- --- 9.3.2-P1 released ---
+ --- 9.3.4 released ---
+
+2126. [security] Serialise validation of type ANY responses. [RT #16555]
+
+2124. [security] It was possible to dereference a freed fetch
+ context. [RT #16584]
+
+ --- 9.3.3 released ---
+
+2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
+
+2104. [port] Fix Solaris SMF error message.
+
+2103. [port] Add /usr/sfw to list of locations for OpenSSL
+ under Solaris.
+
+2102. [port] Silence solaris 10 warnings.
+
+2101. [bug] OpenSSL version checks were not quite right.
+ [RT #16476]
+
+2100. [port] win32: copy libeay32.dll to Build\Debug.
+
+2099. [port] win32: more manifiest issues.
+
+ --- 9.3.3rc3 released ---
+
+2096. [bug] libbind: handle applications that fail to detect
+ res_init() failures better.
+
+2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
+ net_cidr_ntop_ipv6(). [RT #16388]
+
+2094. [contrib] Update named-bootconf. [RT# 16404]
+
+2092. [bug] win32: dig, host, nslookup. Use registry config
+ if resolv.conf does not exist or no nameservers
+ listed. [RT #15877]
+
+2091. [port] dighost.c: race condition on cleanup. [RT #16417]
+
+2090. [port] win32: Visual C++ 2005 command line manifest support.
+ [RT #16417]
+
+2089. [security] Raise the minimum safe OpenSSL versions to
+ OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
+ prior to these have known security flaws which
+ are (potentially) exploitable in named. [RT #16391]
+
+2088. [security] Change the default RSA exponent from 3 to 65537.
+ [RT #16391]
+
+2086. [port] libbind: FreeBSD now has get*by*_r() functions.
+ [RT #16403]
+
+2085. [doc] win32: added index.html and README to zip. [RT #16201]
+
+2084. [contrib] dbus update for 9.3.3rc2.
+
+2083. [port] win32: Visual C++ 2005 support.
+
+2082. [doc] Document 'cache-file' as a test only option.
+
+ --- 9.3.3rc2 released ---
+
+2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
+ [RT #16360]
+
+2080. [port] libbind: res_init.c did not compile on older versions
+ of Solaris. [RT #16363]
+
+2076. [bug] Several files were missing #include <config.h>
+ causing build failures on OSF. [RT #16341]
+
+2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
+ dns_request_createraw2() and dns_request_createraw3()
+ failed to send multiple UDP requests. [RT #16349]
2066. [security] Handle SIG queries gracefully. [RT #16300]
+ --- 9.3.3rc1 released ---
+
+2071. [port] Test whether gcc accepts -fno-strict-aliasing.
+ [RT #16324]
+
+2070. [bug] The remote address was not always displayed when
+ reporting dispatch failures. [RT #16315]
+
+2069. [bug] Cross compiling was not working. [RT #16330]
+
+2067. [bug] 'rndc' could close the socket too early triggering
+ a INSIST under Windows. [RT #16317]
+
+2065. [bug] libbind: probe for HPUX prototypes for
+ endprotoent_r() and endservent_r(). [RT 16313]
+
+2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
+
+2063. [bug] Change #1955 introduced a bug which caused the first
+ 'rndc flush' call to not free memory. [RT #16244]
+
+2062. [bug] 'dig +nssearch' was reusing a buffer before it had
+ been returned by the socket code. [RT #16307]
+
+2057. [bug] Make setting "ra" dependent on both allow-query and
+ allow-recursion. [RT #16290]
+
+2056. [bug] dig: ixfr= was not being treated case insensitively
+ at all times. [RT #15955]
+
+2055. [bug] Missing goto after dropping multicast query.
+ [RT #15944]
+
+2054. [port] freebsd: do not explicitly link against -lpthread.
+ [RT #16170]
+
+2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
+
+2052. [bug] 'rndc' improve connect failed message to report
+ the failing address. [RT #15978]
+
+2051. [port] More strtol() fixes. [RT #16249]
+
+2050. [bug] Parsing of NSAP records was not case insensitive.
+ [RT #16287]
+
+2049. [bug] Restore SOA before AXFR when falling back from
+ a attempted IXFR when transfering in a zone.
+ Allow a initial SOA query before attempting
+ a AXFR to be requested. [RT #16156]
+
+2048. [bug] It was possible to loop forever when using
+ avoid-v4-udp-ports / avoid-v6-udp-ports when
+ the OS always returned the same local port.
+ [RT #16182]
+
+2047. [bug] Failed to initialise the interface flags to zero.
+ [RT #16245]
+
+2043. [port] nsupdate/nslookup: Force the flushing of the prompt
+ for interactive sessions. [RT#16148]
+
+2038. [bug] dig/nslookup/host was unlinking from wrong list
+ when handling errors. [RT #16122]
+
+2037. [func] When unlinking the first or last element in a list
+ check that the list head points to the element to
+ be unlinked. [RT #15959]
+
+2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
+ [RT #16075]
+
+2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
+
+ --- 9.3.3b1 released ---
+
+2031. [bug] Emit a error message when "rndc refresh" is called on
+ a non slave/stub zone. [RT # 16073]
+
+2030. [bug] We were being overly conservative when disabling
+ openssl engine support. [RT #16030]
+
+2029. [bug] host printed out the server multiple times when
+ specified on the command line. [RT #15992]
+
+2028. [port] linux: socket.c compatability for old systems.
+ [RT #16015]
+
+2027. [port] libbind: Solaris x86 support. [RT #16020]
+
+2026. [bug] Rate limit the two recursive client exceeded messages.
+ [RT #16044]
+
+2024. [bug] named emited spurious "zone serial unchanged"
+ messages on reload. [RT #16027]
+
+2023. [bug] "make install" should create ${localstatedir}/run and
+ ${sysconfdir} if they do not exist. [RT #16033]
+
+2016. [bug] Return a partial answer if recursion is not
+ allowed but requested and we had the answer
+ to the original qname. [RT #15945]
+
+2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
+ responses more gracefully. [RT #15941]
+
+2009. [bug] libbind: coverity fixes. [RT #15808]
+
+2005. [bug] libbind: Retransmission timeouts should be
+ based on which attempt it is to the nameserver
+ and not the nameserver itself. [RT #13548]
+
+2004. [bug] dns_tsig_sign() could pass a NULL pointer to
+ dst_context_destroy() when cleaning up after a
+ error. [RT #15835]
+
+2003. [bug] libbind: The DNS name/address lookup functions could
+ occasionally follow a random pointer due to
+ structures not being completely zeroed. [RT #15806]
+
+2002. [bug] libbind: tighten the constraints on when
+ struct addrinfo._ai_pad exists. [RT #15783]
+
+2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
+
+1998. [bug] Restrict handling of fifos as sockets to just SunOS.
+ This allows named to connect to entropy gathering
+ daemons that use fifos instead of sockets. [RT #15840]
+
+1997. [bug] Named was failing to replace negative cache entries
+ when a positive one for the type was learnt.
+ [RT #15818]
+
+1995. [bug] 'host' was reporting multiple "is an alias" messages.
+ [RT #15702]
+
+1994. [port] OpenSSL 0.9.8 support. [RT #15694]
+
+1993. [bug] Log messsage, via syslog, were missing the space
+ after the timestamp if "print-time yes" was specified.
+ [RT #15844]
+
+1991. [cleanup] The configuration data, once read, should be treated
+ as readonly. Expand the use of const to enforce this
+ at compile time. [RT #15813]
+
+1990. [bug] libbind: isc's override of broken gettimeofday()
+ implementions was not always effective.
+ [RT #15709]
+
+1989. [bug] win32: don't check the service password when
+ re-installing. [RT #15882]
+
+1985. [protocol] DLV has now been assigned a official type code of
+ 32769. [RT #15807]
+
+ Note: care should be taken to ensure you upgrade
+ both named and dnssec-signzone at the same time for
+ zones with DLV records where named is the master
+ server for the zone. Also any zones that contain
+ DLV records should be removed when upgrading a slave
+ zone. You do not however have to upgrade all
+ servers for a zone with DLV records simultaniously.
+
+1982. [bug] DNSKEY was being accepted on the parent side of
+ a delegation. KEY is still accepted there for
+ RFC 3007 validated updates. [RT #15620]
+
+1981. [bug] win32: condition.c:wait() could fail to reattain
+ the mutex lock.
+
+1979. [port] linux: allow named to drop core after changing
+ user ids. [RT #15753]
+
+1978. [port] Handle systems which have a broken recvmsg().
+ [RT #15742]
+
+1977. [bug] Silence noisy log message. [RT #15704]
+
+1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
+
+1975. [bug] libbind: isc_gethexstring() could misparse multi-line
+ hex strings with comments. [RT #15814]
+
+1974. [doc] List each of the zone types and associated zone
+ options seperately in the ARM.
+
+1972. [contrib] DBUS dynamic forwarders integation from
+ Jason Vas Dias <jvdias@redhat.com>.
+
+1971. [port] linux: make detection of missing IF_NAMESIZE more
+ robust. [RT #15443]
+
+1970. [bug] nsupdate: adjust UDP timeout when falling back to
+ unsigned SOA query. [RT #15775]
+
+1969. [bug] win32: the socket code was freeing the socket
+ structure too early. [RT #15776]
+
+1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
+
+1966. [bug] Don't set CD when we have fallen back to plain DNS.
+ [RT #15727]
+
+1963. [port] Tru64 4.0E doesn't support send() and recv().
+ [RT #15586]
+
+1962. [bug] Named failed to clear old update-policy when it
+ was removed. [RT #15491]
+
+1961. [bug] Check the port and address of responses forwarded
+ to dispatch. [RT #15474]
+
+1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
+ [RT #15465]
+
+1958. [bug] Named failed to update the zone's secure state
+ until the zone was reloaded. [RT #15412]
+
+1957. [bug] Dig mishandled responses to class ANY queries.
+ [RT #15402]
+
+1956. [bug] Improve cross compile support, 'gen' is now built
+ by native compiler. See README for additional
+ cross compile support information. [RT #15148]
+
+1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998]
+
+1952. [port] hpux: tell the linker to build a runtime link
+ path "-Wl,+b:". [RT #14816].
+
+1951. [security] Drop queries from particular well known ports.
+ Don't return FORMERR to queries from particular
+ well known ports. [RT #15636]
+
+1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
+ a TCP socket. This prevents the source address being
+ set for TCP connections. [RT #15628]
+
+1948. [bug] If was possible to trigger a REQUIRE failure in
+ xfrin.c:maybe_free() if named ran out of memory.
+ [RT #15568]
+
+1946. [bug] resume_dslookup() could trigger a REQUIRE failure
+ when using forwarders. [RT #15549]
+
+1944. [cleanup] isc_hash_create() does not need a read/write lock.
+ [RT #15522]
+
+1943. [bug] Set the loadtime after rolling forward the journal.
+ [RT #15647]
+
+1942. [bug] If the name of a DNSKEY match that of one in
+ trusted-keys do not attempt to validate the DNSKEY
+ using the parents DS RRset. [RT #15649]
+
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
+1940. [bug] Fixed a number of error conditions reported by
+ Coverity.
+
+1939. [bug] The resolver could dereference a null pointer after
+ validation if all the queries have timed out.
+ [RT #15528]
+
+1938. [bug] The validator was not correctly handling unsecure
+ negative responses at or below a SEP. [RT #15528]
+
+1919. [contrib] queryperf: a set of new features: collecting/printing
+ response delays, printing intermediate results, and
+ adjusting query rate for the "target" qps.
+
--- 9.3.2 released ---
--- 9.3.2rc1 released ---
1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
-1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
+1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
-1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
+1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
-1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
- IN6ADDR_LOOPBACK_INIT macros.
+1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
1414. [func] Support for KSK flag.
-1413. [func] Explictly request the (re-)generation of DS records from
- keysets (dnssec-signzone -g).
+1413. [func] Explicitly request the (re-)generation of DS records
+ from keysets (dnssec-signzone -g).
1412. [func] You can now specify servers to be tried if a nameserver
has IPv6 address and you only support IPv4 or the
<isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
<isc/net.h>.
- 119. [cleanup] structure definitions for generic rdata stuctures do
+ 119. [cleanup] structure definitions for generic rdata structures do
not have _generic_ in their names.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
-Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and distribute this software for any
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.6.2.2.8.3 2005/01/10 23:51:37 marka Exp $
+$Id: COPYRIGHT,v 1.6.2.2.8.4 2006/01/04 00:37:22 marka Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
Frequently Asked Questions about BIND 9
+Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+
+Copyright © 2000-2003 Internet Software Consortium.
+
-------------------------------------------------------------------------------
Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
-A: Linux threads do not fully implement the Posix threads (pthreads) standard.
- In particular, setuid() operates only on the current thread, not the full
- process. Because of this limitation, BIND 9 cannot use setuid() on Linux as
- it can on all other supported platforms. setuid() cannot be called before
- creating threads, since the server does not start listening on reserved
- ports until after threads have started.
+A: Linux threads do not fully implement the Posix threads (pthreads) standard. In
+ particular, setuid() operates only on the current thread, not the full process.
+ Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on
+ all other supported platforms. setuid() cannot be called before creating
+ threads, since the server does not start listening on reserved ports until
+ after threads have started.
In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
capabilities across a setuid() call is present. This allows BIND 9 to call
- setuid() early, while retaining the ability to bind reserved ports. This is
- a Linux-specific hack.
+ setuid() early, while retaining the ability to bind reserved ports. This is a
+ Linux-specific hack.
- On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
- of a security risk than a root process that has not dropped privileges.
+ On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of
+ a security risk than a root process that has not dropped privileges.
If Linux threads ever work correctly, this restriction will go away.
Configuring BIND9 with the --disable-threads option (the default) causes a
non-threaded version to be built, which will allow -u to be used.
+Q: Why do I get the following errors:
+
+ general: errno2result.c:109: unexpected error:
+ general: unable to convert errno to isc_result: 14: Bad address
+ client: UDP client handler shutting down due to fatal receive error: unexpected error
+
+A: This is the result of a Linux kernel bug.
+
+ See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+
Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
instead"?
Q: Why do I see 5 (or more) copies of named on Linux?
A: Linux threads each show up as a process under ps. The approximate number of
- threads running is n+4, where n is the number of CPUs. Note that the amount
- of memory used is not cumulative; if each process is using 10M of memory,
- only a total of 10M is used.
+ threads running is n+4, where n is the number of CPUs. Note that the amount of
+ memory used is not cumulative; if each process is using 10M of memory, only a
+ total of 10M is used.
+
+ Newer versions of Linux's ps command hide the individual threads and require -L
+ to display them.
Q: Why does BIND 9 log "permission denied" errors accessing its configuration
files or zones on my Linux system even though it is running as root?
-A: On Linux, BIND 9 drops most of its root privileges on startup. This
- including the privilege to open files owned by other users. Therefore, if
- the server is running as root, the configuration files and zone files should
- also be owned by root.
