diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2013-06-12 10:32:09 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2013-06-12 10:32:09 -0600 |
| commit | 3f5a3d99feca79b1338646e936a2ee7a5862a43a (patch) | |
| tree | 3ac8a23fe024c2dae875bcd9e4ab094a0d871d7c /bin | |
| parent | 13d2f77bdd91e5f11c19c7279f0a83672260ef34 (diff) | |
| download | bind9-3f5a3d99feca79b1338646e936a2ee7a5862a43a.tar.gz | |
9.9.3rc2
Diffstat (limited to 'bin')
39 files changed, 716 insertions, 72 deletions
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 53e6091f..0b3c508f 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -295,6 +295,18 @@ configure_zone(const char *vclass, const char *view, } obj = NULL; + if (get_maps(maps, "check-spf", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } + + obj = NULL; if (get_checknames(maps, &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { zone_options |= DNS_ZONEOPT_CHECKNAMES; diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 664f6d2b..1fb384e2 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -33,9 +33,9 @@ named\-checkzone, named\-compilezone \- zone file validity checking or converting tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .HP 18 -\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} .SH "DESCRIPTION" .PP \fBnamed\-checkzone\fR @@ -249,6 +249,14 @@ Chroot to so that include directives in the configuration file are processed as if run by a similarly chrooted named. .RE .PP +\-T \fImode\fR +.RS 4 +Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are +\fB"warn"\fR +(default), +\fB"ignore"\fR. +.RE +.PP \-w \fIdirectory\fR .RS 4 chdir to diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c index c059db49..7e779c2d 100644 --- a/bin/check/named-checkzone.c +++ b/bin/check/named-checkzone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -150,19 +150,21 @@ main(int argc, char **argv) { if (progmode == progmode_compile) { zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS | + DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKNAMES | DNS_ZONEOPT_CHECKNAMESFAIL | DNS_ZONEOPT_CHECKWILDCARD); } else - zone_options |= DNS_ZONEOPT_CHECKDUPRR; + zone_options |= (DNS_ZONEOPT_CHECKDUPRR | + DNS_ZONEOPT_CHECKSPF); #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0) isc_commandline_errprint = ISC_FALSE; while ((c = isc_commandline_parse(argc, argv, - "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:W:")) + "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:T:W:")) != EOF) { switch (c) { case 'c': @@ -379,6 +381,18 @@ main(int argc, char **argv) { } break; + case 'T': + if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (ARGCMP("ignore")) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else { + fprintf(stderr, "invalid argument to -T: %s\n", + isc_commandline_argument); + exit(1); + } + break; + case 'W': if (ARGCMP("warn")) zone_options |= DNS_ZONEOPT_CHECKWILDCARD; diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index 85479e7d..ea37fa2b 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -39,6 +39,7 @@ <year>2009</year> <year>2010</year> <year>2011</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -77,6 +78,7 @@ <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-D</option></arg> <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> @@ -101,6 +103,7 @@ <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-D</option></arg> <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> @@ -402,6 +405,18 @@ </varlistentry> <varlistentry> + <term>-T <replaceable class="parameter">mode</replaceable></term> + <listitem> + <para> + Check if Sender Policy Framework records (TXT and SPF) + both exist or both don't exist. A warning is issued + if they don't match. Possible modes are + <command>"warn"</command> (default), <command>"ignore"</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-w <replaceable class="parameter">directory</replaceable></term> <listitem> <para> diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index a1344aa3..7225c43b 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -29,11 +29,11 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> -<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> +<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> +<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543716"></a><h2>DESCRIPTION</h2> +<a name="id2543733"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> does when loading a @@ -53,7 +53,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543751"></a><h2>OPTIONS</h2> +<a name="id2543768"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -230,6 +230,13 @@ directives in the configuration file are processed as if run by a similarly chrooted named. </p></dd> +<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> +<dd><p> + Check if Sender Policy Framework records (TXT and SPF) + both exist or both