.2.24.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: rdataslab.c,v 1.48.50.4 2010-02-25 10:56:41 tbox Exp $ */
/*! \file */

115
lib/dns/resolver.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.384.14.20.10.3 2010/06/23 23:46:25 tbox Exp $ */
/* $Id: resolver.c,v 1.384.14.30 2011-01-27 23:45:47 tbox Exp $ */
/*! \file */
@ -203,6 +203,7 @@ struct fetchctx {
isc_sockaddrlist_t bad;
isc_sockaddrlist_t edns;
isc_sockaddrlist_t edns512;
isc_sockaddrlist_t bad_edns;
dns_validator_t *validator;
ISC_LIST(dns_validator_t) validators;
dns_db_t * cache;
@ -482,7 +483,7 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
inc_stats(fctx->res, dns_resstatscounter_val);
if ((valoptions & DNS_VALIDATOR_DEFER) == 0) {
INSIST(fctx->validator == NULL);
fctx->validator = validator;
fctx->validator = validator;
}
ISC_LIST_APPEND(fctx->validators, validator, link);
} else
@ -1558,6 +1559,36 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
return (result);
}
static isc_boolean_t
bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) {
isc_sockaddr_t *sa;
for (sa = ISC_LIST_HEAD(fctx->bad_edns);
sa != NULL;
sa = ISC_LIST_NEXT(sa, link)) {
if (isc_sockaddr_equal(sa, address))
return (ISC_TRUE);
}
return (ISC_FALSE);
}
static void
add_bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) {
isc_sockaddr_t *sa;
if (bad_edns(fctx, address))
return;
sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
sizeof(*sa));
if (sa == NULL)
return;
*sa = *address;
ISC_LIST_INITANDAPPEND(fctx->bad_edns, sa, link);
}
static isc_boolean_t
triededns(fetchctx_t *fctx, isc_sockaddr_t *address) {
isc_sockaddr_t *sa;
@ -3131,6 +3162,14 @@ fctx_destroy(fetchctx_t *fctx) {
isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
}
for (sa = ISC_LIST_HEAD(fctx->bad_edns);
sa != NULL;
sa = next_sa) {
next_sa = ISC_LIST_NEXT(sa, link);
ISC_LIST_UNLINK(fctx->bad_edns, sa, link);
isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
}
isc_timer_detach(&fctx->timer);
dns_message_destroy(&fctx->rmessage);
dns_message_destroy(&fctx->qmessage);
@ -3501,6 +3540,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
ISC_LIST_INIT(fctx->bad);
ISC_LIST_INIT(fctx->edns);
ISC_LIST_INIT(fctx->edns512);
ISC_LIST_INIT(fctx->bad_edns);
ISC_LIST_INIT(fctx->validators);
fctx->validator = NULL;
fctx->find = NULL;
@ -3870,14 +3910,6 @@ maybe_destroy(fetchctx_t *fctx) {
validator != NULL; validator = next_validator) {
next_validator = ISC_LIST_NEXT(validator, link);
dns_validator_cancel(validator);
/*
* If this is a active validator wait for the cancel
* to complete before calling dns_validator_destroy().
*/
if (validator == fctx->validator)
continue;
ISC_LIST_UNLINK(fctx->validators, validator, link);
dns_validator_destroy(&validator);
}
bucketnum = fctx->bucketnum;
@ -6115,6 +6147,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
unsigned int findoptions;
isc_result_t broken_server;
badnstype_t broken_type = badns_response;
isc_boolean_t no_response;
REQUIRE(VALID_QUERY(query));
fctx = query->fctx;
@ -6137,6 +6170,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
resend = ISC_FALSE;
truncated = ISC_FALSE;
finish = NULL;
no_response = ISC_FALSE;
if (fctx->res->exiting) {
result = ISC_R_SHUTTINGDOWN;
@ -6184,7 +6218,9 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
/*
* If this is a network error on an exclusive query
* socket, mark the server as bad so that we won't try
* it for this fetch again.
* it for this fetch again. Also adjust finish and
* no_response so that we penalize this address in SRTT
* adjustment later.
*/
if (query->exclusivesocket &&
(devent->result == ISC_R_HOSTUNREACH ||
@ -6193,6 +6229,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
devent->result == ISC_R_CANCELED)) {
broken_server = devent->result;
broken_type = badns_unreachable;
finish = NULL;
no_response = ISC_TRUE;
}
}
goto done;
@ -6324,6 +6362,25 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
* ensured by the dispatch code).
*/
/*
* We have an affirmative response to the query and we have
* previously got a response from this server which indicated