+A: On Linux, BIND 9 drops most of its root privileges on startup. This including
+ the privilege to open files owned by other users. Therefore, if the server is
+ running as root, the configuration files and zone files should also be owned by
+ root.
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file
- bar: ran out of space"?
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar:
+ ran out of space"?
-A: This is often caused by TXT records with missing close quotes. Check that
- all TXT records containing quoted strings have both open and close quotes.
+A: This is often caused by TXT records with missing close quotes. Check that all
+ TXT records containing quoted strings have both open and close quotes.
Q: How do I produce a usable core file from a multithreaded named on Linux?
Q: How do I restrict people from looking up the server version?
-A: Put a "version" option containing something other than the real version in
- the "options" section of named.conf. Note doing this will not prevent
- attacks and may impede people trying to diagnose problems with your server.
- Also it is possible to "fingerprint" nameservers to determine their version.
+A: Put a "version" option containing something other than the real version in the
+ "options" section of named.conf. Note doing this will not prevent attacks and
+ may impede people trying to diagnose problems with your server. Also it is
+ possible to "fingerprint" nameservers to determine their version.
Q: How do I restrict only remote users from looking up the server version?
-A: The following view statement will intercept lookups as the internal view
- that holds the version information will be matched last. The caveats of the
- previous answer still apply, of course.
+A: The following view statement will intercept lookups as the internal view that
+ holds the version information will be matched last. The caveats of the previous
+ answer still apply, of course.
view "chaos" chaos {
match-clients { <those to be refused>; };
Q: What do "no source of entropy found" or "could not open entropy source foo"
mean?
-A: The server requires a source of entropy to perform certain operations,
- mostly DNSSEC related. These messages indicate that you have no source of
- entropy. On systems with /dev/random or an equivalent, it is used by
- default. A source of entropy can also be defined using the random-device
- option in named.conf.
+A: The server requires a source of entropy to perform certain operations, mostly
+ DNSSEC related. These messages indicate that you have no source of entropy. On
+ systems with /dev/random or an equivalent, it is used by default. A source of
+ entropy can also be defined using the random-device option in named.conf.
Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
under /usr. Check that the correct named is running.
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers.
- I'm sure I have the keys set up correctly, but the server is rejecting the
- TSIG. Why?
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm
+ sure I have the keys set up correctly, but the server is rejecting the TSIG.
+ Why?
-A: This may be a clock skew problem. Check that the the clocks on the client
- and server are properly synchronised (e.g., using ntp).
+A: This may be a clock skew problem. Check that the the clocks on the client and
+ server are properly synchronised (e.g., using ntp).
Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
found. Why?
A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
- doesn't work. If you are using one of these, use normal make or gmake
- instead.
+ doesn't work. If you are using one of these, use normal make or gmake instead.
-Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging
- error messages like "notify to 10.0.0.1#53 failed: unexpected end of input".
- What's wrong?
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error
+ messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's
+ wrong?
-A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in
- BIND 8.2.4. It can be safely ignored - the notify has been acted on by the
- slave despite the error message.
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND
+ 8.2.4. It can be safely ignored - the notify has been acted on by the slave
+ despite the error message.
Q: I keep getting log messages like the following. Why?
Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
- failed: 'RRset exists (value dependent)' prerequisite not satisfied
- (NXRRSET)
+ failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
-A: DNS updates allow the update request to test to see if certain conditions
- are met prior to proceeding with the update. The message above is saying
- that conditions were not met and the update is not proceeding. See doc/rfc/
+A: DNS updates allow the update request to test to see if certain conditions are
+ met prior to proceeding with the update. The message above is saying that
+ conditions were not met and the update is not proceeding. See doc/rfc/
rfc2136.txt for more details on prerequisites.
Q: I keep getting log messages like the following. Why?
Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
- protocol. Windows 2000 machines have a habit of sending dynamic update
- requests to DNS servers without being specifically configured to do so. If
- the update requests are coming from a Windows 2000 machine, see http://
- support.microsoft.com/support/kb/articles/q246/8/04.asp for information
- about how to turn them off.
+ protocol. Windows 2000 machines have a habit of sending dynamic update requests
+ to DNS servers without being specifically configured to do so. If the update
+ requests are coming from a Windows 2000 machine, see http://
+ support.microsoft.com/support/kb/articles/q246/8/04.asp for information about
+ how to turn them off.
Q: I see a log message like the following. Why?
A: You are most likely running named as a non-root user, and that user does not
have permission to write in /var/run. The common ways of fixing this are to
- create a /var/run/named directory owned by the named user and set pid-file
- to "/var/run/named/named.pid", or set pid-file to "named.pid", which will
- put the file in the directory specified by the directory option (which, in
- this case, must be writable by the named user).
-
-Q: When I do a "dig . ns", many of the A records for the root servers are
- missing. Why?
-
-A: This is normal and harmless. It is a somewhat confusing side effect of the
- way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to
- avoid promoting glue into answers.
-
- When BIND 9 first starts up and primes its cache, it receives the root
- server addresses as additional data in an authoritative response from a root
- server, and these records are eligible for inclusion as additional data in
- responses. Subsequently it receives a subset of the root server addresses as
- additional data in a non-authoritative (referral) response from a root
- server. This causes the addresses to now be considered non-authoritative
- (glue) data, which is not eligible for inclusion in responses.
+ create a /var/run/named directory owned by the named user and set pid-file to "
+ /var/run/named/named.pid", or set pid-file to "named.pid", which will put the
+ file in the directory specified by the directory option (which, in this case,
+ must be writable by the named user).
+
+Q: When I do a "dig . ns", many of the A records for the root servers are missing.
+ Why?
+
+A: This is normal and harmless. It is a somewhat confusing side effect of the way
+ BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid
+ promoting glue into answers.
+
+ When BIND 9 first starts up and primes its cache, it receives the root server
+ addresses as additional data in an authoritative response from a root server,
+ and these records are eligible for inclusion as additional data in responses.
+ Subsequently it receives a subset of the root server addresses as additional
+ data in a non-authoritative (referral) response from a root server. This causes
+ the addresses to now be considered non-authoritative (glue) data, which is not
+ eligible for inclusion in responses.
The server does have a complete set of root server addresses cached at all
times, it just may not include all of them as additional data, depending on
- whether they were last received as answers or as glue. You can always look
- up the addresses with explicit queries like "dig a.root-servers.net A".
+ whether they were last received as answers or as glue. You can always look up
+ the addresses with explicit queries like "dig a.root-servers.net A".
Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS
- messages larger than 16K are not handled properly. This can be worked around
- by setting the option "transfer-format one-answer;". Also check whether your
- zone contains domain names with embedded spaces or other special characters,
- like "John\032Doe\213s\032Computer", since such names have been known to
- cause Windows 2000 slaves to incorrectly reject the zone.
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages
+ larger than 16K are not handled properly. This can be worked around by setting
+ the option "transfer-format one-answer;". Also check whether your zone contains
+ domain names with embedded spaces or other special characters, like "John\
+ 032Doe\213s\032Computer", since such names have been known to cause Windows
+ 2000 slaves to incorrectly reject the zone.
Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
-A: A zone can be updated either by editing zone files and reloading the server
- or by dynamic update, but not both. If you have enabled dynamic update for a
- zone using the "allow-update" option, you are not supposed to edit the zone
- file by hand, and the server will not attempt to reload it.
+A: A zone can be updated either by editing zone files and reloading the server or
+ by dynamic update, but not both. If you have enabled dynamic update for a zone
+ using the "allow-update" option, you are not supposed to edit the zone file by
+ hand, and the server will not attempt to reload it.
Q: I can query the nameserver from the nameserver but not from other machines.
Why?
-A: This is usually the result of the firewall configuration stopping the
- queries and / or the replies.
+A: This is usually the result of the firewall configuration stopping the queries
+ and / or the replies.
Q: How can I make a server a slave for both an internal and an external view at
- the same time? When I tried, both views on the slave were transferred from
- the same view on the master.
+ the same time? When I tried, both views on the slave were transferred from the
+ same view on the master.
-A: You will need to give the master and slave multiple IP addresses and use
- those to make sure you reach the correct view on the other machine.
+A: You will need to give the master and slave multiple IP addresses and use those
+ to make sure you reach the correct view on the other machine.
Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
internal:
transfer-source 10.0.1.4;
query-source address 10.0.1.4;
- You put the external address on the alias so that all the other dns clients
- on these boxes see the internal view by default.
+ You put the external address on the alias so that all the other dns clients on
+ these boxes see the internal view by default.
A: BIND 9.3 and later: Use TSIG to select the appropriate view.
};
view "external" {
match-clients { key external; any; };
- server 10.0.0.2 { keys external; };
+ server 10.0.1.2 { keys external; };
recursion no;
...
};
};
view "external" {
match-clients { key external; any; };
- server 10.0.0.1 { keys external; };
+ server 10.0.1.1 { keys external; };
recursion no;
...
};
Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
- certain interrupts as a source of random events. You can make this permanent
- by setting rand_irqs in /etc/rc.conf.
+ certain interrupts as a source of random events. You can make this permanent by
+ setting rand_irqs in /etc/rc.conf.
/etc/rc.conf
rand_irqs="3 14 15"
Q: Why is named listening on UDP port other than 53?
A: Named uses a system selected port to make queries of other nameservers. This
- behaviour can be overridden by using query-source to lock down the port and/
- or address. See also notify-source and transfer-source.
+ behaviour can be overridden by using query-source to lock down the port and/or
+ address. See also notify-source and transfer-source.
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME and
- other data" when transferring a zone. What does this mean?
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other
+ data" when transferring a zone. What does this mean?
A: These indicate a malformed master zone. You can identify the exact records
- involved by transferring the zone using dig then running named-checkzone on
- it.
+ involved by transferring the zone using dig then running named-checkzone on it.
dig axfr example.com @master-server > tmp
named-checkzone example.com tmp
- A CNAME record cannot exist with the same name as another record except for
- the DNSSEC records which prove its existance (NSEC).
+ A CNAME record cannot exist with the same name as another record except for the
+ DNSSEC records which prove its existance (NSEC).
RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
should be present; this ensures that the data for a canonical name and its
- aliases cannot be different. This rule also insures that a cached CNAME can
- be used without checking with an authoritative server for other RR types."
+ aliases cannot be different. This rule also insures that a cached CNAME can be
+ used without checking with an authoritative server for other RR types."
-Q: I get error messages like "named.conf:99: unexpected end of input" where 99
- is the last line of named.conf.
+Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is
+ the last line of named.conf.
A: Some text editors (notepad and wordpad) fail to put a line title indication
- (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding"
- a blank line to the end of the file. Named expects to see EOF immediately
- after EOL and treats text files where this is not met as truncated.
+ (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a
+ blank line to the end of the file. Named expects to see EOF immediately after
+ EOL and treats text files where this is not met as truncated.
Q: I get warning messages like "zone example.com/IN: refresh: failure trying
master 1.2.3.4#53: timed out".
dig +norec example.com soa @1.2.3.4
- You could be generating queries faster than the slave can cope with. Lower
- the serial query rate.
+ You could be generating queries faster than the slave can cope with. Lower the
+ serial query rate.
serial-query-rate 5; // default 20
Q: How do I share a dynamic zone between multiple views?
-A: You choose one view to be master and the second a slave and transfer the
- zone between views.
+A: You choose one view to be master and the second a slave and transfer the zone
+ between views.
Master 10.0.1.1:
key "external" {
file primaries/wireless.ietf56.ietf.org: no owner".
A: This error is produced when a line in the master file contains leading white
- space (tab/space) but the is no current record owner name to inherit the
- name from. Usually this is the result of putting white space before a
- comment. Forgeting the "@" for the SOA record or indenting the master file.
+ space (tab/space) but the is no current record owner name to inherit the name
+ from. Usually this is the result of putting white space before a comment.
+ Forgeting the "@" for the SOA record or indenting the master file.
Q: Why are my logs in GMT (UTC).
-A: You are running chrooted (-t) and have not supplied local timzone
- information in the chroot area.
+A: You are running chrooted (-t) and have not supplied local timzone information
+ in the chroot area.
FreeBSD: /etc/localtime
Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
A: This is usually a configuration error.
- First ensure that named is running and no errors are being reported at
- startup (/var/log/messages or equivalent). Running "named -g <usual
- arguments>" from a title can help at this point.
+ First ensure that named is running and no errors are being reported at startup
+ (/var/log/messages or equivalent). Running "named -g <usual arguments>" from a
+ title can help at this point.
Secondly ensure that named is configured to use rndc either by "rndc-confgen
- -a", rndc-confgen or manually. The Administrators Reference manual has
- details on how to do this.
+ -a", rndc-confgen or manually. The Administrators Reference manual has details
+ on how to do this.
Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
the default server listed in /etc/rndc.conf matches the addresses used in
named.conf. "localhost" has two address (127.0.0.1 and ::1).
- If you use "rndc-confgen -a" and named is running with -t or -u ensure that
- /etc/rndc.conf has the correct ownership and that a copy is in the chroot
- area. You can do this by re-running "rndc-confgen -a" with appropriate -t
- and -u arguments.
+ If you use "rndc-confgen -a" and named is running with -t or -u ensure that /
+ etc/rndc.conf has the correct ownership and that a copy is in the chroot area.
+ You can do this by re-running "rndc-confgen -a" with appropriate -t and -u
+ arguments.
Q: I don't get RRSIG's returned when I use "dig +dnssec".
Q: I get "Error 1067" when starting named under Windows.
-A: This is the service manager saying that named exited. You need to examine
- the Application log in the EventViewer to find out why.
+A: This is the service manager saying that named exited. You need to examine the
+ Application log in the EventViewer to find out why.
- Common causes are that you failed to create "named.conf" (usually "C:\
- windows\dns\etc\named.conf") or failed to specify the directory in
- named.conf.
+ Common causes are that you failed to create "named.conf" (usually "C:\windows\
+ dns\etc\named.conf") or failed to specify the directory in named.conf.
options {
Directory "C:\windows\dns\etc";
"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
- Named needs write permission on the directory containing the file. Named
- writes the new cache file to a temporary file then renames it to the name
- specified in named.conf to ensure that the contents are always complete.
- This is to prevent named loading a partial zone in the event of power
- failure or similar interrupting the write of the master file.
+ Named needs write permission on the directory containing the file. Named writes
+ the new cache file to a temporary file then renames it to the name specified in
+ named.conf to ensure that the contents are always complete. This is to prevent
+ named loading a partial zone in the event of power failure or similar
+ interrupting the write of the master file.
Note file names are relative to the directory specified in options and any
chroot directory ([<chroot dir>/][<options dir>]).
If you are not using these private addresses then a client has queried for
them. You can just ignore the messages, get the offending client to stop
- sending you these messages as they are most probably leaking them or setup
- your own zones empty zones to serve answers to these queries.
+ sending you these messages as they are most probably leaking them or setup your
+ own zones empty zones to serve answers to these queries.
zone "10.IN-ADDR.ARPA" {
type master;
Future versions of named are likely to do this automatically.
+Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
+
+ Why can't named update slave zone database files?
+
+ Why can't named create DDNS journal files or update the master zones from
+ journals?
+
+ Why can't named create custom log files?
+
+A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
+
+ Red Hat have adopted the National Security Agency's SELinux security policy (
+ see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
+ are more secure than running named in a chroot and make use of the bind-chroot
+ environment unecessary .
+
+ By default, named is not allowed by the SELinux policy to write, create or
+ delete any files EXCEPT in these directories:
+
+ $ROOTDIR/var/named/slaves
+ $ROOTDIR/var/named/data
+ $ROOTDIR/var/tmp
+
+
+ where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
+
+ The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var
+ /named directory, the default location for master zone database files.
+
+ SELinux policy overrules file access permissions - so even if all the files
+ under /var/named have ownership named:named and mode rw-rw-r--, named will
+ still not be able to write or create files except in the directories above,
+ with SELinux in Enforcing mode.
+
+ So, to allow named to update slave or DDNS zone files, it is best to locate
+ them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as:
+
+ zone "slave.zone." IN {
+ type slave;
+ file "slaves/slave.zone.db";
+ ...
+ };
+ zone "ddns.zone." IN {
+ type master;
+ allow-updates {...};
+ file "slaves/ddns.zone.db";
+ };
+
+
+ To allow named to create its cache dump and statistics files, for example, you
+ could use named.conf options statements such as:
+
+ options {
+ ...
+ dump-file "/var/named/data/cache_dump.db";
+ statistics-file "/var/named/data/named_stats.txt";
+ ...
+ };
+
+
+ You can also tell SELinux to allow named to update any zone database files, by
+ setting the SELinux tunable boolean parameter 'named_write_master_zones=1',
+ using the system-config-securitylevel GUI, using the 'setsebool' command, or in
+ /etc/selinux/targeted/booleans.
+
+ You can disable SELinux protection for named entirely by setting the
+ 'named_disable_trans=1' SELinux tunable boolean parameter.
+
+ The SELinux named policy defines these SELinux contexts for named:
+
+ named_zone_t : for zone database files - $ROOTDIR/var/named/*
+ named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
+ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
+
+
+ If you want to retain use of the SELinux policy for named, and put named files
+ in different locations, you can do so by changing the context of the custom
+ file locations .
+
+ To create a custom configuration file location, eg. '/root/named.conf', to use
+ with the 'named -c' option, do:
+
+ # chcon system_u:object_r:named_conf_t /root/named.conf
+
+
+ To create a custom modifiable named data location, eg. '/var/log/named' for a
+ log file, do:
+
+ # chcon system_u:object_r:named_cache_t /var/log/named
+
+
+ To create a custom zone file location, eg. /root/zones/, do:
+
+ # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
+
+
+ See these man-pages for more information : selinux(8), named_selinux(8), chcon
+ (1), setsebool(8)
+
+Q: I want to forward all DNS queries from my caching nameserver to another server.
+ But there are some domains which have to be served locally, via rbldnsd.
+
+ How do I achieve this ?
+
+A: options {
+ forward only;
+ forwarders { <ip.of.primary.nameserver>; };
+ };
+
+ zone "sbl-xbl.spamhaus.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+ zone "list.dsbl.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+
+Q: Will named be affected by the 2007 changes to daylight savings rules in the US.
+
+A: No, so long as the machines internal clock (as reported by "date -u") remains
+ at UTC. The only visible change if you fail to upgrade your OS, if you are in a
+ affected area, will be that log messages will be a hour out during the period
+ where the old rules do not match the new rules.
+
+ For most OS's this change just means that you need to update the conversion
+ rules from UTC to local time. Normally this involves updating a file in /etc
+ (which sets the default timezone for the machine) and possibly a directory
+ which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
+ When updating the OS do not forget to update any chroot areas as well. See your
+ OS's documetation for more details.
+
+ The local timezone conversion rules can also be done on a individual basis by
+ setting the TZ envirionment variable appropriately. See your OS's documentation
+ for more details.
+
Stichting NLnet - NLnet Foundation
Nominum, Inc.
+BIND 9.3.4
+
+ BIND 9.3.4 is a security release.
+
+BIND 9.3.3
+
+ BIND 9.3.3 is a maintenance release, containing fixes for
+ a number of bugs in 9.3.2.
BIND 9.3.2
--with-libtool does not work on AIX.
+ --with-libtool does not work on SunOS 4. configure
+ requires "printf" which is not available.
+
A bug in the Windows 2000 DNS server can cause zone transfers
from a BIND 9 server to a W2K server to fail. For details,
see the "Zone Transfers" section in doc/misc/migration.
Red Hat Linux 7.1
Debian GNU/Linux 2.2 and 3.0
Mandrake 8.1
- OpenBSD 2.6, 2.8, 2.9
+ OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8
UnixWare 7.1.1
HP-UX 10.20
BSD/OS 4.2
Enable DNSSEC signature chasing support in dig.
-DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-DDIG_SIGCHASE_BU=1)
+ Disable dropping queries from particular well known ports.
+ -DNS_CLIENT_DROPPORT=0
LDFLAGS
Linker flags. Defaults to empty string.
+ The following need to be set when cross compiling.
+
+ BUILD_CC
+ The native C compiler.
+ BUILD_CFLAGS (optional)
+ BUILD_CPPFLAGS (optional)
+ Possible Settings:
+ -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
+ BUILD_LDFLAGS (optional)
+ BUILD_LIBS (optional)
+
To build shared libraries, specify "--with-libtool" on the
configure command line.
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $
+.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: named\-checkconf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 14, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fBnamed\-checkconf\fR
checks the syntax, but not the semantics, of a named configuration file.
.SH "OPTIONS"
-.TP
+.TP 3n
\-t \fIdirectory\fR
chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.TP
+.TP 3n
\-v
Print the version of the
\fBnamed\-checkconf\fR
program and exit.
-.TP
+.TP 3n
\-z
Perform a check load the master zonefiles found in
\fInamed.conf\fR.
-.TP
+.TP 3n
\-j
When loading a zonefile read the journal if it exists.
-.TP
+.TP 3n
filename
The name of the configuration file to be checked. If not specified, it defaults to
\fI/etc/named.conf\fR.
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.12.12.9 2005/03/03 06:33:38 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */
#include <config.h>
}
static isc_result_t
-directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
+directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
isc_result_t result;
- char *directory;
+ const char *directory;
REQUIRE(strcasecmp("directory", clausename) == 0);
}
static isc_result_t
-configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
- isc_mem_t *mctx)
+configure_zone(const char *vclass, const char *view,
+ const cfg_obj_t *zconfig, isc_mem_t *mctx)
{
isc_result_t result;
const char *zclass;
const char *zname;
const char *zfile;
- cfg_obj_t *zoptions = NULL;
- cfg_obj_t *classobj = NULL;
- cfg_obj_t *typeobj = NULL;
- cfg_obj_t *fileobj = NULL;
- cfg_obj_t *dbobj = NULL;
+ const cfg_obj_t *zoptions = NULL;
+ const cfg_obj_t *classobj = NULL;
+ const cfg_obj_t *typeobj = NULL;
+ const cfg_obj_t *fileobj = NULL;
+ const cfg_obj_t *dbobj = NULL;
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
classobj = cfg_tuple_get(zconfig, "class");
}
static isc_result_t
-configure_view(const char *vclass, const char *view, cfg_obj_t *config,
- cfg_obj_t *vconfig, isc_mem_t *mctx)
+configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx)
{
- cfg_listelt_t *element;
- cfg_obj_t *voptions;
- cfg_obj_t *zonelist;
+ const cfg_listelt_t *element;
+ const cfg_obj_t *voptions;
+ const cfg_obj_t *zonelist;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *zconfig = cfg_listelt_value(element);
+ const cfg_obj_t *zconfig = cfg_listelt_value(element);
tresult = configure_zone(vclass, view, zconfig, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
static isc_result_t
-load_zones_fromconfig(cfg_obj_t *config, isc_mem_t *mctx) {
- cfg_listelt_t *element;
- cfg_obj_t *classobj;
- cfg_obj_t *views;
- cfg_obj_t *vconfig;
+load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
+ const cfg_listelt_t *element;
+ const cfg_obj_t *classobj;
+ const cfg_obj_t *views;
+ const cfg_obj_t *vconfig;
const char *vclass;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.html,v 1.5.2.1.4.12 2005/10/13 02:33:42 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkconf</span> — named configuration file syntax checking tool</p>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525865"></a><h2>DESCRIPTION</h2>
+<a name="id2549430"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
the semantics, of a named configuration file.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525878"></a><h2>OPTIONS</h2>
+<a name="id2549443"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525970"></a><h2>RETURN VALUES</h2>
+<a name="id2549534"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525982"></a><h2>SEE ALSO</h2>
+<a name="id2549547"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526006"></a><h2>AUTHOR</h2>
+<a name="id2549639"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: named\-checkzone
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 13, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fBnamed\-checkzone\fR
useful for checking zone files before configuring them into a name server.
.SH "OPTIONS"
-.TP
+.TP 3n
\-d
Enable debugging.
-.TP
+.TP 3n
\-q
Quiet mode \- exit code only.
-.TP
+.TP 3n
\-v
Print the version of the
\fBnamed\-checkzone\fR
program and exit.
-.TP
+.TP 3n
\-j
When loading the zone file read the journal if it exists.
-.TP
+.TP 3n
\-c \fIclass\fR
Specify the class of the zone. If not specified "IN" is assumed.
-.TP
+.TP 3n
\-k \fImode\fR
Perform
-\fB"check\-name"\fR
+\fB"check\-names"\fR
checks with the specified failure mode. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
-.TP
+.TP 3n
\-n \fImode\fR
Specify whether NS records should be checked to see if they are addresses. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
-.TP
+.TP 3n
\-o \fIfilename\fR
Write zone output to
\fIfilename\fR.
-.TP
+.TP 3n
\-t \fIdirectory\fR
chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.TP
+.TP 3n
\-w \fIdirectory\fR
chdir to
\fIdirectory\fR
so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
\fInamed.conf\fR.
-.TP
+.TP 3n
\-D
Dump zone file in canonical format.
-.TP
+.TP 3n
zonename
The domain name of the zone being checked.
-.TP
+.TP 3n
filename
The name of the zone file.
.SH "RETURN VALUES"
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.html,v 1.5.2.2.4.13 2005/10/13 02:33:42 marka Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.5.2.2.4.17 2006/10/05 02:50:17 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkzone</span> — zone file validity checking tool</p>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525922"></a><h2>DESCRIPTION</h2>
+<a name="id2549490"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
a zone file. It performs the same checks as <span><strong class="command">named</strong></span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525942"></a><h2>OPTIONS</h2>
+<a name="id2549510"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
- Perform <span><strong class="command">"check-name"</strong></span> checks with the specified failure mode.
+ Perform <span><strong class="command">"check-names"</strong></span> checks with the specified failure mode.
Possible modes are <span><strong class="command">"fail"</strong></span>,
<span><strong class="command">"warn"</strong></span> (default) and
<span><strong class="command">"ignore"</strong></span>.
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526187"></a><h2>RETURN VALUES</h2>
+<a name="id2549824"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526200"></a><h2>SEE ALSO</h2>
+<a name="id2549836"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526227"></a><h2>AUTHOR</h2>
+<a name="id2549863"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.14.2.4.2.10 2005/10/13 02:33:42 marka Exp $
+.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: dig
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fBdig\fR
looks like:
.sp
+.RS 3n
.nf
dig @server name type
.fi
+.RE
.sp
where:
-.TP
+.TP 3n
\fBserver\fR
is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
\fIserver\fR
consults
\fI/etc/resolv.conf\fR
and queries the name servers listed there. The reply from the name server that responds is displayed.
-.TP
+.TP 3n
\fBname\fR
is the name of the resource record that is to be looked up.
-.TP
+.TP 3n
\fBtype\fR
indicates what type of query is required \(em ANY, A, MX, SIG, etc.
\fItype\fR
no
to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
\fB+keyword=value\fR. The query options are:
-.TP
+.TP 3n
\fB+[no]tcp\fR
Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.TP
+.TP 3n
\fB+[no]vc\fR
Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.TP
+.TP 3n
\fB+[no]ignore\fR
Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.TP
+.TP 3n
\fB+domain=somename\fR
Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fI/etc/resolv.conf\fR, and enable search list processing as if the
\fI+search\fR
option were given.
-.TP
+.TP 3n
\fB+[no]search\fR
Use [do not use] the search list defined by the searchlist or domain directive in
\fIresolv.conf\fR
(if any). The search list is not used by default.
-.TP
+.TP 3n
\fB+[no]defname\fR
Deprecated, treated as a synonym for
\fI+[no]search\fR
-.TP
+.TP 3n
\fB+[no]aaonly\fR
Sets the "aa" flag in the query.
-.TP
+.TP 3n
\fB+[no]aaflag\fR
A synonym for
\fI+[no]aaonly\fR.
-.TP
+.TP 3n
\fB+[no]adflag\fR
Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
-.TP
+.TP 3n
\fB+[no]cdflag\fR
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.TP
+.TP 3n
\fB+[no]cl\fR
Display [do not display] the CLASS when printing the record.
-.TP
+.TP 3n
\fB+[no]ttlid\fR
Display [do not display] the TTL when printing the record.
-.TP
+.TP 3n
\fB+[no]recurse\fR
Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
\fBdig\fR
or
\fI+trace\fR
query options are used.
-.TP
+.TP 3n
\fB+[no]nssearch\fR
When this option is set,
\fBdig\fR
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.TP
+.TP 3n
\fB+[no]trace\fR
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.TP
+.TP 3n
\fB+[no]cmd\fR
toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
and the query options that have been applied. This comment is printed by default.
-.TP
+.TP 3n
\fB+[no]short\fR
Provide a terse answer. The default is to print the answer in a verbose form.
-.TP
+.TP 3n
\fB+[no]identify\fR
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.TP
+.TP 3n
\fB+[no]comments\fR
Toggle the display of comment lines in the output. The default is to print comments.
-.TP
+.TP 3n
\fB+[no]stats\fR
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
-.TP
+.TP 3n
\fB+[no]qr\fR
Print [do not print] the query as it is sent. By default, the query is not printed.
-.TP
+.TP 3n
\fB+[no]question\fR
Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.TP
+.TP 3n
\fB+[no]answer\fR
Display [do not display] the answer section of a reply. The default is to display it.
-.TP
+.TP 3n
\fB+[no]authority\fR
Display [do not display] the authority section of a reply. The default is to display it.
-.TP
+.TP 3n
\fB+[no]additional\fR
Display [do not display] the additional section of a reply. The default is to display it.
-.TP
+.TP 3n
\fB+[no]all\fR
Set or clear all display flags.
-.TP
+.TP 3n
\fB+time=T\fR
Sets the timeout for a query to
\fIT\fR
seconds. The default time out is 5 seconds. An attempt to set
\fIT\fR
to less than 1 will result in a query timeout of 1 second being applied.
-.TP
+.TP 3n
\fB+tries=T\fR
Sets the number of times to try UDP queries to server to
\fIT\fR
instead of the default, 3. If
\fIT\fR
is less than or equal to zero, the number of tries is silently rounded up to 1.
-.TP
+.TP 3n
\fB+retry=T\fR
Sets the number of times to retry UDP queries to server to
\fIT\fR
instead of the default, 2. Unlike
\fI+tries\fR, this does not include the initial query.
-.TP
+.TP 3n
\fB+ndots=D\fR
Set the number of dots that have to appear in
\fIname\fR
\fBdomain\fR
directive in
\fI/etc/resolv.conf\fR.
-.TP
+.TP 3n
\fB+bufsize=B\fR
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
-.TP
+.TP 3n
\fB+[no]multiline\fR
Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
output.
-.TP
+.TP 3n
\fB+[no]fail\fR
Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
-.TP
+.TP 3n
\fB+[no]besteffort\fR
Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.TP
+.TP 3n
\fB+[no]dnssec\fR
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.TP
+.TP 3n
\fB+[no]sigchase\fR
Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.TP
+.TP 3n
\fB+trusted\-key=####\fR
Specifies a file containing trusted keys to be used with
\fB+sigchase\fR. Each DNSKEY record must be on its own line.
in the current directory.
.sp
Requires dig be compiled with \-DDIG_SIGCHASE.
-.TP
+.TP 3n
\fB+[no]topdown\fR
When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.SH "MULTIPLE QUERIES"
\fB+[no]cmd\fR
option) can be overridden by a query\-specific set of query options. For example:
.sp
+.RS 3n
.nf
dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
.fi
+.RE
.sp
shows how
\fBdig\fR
.SH "BUGS "
.PP
There are probably too many query options.
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.157.2.13.2.29 2005/10/14 01:38:40 marka Exp $ */
+/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */
#include <config.h>
#include <stdlib.h>
* Anything which isn't an option
*/
if (open_type_class) {
- if (strncmp(rv[0], "ixfr=", 5) == 0) {
+ if (strncasecmp(rv[0], "ixfr=", 5) == 0) {
rdtype = dns_rdatatype_ixfr;
result = ISC_R_SUCCESS;
} else {
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.6.2.4.2.13 2005/10/13 02:33:43 marka Exp $ -->
+<!-- $Id: dig.html,v 1.6.2.4.2.15 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>dig — DNS lookup utility</p>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525976"></a><h2>DESCRIPTION</h2>
+<a name="id2549541"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526035"></a><h2>SIMPLE USAGE</h2>
+<a name="id2549600"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526114"></a><h2>OPTIONS</h2>
+<a name="id2549747"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid address on
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526365"></a><h2>QUERY OPTIONS</h2>
+<a name="id2549998"></a><h2>QUERY OPTIONS</h2>
<p>
<span><strong class="command">dig</strong></span> provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2527033"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2550666"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
specifying multiple queries on the command line (in addition to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2527092"></a><h2>FILES</h2>
+<a name="id2550725"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2527111"></a><h2>SEE ALSO</h2>
+<a name="id2550744"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2527149"></a><h2>BUGS </h2>
+<a name="id2550782"></a><h2>BUGS </h2>
<p>
There are probably too many query options.
</p>
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.221.2.19.2.31 2005/10/14 01:38:40 marka Exp $ */
+/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */
/*
* Notice to programmers: Do not use this code as an example of how to
recv_done(isc_task_t *task, isc_event_t *event);
static void
+send_udp(dig_query_t *query);
+
+static void
connect_timeout(isc_task_t *task, isc_event_t *event);
static void
if (lwresult != LWRES_R_SUCCESS)
fatal("lwres_context_create failed");
- if (isc_file_exists(RESOLV_CONF))
- lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
- if (lwresult != LWRES_R_SUCCESS)
+ lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
+ if (lwresult != LWRES_R_SUCCESS && lwresult != LWRES_R_NOTFOUND)
fatal("parse of %s failed", RESOLV_CONF);
lwconf = lwres_conf_get(lwctx);
isc_mempool_put(commctx, query->recvspace);
isc_buffer_invalidate(&query->recvbuf);
isc_buffer_invalidate(&query->lengthbuf);
- isc_mem_free(mctx, query);
+ if (query->waiting_senddone)
+ query->pending_free = ISC_TRUE;
+ else
+ isc_mem_free(mctx, query);
}
/*
debug("query to %s still pending", q->servname);
q = ISC_LIST_NEXT(q, link);
}
- return (ISC_FALSE);
}
+ return (ISC_FALSE);
}
+
/*
* At this point, we know there are no queries on the lookup,
* so can make it go away also.
return (ISC_TRUE);
}
-
/*
* If we can, start the next lookup in the queue running.
* This assumes that the lookup on the head of the queue hasn't been
check_result(result, "dns_compress_init");
debug("starting to render the message");
- isc_buffer_init(&lookup->sendbuf, lookup->sendspace, COMMSIZE);
+ isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE);
result = dns_message_renderbegin(lookup->sendmsg, &cctx,
- &lookup->sendbuf);
+ &lookup->renderbuf);
check_result(result, "dns_message_renderbegin");
if (lookup->udpsize > 0 || lookup->dnssec) {
if (lookup->udpsize == 0)
/*
* Force TCP mode if the request is larger than 512 bytes.
*/
- if (isc_buffer_usedlength(&lookup->sendbuf) > 512)
+ if (isc_buffer_usedlength(&lookup->renderbuf) > 512)
lookup->tcp_mode = ISC_TRUE;
lookup->pending = ISC_FALSE;
query, lookup);
query->lookup = lookup;
query->waiting_connect = ISC_FALSE;
+ query->waiting_senddone = ISC_FALSE;
+ query->pending_free = ISC_FALSE;
query->recv_made = ISC_FALSE;
query->first_pass = ISC_TRUE;
query->first_soa_rcvd = ISC_FALSE;
isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
isc_buffer_init(&query->lengthbuf, query->lengthspace, 2);
isc_buffer_init(&query->slbuf, query->slspace, 2);
+ query->sendbuf = lookup->renderbuf;
ISC_LINK_INIT(query, link);
ISC_LIST_ENQUEUE(lookup->q, query, link);
*/
static void
send_done(isc_task_t *_task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+ isc_buffer_t *b = NULL;
+ dig_query_t *query, *next;
+ dig_lookup_t *l;
+
REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
UNUSED(_task);
LOCK_LOOKUP;
- isc_event_free(&event);
-
debug("send_done()");
sendcount--;
debug("sendcount=%d", sendcount);
INSIST(sendcount >= 0);
+
+ for (b = ISC_LIST_HEAD(sevent->bufferlist);
+ b != NULL;
+ b = ISC_LIST_HEAD(sevent->bufferlist))
+ ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
+
+ query = event->ev_arg;
+ query->waiting_senddone = ISC_FALSE;
+ l = query->lookup;
+
+ if (l->ns_search_only && !l->trace_root) {
+ debug("sending next, since searching");
+ next = ISC_LIST_NEXT(query, link);
+ if (next != NULL)
+ send_udp(next);
+ }
+
+ isc_event_free(&event);
+
+ if (query->pending_free)
+ isc_mem_free(mctx, query);
+
check_if_done();
UNLOCK_LOOKUP;
}
static void
send_udp(dig_query_t *query) {
dig_lookup_t *l = NULL;
- dig_query_t *next;
isc_result_t result;
debug("send_udp(%p)", query);
debug("recvcount=%d", recvcount);
}
ISC_LIST_INIT(query->sendlist);
- ISC_LINK_INIT(&l->sendbuf, link);
- ISC_LIST_ENQUEUE(query->sendlist, &l->sendbuf,
- link);
+ ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
debug("sending a request");
TIME_NOW(&query->time_sent);
INSIST(query->sock != NULL);
+ query->waiting_senddone = ISC_TRUE;
result = isc_socket_sendtov(query->sock, &query->sendlist,
global_task, send_done, query,
&query->sockaddr, NULL);
check_result(result, "isc_socket_sendtov");
sendcount++;
- /*
- * If we're at the endgame of a nameserver search, we need to
- * immediately bring up all the queries. Do it here.
- */
- if (l->ns_search_only && !l->trace_root) {
- debug("sending next, since searching");
- next = ISC_LIST_NEXT(query, link);
- if (next != NULL)
- send_udp(next);
- }
}
/*
recvcount--;
INSIST(recvcount >= 0);
+ b = ISC_LIST_HEAD(sevent->bufferlist);
+ INSIST(b == &query->lengthbuf);
+ ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
+
if (sevent->result == ISC_R_CANCELED) {
isc_event_free(&event);
l = query->lookup;
UNLOCK_LOOKUP;
return;
}
- b = ISC_LIST_HEAD(sevent->bufferlist);
- ISC_LIST_DEQUEUE(sevent->bufferlist, &query->lengthbuf, link);
length = isc_buffer_getuint16(b);
if (length == 0) {
isc_event_free(&event);
isc_buffer_clear(&query->slbuf);
isc_buffer_clear(&query->lengthbuf);
- isc_buffer_putuint16(&query->slbuf,
- (isc_uint16_t) query->lookup->sendbuf.used);
+ isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used);
ISC_LIST_INIT(query->sendlist);
ISC_LINK_INIT(&query->slbuf, link);
ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link);
- if (include_question) {
- ISC_LINK_INIT(&query->lookup->sendbuf, link);
- ISC_LIST_ENQUEUE(query->sendlist, &query->lookup->sendbuf,
- link);
- }
+ if (include_question)
+ ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
ISC_LINK_INIT(&query->lengthbuf, link);
ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link);
if (!query->first_soa_rcvd) {
debug("sending a request in launch_next_query");
TIME_NOW(&query->time_sent);
+ query->waiting_senddone = ISC_TRUE;
result = isc_socket_sendv(query->sock, &query->sendlist,
global_task, send_done, query);
check_result(result, "isc_socket_sendv");
REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
sevent = (isc_socketevent_t *)event;
+ b = ISC_LIST_HEAD(sevent->bufferlist);
+ INSIST(b == &query->recvbuf);
+ ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link);
+
if ((l->tcp_mode) && (l->timer != NULL))
isc_timer_touch(l->timer);
if ((!l->pending && !l->ns_search_only) || cancel_now) {
return;
}
- b = ISC_LIST_HEAD(sevent->bufferlist);
- ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link);
-
if (!l->tcp_mode &&
!isc_sockaddr_equal(&sevent->address, &query->sockaddr)) {
char buf1[ISC_SOCKADDR_FORMATSIZE];
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.11.2.1.4.7 2005/10/13 02:33:43 marka Exp $
+.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: host
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.PP
\fBdig\fR(1),
\fBnamed\fR(8).
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.76.2.5.2.13 2005/07/04 03:29:45 marka Exp $ */
+/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */
#include <config.h>
#include <limits.h>
#include <dns/rdataclass.h>
#include <dns/rdataset.h>
#include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
#include <dig/dig.h>
static int seen_error = -1;
static isc_boolean_t list_addresses = ISC_TRUE;
static dns_rdatatype_t list_type = dns_rdatatype_a;
+static isc_boolean_t printed_server = ISC_FALSE;
static const char *opcodetext[] = {
"QUERY",
return (ISC_R_SUCCESS);
}
+static void
+chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
+ isc_result_t result;
+ dns_rdataset_t *rdataset;
+ dns_rdata_cname_t cname;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ unsigned int i = msg->counts[DNS_SECTION_ANSWER];
+
+ while (i-- > 0) {
+ rdataset = NULL;
+ result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+ dns_rdatatype_cname, 0, NULL,
+ &rdataset);
+ if (result != ISC_R_SUCCESS)
+ return;
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "dns_rdataset_first");
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &cname, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ dns_name_copy(&cname.cname, qname, NULL);
+ dns_rdata_freestruct(&cname);
+ }
+}
+
isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
isc_boolean_t did_flag = ISC_FALSE;
*/
force_error = (seen_error == 1) ? 1 : 0;
seen_error = 1;
- if (listed_server) {
+ if (listed_server && !printed_server) {
char sockstr[ISC_SOCKADDR_FORMATSIZE];
printf("Using domain server:\n");
sizeof(sockstr));
printf("Address: %s\n", sockstr);
printf("Aliases: \n\n");
+ printed_server = ISC_TRUE;
}
if (msg->rcode != 0) {
if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
char namestr[DNS_NAME_FORMATSIZE];
dig_lookup_t *lookup;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
/* Add AAAA and MX lookups. */
-
- dns_name_format(query->lookup->name, namestr, sizeof(namestr));
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ dns_name_copy(query->lookup->name, name, NULL);
+ chase_cnamechain(msg, name);
+ dns_name_format(name, namestr, sizeof(namestr));
lookup = clone_lookup(query->lookup, ISC_FALSE);
if (lookup != NULL) {
strncpy(lookup->textname, namestr,
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.4.2.1.4.12 2005/10/13 02:33:44 marka Exp $ -->
+<!-- $Id: host.html,v 1.4.2.1.4.14 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>host — DNS lookup utility</p>
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525901"></a><h2>DESCRIPTION</h2>
+<a name="id2549466"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526241"></a><h2>FILES</h2>
+<a name="id2549874"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526253"></a><h2>SEE ALSO</h2>
+<a name="id2549886"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.71.2.6.2.11 2005/07/04 03:29:45 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */
#ifndef DIG_H
#define DIG_H
char onamespace[BUFSIZE];
isc_buffer_t namebuf;
isc_buffer_t onamebuf;
- isc_buffer_t sendbuf;
+ isc_buffer_t renderbuf;
char *sendspace;
dns_name_t *name;
isc_timer_t *timer;
struct dig_query {
dig_lookup_t *lookup;
isc_boolean_t waiting_connect,
+ pending_free,
+ waiting_senddone,
first_pass,
first_soa_rcvd,
second_rr_rcvd,
ISC_LINK(dig_query_t) link;
isc_sockaddr_t sockaddr;
isc_time_t time_sent;
+ isc_buffer_t sendbuf;
};
struct dig_server {
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $
+.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: nslookup
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.SH "ARGUMENTS"
.PP
Interactive mode is entered in the following cases:
-.TP 3
+.TP 3n
1.
when no arguments are given (the default name server will be used)
-.TP
+.TP 3n
2.
when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
+.sp
+.RE
.PP
Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
.PP
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi
+.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
.SH "INTERACTIVE COMMANDS"
-.TP
+.TP 3n
host [server]
Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
.sp
To look up a host not in the current domain, append a period to the name.
-.TP
+.TP 3n
\fBserver\fR \fIdomain\fR
-.TP
+.TP 3n
\fBlserver\fR \fIdomain\fR
Change the default server to
\fIdomain\fR;
\fIdomain\fR, while
\fBserver\fR
uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.TP
+.TP 3n
\fBroot\fR
not implemented
-.TP
+.TP 3n
\fBfinger\fR
not implemented
-.TP
+.TP 3n
\fBls\fR
not implemented
-.TP
+.TP 3n
\fBview\fR
not implemented
-.TP
+.TP 3n
\fBhelp\fR
not implemented
-.TP
+.TP 3n
\fB?\fR
not implemented
-.TP
+.TP 3n
\fBexit\fR
Exits the program.
-.TP
+.TP 3n
\fBset\fR \fIkeyword\fR\fI[=value]\fR
This command is used to change state information that affects the lookups. Valid keywords are:
-.RS
-.TP
+.RS 3n
+.TP 3n
\fBall\fR
Prints the current values of the frequently used options to
\fBset\fR. Information about the current default server and host is also printed.
-.TP
+.TP 3n
\fBclass=\fR\fIvalue\fR
Change the query class to one of:
-.RS
-.TP
+.RS 3n
+.TP 3n
\fBIN\fR
the Internet class
-.TP
+.TP 3n
\fBCH\fR
the Chaos class
-.TP
+.TP 3n
\fBHS\fR
the Hesiod class
-.TP
+.TP 3n
\fBANY\fR
wildcard
.RE
-.IP
+.IP "" 3n
The class specifies the protocol group of the information.
.sp
(Default = IN; abbreviation = cl)
-.TP
+.TP 3n
\fB\fI[no]\fR\fR\fBdebug\fR
Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
.sp
(Default = nodebug; abbreviation =
[no]deb)
-.TP
+.TP 3n
\fB\fI[no]\fR\fR\fBd2\fR
Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
.sp
(Default = nod2)
-.TP
+.TP 3n
\fBdomain=\fR\fIname\fR
Sets the search list to
\fIname\fR.
-.TP
+.TP 3n
\fB\fI[no]\fR\fR\fBsearch\fR
If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
.sp
(Default = search)
-.TP
+.TP 3n
\fBport=\fR\fIvalue\fR
Change the default TCP/UDP name server port to
\fIvalue\fR.
.sp
(Default = 53; abbreviation = po)
-.TP
+.TP 3n
\fBquerytype=\fR\fIvalue\fR
-.TP
+.TP 3n
\fBtype=\fR\fIvalue\fR
-Change the top of the information query.
+Change the type of the information query.
.sp
(Default = A; abbreviations = q, ty)
-.TP
+.TP 3n
\fB\fI[no]\fR\fR\fBrecurse\fR
Tell the name server to query other servers if it does not have the information.
.sp
(Default = recurse; abbreviation = [no]rec)
-.TP
+.TP 3n
\fBretry=\fR\fInumber\fR
Set the number of retries to number.
-.TP
+.TP 3n
\fBtimeout=\fR\fInumber\fR
Change the initial timeout interval for waiting for a reply to number seconds.
-.TP
+.TP 3n
\fB\fI[no]\fR\fR\fBvc\fR
Always use a virtual circuit when sending requests to the server.
.sp
(Default = novc)
.RE
-.IP
+.IP "" 3n
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
.SH "AUTHOR"
.PP
Andrew Cherenson
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.90.2.4.2.10 2005/07/12 05:47:42 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */
#include <config.h>
if (buf == NULL)
fatal("memory allocation failure");
fputs("> ", stderr);
+ fflush(stderr);
isc_app_block();
ptr = fgets(buf, COMMSIZE, stdin);
isc_app_unblock();
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.html,v 1.1.6.9 2005/10/13 02:33:44 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.6.12 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463728"></a><div class="titlepage"></div>
+<a name="id2482694"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nslookup — query Internet name servers interactively</p>
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525973"></a><h2>DESCRIPTION</h2>
+<a name="id2549404"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">Nslookup</strong></span>
is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525990"></a><h2>ARGUMENTS</h2>
+<a name="id2549421"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526033"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2549464"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl>
<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
<dd>
<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
<dd>
<p>
- Change the top of the information query.
+ Change the type of the information query.
</p>
<p>
(Default = A; abbreviations = q, ty)
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526490"></a><h2>FILES</h2>
+<a name="id2549990"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526503"></a><h2>SEE ALSO</h2>
+<a name="id2550003"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526538"></a><h2>Author</h2>
+<a name="id2550038"></a><h2>Author</h2>
<p>
Andrew Cherenson
</p>
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: dnssec\-keygen
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fBdnssec\-keygen\fR
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.SH "OPTIONS"
-.TP
+.TP 3n
\-a \fIalgorithm\fR
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
.sp
Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
-.TP
+.TP 3n
\-b \fIkeysize\fR
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
-.TP
+.TP 3n
\-n \fInametype\fR
Specifies the owner type of the key. The value of
\fBnametype\fR
must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.TP
+.TP 3n
\-c \fIclass\fR
Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.TP
+.TP 3n
\-e
If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.TP
+.TP 3n
\-f \fIflag\fR
Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.TP
+.TP 3n
\-g \fIgenerator\fR
If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.TP
+.TP 3n
\-h
Prints a short summary of the options and arguments to
\fBdnssec\-keygen\fR.
-.TP
+.TP 3n
\-k
Generate KEY records rather than DNSKEY records.
-.TP
+.TP 3n
\-p \fIprotocol\fR
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.TP
+.TP 3n
\-r \fIrandomdev\fR
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP
+.TP 3n
\-s \fIstrength\fR
Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.TP
+.TP 3n
\-t \fItype\fR
Indicates the use of the key.
\fBtype\fR
must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.TP
+.TP 3n
\-v \fIlevel\fR
Sets the debugging level.
.SH "GENERATED KEYS"
completes successfully, it prints a string of the form
\fIKnnnn.+aaa+iiiii\fR
to the standard output. This is an identification string for the key it has generated.
-.TP 3
+.TP 3n
\(bu
\fInnnn\fR
is the key name.
-.TP
+.TP 3n
\(bu
\fIaaa\fR
is the numeric representation of the algorithm.
-.TP
+.TP 3n
\(bu
\fIiiiii\fR
is the key identifier (or footprint).
+.sp
+.RE
.PP
\fBdnssec\-keygen\fR
creates two file, with names based on the printed string.
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.13 2005/10/13 02:33:45 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-keygen</span> — DNSSEC key generation tool</p>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525956"></a><h2>DESCRIPTION</h2>
+<a name="id2549521"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
(Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525969"></a><h2>OPTIONS</h2>
+<a name="id2549533"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526306"></a><h2>GENERATED KEYS</h2>
+<a name="id2549939"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526394"></a><h2>EXAMPLE</h2>
+<a name="id2550027"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526440"></a><h2>SEE ALSO</h2>
+<a name="id2550073"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526473"></a><h2>AUTHOR</h2>
+<a name="id2550106"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.10 2005/10/13 02:33:45 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: dnssec\-signzone
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fIkeyset\fR
file for each child zone.
.SH "OPTIONS"
-.TP
+.TP 3n
\-a
Verify all generated signatures.
-.TP
+.TP 3n
\-c \fIclass\fR
Specifies the DNS class of the zone.
-.TP
+.TP 3n
\-k \fIkey\fR
Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
-.TP
+.TP 3n
\-l \fIdomain\fR
Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
-.TP
+.TP 3n
\-d \fIdirectory\fR
Look for
\fIkeyset\fR
files in
\fBdirectory\fR
as the directory
-.TP
+.TP 3n
\-g
Generate DS records for child zones from keyset files. Existing DS records will be removed.
-.TP
+.TP 3n
\-s \fIstart\-time\fR
Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
\fBstart\-time\fR
is specified, the current time minus 1 hour (to allow for clock skew) is used.
-.TP
+.TP 3n
\-e \fIend\-time\fR
Specify the date and time when the generated RRSIG records expire. As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBend\-time\fR
is specified, 30 days from the start time is used as a default.
-.TP
+.TP 3n
\-f \fIoutput\-file\fR
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
to the input file.
-.TP
+.TP 3n
\-h
Prints a short summary of the options and arguments to
\fBdnssec\-signzone\fR.
-.TP
+.TP 3n
\-i \fIinterval\fR
When a previously signed zone is passed as input, records may be resigned. The
\fBinterval\fR
are specified,
\fBdnssec\-signzone\fR
generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
-.TP
+.TP 3n
\-n \fIncpus\fR
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.TP
+.TP 3n
\-o \fIorigin\fR
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.TP
+.TP 3n
\-p
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.TP
+.TP 3n
\-r \fIrandomdev\fR
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP
+.TP 3n
\-t
Print statistics at completion.
-.TP
+.TP 3n
\-v \fIlevel\fR
Sets the debugging level.
-.TP
+.TP 3n
\-z
Ignore KSK flag on key when determining what to sign.
-.TP
+.TP 3n
zonefile
The file containing the zone to be signed.
-.TP
+.TP 3n
key
The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
.SH "EXAMPLE"
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
/*
- * Portions Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.139.2.2.4.21 2005/10/14 01:38:41 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */
#include <config.h>
result = dns_dbiterator_next(dbiter);
continue;
}
- if (result != ISC_R_SUCCESS) {
- dns_db_detachnode(gdb, &nextnode);
- break;
- }
if (!dns_name_issubdomain(nextname, gorigin) ||
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut)))
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.14 2005/10/13 02:33:46 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.16 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525979"></a><h2>DESCRIPTION</h2>
+<a name="id2549544"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525995"></a><h2>OPTIONS</h2>
+<a name="id2549560"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526435"></a><h2>EXAMPLE</h2>
+<a name="id2550068"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526485"></a><h2>SEE ALSO</h2>
+<a name="id2550118"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526512"></a><h2>AUTHOR</h2>
+<a name="id2550145"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */
+/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */
#include <config.h>
* Find the definition of the named acl whose name is "name".
*/
static isc_result_t
-get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
+get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) {
isc_result_t result;
- cfg_obj_t *acls = NULL;
- cfg_listelt_t *elt;
+ const cfg_obj_t *acls = NULL;
+ const cfg_listelt_t *elt;
result = cfg_map_get(cctx, "acl", &acls);
if (result != ISC_R_SUCCESS)
for (elt = cfg_list_first(acls);
elt != NULL;
elt = cfg_list_next(elt)) {
- cfg_obj_t *acl = cfg_listelt_value(elt);
+ const cfg_obj_t *acl = cfg_listelt_value(elt);
const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
if (strcasecmp(aclname, name) == 0) {
*ret = cfg_tuple_get(acl, "value");
}
static isc_result_t
-convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
+convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx,
ns_aclconfctx_t *ctx, isc_mem_t *mctx,
dns_acl_t **target)
{
isc_result_t result;
- cfg_obj_t *cacl = NULL;
+ const cfg_obj_t *cacl = NULL;
dns_acl_t *dacl;
dns_acl_t loop;
- char *aclname = cfg_obj_asstring(nameobj);
+ const char *aclname = cfg_obj_asstring(nameobj);
/* Look for an already-converted version. */
for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
*/
memset(&loop, 0, sizeof(loop));
ISC_LINK_INIT(&loop, nextincache);
- loop.name = aclname;
+ DE_CONST(aclname, loop.name);
loop.magic = LOOP_MAGIC;
ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache);
result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl);
}
static isc_result_t
-convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
+convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
isc_result_t result;
isc_buffer_t buf;
dns_fixedname_t fixname;
}
isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
- cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+ const cfg_obj_t *cctx,
ns_aclconfctx_t *ctx,
isc_mem_t *mctx,
dns_acl_t **target)
unsigned int count;
dns_acl_t *dacl = NULL;
dns_aclelement_t *de;
- cfg_listelt_t *elt;
+ const cfg_listelt_t *elt;
REQUIRE(target != NULL && *target == NULL);
elt != NULL;
elt = cfg_list_next(elt))
{
- cfg_obj_t *ce = cfg_listelt_value(elt);
+ const cfg_obj_t *ce = cfg_listelt_value(elt);
if (cfg_obj_istuple(ce)) {
/* This must be a negated element. */
ce = cfg_tuple_get(ce, "value");
goto cleanup;
} else if (cfg_obj_isstring(ce)) {
/* ACL name */
- char *name = cfg_obj_asstring(ce);
+ const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0) {
de->type = dns_aclelementtype_localhost;
} else if (strcasecmp(name, "localnets") == 0) {
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.13.4.26 2005/07/27 02:53:14 marka Exp $ */
+/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */
#include <config.h>
* Must be greater than any valid state.
*/
+/*
+ * Enable ns_client_dropport() by default.
+ */
+#ifndef NS_CLIENT_DROPPORT
+#define NS_CLIENT_DROPPORT 1
+#endif
static void client_read(ns_client_t *client);
static void client_accept(ns_client_t *client);
}
/*
* I/O cancel is complete. Burn down all state
- * related to the current request.
+ * related to the current request. Ensure that
+ * the client is on the active list and not the
+ * recursing list.
*/
+ LOCK(&client->manager->lock);
+ if (client->list == &client->manager->recursing) {
+ ISC_LIST_UNLINK(*client->list, client, link);
+ ISC_LIST_APPEND(client->manager->active, client, link);
+ client->list = &client->manager->active;
+ }
+ UNLOCK(&client->manager->lock);
ns_client_endrequest(client);
client->state = NS_CLIENTSTATE_READING;
ns_client_next(client, result);
}
+#if NS_CLIENT_DROPPORT
+#define DROPPORT_NO 0
+#define DROPPORT_REQUEST 1
+#define DROPPORT_RESPONSE 2
+/*%
+ * ns_client_dropport determines if certain requests / responses
+ * should be dropped based on the port number.
+ *
+ * Returns:
+ * \li 0: Don't drop.
+ * \li 1: Drop request.
+ * \li 2: Drop (error) response.
+ */
+static int
+ns_client_dropport(in_port_t port) {
+ switch (port) {
+ case 7: /* echo */
+ case 13: /* daytime */
+ case 19: /* chargen */
+ case 37: /* time */
+ return (DROPPORT_REQUEST);
+ case 464: /* kpasswd */
+ return (DROPPORT_RESPONSE);
+ }
+ return (DROPPORT_NO);
+}
+#endif
+
void
ns_client_error(ns_client_t *client, isc_result_t result) {
dns_rcode_t rcode;
message = client->message;
rcode = dns_result_torcode(result);
+#if NS_CLIENT_DROPPORT
+ /*
+ * Don't send FORMERR to ports on the drop port list.
+ */
+ if (rcode == dns_rcode_formerr &&
+ ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
+ DROPPORT_NO) {
+ char buf[64];
+ isc_buffer_t b;
+
+ isc_buffer_init(&b, buf, sizeof(buf) - 1);
+ if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS)
+ isc_buffer_putstr(&b, "UNKNOWN RCODE");
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "dropped error (%.*s) response: suspicious port",
+ (int)isc_buffer_usedlength(&b), buf);
+ ns_client_next(client, ISC_R_SUCCESS);
+ return;
+ }
+#endif
+
/*
* Message may be an in-progress reply that we had trouble
* with, in which case QR will be set. We need to clear QR before
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+#if NS_CLIENT_DROPPORT
+ if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
+ DROPPORT_REQUEST) {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "dropped request: suspicious port");
+ ns_client_next(client, ISC_R_SUCCESS);
+ goto cleanup;
+ }
+#endif
+
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"%s request",
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
"dropping multicast request");
ns_client_next(client, DNS_R_REFUSED);
+ goto cleanup;
}
result = dns_message_peekheader(buffer, &id, &flags);
* Decide whether recursive service is available to this client.
* We do this here rather than in the query code so that we can
* set the RA bit correctly on all kinds of responses, not just
- * responses to ordinary queries.
+ * responses to ordinary queries. Note if you can't query the
+ * cache there is no point in setting RA.
*/
ra = ISC_FALSE;
if (client->view->resolver != NULL &&
client->view->recursion == ISC_TRUE &&
ns_client_checkaclsilent(client, client->view->recursionacl,
+ ISC_TRUE) == ISC_R_SUCCESS &&
+ ns_client_checkaclsilent(client, client->view->queryacl,
ISC_TRUE) == ISC_R_SUCCESS)
ra = ISC_TRUE;
}
UNLOCK(&manager->lock);
}
+
+void
+ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
+
+ if (client->manager != NULL)
+ LOCK(&client->manager->lock);
+ if (client->query.restarts > 0) {
+ /*
+ * client->query.qname was dynamically allocated.
+ */
+ dns_message_puttempname(client->message,
+ &client->query.qname);
+ }
+ client->query.qname = name;
+ if (client->manager != NULL)
+ UNLOCK(&client->manager->lock);
+}
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.c,v 1.11.2.4.8.29 2004/10/05 02:52:26 marka Exp $ */
+/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */
#include <config.h>
}
isc_result_t
-ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) {
+ns_config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
int i;
for (i = 0;; i++) {
}
isc_result_t
-ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) {
- cfg_listelt_t *element;
- cfg_obj_t *checknames;
- cfg_obj_t *type;
- cfg_obj_t *value;
+ns_checknames_get(const cfg_obj_t **maps, const char *which,
+ const cfg_obj_t **obj)
+{
+ const cfg_listelt_t *element;
+ const cfg_obj_t *checknames;
+ const cfg_obj_t *type;
+ const cfg_obj_t *value;
int i;
for (i = 0;; i++) {
}
int
-ns_config_listcount(cfg_obj_t *list) {
- cfg_listelt_t *e;
+ns_config_listcount(const cfg_obj_t *list) {
+ const cfg_listelt_t *e;
int i = 0;
for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
}
isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
dns_rdataclass_t *classp) {
- char *str;
+ const char *str;
isc_textregion_t r;
isc_result_t result;
return (ISC_R_SUCCESS);
}
str = cfg_obj_asstring(classobj);
- r.base = str;
+ DE_CONST(str, r.base);
r.length = strlen(str);
result = dns_rdataclass_fromtext(classp, &r);
if (result != ISC_R_SUCCESS)
}
isc_result_t
-ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype,
+ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
dns_rdatatype_t *typep) {
- char *str;
+ const char *str;
isc_textregion_t r;
isc_result_t result;
return (ISC_R_SUCCESS);
}
str = cfg_obj_asstring(typeobj);
- r.base = str;
+ DE_CONST(str, r.base);
r.length = strlen(str);
result = dns_rdatatype_fromtext(typep, &r);
if (result != ISC_R_SUCCESS)
}
dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
dns_zonetype_t ztype = dns_zone_none;
- char *str;
+ const char *str;
str = cfg_obj_asstring(zonetypeobj);
if (strcasecmp(str, "master") == 0)
}
isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
in_port_t defport, isc_mem_t *mctx,
isc_sockaddr_t **addrsp, isc_uint32_t *countp)
{
int count, i = 0;
- cfg_obj_t *addrlist;
- cfg_obj_t *portobj;
- cfg_listelt_t *element;
+ const cfg_obj_t *addrlist;
+ const cfg_obj_t *portobj;
+ const cfg_listelt_t *element;
isc_sockaddr_t *addrs;
in_port_t port;
isc_result_t result;
}
static isc_result_t
-get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
+get_masters_def(const cfg_obj_t *cctx, const char *name,
+ const cfg_obj_t **ret)
+{
isc_result_t result;
- cfg_obj_t *masters = NULL;
- cfg_listelt_t *elt;
+ const cfg_obj_t *masters = NULL;
+ const cfg_listelt_t *elt;
result = cfg_map_get(cctx, "masters", &masters);
if (result != ISC_R_SUCCESS)
for (elt = cfg_list_first(masters);
elt != NULL;
elt = cfg_list_next(elt)) {
- cfg_obj_t *list;
+ const cfg_obj_t *list;
const char *listname;
list = cfg_listelt_value(elt);
}
isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
- isc_sockaddr_t **addrsp, dns_name_t ***keysp,
- isc_uint32_t *countp)
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+ isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keysp, isc_uint32_t *countp)
{
isc_uint32_t addrcount = 0, keycount = 0, i = 0;
isc_uint32_t listcount = 0, l = 0, j;
isc_uint32_t stackcount = 0, pushed = 0;
isc_result_t result;
- cfg_listelt_t *element;
- cfg_obj_t *addrlist;
- cfg_obj_t *portobj;
+ const cfg_listelt_t *element;
+ const cfg_obj_t *addrlist;
+ const cfg_obj_t *portobj;
in_port_t port;
dns_fixedname_t fname;
isc_sockaddr_t *addrs = NULL;
dns_name_t **keys = NULL;
- char **lists = NULL;
+ const char **lists = NULL;
struct {
- cfg_listelt_t *element;
+ const cfg_listelt_t *element;
in_port_t port;
} *stack = NULL;
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
- return (ISC_R_RANGE);
+ result = ISC_R_RANGE;
+ goto cleanup;
}
port = (in_port_t) val;
} else {
result = ns_config_getport(config, &port);
if (result != ISC_R_SUCCESS)
- return (result);
+ goto cleanup;
}
result = ISC_R_NOMEMORY;
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *addr;
- cfg_obj_t *key;
- char *keystr;
+ const cfg_obj_t *addr;
+ const cfg_obj_t *key;
+ const char *keystr;
isc_buffer_t b;
addr = cfg_tuple_get(cfg_listelt_value(element),
key = cfg_tuple_get(cfg_listelt_value(element), "key");
if (!cfg_obj_issockaddr(addr)) {
- char *listname = cfg_obj_asstring(addr);
+ const char *listname = cfg_obj_asstring(addr);
isc_result_t tresult;
/* Grow lists? */
if (new == NULL)
goto cleanup;
memcpy(new, addrs, newsize);
- isc_mem_put(mctx, addrs, oldsize);
} else
new = NULL;
+ isc_mem_put(mctx, addrs, oldsize);
addrs = new;
addrcount = i;
if (new == NULL)
goto cleanup;
memcpy(new, keys, newsize);
- isc_mem_put(mctx, keys, oldsize);
} else
new = NULL;
+ isc_mem_put(mctx, keys, oldsize);
keys = new;
keycount = i;
}
}
isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
- cfg_obj_t *maps[3];
- cfg_obj_t *options = NULL;
- cfg_obj_t *portobj = NULL;
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *portobj = NULL;
isc_result_t result;
int i;
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.28.2.9.2.6 2004/03/08 09:04:14 marka Exp $ */
+/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */
#include <config.h>
{
ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
+ if (secret.rstart != NULL)
+ isc_mem_put(listener->mctx, secret.rstart,
+ REGION_SIZE(secret));
secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
if (secret.rstart == NULL)
goto cleanup;
*/
if (request != NULL)
isccc_sexpr_free(&request);
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
} else {
log_invalid(&conn->ccmsg, result);
goto cleanup;
}
static isc_result_t
-cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
- cfg_listelt_t *element;
+cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
+ const cfg_obj_t **objp)
+{
+ const cfg_listelt_t *element;
const char *str;
- cfg_obj_t *obj;
+ const cfg_obj_t *obj;
for (element = cfg_list_first(keylist);
element != NULL;
}
static isc_result_t
-controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
+controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
controlkeylist_t *keyids)
{
- cfg_listelt_t *element;
+ const cfg_listelt_t *element;
char *newstr = NULL;
const char *str;
- cfg_obj_t *obj;
+ const cfg_obj_t *obj;
controlkey_t *key = NULL;
for (element = cfg_list_first(keylist);
}
static void
-register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
+register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
{
controlkey_t *keyid, *next;
- cfg_obj_t *keydef;
+ const cfg_obj_t *keydef;
char secret[1024];
isc_buffer_t b;
isc_result_t result;
ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx);
} else {
- cfg_obj_t *algobj = NULL;
- cfg_obj_t *secretobj = NULL;
- char *algstr = NULL;
- char *secretstr = NULL;
+ const cfg_obj_t *algobj = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const char *algstr = NULL;
+ const char *secretstr = NULL;
(void)cfg_map_get(keydef, "algorithm", &algobj);
(void)cfg_map_get(keydef, "secret", &secretobj);
isc_result_t result;
cfg_parser_t *pctx = NULL;
cfg_obj_t *config = NULL;
- cfg_obj_t *key = NULL;
- cfg_obj_t *algobj = NULL;
- cfg_obj_t *secretobj = NULL;
- char *algstr = NULL;
- char *secretstr = NULL;
+ const cfg_obj_t *key = NULL;
+ const cfg_obj_t *algobj = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const char *algstr = NULL;
+ const char *secretstr = NULL;
controlkey_t *keyid = NULL;
char secret[1024];
isc_buffer_t b;
* valid or both are NULL.
*/
static void
-get_key_info(cfg_obj_t *config, cfg_obj_t *control,
- cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp)
+get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
+ const cfg_obj_t **global_keylistp,
+ const cfg_obj_t **control_keylistp)
{
isc_result_t result;
- cfg_obj_t *control_keylist = NULL;
- cfg_obj_t *global_keylist = NULL;
+ const cfg_obj_t *control_keylist = NULL;
+ const cfg_obj_t *global_keylist = NULL;
REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
}
static void
-update_listener(ns_controls_t *cp,
- controllistener_t **listenerp, cfg_obj_t *control,
- cfg_obj_t *config, isc_sockaddr_t *addr,
- ns_aclconfctx_t *aclconfctx, const char *socktext)
+update_listener(ns_controls_t *cp, controllistener_t **listenerp,
+ const cfg_obj_t *control, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+ const char *socktext)
{
controllistener_t *listener;
- cfg_obj_t *allow;
- cfg_obj_t *global_keylist = NULL;
- cfg_obj_t *control_keylist = NULL;
+ const cfg_obj_t *allow;
+ const cfg_obj_t *global_keylist = NULL;
+ const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL;
controlkeylist_t keys;
isc_result_t result = ISC_R_SUCCESS;
result = get_rndckey(listener->mctx, &listener->keys);
}
- if (result != ISC_R_SUCCESS && global_keylist != NULL)
+ if (result != ISC_R_SUCCESS && global_keylist != NULL) {
/*
* This message might be a little misleading since the
* "new keys" might in fact be identical to the old ones,
* but tracking whether they are identical just for the
* sake of avoiding this message would be too much trouble.
*/
- cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
- "couldn't install new keys for "
- "command channel %s: %s",
- socktext, isc_result_totext(result));
-
+ if (control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't install new keys for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "couldn't install new keys for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ }
/*
* Now, keep the old access list unless a new one can be made.
dns_acl_detach(&listener->acl);
dns_acl_attach(new_acl, &listener->acl);
dns_acl_detach(&new_acl);
- } else
/* XXXDCL say the old acl is still used? */
+ } else if (control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't install new acl for "
"command channel %s: %s",
socktext, isc_result_totext(result));
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "couldn't install new acl for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
*listenerp = listener;
}
static void
add_listener(ns_controls_t *cp, controllistener_t **listenerp,
- cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr,
- ns_aclconfctx_t *aclconfctx, const char *socktext)
+ const cfg_obj_t *control, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+ const char *socktext)
{
isc_mem_t *mctx = cp->server->mctx;
controllistener_t *listener;
- cfg_obj_t *allow;
- cfg_obj_t *global_keylist = NULL;
- cfg_obj_t *control_keylist = NULL;
+ const cfg_obj_t *allow;
+ const cfg_obj_t *global_keylist = NULL;
+ const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL;
isc_result_t result = ISC_R_SUCCESS;
}
isc_result_t
-ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
ns_aclconfctx_t *aclconfctx)
{
controllistener_t *listener;
controllistenerlist_t new_listeners;
- cfg_obj_t *controlslist = NULL;
- cfg_listelt_t *element, *element2;
+ const cfg_obj_t *controlslist = NULL;
+ const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_INIT(new_listeners);
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
- cfg_obj_t *controls;
- cfg_obj_t *inetcontrols = NULL;
+ const cfg_obj_t *controls;
+ const cfg_obj_t *inetcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "inet", &inetcontrols);
for (element2 = cfg_list_first(inetcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
- cfg_obj_t *control;
- cfg_obj_t *obj;
- isc_sockaddr_t *addr;
+ const cfg_obj_t *control;
+ const cfg_obj_t *obj;
+ isc_sockaddr_t addr;
/*
* The parser handles BIND 8 configuration file
control = cfg_listelt_value(element2);
obj = cfg_tuple_get(control, "address");
- addr = cfg_obj_assockaddr(obj);
- if (isc_sockaddr_getport(addr) == 0)
- isc_sockaddr_setport(addr,
+ addr = *cfg_obj_assockaddr(obj);
+ if (isc_sockaddr_getport(&addr) == 0)
+ isc_sockaddr_setport(&addr,
NS_CONTROL_PORT);
- isc_sockaddr_format(addr, socktext,
+ isc_sockaddr_format(&addr, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx,
socktext);
update_listener(cp, &listener, control, config,
- addr, aclconfctx, socktext);
+ &addr, aclconfctx, socktext);
if (listener != NULL)
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
- config, addr, aclconfctx,
+ config, &addr, aclconfctx,
socktext);
if (listener != NULL)
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.h,v 1.12.208.1 2004/03/06 10:21:23 marka Exp $ */
+/* $Id: aclconf.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NS_ACLCONF_H
#define NS_ACLCONF_H 1
*/
isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
- cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+ const cfg_obj_t *cctx,
ns_aclconfctx_t *ctx,
isc_mem_t *mctx,
dns_acl_t **target);
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */
+/* $Id: client.h,v 1.60.2.2.10.12 2006/06/06 00:11:40 marka Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
* return no response to the client.
*/
+void
+ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
+/*%
+ * Replace the qname.
+ */
+
isc_boolean_t
ns_client_shuttingdown(ns_client_t *client);
/*
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h,v 1.4.12.4 2004/04/20 14:12:10 marka Exp $ */
+/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_CONFIG_H
#define NAMED_CONFIG_H 1
ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);
isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj);
isc_result_t
-ns_checknames_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
+ns_checknames_get(const cfg_obj_t **maps, const char* name,
+ const cfg_obj_t **obj);
int
-ns_config_listcount(cfg_obj_t *list);
+ns_config_listcount(const cfg_obj_t *list);
isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
dns_rdataclass_t *classp);
isc_result_t
-ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype,
+ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
dns_rdatatype_t *typep);
dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj);
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj);
isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
in_port_t defport, isc_mem_t *mctx,
isc_sockaddr_t **addrsp, isc_uint32_t *countp);
isc_uint32_t count);
isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
- isc_sockaddr_t **addrsp, dns_name_t ***keys,
- isc_uint32_t *countp);
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+ isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keys, isc_uint32_t *countp);
void
ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
dns_name_t ***keys, isc_uint32_t count);
isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp);
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp);
isc_result_t
ns_config_getkeyalgorithm(const char *str, dns_name_t **name);
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.h,v 1.6.2.2.2.7 2004/09/03 03:43:32 marka Exp $ */
+/* $Id: control.h,v 1.6.2.2.2.9 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
*/
isc_result_t
-ns_controls_configure(ns_controls_t *controls, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config,
ns_aclconfctx_t *aclconfctx);
/*
* Configure zero or more command channels into 'controls'
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: globals.h,v 1.59.68.5 2004/03/08 04:04:20 marka Exp $ */
+/* $Id: globals.h,v 1.59.68.7 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
* Current configuration information.
*/
EXTERN cfg_obj_t * ns_g_config INIT(NULL);
-EXTERN cfg_obj_t * ns_g_defaults INIT(NULL);
+EXTERN const cfg_obj_t * ns_g_defaults INIT(NULL);
EXTERN const char * ns_g_conffile INIT(NS_SYSCONFDIR
"/named.conf");
EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */
+/* $Id: logconf.h,v 1.10.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_LOGCONF_H
#define NAMED_LOGCONF_H 1
#include <isc/log.h>
isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt);
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt);
/*
* Set up the logging configuration in '*logconf' according to
* the named.conf data in 'logstmt'.
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresd.h,v 1.12.208.1 2004/03/06 10:21:25 marka Exp $ */
+/* $Id: lwresd.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_LWRESD_H
#define NAMED_LWRESD_H 1
* Configure lwresd.
*/
isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config);
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config);
isc_result_t
ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
* Manager functions
*/
isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwresd_t **lwresdp);
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
+ ns_lwresd_t **lwresdp);
void
ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp);
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.h,v 1.58.2.1.10.11 2004/03/08 04:04:21 marka Exp $ */
+/* $Id: server.h,v 1.58.2.1.10.13 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
* Maintain a list of dispatches that require reserved ports.
*/
void
-ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr);
+ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
#endif /* NAMED_SERVER_H */
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sortlist.h,v 1.4.208.1 2004/03/06 10:21:26 marka Exp $ */
+/* $Id: sortlist.h,v 1.4.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NAMED_SORTLIST_H
#define NAMED_SORTLIST_H 1
* Type for callback functions that rank addresses.
*/
typedef int
-(*dns_addressorderfunc_t)(isc_netaddr_t *address, void *arg);
+(*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg);
/*
* Return value type for setup_sortlist.
} ns_sortlisttype_t;
ns_sortlisttype_t
-ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp);
+ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr,
+ const void **argp);
/*
* Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
*
*/
int
-ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg);
+ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg);
/*
* Find the sort order of 'addr' in 'arg', the matching element
* of a 1-element top-level sortlist statement.
*/
int
-ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg);
+ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg);
/*
* Find the sort order of 'addr' in 'arg', a topology-like
* ACL forming the second element in a 2-element top-level
void
ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr,
dns_addressorderfunc_t *orderp,
- void **argp);
+ const void **argp);
/*
* Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
* If a sortlist statement applies, return in '*orderp' a pointer to a function
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkeyconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */
+/* $Id: tkeyconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NS_TKEYCONF_H
#define NS_TKEYCONF_H 1
ISC_LANG_BEGINDECLS
isc_result_t
-ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx,
- dns_tkeyctx_t **tctxp);
+ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
+ isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
/*
* Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'options'.
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsigconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */
+/* $Id: tsigconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NS_TSIGCONF_H
#define NS_TSIGCONF_H 1
ISC_LANG_BEGINDECLS
isc_result_t
-ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig,
+ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
/*
* Create a TSIG key ring and configure it according to the 'key'
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.h,v 1.16.2.2.8.1 2004/03/06 10:21:27 marka Exp $ */
+/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */
#ifndef NS_ZONECONF_H
#define NS_ZONECONF_H 1
ISC_LANG_BEGINDECLS
isc_result_t
-ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
- ns_aclconfctx_t *ac, dns_zone_t *zone);
+ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+ const cfg_obj_t *zconfig, ns_aclconfctx_t *ac,
+ dns_zone_t *zone);
/*
* Configure or reconfigure a zone according to the named.conf
* data in 'cctx' and 'czone'.
*/
isc_boolean_t
-ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig);
+ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig);
/*
* If 'zone' can be safely reconfigured according to the configuration
* data in 'zconfig', return ISC_TRUE. If the configuration data is so
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.c,v 1.59.2.5.8.15 2004/08/10 04:56:23 jinmei Exp $ */
+/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */
#include <config.h>
ifp->mgr = NULL;
ifp->generation = mgr->generation;
ifp->addr = *addr;
+ ifp->flags = 0;
strncpy(ifp->name, name, sizeof(ifp->name));
ifp->name[sizeof(ifp->name)-1] = '\0';
ifp->clientmgr = NULL;
* See if the address matches the listen-on statement;
* if not, ignore the interface.
*/
- result = dns_acl_match(&listen_netaddr, NULL,
- le->acl, &mgr->aclenv,
- &match, NULL);
+ (void)dns_acl_match(&listen_netaddr, NULL, le->acl,
+ &mgr->aclenv, &match, NULL);
if (match <= 0)
continue;
for (ele = ISC_LIST_HEAD(ext_listen->elts);
ele != NULL;
ele = ISC_LIST_NEXT(ele, link)) {
- dns_acl_match(&listen_netaddr, NULL,
- ele->acl, NULL,
- &match, NULL);
+ (void)dns_acl_match(&listen_netaddr,
+ NULL, ele->acl,
+ NULL, &match, NULL);
if (match > 0 && ele->port == le->port)
break;
else
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.c,v 1.30.2.3.10.2 2004/03/06 10:21:18 marka Exp $ */
+/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */
#include <config.h>
* in 'ccat' and add it to 'lctx'.
*/
static isc_result_t
-category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
+category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) {
isc_result_t result;
const char *catname;
isc_logcategory_t *category;
isc_logmodule_t *module;
- cfg_obj_t *destinations = NULL;
- cfg_listelt_t *element = NULL;
+ const cfg_obj_t *destinations = NULL;
+ const cfg_listelt_t *element = NULL;
catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name"));
category = isc_log_categorybyname(ns_g_lctx, catname);
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *channel = cfg_listelt_value(element);
- char *channelname = cfg_obj_asstring(channel);
+ const cfg_obj_t *channel = cfg_listelt_value(element);
+ const char *channelname = cfg_obj_asstring(channel);
result = isc_log_usechannel(lctx, channelname, category,
module);
* in 'cchan' and add it to 'lctx'.
*/
static isc_result_t
-channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
+channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_result_t result;
isc_logdestination_t dest;
unsigned int type;
unsigned int flags = 0;
int level;
const char *channelname;
- cfg_obj_t *fileobj = NULL;
- cfg_obj_t *syslogobj = NULL;
- cfg_obj_t *nullobj = NULL;
- cfg_obj_t *stderrobj = NULL;
- cfg_obj_t *severity = NULL;
+ const cfg_obj_t *fileobj = NULL;
+ const cfg_obj_t *syslogobj = NULL;
+ const cfg_obj_t *nullobj = NULL;
+ const cfg_obj_t *stderrobj = NULL;
+ const cfg_obj_t *severity = NULL;
int i;
channelname = cfg_obj_asstring(cfg_map_getname(channel));
type = ISC_LOG_TONULL;
if (fileobj != NULL) {
- cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
- cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
- cfg_obj_t *versionsobj = cfg_tuple_get(fileobj, "versions");
+ const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
+ const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
+ const cfg_obj_t *versionsobj =
+ cfg_tuple_get(fileobj, "versions");
isc_int32_t versions = ISC_LOG_ROLLNEVER;
isc_offset_t size = 0;
type = ISC_LOG_TOSYSLOG;
if (cfg_obj_isstring(syslogobj)) {
- char *facilitystr = cfg_obj_asstring(syslogobj);
+ const char *facilitystr = cfg_obj_asstring(syslogobj);
(void)isc_syslog_facilityfromstring(facilitystr,
&facility);
}
* Munge flags.
*/
{
- cfg_obj_t *printcat = NULL;
- cfg_obj_t *printsev = NULL;
- cfg_obj_t *printtime = NULL;
+ const cfg_obj_t *printcat = NULL;
+ const cfg_obj_t *printsev = NULL;
+ const cfg_obj_t *printtime = NULL;
(void)cfg_map_get(channel, "print-category", &printcat);
(void)cfg_map_get(channel, "print-severity", &printsev);
level = ISC_LOG_INFO;
if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) {
if (cfg_obj_isstring(severity)) {
- char *str = cfg_obj_asstring(severity);
+ const char *str = cfg_obj_asstring(severity);
if (strcasecmp(str, "critical") == 0)
level = ISC_LOG_CRITICAL;
else if (strcasecmp(str, "error") == 0)
}
isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) {
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) {
isc_result_t result;
- cfg_obj_t *channels = NULL;
- cfg_obj_t *categories = NULL;
- cfg_listelt_t *element;
+ const cfg_obj_t *channels = NULL;
+ const cfg_obj_t *categories = NULL;
+ const cfg_listelt_t *element;
isc_boolean_t default_set = ISC_FALSE;
isc_boolean_t unmatched_set = ISC_FALSE;
+ const cfg_obj_t *catname;
CHECK(ns_log_setdefaultchannels(logconf));
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *channel = cfg_listelt_value(element);
+ const cfg_obj_t *channel = cfg_listelt_value(element);
CHECK(channel_fromconf(channel, logconf));
}
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *category = cfg_listelt_value(element);
+ const cfg_obj_t *category = cfg_listelt_value(element);
CHECK(category_fromconf(category, logconf));
if (!default_set) {
- cfg_obj_t *catname = cfg_tuple_get(category, "name");
+ catname = cfg_tuple_get(category, "name");
if (strcmp(cfg_obj_asstring(catname), "default") == 0)
default_set = ISC_TRUE;
}
if (!unmatched_set) {
- cfg_obj_t *catname = cfg_tuple_get(category, "name");
+ catname = cfg_tuple_get(category, "name");
if (strcmp(cfg_obj_asstring(catname), "unmatched") == 0)
unmatched_set = ISC_TRUE;
}
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgabn.c,v 1.13.12.3 2004/03/08 04:04:19 marka Exp $ */
+/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */
#include <config.h>
rankedaddress *addrs;
isc_netaddr_t remote;
dns_addressorderfunc_t order;
- void *arg;
+ const void *arg;
ns_lwresd_t *lwresd = client->clientmgr->listener->manager;
unsigned int i;
isc_result_t result;
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgrbn.c,v 1.11.208.3 2004/03/08 04:04:19 marka Exp $ */
+/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */
#include <config.h>
client->sendlength = r.length;
result = ns_lwdclient_sendreply(client, &r);
if (result != ISC_R_SUCCESS)
- goto out;
+ goto out2;
NS_LWDCLIENT_SETSEND(client);
if (grbn->siglen != NULL)
isc_mem_put(cm->mctx, grbn->siglen,
grbn->nsigs * sizeof(lwres_uint16_t));
-
+ out2:
if (client->lookup != NULL)
dns_lookup_destroy(&client->lookup);
if (lwb.base != NULL)
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $
+.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: lwresd
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
\fBlwresd\fR
resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
.SH "OPTIONS"
-.TP
+.TP 3n
\-C \fIconfig\-file\fR
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
-.TP
+.TP 3n
\-d \fIdebug\-level\fR
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBlwresd\fR
become more verbose as the debug level increases.
-.TP
+.TP 3n
\-f
Run the server in the foreground (i.e. do not daemonize).
-.TP
+.TP 3n
\-g
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP
+.TP 3n
\-n \fI#cpus\fR
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBlwresd\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP
+.TP 3n
\-P \fIport\fR
Listen for lightweight resolver queries on port
\fIport\fR. If not specified, the default is port 921.
-.TP
+.TP 3n
\-p \fIport\fR
Send DNS lookups to port
\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
-.TP
+.TP 3n
\-s
Write memory usage statistics to
\fIstdout\fR
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP
+.TP 3n
\-t \fIdirectory\fR
\fBchroot()\fR
to
\fBchroot()\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP
+.TP 3n
\-u \fIuser\fR
\fBsetuid()\fR
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
-.TP
+.TP 3n
\-v
Report the version number and exit.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/resolv.conf\fR
The default configuration file.
-.TP
+.TP 3n
\fI/var/run/lwresd.pid\fR
The default process\-id file.
.SH "SEE ALSO"
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresd.c,v 1.37.2.2.2.5 2004/03/08 04:04:19 marka Exp $ */
+/* $Id: lwresd.c,v 1.37.2.2.2.8 2006/02/28 06:32:53 marka Exp $ */
/*
* Main program for the Lightweight Resolver Daemon.
* Handle lwresd manager objects
*/
isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
ns_lwresd_t **lwresdp)
{
ns_lwresd_t *lwresd;
const char *vname;
dns_rdataclass_t vclass;
- cfg_obj_t *obj, *viewobj, *searchobj;
- cfg_listelt_t *element;
+ const cfg_obj_t *obj, *viewobj, *searchobj;
+ const cfg_listelt_t *element;
isc_result_t result;
INSIST(lwresdp != NULL && *lwresdp == NULL);
element != NULL;
element = cfg_list_next(element))
{
- cfg_obj_t *search;
- char *searchstr;
+ const cfg_obj_t *search;
+ const char *searchstr;
isc_buffer_t namebuf;
dns_fixedname_t fname;
dns_name_t *name;
ns_lwsearchlist_detach(&lwresd->search);
if (lwresd->mctx != NULL)
isc_mem_detach(&lwresd->mctx);
+ isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t));
return (result);
}
}
isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) {
- cfg_obj_t *lwreslist = NULL;
- cfg_obj_t *lwres = NULL;
- cfg_obj_t *listenerslist = NULL;
- cfg_listelt_t *element = NULL;
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) {
+ const cfg_obj_t *lwreslist = NULL;
+ const cfg_obj_t *lwres = NULL;
+ const cfg_obj_t *listenerslist = NULL;
+ const cfg_listelt_t *element = NULL;
ns_lwreslistener_t *listener;
ns_lwreslistenerlist_t newlisteners;
isc_result_t result;
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.4.2.1.4.8 2005/10/13 02:33:47 marka Exp $ -->
+<!-- $Id: lwresd.html,v 1.4.2.1.4.10 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwresd</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">lwresd</span> — lightweight resolver daemon</p>
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525920"></a><h2>DESCRIPTION</h2>
+<a name="id2549484"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">lwresd</strong></span> is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525969"></a><h2>OPTIONS</h2>
+<a name="id2549533"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526237"></a><h2>FILES</h2>
+<a name="id2549939"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526277"></a><h2>SEE ALSO</h2>
+<a name="id2549978"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526315"></a><h2>AUTHOR</h2>
+<a name="id2550017"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.119.2.3.2.22 2005/04/29 01:04:47 marka Exp $ */
+/* $Id: main.c,v 1.119.2.3.2.25 2006/11/10 18:51:06 marka Exp $ */
#include <config.h>
result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
- "ns_taskmgr_create() failed: %s",
+ "isc_taskmgr_create() failed: %s",
isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
- "ns_timermgr_create() failed: %s",
+ "isc_timermgr_create() failed: %s",
isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
if (result == ISC_R_SUCCESS && instance != NULL) {
if (smf_disable_instance(instance, 0) != 0)
UNEXPECTED_ERROR(__FILE__, __LINE__,
- "smf_disable_instance() ",
+ "smf_disable_instance() "
"failed for %s : %s",
instance,
scf_strerror(scf_error()));
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.17.208.6 2005/10/13 02:33:46 marka Exp $
+.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.\" Title: named
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
will read the default configuration file
\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
-.TP
+.TP 3n
\-4
Use IPv4 only even if the host machine is capable of IPv6.
\fB\-4\fR
and
\fB\-6\fR
are mutually exclusive.
-.TP
+.TP 3n
\-6
Use IPv6 only even if the host machine is capable of IPv4.
\fB\-4\fR
and
\fB\-6\fR
are mutually exclusive.
-.TP
+.TP 3n
\-c \fIconfig\-file\fR
Use
\fIconfig\-file\fR
option in the configuration file,
\fIconfig\-file\fR
should be an absolute pathname.
-.TP
+.TP 3n
\-d \fIdebug\-level\fR
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBnamed\fR
become more verbose as the debug level increases.
-.TP
+.TP 3n
\-f
Run the server in the foreground (i.e. do not daemonize).
-.TP
+.TP 3n
\-g
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP
+.TP 3n
\-n \fI#cpus\fR
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBnamed\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP
+.TP 3n
\-p \fIport\fR
Listen for queries on port
\fIport\fR. If not specified, the default is port 53.
-.TP
+.TP 3n
\-s
Write memory usage statistics to
\fIstdout\fR
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP
+.TP 3n
\-t \fIdirectory\fR
\fBchroot()\fR
to
\fBchroot()\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP
+.TP 3n
\-u \fIuser\fR
\fBsetuid()\fR
to
is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
\fBsetuid()\fR.
.RE
-.TP
+.TP 3n
\-v
Report the version number and exit.
-.TP
+.TP 3n
\-x \fIcache\-file\fR
Load data from
\fIcache\-file\fR
In routine operation, signals should not be used to control the nameserver;
\fBrndc\fR
should be used instead.
-.TP
+.TP 3n
SIGHUP
Force a reload of the server.
-.TP
+.TP 3n
SIGINT, SIGTERM
Shut down the server.
.PP
configuration file is too complex to describe in detail here. A complete description is provided in the
BIND 9 Administrator Reference Manual.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/named.conf\fR
The default configuration file.
-.TP
+.TP 3n
\fI/var/run/named.pid\fR
The default process\-id file.
.SH "SEE ALSO"
RFC 1035,
\fBrndc\fR(8),
\fBlwresd\fR(8),
+\fBnamed.conf\fR(5),
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $
+.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $
.\"
.hy 0
.ad l
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.\" Title: \fInamed.conf\fR
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: Aug 13, 2004
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
Unix style: # to end of line
.SH "ACL"
.sp
+.RS 3n
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
.fi
+.RE
.SH "KEY"
.sp
+.RS 3n
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
.fi
+.RE
.SH "MASTERS"
.sp
+.RS 3n
.nf
masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
};
.fi
+.RE
.SH "SERVER"
.sp
+.RS 3n
.nf
server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
bogus \fIboolean\fR;
support\-ixfr \fIboolean\fR; // obsolete
};
.fi
+.RE
.SH "TRUSTED\-KEYS"
.sp
+.RS 3n
.nf
trusted\-keys {
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
};
.fi
+.RE
.SH "CONTROLS"
.sp
+.RS 3n
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
unix \fIunsupported\fR; // not implemented
};
.fi
+.RE
.SH "LOGGING"
.sp
+.RS 3n
.nf
logging {
channel \fIstring\fR {
category \fIstring\fR { \fIstring\fR; ... };
};
.fi
+.RE
.SH "LWRES"
.sp
+.RS 3n
.nf
lwres {
listen\-on [ port \fIinteger\fR ] {
ndots \fIinteger\fR;
};
.fi
+.RE
.SH "OPTIONS"
.sp
+.RS 3n
.nf
options {
avoid\-v4\-udp\-ports { \fIport\fR; ... };
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
+ cache\-file \fIquoted_string\fR; // test option
dump\-file \fIquoted_string\fR;
files \fIsize\fR;
heartbeat\-interval \fIinteger\fR;
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
- query\-source \fIquerysource4\fR;
- query\-source\-v6 \fIquerysource6\fR;
+ query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
use\-id\-pool \fIboolean\fR; // obsolete
};
.fi
+.RE
.SH "VIEW"
.sp
+.RS 3n
.nf
view \fIstring\fR \fIoptional_class\fR {
match\-clients { \fIaddress_match_element\fR; ... };
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
- query\-source \fIquerysource4\fR;
- query\-source\-v6 \fIquerysource6\fR;
+ query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
max\-ixfr\-log\-size \fIsize\fR; // obsolete
};
.fi
+.RE
.SH "ZONE"
.sp
+.RS 3n
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint |
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
};
.fi
+.RE
.SH "FILES"
.PP
\fI/etc/named.conf\fR
.PP
\fBnamed\fR(8),
\fBrndc\fR(8),
-\fBBIND 9 Adminstrators Reference Manual\fR().
+\fBBIND 9 Administrator Reference Manual\fR().
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.4.10 2005/10/13 02:33:48 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.4.15 2006/09/13 02:56:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> — configuration file for named</p>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525889"></a><h2>DESCRIPTION</h2>
+<a name="id2549388"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">named.conf</code> is the configuration file for
<span><strong class="command">named</strong></span>. Statements are enclosed
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525917"></a><h2>ACL</h2>
+<a name="id2549417"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525933"></a><h2>KEY</h2>
+<a name="id2549433"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525953"></a><h2>MASTERS</h2>
+<a name="id2549452"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525998"></a><h2>SERVER</h2>
+<a name="id2549498"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526056"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2549556"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526082"></a><h2>CONTROLS</h2>
+<a name="id2549581"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526117"></a><h2>LOGGING</h2>
+<a name="id2549617"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526155"></a><h2>LWRES</h2>
+<a name="id2549655"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526197"></a><h2>OPTIONS</h2>
+<a name="id2549697"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
coresize <em class="replaceable"><code>size</code></em>;<br>
datasize <em class="replaceable"><code>size</code></em>;<br>
directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
files <em class="replaceable"><code>size</code></em>;<br>
heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source <em class="replaceable"><code>querysource4</code></em>;<br>
- query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+ query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526858"></a><h2>VIEW</h2>
+<a name="id2550312"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source <em class="replaceable"><code>querysource4</code></em>;<br>
- query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+ query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2527269"></a><h2>ZONE</h2>
+<a name="id2550878"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2527606"></a><h2>FILES</h2>
+<a name="id2551216"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2527619"></a><h2>SEE ALSO</h2>
+<a name="id2551228"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-<span class="citerefentry"><span class="refentrytitle">BIND 9 Adminstrators Reference Manual</span></span>.
+<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>.
</p>
</div>
</div></body>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.4.2.1.4.9 2005/10/13 02:33:47 marka Exp $ -->
+<!-- $Id: named.html,v 1.4.2.1.4.13 2006/06/29 13:02:30 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2463721"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named</span> — Internet domain name server</p>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525923"></a><h2>DESCRIPTION</h2>
+<a name="id2549491"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named</strong></span> is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2525948"></a><h2>OPTIONS</h2>
+<a name="id2549516"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526297"></a><h2>SIGNALS</h2>
+<a name="id2550002"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526412"></a><h2>CONFIGURATION</h2>
+<a name="id2550049"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526429"></a><h2>FILES</h2>
+<a name="id2550066"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526469"></a><h2>SEE ALSO</h2>
+<a name="id2550105"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526512"></a><h2>AUTHOR</h2>
+<a name="id2550157"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.198.2.13.4.36.6.1 2006/08/17 07:12:31 marka Exp $ */
+/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */
#include <config.h>
}
static inline void
-query_maybeputqname(ns_client_t *client) {
- if (client->query.restarts > 0) {
- /*
- * client->query.qname was dynamically allocated.
- */
- dns_message_puttempname(client->message,
- &client->query.qname);
- client->query.qname = NULL;
- }
-}
-
-static inline void
query_freefreeversions(ns_client_t *client, isc_boolean_t everything) {
ns_dbversion_t *dbversion, *dbversion_next;
unsigned int i;
}
}
- query_maybeputqname(client);
-
+ if (client->query.restarts > 0) {
+ /*
+ * client->query.qname was dynamically allocated.
+ */
+ dns_message_puttempname(client->message,
+ &client->query.qname);
+ }
+ client->query.qname = NULL;
client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
NS_QUERYATTR_CACHEOK |
NS_QUERYATTR_SECURE);
result = isc_quota_attach(&ns_g_server->recursionquota,
&client->recursionquota);
if (result == ISC_R_SOFTQUOTA) {
- ns_client_log(client, NS_LOGCATEGORY_CLIENT,
- NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
- "recursive-clients soft limit exceeded, "
- "aborting oldest query");
+ static isc_stdtime_t last = 0;
+ isc_stdtime_t now;
+ isc_stdtime_get(&now);
+ if (now != last) {
+ last = now;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "recursive-clients soft limit "
+ "exceeded, aborting oldest query");
+ }
ns_client_killoldestquery(client);
result = ISC_R_SUCCESS;
} else if (result == ISC_R_QUOTA) {
- ns_client_log(client, NS_LOGCATEGORY_CLIENT,
- NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
- "no more recursive clients: %s",
- isc_result_totext(result));
+ static isc_stdtime_t last = 0;
+ isc_stdtime_t now;
+ isc_stdtime_get(&now);
+ if (now != last) {
+ last = now;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "no more recursive clients: %s",
+ isc_result_totext(result));
+ }
ns_client_killoldestquery(client);
}
if (result == ISC_R_SUCCESS && !client->mortal &&
* ISC_R_NOTIMPLEMENTED The rdata is not a known address type.
*/
static isc_result_t
-rdata_tonetaddr(dns_rdata_t *rdata, isc_netaddr_t *netaddr) {
+rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) {
struct in_addr ina;
struct in6_addr in6a;
* sortlist statement.
*/
static int
-query_sortlist_order_2element(dns_rdata_t *rdata, void *arg) {
+query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) {
isc_netaddr_t netaddr;
if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS)
* of a 1-element top-level sortlist statement.
*/
static int
-query_sortlist_order_1element(dns_rdata_t *rdata, void *arg) {
+query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) {
isc_netaddr_t netaddr;
if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS)
setup_query_sortlist(ns_client_t *client) {
isc_netaddr_t netaddr;
dns_rdatasetorderfunc_t order = NULL;
- void *order_arg = NULL;
+ const void *order_arg = NULL;
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (ns_sortlist_setup(client->view->sortlist,
/*
* First we must find the right database.
*/
- options = 0;
+ options &= DNS_GETDB_NOLOG; /* Preserve DNS_GETDB_NOLOG. */
if (dns_rdatatype_atparent(qtype) &&
!dns_name_equal(client->query.qname, dns_rootname))
options |= DNS_GETDB_NOEXACT;
}
}
if (result != ISC_R_SUCCESS) {
- if (result == DNS_R_REFUSED)
- QUERY_ERROR(DNS_R_REFUSED);
- else
+ if (result == DNS_R_REFUSED) {
+ if (!PARTIALANSWER(client))
+ QUERY_ERROR(DNS_R_REFUSED);
+ } else
QUERY_ERROR(DNS_R_SERVFAIL);
goto cleanup;
}
goto cleanup;
}
dns_rdata_freestruct(&cname);
- query_maybeputqname(client);
- client->query.qname = tname;
+ ns_client_qnamereplace(client, tname);
want_restart = ISC_TRUE;
+ if (!WANTRECURSION(client))
+ options |= DNS_GETDB_NOLOG;
goto addauth;
case DNS_R_DNAME:
/*
/*
* Switch to the new qname and restart.
*/
- query_maybeputqname(client);
- client->query.qname = fname;
+ ns_client_qnamereplace(client, fname);
fname = NULL;
want_restart = ISC_TRUE;
+ if (!WANTRECURSION(client))
+ options |= DNS_GETDB_NOLOG;
goto addauth;
default:
/*
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.339.2.15.2.65 2005/07/27 02:53:15 marka Exp $ */
+/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */
#include <config.h>
ns_server_reload(isc_task_t *task, isc_event_t *event);
static isc_result_t
-ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config,
+ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
ns_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenelt_t **target);
static isc_result_t
-ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config,
+ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
ns_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenlist_t **target);
static isc_result_t
-configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
- cfg_obj_t *forwarders, cfg_obj_t *forwardtype);
+configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
+ const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype);
static isc_result_t
-configure_alternates(cfg_obj_t *config, dns_view_t *view,
- cfg_obj_t *alternates);
+configure_alternates(const cfg_obj_t *config, dns_view_t *view,
+ const cfg_obj_t *alternates);
static isc_result_t
-configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
- isc_mem_t *mctx, dns_view_t *view,
+configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view,
ns_aclconfctx_t *aclconf);
static void
* (for a global default).
*/
static isc_result_t
-configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config,
+configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config,
const char *aclname, ns_aclconfctx_t *actx,
isc_mem_t *mctx, dns_acl_t **aclp)
{
isc_result_t result;
- cfg_obj_t *maps[3];
- cfg_obj_t *aclobj = NULL;
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *aclobj = NULL;
int i = 0;
if (*aclp != NULL)
if (vconfig != NULL)
maps[i++] = cfg_tuple_get(vconfig, "options");
if (config != NULL) {
- cfg_obj_t *options = NULL;
+ const cfg_obj_t *options = NULL;
(void)cfg_map_get(config, "options", &options);
if (options != NULL)
maps[i++] = options;
}
maps[i] = NULL;
- result = ns_config_get(maps, aclname, &aclobj);
+ (void)ns_config_get(maps, aclname, &aclobj);
if (aclobj == NULL)
/*
* No value available. *aclp == NULL.
}
static isc_result_t
-configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key,
+configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key,
dns_keytable_t *keytable, isc_mem_t *mctx)
{
dns_rdataclass_t viewclass;
dns_rdata_dnskey_t keystruct;
isc_uint32_t flags, proto, alg;
- char *keystr, *keynamestr;
+ const char *keystr, *keynamestr;
unsigned char keydata[4096];
isc_buffer_t keydatabuf;
unsigned char rrdata[4096];
if (vconfig == NULL)
viewclass = dns_rdataclass_in;<
lentferj's projects / dragonfly.git / commitdiff