don't exist. A warning is issued + if they don't match. Possible modes are + <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>. + </p></dd> <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> chdir to <code class="filename">directory</code> so that @@ -263,14 +270,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544568"></a><h2>RETURN VALUES</h2> +<a name="id2544609"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544580"></a><h2>SEE ALSO</h2> +<a name="id2544620"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, @@ -278,7 +285,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544613"></a><h2>AUTHOR</h2> +<a name="id2544653"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/config.c b/bin/named/config.c index b9b8dd81..fa349eea 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -151,6 +151,7 @@ options {\n\ check-names response ignore;\n\ check-dup-records warn;\n\ check-mx warn;\n\ + check-spf warn;\n\ acache-enable no;\n\ acache-cleaning-interval 60;\n\ max-acache-size 16M;\n\ diff --git a/bin/named/server.c b/bin/named/server.c index d74deb44..4d9126c9 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -5476,12 +5476,16 @@ load_zones(ns_server_t *server) { { if (view->managed_keys != NULL) { result = dns_zone_load(view->managed_keys); - if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE) + if (result != ISC_R_SUCCESS && + result != DNS_R_UPTODATE && + result != DNS_R_CONTINUE) goto cleanup; } if (view->redirect != NULL) { result = dns_zone_load(view->redirect); - if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE) + if (result != ISC_R_SUCCESS && + result != DNS_R_UPTODATE && + result != DNS_R_CONTINUE) goto cleanup; } diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index a96495eb..2ba8a028 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -252,7 +252,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], } /* Initialize the lock */ - isc_mutex_init(&cd->lock); + result = isc_mutex_init(&cd->lock); + if (result != ISC_R_SUCCESS) + goto failed; /* Open the library */ dlopen_flags = RTLD_NOW|RTLD_GLOBAL; @@ -356,11 +358,11 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], failed: dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname); - if (cd->dl_path) + if (cd->dl_path != NULL) isc_mem_free(mctx, cd->dl_path); - if (cd->dlzname) + if (cd->dlzname != NULL) isc_mem_free(mctx, cd->dlzname); - if (dlopen_flags) + if (dlopen_flags != 0) (void) isc_mutex_destroy(&cd->lock); #ifdef HAVE_DLCLOSE if (cd->dl_handle) diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index 95e43029..a0a617d1 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -837,14 +837,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); is_dlz = ISC_TRUE; - /* - * DLZ only support full zone transfer, not incremental - */ - if (reqtype != dns_rdatatype_axfr) { - mnemonic = "AXFR-style IXFR"; - reqtype = dns_rdatatype_axfr; - } - } else { /* * not DLZ and not in normal zone table, we are @@ -856,12 +848,14 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { } else { /* zone table has a match */ switch(dns_zone_gettype(zone)) { + /* Master and slave zones are OK for transfer. */ case dns_zone_master: case dns_zone_slave: case dns_zone_dlz: - break; /* Master and slave zones are OK for transfer. */ + break; default: - FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); + FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", + question_name, question_class); } CHECK(dns_zone_getdb(zone, &db)); dns_db_currentversion(db, &ver); @@ -996,7 +990,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { is_poll = ISC_TRUE; goto have_stream; } - journalfile = dns_zone_getjournal(zone); + journalfile = is_dlz ? NULL : dns_zone_getjournal(zone); if (journalfile != NULL) result = ixfr_rrstream_create(mctx, journalfile, diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 839312c1..7f36b143 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1230,6 +1230,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, cfg_obj_asboolean(obj)); obj = NULL; + result = ns_config_get(maps, "check-spf", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + check = ISC_TRUE; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + check = ISC_FALSE; + } else + INSIST(0); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSPF, check); + + obj = NULL; result = ns_config_get(maps, "zero-no-soa-ttl", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj)); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index ca367d50..e96c075b 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -934,7 +934,7 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { INSIST(count == 1); } -#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:rR::t:u:" +#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:" static void pre_parse_args(int argc, char **argv) { diff --git a/bin/python/dnssec-coverage.8 b/bin/python/dnssec-coverage.8 new file mode 100644 index 00000000..a7465b46 --- /dev/null +++ b/bin/python/dnssec-coverage.8 @@ -0,0 +1,121 @@ +.\" Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id$ +.\" +.hy 0 +.ad l +.\" Title: dnssec\-coverage +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> +.\" Date: April 16, 2012 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "DNSSEC\-COVERAGE" "8" "April 16, 2012" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +dnssec\-coverage \- checks future DNSKEY coverage for a zone +.SH "SYNOPSIS" +.HP 16 +\fBdnssec\-coverage\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIDNSKEY\ TTL\fR\fR] [\fB\-m\ \fR\fB\fImax\ TTL\fR\fR] [\fB\-r\ \fR\fB\fIinterval\fR\fR] [\fB\-c\ \fR\fB\fIcompilezone\ path\fR\fR] [zone] +.SH "DESCRIPTION" +.PP +\fBdnssec\-coverage\fR +verifies that the DNSSEC keys for a given zone or a set of zones have timing metadata set properly to ensure no future lapses in DNSSEC coverage. +.PP +If +\fBzone\fR +is specified, then keys found in the key repository matching that zone are scanned, and an ordered list is generated of the events scheduled for that key (i.e., publication, activation, inactivation, deletion). The list of events is walked in order of occurrence. Warnings are generated if any event is scheduled which could cause the zone to enter a state in which validation failures might occur: for example, if the number of published or active keys for a given algorithm drops to zero, or if a key is deleted from the zone too soon after a new key is rolled, and cached data signed by the prior key has not had time to expire from resolver caches. +.PP +If +\fBzone\fR +is not specified, then all keys in the key repository will be scanned, and all zones for which there are keys will be analyzed. (Note: This method of reporting is only accurate if all the zones that have keys in a given repository share the same TTL parameters.) +.SH "OPTIONS" +.PP +\-f \fIfile\fR +.RS 4 +If a +\fBfile\fR +is specified, then the zone is read from that file; the largest TTL and the DNSKEY TTL are determined directly from the zone data, and the +\fB\-m\fR +and +\fB\-d\fR +options do not need to be specified on the command line. +.RE +.PP +\-K \fIdirectory\fR +.RS 4 +Sets the directory in which keys can be found. Defaults to the current working directory. +.RE +.PP +\-m \fImaximum TTL\fR +.RS 4 +Sets the value to be used as the maximum TTL for the zone or zones being analyzed when determining whether there is a possibility of validation failure. When a zone\-signing key is deactivated, there must be enough time for the record in the zone with the longest TTL to have expired from resolver caches before that key can be purged from the DNSKEY RRset. If that condition does not apply, a warning will be generated. +.sp +The length of the TTL can be set in seconds, or in larger units of time by adding a suffix: 'mi' for minutes, 'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +.sp +This option is mandatory unless the +\fB\-f\fR +has been used to specify a zone file. (If +\fB\-f\fR +has been specified, this option may still be used; it will overrde the value found in the file.) +.RE +.PP +\-d \fIDNSKEY TTL\fR +.RS 4 +Sets the value to be used as the DNSKEY TTL for the zone or zones being analyzed when determining whether there is a possibility of validation failure. When a key is rolled (that is, replaced with a new key), there must be enough time for the old DNSKEY RRset to have expired from resolver caches before the new key is activated and begins generating signatures. If that condition does not apply, a warning will be generated. +.sp +The length of the TTL can be set in seconds, or in larger units of time by adding a suffix: 'mi' for minutes, 'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +.sp +This option is mandatory unless the +\fB\-f\fR +has been used to specify a zone file, or a default key TTL was set with the +\fB\-L\fR +to +\fBdnssec\-keygen\fR. (If either of those is true, this option may still be used; it will overrde the value found in the zone or key file.) +.RE +.PP +\-r \fIresign interval\fR +.RS 4 +Sets the value to be used as the resign interval for the zone or zones being analyzed when determining whether there is a possibility of validation failure. This value defaults to 22.5 days, which is also the default in +\fBnamed\fR. However, if it has been changed by the +\fBsig\-validity\-interval\fR +option in +\fInamed.conf\fR, then it should also be changed here. +.sp +The length of the interval can be set in seconds, or in larger units of time by adding a suffix: 'mi' for minutes, 'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +.RE +.PP +\-c \fIcompilezone path\fR +.RS 4 +Specifies a path to a +\fBnamed\-compilezone\fR +binary. Used for testing. +.RE +.SH "SEE ALSO" +.PP +\fBdnssec\-checkds\fR(8), +\fBdnssec\-dsfromkey\fR(8), +\fBdnssec\-keygen\fR(8), +\fBdnssec\-signzone\fR(8) +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2013 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/python/dnssec-coverage.html b/bin/python/dnssec-coverage.html new file mode 100644 index 00000000..86644e15 --- /dev/null +++ b/bin/python/dnssec-coverage.html @@ -0,0 +1,167 @@ +<!-- + - Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + - + - Permission to use, copy, modify, and/or distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id$ --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>dnssec-coverage</title> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> +</head> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> +<a name="man.dnssec-coverage"></a><div class="titlepage"></div> +<div class="refnamediv"> +<h2>Name</h2> +<p><span class="application">dnssec-coverage</span> — checks future DNSKEY coverage for a zone</p> +</div> +<div class="refsynopsisdiv"> +<h2>Synopsis</h2> +<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [zone]</p></div> +</div> +<div class="refsect1" lang="en"> +<a name="id2543390"></a><h2>DESCRIPTION</h2> +<p><span><strong class="command">dnssec-coverage</strong></span> + verifies that the DNSSEC keys for a given zone or a set of zones + have timing metadata set properly to ensure no future lapses in DNSSEC + coverage. + </p> +<p> + If <code class="option">zone</code> is specified, then keys found in + the key repository matching that zone are scanned, and an ordered + list is generated of the events scheduled for that key (i.e., + publication, activation, inactivation, deletion). The list of + events is walked in order of occurrence. Warnings are generated + if any event is scheduled which could cause the zone to enter a + state in which validation failures might occur: for example, if + the number of published or active keys for a given algorithm drops + to zero, or if a key is deleted from the zone too soon after a new + key is rolled, and cached data signed by the prior key has not had + time to expire from resolver caches. + </p> +<p> + If <code class="option">zone</code> is not specified, then all keys in the + key repository will be scanned, and all zones for which there are + keys will be analyzed. (Note: This method of reporting is only + accurate if all the zones that have keys in a given repository + share the same TTL parameters.) + </p> +</div> +<div class="refsect1" lang="en"> +<a name="id2543415"></a><h2>OPTIONS</h2> +<div class="variablelist"><dl> +<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt> +<dd><p> + If a <code class="option">file</code> is specified, then the zone is + read from that file; the largest TTL and the DNSKEY TTL are + determined directly from the zone data, and the + <code class="option">-m</code> and <code class="option">-d</code> options do + not need to be specified on the command line. + </p></dd> +<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt> +<dd><p> + Sets the directory in which keys can be found. Defaults to the + current working directory. + </p></dd> +<dt><span class="term">-m <em class="replaceable"><code>maximum TTL</code></em></span></dt> +<dd> +<p> + Sets the value to be used as the maximum TTL for the zone or + zones being analyzed when determining whether there is a + possibility of validation failure. When a zone-signing key is + deactivated, there must be enough time for the record in the + zone with the longest TTL to have expired from resolver caches + before that key can be purged from the DNSKEY RRset. If that + condition does not apply, a warning will be generated. + </p> +<p> + The length of the TTL can be set in seconds, or in larger units + of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. + </p> +<p> + This option is mandatory unless the <code class="option">-f</code> has + been used to specify a zone file. (If <code class="option">-f</code> has + been specified, this option may still be used; it will overrde + the value found in the file.) + </p> +</dd> +<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt> +<dd> +<p> + Sets the value to be used as the DNSKEY TTL for the zone or + zones being analyzed when determining whether there is a + possibility of validation failure. When a key is rolled (that + is, replaced with a new key), there must be enough time + for the old DNSKEY RRset to have expired from resolver caches + before the new key is activated and begins generating + signatures. If that condition does not apply, a warning + will be generated. + </p> +<p> + The length of the TTL can be set in seconds, or in larger units + of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. + </p> +<p> + This option is mandatory unless the <code class="option">-f</code> has + been used to specify a zone file, or a default key TTL was + set with