* EDNS may not be supported so we can now cache the lack of
* EDNS support.
*/
if (opt == NULL &&
(message->rcode == dns_rcode_noerror ||
message->rcode == dns_rcode_nxdomain ||
message->rcode == dns_rcode_refused ||
message->rcode == dns_rcode_yxdomain) &&
bad_edns(fctx, &query->addrinfo->sockaddr)) {
char addrbuf[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf,
sizeof(addrbuf));
dns_adb_changeflags(fctx->adb, query->addrinfo,
DNS_FETCHOPT_NOEDNS0,
DNS_FETCHOPT_NOEDNS0);
}
/*
* Deal with truncated responses by retrying using TCP.
@ -6379,9 +6436,9 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
if (message->rcode != dns_rcode_noerror &&
message->rcode != dns_rcode_nxdomain) {
if (((message->rcode == dns_rcode_formerr ||
message->rcode == dns_rcode_notimp) ||
(message->rcode == dns_rcode_servfail &&
dns_message_getopt(message) == NULL)) &&
message->rcode == dns_rcode_notimp) ||
(message->rcode == dns_rcode_servfail &&
dns_message_getopt(message) == NULL)) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
/*
* It's very likely they don't like EDNS0.
@ -6397,12 +6454,9 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
options |= DNS_FETCHOPT_NOEDNS0;
resend = ISC_TRUE;
/*
* Remember that they don't like EDNS0.
* Remember that they may not like EDNS0.
*/
if (message->rcode != dns_rcode_servfail)
dns_adb_changeflags(fctx->adb, query->addrinfo,
DNS_FETCHOPT_NOEDNS0,
DNS_FETCHOPT_NOEDNS0);
add_bad_edns(fctx, &query->addrinfo->sockaddr);
inc_stats(fctx->res, dns_resstatscounter_edns0fail);
} else if (message->rcode == dns_rcode_formerr) {
if (ISFORWARDER(query->addrinfo)) {
@ -6666,7 +6720,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
*
* XXXRTH Don't cancel the query if waiting for validation?
*/
fctx_cancelquery(&query, &devent, finish, ISC_FALSE);
fctx_cancelquery(&query, &devent, finish, no_response);
if (keep_trying) {
if (result == DNS_R_FORMERR)
@ -7389,6 +7443,13 @@ static inline isc_boolean_t
fctx_match(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
unsigned int options)
{
/*
* Don't match fetch contexts that are shutting down.
*/
if (fctx->cloned || fctx->state == fetchstate_done ||
ISC_LIST_EMPTY(fctx->events))
return (ISC_FALSE);
if (fctx->type != type || fctx->options != options)
return (ISC_FALSE);
return (dns_name_equal(&fctx->name, name));
@ -7523,17 +7584,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
}
}
/*
* If we didn't have a fetch, would attach to a done fetch, this
* fetch has already cloned its results, or if the fetch has gone
* "idle" (no one was interested in it), we need to start a new
* fetch instead of joining with the existing one.
*/
if (fctx == NULL ||
fctx->state == fetchstate_done ||
fctx->cloned ||
ISC_LIST_EMPTY(fctx->events)) {
fctx = NULL;
if (fctx == NULL) {
result = fctx_create(res, name, type, domain, nameservers,
options, bucketnum, &fctx);
if (result != ISC_R_SUCCESS)

2
lib/dns/result.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.c,v 1.125.124.1 2010/03/03 22:06:39 marka Exp $ */
/* $Id: result.c,v 1.125.48.2 2010-02-25 10:56:41 tbox Exp $ */
/*! \file */

6
lib/dns/rootns.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rootns.c,v 1.36 2008/09/24 02:46:22 marka Exp $ */
/* $Id: rootns.c,v 1.36.50.4 2010-06-18 05:37:50 marka Exp $ */
/*! \file */
@ -71,11 +71,13 @@ static char root_ns[] =
"H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n"
"H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803F:235\n"
"I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n"
"I.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fe::53\n"
"J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n"
"J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n"
"K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
"K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n"
"L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
"L.ROOT-SERVERS.NET. 604800 IN AAAA 2001:500:3::42\n"
"M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"
"M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n";

Some files were not shown because too many files have changed in this diff Show More