the <code class="option">-L</code> to + <span><strong class="command">dnssec-keygen</strong></span>. (If either of those is true, + this option may still be used; it will overrde the value found + in the zone or key file.) + </p> +</dd> +<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt> +<dd> +<p> + Sets the value to be used as the resign interval for the zone + or zones being analyzed when determining whether there is a + possibility of validation failure. This value defaults to + 22.5 days, which is also the default in + <span><strong class="command">named</strong></span>. However, if it has been changed + by the <code class="option">sig-validity-interval</code> option in + <code class="filename">named.conf</code>, then it should also be + changed here. + </p> +<p> + The length of the interval can be set in seconds, or in larger + units of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. + </p> +</dd> +<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt> +<dd><p> + Specifies a path to a <span><strong class="command">named-compilezone</strong></span> binary. + Used for testing. + </p></dd> +</dl></div> +</div> +<div class="refsect1" lang="en"> +<a name="id2543657"></a><h2>SEE ALSO</h2> +<p> + <span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span> + </p> +</div> +<div class="refsect1" lang="en"> +<a name="id2543701"></a><h2>AUTHOR</h2> +<p><span class="corpauthor">Internet Systems Consortium</span> + </p> +</div> +</div></body> +</html> diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index d72bf4f3..d3d8b4a5 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -610,10 +610,11 @@ main(int argc, char *argv[]) { } else if (strstr(s, "!V") == s) { DBI_CHECK(dbi); v = atoi(&s[2]); - if (v >= dbi->rcount) { + if (v >= dbi->rcount || v < 0) { printf("unknown open version %d\n", v); continue; - } else if (dbi->rversions[v] == NULL) { + } + if (dbi->rversions[v] == NULL) { printf("version %d is not open\n", v); continue; } diff --git a/bin/tests/shutdown_test.c b/bin/tests/shutdown_test.c index 32ad5fed..e0d6ae76 100644 --- a/bin/tests/shutdown_test.c +++ b/bin/tests/shutdown_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -174,9 +174,13 @@ main(int argc, char *argv[]) { RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS); - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c index 8f33a7ed..82a7e775 100644 --- a/bin/tests/sock_test.c +++ b/bin/tests/sock_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -263,9 +263,13 @@ main(int argc, char *argv[]) { isc_result_t result; int pf; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index 757ba2e9..2353c145 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -40,4 +40,18 @@ do status=`expr $status + $ret` done +echo "I:checking with spf warnings ($n)" +ret=0 +$CHECKZONE example zones/spf.db > test.out1.$n 2>&1 || ret=1 +$CHECKZONE -T ignore example zones/spf.db > test.out2.$n 2>&1 || ret=1 +grep "'x.example' found SPF/TXT" test.out1.$n > /dev/null || ret=1 +grep "'y.example' found SPF/SPF" test.out1.$n > /dev/null || ret=1 +grep "'example' found SPF/" test.out1.$n > /dev/null && ret=1 +grep "'x.example' found SPF/" test.out2.$n > /dev/null && ret=1 +grep "'y.example' found SPF/" test.out2.$n > /dev/null && ret=1 +grep "'example' found SPF/" test.out2.$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/checkzone/zones/spf.db b/bin/tests/system/checkzone/zones/spf.db new file mode 100644 index 00000000..ffa850ad --- /dev/null +++ b/bin/tests/system/checkzone/zones/spf.db @@ -0,0 +1,21 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN SOA . . 0 0 0 0 0 +@ 0 IN NS . +@ 0 IN TXT "v=spf1 -all" +@ 0 IN SPF "v=spf1 -all" +x 0 IN TXT "v=spf1" +y 0 IN SPF "v=spf1" +y 0 IN TXT "a non spf record" diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index b8debdb8..2aadf9fc 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -63,7 +63,7 @@ SUBDIRS="acl additional allow_query addzone autosign builtin formerr forward glue gost ixfr inline limits logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder rsabigexponent - sortlist smartsign staticstub stub tkey tsig tsiggss unknown + smartsign sortlist spf staticstub stub tkey tsig tsiggss unknown upforwd verify views wildcard xfer xferquota zonechecks" # PERL will be an empty string if no perl interpreter was found. diff --git a/bin/tests/system/dlz/tests.sh b/bin/tests/system/dlz/tests.sh index fd11048d..ce0a36a6 100644 --- a/bin/tests/system/dlz/tests.sh +++ b/bin/tests/system/dlz/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2010-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -40,5 +40,35 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking DLZ IXFR=2010062899 (less than serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062899 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking DLZ IXFR=2010062900 (equal serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062900 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking DLZ IXFR=2010062901 (greater than serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062901 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index 062a49e1..e8caddcd 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -66,6 +66,7 @@ for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 [ "$ret" -eq 0 ] && break + sleep 1 done [ "$ret" -eq 0 ] || echo "I:failed" status=`expr $status + $ret` diff --git a/bin/tests/system/redirect/clean.sh b/bin/tests/system/redirect/clean.sh index f043095c..d9648bd4 100644 --- a/bin/tests/system/redirect/clean.sh +++ b/bin/tests/system/redirect/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -25,3 +25,5 @@ rm -f ns1/dsset-nsec3. rm -f */named.memstats rm -f */named.run rm -f dig.out.* random.data +rm -f ns2/*.db +rm -f rndc.out diff --git a/bin/tests/system/redirect/ns2/example.db.in b/bin/tests/system/redirect/ns2/example.db.in new file mode 100644 index 00000000..28cd6461 --- /dev/null +++ b/bin/tests/system/redirect/ns2/example.db.in @@ -0,0 +1,19 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 300 ; 5 minutes +@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 +@ NS ns2 +ns2 A 10.53.0.2 +a A 10.53.0.2 diff --git a/bin/tests/system/redirect/ns2/named.conf b/bin/tests/system/redirect/ns2/named.conf index e1d5334e..6f626445 100644 --- a/bin/tests/system/redirect/ns2/named.conf +++ b/bin/tests/system/redirect/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -37,6 +37,15 @@ options { }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "../../common/root.hint"; @@ -47,3 +56,8 @@ zone "." { file "redirect.db"; allow-query { !10.53.0.4; any; }; }; + +zone "example.nil" { + type master; + file "example.db"; +}; diff --git a/bin/tests/system/redirect/ns2/redirect.db b/bin/tests/system/redirect/ns2/redirect.db.in index 23f21ea2..81426d7f 100644 --- a/bin/tests/system/redirect/ns2/redirect.db +++ b/bin/tests/system/redirect/ns2/redirect.db.in @@ -1,4 +1,4 @@ -; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2011, 2013 Internet Systems Consortium, Inc. ("ISC") ; ; Permission to use, copy, modify, and/or distribute this software for any ; purpose with or without fee is hereby granted, provided that the above @@ -12,8 +12,6 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: redirect.db,v 1.3 2011/03/01 23:48:07 tbox Exp $ - $TTL 300 @ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 @ IN NS ns.example.net diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh index 4a8927ad..94512ec6 100644 --- a/bin/tests/system/redirect/setup.sh +++ b/bin/tests/system/redirect/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -20,4 +20,6 @@ sh clean.sh ../../../tools/genrandom 400 random.data +cp ns2/redirect.db.in ns2/redirect.db +cp ns2/example.db.in ns2/example.db cd ns1 && sh sign.sh diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh index 5315a064..a51f58b3 100644 --- a/bin/tests/system/redirect/tests.sh +++ b/bin/tests/system/redirect/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -332,5 +332,21 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking that redirect zones reload correctly" +ret=0 +sed -e 's/0 0 0 0 0/1 0 0 0 0/' < ns2/example.db.in > ns2/example.db +sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' < ns2/redirect.db.in > ns2/redirect.db +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload > rndc.out || ret=1 +sed 's/^/I:ns2 /' rndc.out +$DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || ret=1 +set -- `cat dig.out.ns1.test$n` +[ $3 = 1 ] || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/spf/clean.sh b/bin/tests/system/spf/clean.sh new file mode 100644 index 00000000..2e3a0eeb --- /dev/null +++ b/bin/tests/system/spf/clean.sh @@ -0,0 +1,16 @@ +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +rm -f ns1/named.run +rm -f ns1/named.memstats diff --git a/bin/tests/system/spf/ns1/named.conf b/bin/tests/system/spf/ns1/named.conf new file mode 100644 index 00000000..7d5dcfb0 --- /dev/null +++ b/bin/tests/system/spf/ns1/named.conf @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + ixfr-from-differences yes; +}; + +zone "spf" { + type master; + file "spf.db"; +}; + +zone "warn" { + type master; + file "spf.db"; + check-spf warn; +}; + +zone "nowarn" { + type master; + file "spf.db"; + check-spf ignore; +}; diff --git a/bin/tests/system/spf/ns1/spf.db b/bin/tests/system/spf/ns1/spf.db new file mode 100644 index 00000000..ffa850ad --- /dev/null +++ b/bin/tests/system/spf/ns1/spf.db @@ -0,0 +1,21 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN SOA . . 0 0 0 0 0 +@ 0 IN NS . +@ 0 IN TXT "v=spf1 -all" +@ 0 IN SPF "v=spf1 -all" +x 0 IN TXT "v=spf1" +y 0 IN SPF "v=spf1" +y 0 IN TXT "a non spf record" diff --git a/bin/tests/system/spf/tests.sh b/bin/tests/system/spf/tests.sh new file mode 100644 index 00000000..6acd2836 --- /dev/null +++ b/bin/tests/system/spf/tests.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +n=1 +status=0 + +echo "I:checking that SPF warnings have been correctly generated ($n)" +ret=0 + +grep "zone spf/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.spf' found SPF/TXT" ns1/named.run > /dev/null || ret=1 +grep "'y.spf' found SPF/SPF" ns1/named.run > /dev/null || ret=1 +grep "'spf' found SPF/" ns1/named.run > /dev/null && ret=1 + +grep "zone warn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.warn' found SPF/TXT" ns1/named.run > /dev/null || ret=1 +grep "'y.warn' found SPF/SPF" ns1/named.run > /dev/null || ret=1 +grep "'warn' found SPF/" ns1/named.run > /dev/null && ret=1 + +grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'y.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/unknown/clean.sh b/bin/tests/system/unknown/clean.sh index 22be4cbc..d86a869b 100644 --- a/bin/tests/system/unknown/clean.sh +++ b/bin/tests/system/unknown/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -17,7 +17,7 @@ # $Id: clean.sh,v 1.7 2007/09/26 03:22:44 marka Exp $ -rm -f dig.out +rm -f dig.out check.out rm -f */named.memstats rm -f */*.bk rm -f */*.bk.* diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh index 69d78715..55c7ca6d 100644 --- a/bin/tests/system/unknown/tests.sh +++ b/bin/tests/system/unknown/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -179,12 +179,21 @@ echo '"#" "2" "0145"' | diff - dig.out || ret=1 [ $ret = 0 ] || echo "I: failed" status=`expr $status + $ret` -echo "I:check that '"'TXT \# text'"' is not treated as the unknown escape sequence" +echo "I:check that 'TXT \# text' is not treated as the unknown escape sequence" ret=0 $DIG $DIGOPTS @10.53.0.1 +tcp +short txt9.example txt > dig.out echo '"#" "text"' | diff - dig.out || ret=1 [ $ret = 0 ] || echo "I: failed" status=`expr $status + $ret` +echo "I:check that 'TYPE353 \# cat' produces 'not a valid number'" +ret=0 +$CHECKZONE nan.bad zones/nan.bad > check.out 2>&1 +grep "not a valid number" check.out > /dev/null || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + + + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/unknown/zones/nan.bad b/bin/tests/system/unknown/zones/nan.bad new file mode 100644 index 00000000..26d9f37f --- /dev/null +++ b/bin/tests/system/unknown/zones/nan.bad @@ -0,0 +1,15 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN TYPE353 \# cat 010101010101010101 diff --git a/bin/tests/task_test.c b/bin/tests/task_test.c index e3ff26b5..4a22ca48 100644 --- a/bin/tests/task_test.c +++ b/bin/tests/task_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -69,9 +69,13 @@ main(int argc, char *argv[]) { isc_timer_t *ti1, *ti2; struct isc_interval interval; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/timer_test.c b/bin/tests/timer_test.c index 2825dc58..06205b7d 100644 --- a/bin/tests/timer_test.c +++ b/bin/tests/timer_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -102,9 +102,13 @@ main(int argc, char *argv[]) { isc_time_t expires, now; isc_interval_t interval; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8 index c02ed03f..6364e54d 100644 --- a/bin/tools/isc-hmac-fixup.8 +++ b/bin/tools/isc-hmac-fixup.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -23,7 +23,7 @@ .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9" +.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -57,5 +57,5 @@ RFC 2104. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook index c298a858..cc723733 100644 --- a/bin/tools/isc-hmac-fixup.docbook +++ b/bin/tools/isc-hmac-fixup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -25,7 +25,7 @@ <refmeta> <refentrytitle><application>isc-hmac-fixup</application></refentrytitle> - <manvolnum>1</manvolnum> + <manvolnum>8</manvolnum> <refmiscinfo>BIND9</refmiscinfo> </refmeta> @@ -37,6 +37,7 @@ <docinfo> <copyright> <year>2010</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/isc-hmac-fixup.html b/bin/tools/isc-hmac-fixup.html index d39ebf0f..f5ab4b5a 100644 --- a/bin/tools/isc-hmac-fixup.html +++ b/bin/tools/isc-hmac-fixup.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543352"></a><h2>DESCRIPTION</h2> +<a name="id2543355"></a><h2>DESCRIPTION</h2> <p> Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543376"></a><h2>SECURITY CONSIDERATIONS</h2> +<a name="id2543379"></a><h2>SECURITY CONSIDERATIONS</h2> <p> Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span> are shortened, but as this is how the HMAC protocol works in @@ -68,14 +68,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543389"></a><h2>SEE ALSO</h2> +<a name="id2543393"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2104</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543406"></a><h2>AUTHOR</h2> +<a name="id2543410"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |