diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2007-09-07 14:15:14 -0600 |
|---|---|---|
| committer | LaMont Jones <lamont@debian.org> | 2007-09-07 14:15:14 -0600 |
| commit | 00fa0dd5b9bb17deb8d2e96a2bc4234abaa9d5ac (patch) | |
| tree | 2675d77a557c3cef89012584f471667163e74268 /bin | |
| parent | f5edcd9d28faab1b3c1c2ade1ec84be1401dcc01 (diff) | |
| download | bind9-00fa0dd5b9bb17deb8d2e96a2bc4234abaa9d5ac.tar.gz | |
9.2.9b1
Diffstat (limited to 'bin')
69 files changed, 1560 insertions, 988 deletions
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 21b25203..0ea2761f 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.2.6 2006/06/29 13:02:05 marka Exp $ +.\" $Id: named-checkconf.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $ .\" .hy 0 .ad l .\" Title: named\-checkconf .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 14, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -39,20 +39,26 @@ named\-checkconf \- named configuration file syntax checking tool \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" -.TP 3n +.PP \-t \fIdirectory\fR -chroot to +.RS 4 +Chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP 3n +.RE +.PP \-v +.RS 4 Print the version of the \fBnamed\-checkconf\fR program and exit. -.TP 3n +.RE +.PP filename +.RS 4 The name of the configuration file to be checked. If not specified, it defaults to \fI/etc/named.conf\fR. +.RE .SH "RETURN VALUES" .PP \fBnamed\-checkconf\fR @@ -60,9 +66,13 @@ returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkzone\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index 98f6a42a..a5897711 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.docbook,v 1.3.2.5 2005/05/12 21:35:05 sra Exp $ --> +<!-- $Id: named-checkconf.docbook,v 1.3.2.9 2007/06/19 07:52:23 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -75,7 +76,7 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - chroot to <filename>directory</filename> so that include + Chroot to <filename>directory</filename> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </para> @@ -121,6 +122,9 @@ <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, + <citerefentry> + <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> </refsect1> diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index 10822b64..0e81f621 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.html,v 1.5.2.14 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: named-checkconf.html,v 1.5.2.19 2007/06/20 02:25:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkconf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkconf</span> — named configuration file syntax checking tool</p> @@ -32,18 +32,18 @@ <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549421"></a><h2>DESCRIPTION</h2> +<a name="id2543363"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a named configuration file. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549434"></a><h2>OPTIONS</h2> +<a name="id2543376"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> - chroot to <code class="filename">directory</code> so that include + Chroot to <code class="filename">directory</code> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </p></dd> @@ -60,21 +60,22 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549497"></a><h2>RETURN VALUES</h2> +<a name="id2543438"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549510"></a><h2>SEE ALSO</h2> +<a name="id2543451"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549533"></a><h2>AUTHOR</h2> +<a name="id2543483"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 49768bae..875f834c 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.11.2.7 2006/06/29 13:02:05 marka Exp $ +.\" $Id: named-checkzone.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $ .\" .hy 0 .ad l .\" Title: named\-checkzone .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 13, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -43,29 +43,43 @@ does when loading a zone. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server. .SH "OPTIONS" -.TP 3n +.PP \-d +.RS 4 Enable debugging. -.TP 3n +.RE +.PP \-q +.RS 4 Quiet mode \- exit code only. -.TP 3n +.RE +.PP \-v +.RS 4 Print the version of the \fBnamed\-checkzone\fR program and exit. -.TP 3n +.RE +.PP \-j +.RS 4 When loading the zone file read the journal if it exists. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specify the class of the zone. If not specified "IN" is assumed. -.TP 3n +.RE +.PP zonename +.RS 4 The domain name of the zone being checked. -.TP 3n +.RE +.PP filename +.RS 4 The name of the zone file. +.RE .SH "RETURN VALUES" .PP \fBnamed\-checkzone\fR @@ -73,10 +87,14 @@ returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), RFC 1035, BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index d57f2ac6..0652ac3a 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.docbook,v 1.3.2.6 2005/05/12 21:35:05 sra Exp $ --> +<!-- $Id: named-checkzone.docbook,v 1.3.2.9 2007/06/19 07:52:23 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -161,6 +162,9 @@ <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, + <citerefentry> + <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, <citetitle>RFC 1035</citetitle>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index 417fda09..8bb2cb5c 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.html,v 1.5.2.14 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: named-checkzone.html,v 1.5.2.18 2007/06/20 02:25:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkzone</span> — zone file validity checking tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549440"></a><h2>DESCRIPTION</h2> +<a name="id2543381"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> @@ -42,7 +42,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549460"></a><h2>OPTIONS</h2> +<a name="id2543401"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -76,22 +76,23 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549639"></a><h2>RETURN VALUES</h2> +<a name="id2543512"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549652"></a><h2>SEE ALSO</h2> +<a name="id2543525"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549678"></a><h2>AUTHOR</h2> +<a name="id2543560"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 04d4a28c..39bf92da 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.10 2006/06/29 13:02:05 marka Exp $ +.\" $Id: dig.1,v 1.14.2.17 2007/05/16 06:57:45 marka Exp $ .\" .hy 0 .ad l .\" Title: dig .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -50,7 +50,7 @@ Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR -option is given. Unlike earlier versions, the BIND9 implementation of +option is given. Unlike earlier versions, the BIND 9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line. .PP @@ -65,21 +65,28 @@ It is possible to set per user defaults for \fBdig\fR via \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. +.PP +The IN and CH class names overlap with the IN and CH top level domains names. Either use the +\fB\-t\fR +and +\fB\-c\fR +options to specify the type and class or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of \fBdig\fR looks like: .sp -.RS 3n +.RS 4 .nf dig @server name type .fi .RE .sp where: -.TP 3n +.PP \fBserver\fR +.RS 4 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR argument is a hostname, @@ -91,11 +98,15 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP 3n +.RE +.PP \fBname\fR +.RS 4 is the name of the resource record that is to be looked up. -.TP 3n +.RE +.PP \fBtype\fR +.RS 4 indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR can be any valid query type. If no @@ -103,6 +114,7 @@ can be any valid query type. If no argument is supplied, \fBdig\fR will perform a lookup for an A record. +.RE .SH "OPTIONS" .PP The @@ -114,14 +126,14 @@ The default query class (IN for internet) is overridden by the \fB\-c\fR option. \fIclass\fR -is any valid class, such as HS for Hesiod records or CH for CHAOSNET records. +is any valid class, such as HS for Hesiod records or CH for Chaosnet records. .PP The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file -\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to +\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to \fBdig\fR using the command\-line interface. .PP @@ -136,7 +148,7 @@ will send its queries instead of the standard DNS port number 53. This option wo The \fB\-t\fR option sets the query type to -\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the +\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, \fItype\fR @@ -144,7 +156,7 @@ is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR. .PP -Reverse lookups \- mapping addresses to names \- are simplified by the +Reverse lookups \(em mapping addresses to names \(em are simplified by the \fB\-x\fR option. \fIaddr\fR @@ -192,19 +204,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP 3n +.PP \fB+[no]tcp\fR -Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP 3n +.RS 4 +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. +.RE +.PP \fB+[no]vc\fR +.RS 4 Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP 3n +.RE +.PP \fB+[no]ignore\fR +.RS 4 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP 3n +.RE +.PP \fB+domain=somename\fR +.RS 4 Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR @@ -212,28 +231,40 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP 3n +.RE +.PP \fB+[no]search\fR +.RS 4 Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP 3n +.RE +.PP \fB+[no]defname\fR +.RS 4 Deprecated, treated as a synonym for \fI+[no]search\fR -.TP 3n +.RE +.PP \fB+[no]aaonly\fR +.RS 4 This option does nothing. It is provided for compatibility with old versions of \fBdig\fR where it set an unimplemented resolver flag. -.TP 3n +.RE +.PP \fB+[no]adflag\fR +.RS 4 Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP 3n +.RE +.PP \fB+[no]cdflag\fR +.RS 4 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP 3n +.RE +.PP \fB+[no]recurse\fR +.RS 4 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR normally sends recursive queries. Recursion is automatically disabled when the @@ -241,69 +272,101 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP 3n +.RE +.PP \fB+[no]nssearch\fR +.RS 4 When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP 3n +.RE +.PP \fB+[no]trace\fR +.RS 4 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP 3n +.RE +.PP \fB+[no]cmd\fR -toggles the printing of the initial comment in the output identifying the version of +.RS 4 +Toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP 3n +.RE +.PP \fB+[no]short\fR +.RS 4 Provide a terse answer. The default is to print the answer in a verbose form. -.TP 3n +.RE +.PP \fB+[no]identify\fR +.RS 4 Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP 3n +.RE +.PP \fB+[no]comments\fR +.RS 4 Toggle the display of comment lines in the output. The default is to print comments. -.TP 3n +.RE +.PP \fB+[no]stats\fR -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP 3n +.RS 4 +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. +.RE +.PP \fB+[no]qr\fR +.RS 4 Print [do not print] the query as it is sent. By default, the query is not printed. -.TP 3n +.RE +.PP \fB+[no]question\fR +.RS 4 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP 3n +.RE +.PP \fB+[no]answer\fR +.RS 4 Display [do not display] the answer section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]authority\fR +.RS 4 Display [do not display] the authority section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]additional\fR +.RS 4 Display [do not display] the additional section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]all\fR +.RS 4 Set or clear all display flags. -.TP 3n +.RE +.PP \fB+time=T\fR +.RS 4 Sets the timeout for a query to \fIT\fR -seconds. The default time out is 5 seconds. An attempt to set +seconds. The default timeout is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP 3n +.RE +.PP \fB+tries=T\fR +.RS 4 Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of retries is silently rounded up to 1. -.TP 3n +.RE +.PP \fB+ndots=D\fR +.RS 4 Set the number of dots that have to appear in \fIname\fR to @@ -315,25 +378,36 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP 3n +.RE +.PP \fB+bufsize=B\fR +.RS 4 Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP 3n +.RE +.PP \fB+[no]multiline\fR +.RS 4 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP 3n +.RE +.PP \fB+[no]fail\fR -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP 3n +.RS 4 +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. +.RE +.PP \fB+[no]besteffort\fR +.RS 4 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP 3n +.RE +.PP \fB+[no]dnssec\fR +.RS 4 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. +.RE .SH "MULTIPLE QUERIES" .PP The BIND 9 implementation of @@ -350,7 +424,7 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp -.RS 3n +.RS 4 .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi @@ -381,8 +455,11 @@ isc.org. \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035. -.SH "BUGS " +.SH "BUGS" .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 32229118..95a23fa9 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.22 2006/07/22 23:52:56 marka Exp $ */ +/* $Id: dig.c,v 1.157.2.24 2007/04/24 23:45:24 tbox Exp $ */ #include <config.h> #include <stdlib.h> @@ -538,42 +538,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { } } -/* - * Reorder an argument list so that server names all come at the end. - * This is a bit of a hack, to allow batch-mode processing to properly - * handle the server options. - */ -static void -reorder_args(int argc, char *argv[]) { - int i, j; - char *ptr; - int end; - - debug("reorder_args()"); - end = argc - 1; - while (argv[end][0] == '@') { - end--; - if (end == 0) - return; - } - debug("arg[end]=%s", argv[end]); - for (i = 1; i < end - 1; i++) { - if (argv[i][0] == '@') { - debug("arg[%d]=%s", i, argv[i]); - ptr = argv[i]; - for (j = i + 1; j < end; j++) { - debug("Moving %s to %d", argv[j], j - 1); - argv[j - 1] = argv[j]; - } - debug("moving %s to end, %d", ptr, end - 1); - argv[end - 1] = ptr; - end--; - if (end < 1) - return; - } - } -} - static isc_uint32_t parse_uint(char *arg, const char *desc, isc_uint32_t max) { char *endp; @@ -859,7 +823,8 @@ plus_option(char *option, isc_boolean_t is_batchfile, */ static isc_boolean_t dash_option(char *option, char *next, dig_lookup_t **lookup, - isc_boolean_t *open_type_class) + isc_boolean_t *open_type_class, isc_boolean_t *need_clone, + int argc, char **argv, isc_boolean_t *firstarg) { char cmd, *value, *ptr; isc_result_t result; @@ -993,7 +958,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, keysecret[sizeof(keysecret)-1]=0; return (value_from_next); case 'x': - *lookup = clone_lookup(default_lookup, ISC_TRUE); + if (*need_clone) + *lookup = clone_lookup(default_lookup, ISC_TRUE); + *need_clone = ISC_TRUE; if (get_reverse(textname, value, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { @@ -1008,6 +975,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, if (!(*lookup)->rdclassset) (*lookup)->rdclass = dns_rdataclass_in; (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, *lookup, link); } else { fprintf(stderr, "Invalid IP address %s\n", value); @@ -1091,6 +1062,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, char rcfile[256]; #endif char *input; + int i; + isc_boolean_t need_clone = ISC_TRUE; /* * The semantics for parsing the args is a bit complex; if @@ -1134,7 +1107,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug(".digrc argv %d: %s", + i, bargv[i]); parse_args(ISC_TRUE, ISC_TRUE, bargc, (char **)bargv); } @@ -1143,7 +1118,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, #endif } - lookup = default_lookup; + if (is_batchfile && !config_only) { + /* Processing '-f batchfile'. */ + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_FALSE; + } else + lookup = default_lookup; rc = argc; rv = argv; @@ -1159,13 +1139,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, } else if (rv[0][0] == '-') { if (rc <= 1) { if (dash_option(&rv[0][1], NULL, - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } } else { if (dash_option(&rv[0][1], rv[1], - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } @@ -1232,21 +1216,29 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, continue; } } + if (!config_only) { - lookup = clone_lookup(default_lookup, - ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, + ISC_TRUE); + need_clone = ISC_TRUE; strncpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; + if (firstarg) { + printgreeting(argc, argv, lookup); + firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, lookup, link); debug("looking up %s", lookup->textname); } /* XXX Error message */ } } + /* * If we have a batchfile, seed the lookup list with the * first entry, then trust the callback in dighost_shutdown @@ -1281,15 +1273,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); + return; } + return; } /* * If no lookup specified, search for root */ if ((lookup_list.head == NULL) && !config_only) { - lookup = clone_lookup(default_lookup, ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_TRUE; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; @@ -1301,10 +1298,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, firstarg = ISC_FALSE; } ISC_LIST_APPEND(lookup_list, lookup, link); - } else if (!config_only && firstarg) { - printgreeting(argc, argv, lookup); - firstarg = ISC_FALSE; } + if (!need_clone) + destroy_lookup(lookup); } /* @@ -1318,7 +1314,7 @@ dighost_shutdown(void) { int bargc; char *bargv[16]; char *input; - + int i; if (batchname == NULL) { isc_app_shutdown(); @@ -1346,7 +1342,8 @@ dighost_shutdown(void) { bargv[0] = argv0; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); start_lookup(); } else { @@ -1361,7 +1358,6 @@ dighost_shutdown(void) { int main(int argc, char **argv) { isc_result_t result; - dig_server_t *s, *s2; ISC_LIST_INIT(lookup_list); ISC_LIST_INIT(server_list); @@ -1382,16 +1378,7 @@ main(int argc, char **argv) { result = isc_app_onrun(mctx, global_task, onrun_callback, NULL); check_result(result, "isc_app_onrun"); isc_app_run(); - s = ISC_LIST_HEAD(default_lookup->my_server_list); - while (s != NULL) { - debug("freeing server %p belonging to %p", - s, default_lookup); - s2 = s; - s = ISC_LIST_NEXT(s, link); - ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link); - isc_mem_free(mctx, s2); - } - isc_mem_free(mctx, default_lookup); + destroy_lookup(default_lookup); if (batchname != NULL) { if (batchfp != stdin) fclose(batchfp); diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 15fed4fa..591417c7 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.4.2.11 2005/05/12 21:35:06 sra Exp $ --> +<!-- $Id: dig.docbook,v 1.4.2.18 2007/05/16 02:07:44 marka Exp $ --> <refentry> @@ -36,6 +36,8 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -98,7 +100,7 @@ Although <command>dig</command> is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the <option>-h</option> option is given. -Unlike earlier versions, the BIND9 implementation of +Unlike earlier versions, the BIND 9 implementation of <command>dig</command> allows multiple lookups to be issued from the command line. </para> @@ -120,6 +122,13 @@ It is possible to set per user defaults for <command>dig</command> via are applied before the command line arguments. </para> + <para> + The IN and CH class names overlap with the IN and CH top level + domains names. Either use the <option>-t</option> and + <option>-c</option> options to specify the type and class or + use "IN." and "CH." when looking up these top level domains. + </para> + </refsect1> <refsect1> @@ -175,14 +184,14 @@ one of the host's network interfaces. <para> The default query class (IN for internet) is overridden by the <option>-c</option> option. <parameter>class</parameter> is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. +class, such as HS for Hesiod records or CH for Chaosnet records. </para> <para> The <option>-f</option> option makes <command>dig </command> operate in batch mode by reading a list of lookup requests to process from the file <parameter>filename</parameter>. The file contains a number of -queries, one per line. Each entry in the file should be organised in +queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to <command>dig</command> using the command-line interface. </para> @@ -199,7 +208,7 @@ on a non-standard port number. <para> The <option>-t</option> option sets the query type to <parameter>type</parameter>. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the +supported in BIND 9. The default query type is "A", unless the <option>-x</option> option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, @@ -210,7 +219,7 @@ since the serial number in the zone's SOA record was </para> <para> -Reverse lookups - mapping addresses to names - are simplified by the +Reverse lookups — mapping addresses to names — are simplified by the <option>-x</option> option. <parameter>addr</parameter> is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the @@ -272,7 +281,7 @@ The query options are: <varlistentry><term><option>+[no]tcp</option></term> <listitem><para> Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in +behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. </para></listitem></varlistentry> @@ -360,7 +369,7 @@ resolve the lookup. <varlistentry><term><option>+[no]cmd</option></term> <listitem><para> -toggles the printing of the initial comment in the output identifying +Toggles the printing of the initial comment in the output identifying the version of <command>dig</command> and the query options that have been applied. This comment is printed by default. </para></listitem></varlistentry> @@ -388,7 +397,7 @@ print comments. <varlistentry><term><option>+[no]stats</option></term> <listitem><para> This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is +was made, the size of the reply and so on. The default behavior is to print the query statistics. </para></listitem></varlistentry> @@ -431,7 +440,7 @@ Set or clear all display flags. <listitem><para> Sets the timeout for a query to -<parameter>T</parameter> seconds. The default time out is 5 seconds. +<parameter>T</parameter> seconds. The default timeout is 5 seconds. An attempt to set <parameter>T</parameter> to less than 1 will result in a query timeout of 1 second being applied. </para></listitem></varlistentry> @@ -478,7 +487,7 @@ of the <command>dig</command> output. <listitem><para> Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver -behaviour. +behavior. </para> </listitem></varlistentry> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 34d3a4ff..9f2e995b 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.6.2.15 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: dig.html,v 1.6.2.23 2007/05/16 06:57:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dig</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>dig — DNS lookup utility</p> @@ -34,7 +34,7 @@ <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549529"></a><h2>DESCRIPTION</h2> +<a name="id2543474"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -49,7 +49,7 @@ Although <span><strong class="command">dig</strong></span> is normally used with arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the <code class="option">-h</code> option is given. -Unlike earlier versions, the BIND9 implementation of +Unlike earlier versions, the BIND 9 implementation of <span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the command line. </p> @@ -67,9 +67,15 @@ It is possible to set per user defaults for <span><strong class="command">dig</s <code class="filename">${HOME}/.digrc</code>. This file is read and any options in it are applied before the command line arguments. </p> +<p> + The IN and CH class names overlap with the IN and CH top level + domains names. Either use the <code class="option">-t</code> and + <code class="option">-c</code> options to specify the type and class or + use "IN." and "CH." when looking up these top level domains. + </p> </div> <div class="refsect1" lang="en"> -<a name="id2549656"></a><h2>SIMPLE USAGE</h2> +<a name="id2543542"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -107,7 +113,7 @@ ANY, A, MX, SIG, etc. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549735"></a><h2>OPTIONS</h2> +<a name="id2543621"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid address on @@ -116,13 +122,13 @@ one of the host's network interfaces. <p> The default query class (IN for internet) is overridden by the <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. +class, such as HS for Hesiod records or CH for Chaosnet records. </p> <p> The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate in batch mode by reading a list of lookup requests to process from the file <em class="parameter"><code>filename</code></em>. The file contains a number of -queries, one per line. Each entry in the file should be organised in +queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to <span><strong class="command">dig</strong></span> using the command-line interface. </p> @@ -137,7 +143,7 @@ on a non-standard port number. <p> The <code class="option">-t</code> option sets the query type to <em class="parameter"><code>type</code></em>. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the +supported in BIND 9. The default query type is "A", unless the <code class="option">-x</code> option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, @@ -147,7 +153,7 @@ since the serial number in the zone's SOA record was <em class="parameter"><code>N</code></em>. </p> <p> -Reverse lookups - mapping addresses to names - are simplified by the +Reverse lookups — mapping addresses to names — are simplified by the <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the @@ -181,7 +187,7 @@ being used. In BIND, this is done by providing appropriate </p> </div> <div class="refsect1" lang="en"> -<a name="id2549969"></a><h2>QUERY OPTIONS</h2> +<a name="id2543786"></a><h2>QUERY OPTIONS</h2> <p> <span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -202,7 +208,7 @@ The query options are: <dt><span class="term"><code class="option">+[no]tcp</code></span></dt> <dd><p> Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in +behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. </p></dd> <dt><span class="term"><code class="option">+[no]vc</code></span></dt> @@ -278,7 +284,7 @@ resolve the lookup. </p></dd> <dt><span class="term"><code class="option">+[no]cmd</code></span></dt> <dd><p> -toggles the printing of the initial comment in the output identifying +Toggles the printing of the initial comment in the output identifying the version of <span><strong class="command">dig</strong></span> and the query options that have been applied. This comment is printed by default. </p></dd> @@ -302,7 +308,7 @@ print comments. <dt><span class="term"><code class="option">+[no]stats</code></span></dt> <dd><p> This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is +was made, the size of the reply and so on. The default behavior is to print the query statistics. </p></dd> <dt><span class="term"><code class="option">+[no]qr</code></span></dt> @@ -338,7 +344,7 @@ Set or clear all display flags. <dd><p> Sets the timeout for a query to -<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds. +<em class="parameter"><code>T</code></em> seconds. The default timeout is 5 seconds. An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result in a query timeout of 1 second being applied. </p></dd> @@ -378,7 +384,7 @@ of the <span><strong class="command">dig</strong></span> output. <dd><p> Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver -behaviour. +behavior. </p></dd> <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt> <dd><p> @@ -396,7 +402,7 @@ in the OPT record in the additional section of the query. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550535"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2544354"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports specifying multiple queries on the command line (in addition to @@ -437,7 +443,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550594"></a><h2>FILES</h2> +<a name="id2544481"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> @@ -446,7 +452,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550613"></a><h2>SEE ALSO</h2> +<a name="id2544500"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -455,7 +461,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550651"></a><h2>BUGS </h2> +<a name="id2544606"></a><h2>BUGS </h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 822fde6b..a9ad9c68 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.34 2006/12/07 01:36:49 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.38 2007/04/24 07:46:40 each Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -382,12 +382,12 @@ set_nameserver(char *opt) { flush_server_list(); for (i = 0; i < count; i++) { - isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); - isc_netaddr_format(&netaddr, tmp, sizeof(tmp)); - srv = make_server(tmp, opt); - if (srv == NULL) - fatal("memory allocation failure"); - ISC_LIST_APPEND(server_list, srv, link); + isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); + isc_netaddr_format(&netaddr, tmp, sizeof(tmp)); + srv = make_server(tmp, opt); + if (srv == NULL) + fatal("memory allocation failure"); + ISC_LIST_APPEND(server_list, srv, link); } } @@ -472,6 +472,8 @@ make_empty_lookup(void) { looknew->section_authority = ISC_TRUE; looknew->section_additional = ISC_TRUE; looknew->new_search = ISC_FALSE; + looknew->done_as_is = ISC_FALSE; + looknew->need_search = ISC_FALSE; ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->my_server_list); @@ -528,6 +530,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->section_additional = lookold->section_additional; looknew->retries = lookold->retries; looknew->tsigctx = NULL; + looknew->need_search = lookold->need_search; + looknew->done_as_is = lookold->done_as_is; if (servers) clone_server_list(lookold->my_server_list, @@ -941,9 +945,7 @@ clear_query(dig_query_t *query) { */ static isc_boolean_t try_clear_lookup(dig_lookup_t *lookup) { - dig_server_t *s; dig_query_t *q; - void *ptr; REQUIRE(lookup != NULL); @@ -965,7 +967,16 @@ try_clear_lookup(dig_lookup_t *lookup) { * At this point, we know there are no queries on the lookup, * so can make it go away also. */ - debug("cleared"); + destroy_lookup(lookup); + return (ISC_TRUE); +} + +void +destroy_lookup(dig_lookup_t *lookup) { + dig_server_t *s; + void *ptr; + + debug("destroy"); s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", @@ -991,7 +1002,6 @@ try_clear_lookup(dig_lookup_t *lookup) { dst_context_destroy(&lookup->tsigctx); isc_mem_free(mctx, lookup); - return (ISC_TRUE); } /* @@ -1153,6 +1163,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) static isc_boolean_t next_origin(dns_message_t *msg, dig_query_t *query) { dig_lookup_t *lookup; + dig_searchlist_t *search; UNUSED(msg); @@ -1167,13 +1178,22 @@ next_origin(dns_message_t *msg, dig_query_t *query) { * about finding the next entry. */ return (ISC_FALSE); - if (query->lookup->origin == NULL) + if (query->lookup->origin == NULL && !query->lookup->need_search) /* * Then we just did rootorg; there's nothing left. */ return (ISC_FALSE); - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link); + if (query->lookup->origin == NULL && query->lookup->need_search) { + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } else { + search = ISC_LIST_NEXT(query->lookup->origin, link); + if (search == NULL && query->lookup->done_as_is) + return (ISC_FALSE); + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = search; + } cancel_lookup(query->lookup); return (ISC_TRUE); } @@ -1295,12 +1315,17 @@ setup_lookup(dig_lookup_t *lookup) { * take the first entry in the searchlist iff either usesearch * is TRUE or we got a domain line in the resolv.conf file. */ - /* XXX New search here? */ - if ((count_dots(lookup->textname) >= ndots) || !usesearch) - lookup->origin = NULL; /* Force abs lookup */ - else if (lookup->origin == NULL && lookup->new_search && usesearch) { - lookup->origin = ISC_LIST_HEAD(search_list); + if (lookup->new_search) { + if ((count_dots(lookup->textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } } + if (lookup->origin != NULL) { debug("trying origin %s", lookup->origin->origin); result = dns_message_gettempname(lookup->sendmsg, @@ -2299,7 +2324,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { } } - result = dns_message_peekheader(b, &id, &msgflags); + result = dns_message_peekheader(b, &id, &msgflags); if (result != ISC_R_SUCCESS || l->sendmsg->id != id) { match = ISC_FALSE; if (l->tcp_mode) { @@ -2486,7 +2511,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->doing_xfr || l->xfr_q == query) { - if (msg->rcode != dns_rcode_noerror && l->origin != NULL) { + if (msg->rcode != dns_rcode_noerror && + (l->origin != NULL || l->need_search)) { if (!next_origin(msg, query)) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); diff --git a/bin/dig/host.1 b/bin/dig/host.1 index e7199693..556573fe 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.6 2006/06/29 13:02:05 marka Exp $ +.\" $Id: host.1,v 1.11.2.9 2007/05/09 03:32:21 marka Exp $ .\" .hy 0 .ad l .\" Title: host .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -128,7 +128,7 @@ makes. This should mean that the name server receiving the query will not attemp \fB\-r\fR option enables \fBhost\fR -to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. +to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. .PP By default \fBhost\fR @@ -140,7 +140,7 @@ The \fB\-t\fR option is used to select the query type. \fItype\fR -can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, +can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR automatically selects an appropriate query type. By default it looks for A records, but if the \fB\-C\fR @@ -175,4 +175,7 @@ will effectively wait forever for a reply. The time to wait for a response will \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/dig/host.c b/bin/dig/host.c index 29a20169..c61da3e9 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.76.2.10 2005/07/04 03:22:04 marka Exp $ */ +/* $Id: host.c,v 1.76.2.12 2007/04/24 23:45:24 tbox Exp $ */ #include <config.h> #include <stdlib.h> @@ -434,8 +434,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (msg->rcode != 0) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, namestr, sizeof(namestr)); - printf("Host %s not found: %d(%s)\n", namestr, - msg->rcode, rcodetext[msg->rcode]); + printf("Host %s not found: %d(%s)\n", + (msg->rcode != dns_rcode_nxdomain) ? namestr : + query->lookup->textname, msg->rcode, + rcodetext[msg->rcode]); return (ISC_R_SUCCESS); } if (!short_form) { diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index 2eb8284d..4fbf2d43 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.2.2.5 2005/05/12 21:35:06 sra Exp $ --> +<!-- $Id: host.docbook,v 1.2.2.8 2007/05/09 02:11:44 marka Exp $ --> <refentry> @@ -36,6 +36,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -159,7 +160,7 @@ desired — bit in the query which <command>host</command> makes. This should mean that the name server receiving the query will not attempt to resolve <parameter>name</parameter>. The <option>-r</option> option enables <command>host</command> to mimic -the behaviour of a name server by making non-recursive queries and +the behavior of a name server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. </para> @@ -173,7 +174,7 @@ require it, such as zone transfer (AXFR) requests. <para> The <option>-t</option> option is used to select the query type. -<parameter>type</parameter> can be any recognised query type: CNAME, +<parameter>type</parameter> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <command>host</command> automatically selects an appropriate query type. By default it looks for A records, but if the diff --git a/bin/dig/host.html b/bin/dig/host.html index fdfeaee6..77070cbd 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.4.2.12 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: host.html,v 1.4.2.16 2007/05/09 03:32:21 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>host</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>host — DNS lookup utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549461"></a><h2>DESCRIPTION</h2> +<a name="id2543402"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. @@ -114,7 +114,7 @@ desired — bit in the query which <span><strong class="command">host</stron This should mean that the name server receiving the query will not attempt to resolve <em class="parameter"><code>name</code></em>. The <code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic -the behaviour of a name server by making non-recursive queries and +the behavior of a name server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. </p> @@ -126,7 +126,7 @@ require it, such as zone transfer (AXFR) requests. </p> <p> The <code class="option">-t</code> option is used to select the query type. -<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME, +<em class="parameter"><code>type</code></em> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <span><strong class="command">host</strong></span> automatically selects an appropriate query type. By default it looks for A records, but if the @@ -148,13 +148,13 @@ value for an integer quantity. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549846"></a><h2>FILES</h2> +<a name="id2543651"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2549859"></a><h2>SEE ALSO</h2> +<a name="id2543664"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index b5392252..bdf93e99 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.71.2.15 2006/12/07 01:36:50 marka Exp $ */ +/* $Id: dig.h,v 1.71.2.18 2007/04/24 23:45:25 tbox Exp $ */ #ifndef DIG_H #define DIG_H @@ -100,6 +100,8 @@ struct dig_lookup { section_additional, servfail_stops, new_search, + need_search, + done_as_is, besteffort, dnssec; char textname[MXNAME]; /* Name we're going to be looking up */ @@ -243,6 +245,9 @@ void setup_lookup(dig_lookup_t *lookup); void +destroy_lookup(dig_lookup_t *lookup); + +void do_lookup(dig_lookup_t *lookup); void diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index b8490466..68a1a1d5 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.4.7 2006/06/29 13:02:05 marka Exp $ +.\" $Id: nslookup.1,v 1.1.4.12 2007/05/16 06:57:45 marka Exp $ .\" .hy 0 .ad l .\" Title: nslookup .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3n +.TP 4 1. when no arguments are given (the default name server will be used) -.TP 3n +.TP 4 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. .sp @@ -54,17 +54,22 @@ when the first argument is a hyphen (\-) and the second argument is the host nam Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE +.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP 3n -host [server] +.PP +\fBhost\fR [server] +.RS 4 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP 3n +.RE +.PP \fBserver\fR \fIdomain\fR -.TP 3n +.RS 4 +.RE +.PP \fBlserver\fR \fIdomain\fR +.RS 4 Change the default server to \fIdomain\fR; \fBlserver\fR @@ -72,107 +77,158 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP 3n +.RE +.PP \fBroot\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBfinger\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBls\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBview\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBhelp\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fB?\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBexit\fR +.RS 4 Exits the program. -.TP 3n +.RE +.PP \fBset\fR \fIkeyword\fR\fI[=value]\fR +.RS 4 This command is used to change state information that affects the lookups. Valid keywords are: -.RS 3n -.TP 3n +.RS 4 +.PP \fBall\fR +.RS 4 Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP 3n +.RE +.PP \fBclass=\fR\fIvalue\fR +.RS 4 Change the query class to one of: -.RS 3n -.TP 3n +.RS 4 +.PP \fBIN\fR +.RS 4 the Internet class -.TP 3n +.RE +.PP \fBCH\fR +.RS 4 the Chaos class -.TP 3n +.RE +.PP \fBHS\fR +.RS 4 the Hesiod class -.TP 3n +.RE +.PP \fBANY\fR +.RS 4 wildcard .RE -.IP "" 3n +.RE +.IP "" 4 The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBdebug\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RS 4 +Turn on or off the display of the full response packet and any intermediate response packets when searching. .sp (Default = nodebug; abbreviation = [no]deb) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBd2\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RS 4 +Turn debugging mode on or off. This displays more about what nslookup is doing. .sp (Default = nod2) -.TP 3n +.RE +.PP \fBdomain=\fR\fIname\fR +.RS 4 Sets the search list to \fIname\fR. -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBsearch\fR +.RS 4 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP 3n +.RE +.PP \fBport=\fR\fIvalue\fR +.RS 4 Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP 3n +.RE +.PP \fBquerytype=\fR\fIvalue\fR -.TP 3n +.RS 4 +.RE +.PP \fBtype=\fR\fIvalue\fR +.RS 4 Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBrecurse\fR +.RS 4 Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP 3n +.RE +.PP \fBretry=\fR\fInumber\fR +.RS 4 Set the number of retries to number. -.TP 3n +.RE +.PP \fBtimeout=\fR\fInumber\fR +.RS 4 Change the initial timeout interval for waiting for a reply to number seconds. -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBvc\fR +.RS 4 Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP "" 3n +.RE +.IP "" 4 +.RE .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -185,4 +241,5 @@ Always use a virtual circuit when sending requests to the server. .PP Andrew Cherenson .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index c6bf1117..7bad0f38 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.90.2.13 2006/06/09 23:50:52 marka Exp $ */ +/* $Id: nslookup.c,v 1.90.2.15 2007/04/24 23:45:24 tbox Exp $ */ #include <config.h> @@ -396,8 +396,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { char nametext[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, nametext, sizeof(nametext)); - printf("** server can't find %s: %s\n", nametext, - rcodetext[msg->rcode]); + printf("** server can't find %s: %s\n", + (msg->rcode != dns_rcode_nxdomain) ? nametext : + query->lookup->textname, rcodetext[msg->rcode]); debug("returning with rcode == 0"); return (ISC_R_SUCCESS); } diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index 0b8e3abf..ce3b78db 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.docbook,v 1.3.4.7 2006/01/06 00:01:41 marka Exp $ --> +<!-- $Id: nslookup.docbook,v 1.3.4.12 2007/05/16 02:07:44 marka Exp $ --> <!-- - Copyright (c) 1985, 1989 @@ -69,6 +69,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -141,7 +142,7 @@ nslookup -query=hinfo -timeout=10 <refsect1> <title>INTERACTIVE COMMANDS</title> <variablelist> -<varlistentry><term>host <optional>server</optional></term> +<varlistentry><term><constant>host</constant> <optional>server</optional></term> <listitem><para> Look up information for host using the current default server or using server, if specified. If host is an Internet address and @@ -221,18 +222,16 @@ the lookups. Valid keywords are: <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term> <listitem><para> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn on or off the display of the full response packet and + any intermediate response packets when searching. </para><para> (Default = nodebug; abbreviation = <optional>no</optional>deb) </para></listitem></varlistentry> <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term> <listitem><para> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn debugging mode on or off. This displays more about + what nslookup is doing. </para><para> (Default = nod2) </para></listitem></varlistentry> diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index 3141058b..75996403 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.html,v 1.1.4.13 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: nslookup.html,v 1.1.4.19 2007/05/16 06:57:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nslookup</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482694"></a><div class="titlepage"></div> +<a name="id2476276"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nslookup — query Internet name servers interactively</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549404"></a><h2>DESCRIPTION</h2> +<a name="id2543346"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> @@ -43,7 +43,7 @@ domain. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549421"></a><h2>ARGUMENTS</h2> +<a name="id2543363"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -75,9 +75,9 @@ nslookup -query=hinfo -timeout=10 </p> </div> <div class="refsect1" lang="en"> -<a name="id2549464"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2543405"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> -<dt><span class="term">host [<span class="optional">server</span>]</span></dt> +<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt> <dd> <p> Look up information for host using the current default server or @@ -151,9 +151,8 @@ the lookups. Valid keywords are: <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt> <dd> <p> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn on or off the display of the full response packet and + any intermediate response packets when searching. </p> <p> (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb) @@ -162,9 +161,8 @@ the lookups. Valid keywords are: <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt> <dd> <p> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn debugging mode on or off. This displays more about + what nslookup is doing. </p> <p> (Default = nod2) @@ -241,13 +239,13 @@ the lookups. Valid keywords are: </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549990"></a><h2>FILES</h2> +<a name="id2543797"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2550003"></a><h2>SEE ALSO</h2> +<a name="id2543810"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, @@ -255,7 +253,7 @@ the lookups. Valid keywords are: </p> </div> <div class="refsect1" lang="en"> -<a name="id2550038"></a><h2>Author</h2> +<a name="id2543845"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index afa4de42..3b466265 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.2.6 2006/06/29 13:02:05 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.2.9 2007/05/09 03:32:21 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-keygen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -39,39 +39,56 @@ dnssec\-keygen \- DNSSEC key generation tool \fBdnssec\-keygen\fR generates keys for DNSSEC (Secure DNS), as defined in RFC 2535. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" -.TP 3n +.PP \-a \fIalgorithm\fR +.RS 4 Selects the cryptographic algorithm. The value of \fBalgorithm\fR must be one of RSAMD5 or RSA, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive. .sp Note that for DNSSEC, DSA is a mandatory to implement algorithm, and RSA is recommended. For TSIG, HMAC\-MD5 is mandatory. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. -.TP 3n +.RE +.PP \-n \fInametype\fR +.RS 4 Specifies the owner type of the key. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key), HOST or ENTITY (for a key associated with a host), or USER (for a key associated with a user). These values are case insensitive. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. -.TP 3n +.RE +.PP \-e +.RS 4 If generating an RSA key, use a large exponent. -.TP 3n +.RE +.PP \-g \fIgenerator\fR +.RS 4 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR. -.TP 3n +.RE +.PP \-p \fIprotocol\fR +.RS 4 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 2 (email) for keys of type USER and 3 (DNSSEC) for all other key types. Other possible values for this argument are listed in RFC 2535 and its successors. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -79,17 +96,24 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIstrength\fR +.RS 4 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. -.TP 3n +.RE +.PP \-t \fItype\fR +.RS 4 Indicates the use of the key. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. +.RE .SH "GENERATED KEYS" .PP When @@ -98,23 +122,21 @@ completes successfully, it prints a string of the form \fIKnnnn.+aaa+iiiii\fR to the standard output. This is an identification string for the key it has generated. These strings can be used as arguments to \fBdnssec\-makekeyset\fR. -.TP 3n +.TP 4 \(bu \fInnnn\fR is the key name. -.TP 3n +.TP 4 \(bu \fIaaa\fR is the numeric representation of the algorithm. -.TP 3n +.TP 4 \(bu \fIiiiii\fR is the key identifier (or footprint). -.sp -.RE .PP \fBdnssec\-keygen\fR -creates two file, with names based on the printed string. +creates two files, with names based on the printed string. \fIKnnnn.+aaa+iiiii.key\fR contains the public key, and \fIKnnnn.+aaa+iiiii.private\fR @@ -126,13 +148,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o .PP The \fI.private\fR -file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission. +file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission. .PP Both \fI.key\fR and \fI.private\fR -files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent. +files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent. .SH "EXAMPLE" .PP To generate a 768\-bit DSA key for the domain @@ -149,7 +171,7 @@ In this example, creates the files \fIKexample.com.+003+26160.key\fR and -\fIKexample.com.+003+26160.private\fR +\fIKexample.com.+003+26160.private\fR. .SH "SEE ALSO" .PP \fBdnssec\-makekeyset\fR(8), @@ -163,4 +185,7 @@ RFC 2539. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 103cc124..924474dc 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -1,6 +1,6 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (C) 2000, 2001 Internet Software Consortium. + * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2001 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * * Permission to use, copy, modify, and distribute this software for any @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.48.2.2 2004/03/09 06:09:14 marka Exp $ */ +/* $Id: dnssec-keygen.c,v 1.48.2.4 2007/01/18 00:06:02 marka Exp $ */ #include <config.h> diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 998a94a5..ea8611cc 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.3.2.4 2005/05/12 21:35:07 sra Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.3.2.7 2007/05/09 02:11:44 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -258,7 +259,7 @@ </listitem> </itemizedlist> <para> - <command>dnssec-keygen</command> creates two file, with names based + <command>dnssec-keygen</command> creates two files, with names based on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename> contains the public key, and <filename>Knnnn.+aaa+iiiii.private</filename> contains the private @@ -270,13 +271,13 @@ statement). </para> <para> - The <filename>.private</filename> file contains algorithm specific + The <filename>.private</filename> file contains algorithm-specific fields. For obvious security reasons, this file does not have general read permission. </para> <para> Both <filename>.key</filename> and <filename>.private</filename> - files are generated for symmetric encryption algorithm such as + files are generated for symmetric encryption algorithms such as HMAC-MD5, even though the public and private key are equivalent. </para> </refsect1> @@ -300,7 +301,7 @@ <para> In this example, <command>dnssec-keygen</command> creates the files <filename>Kexample.com.+003+26160.key</filename> and - <filename>Kexample.com.+003+26160.private</filename> + <filename>Kexample.com.+003+26160.private</filename>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index e0b921f6..11b98646 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.5.2.12 2006/06/29 13:02:05 marka Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.5.2.16 2007/05/09 03:32:21 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-keygen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-keygen</span> — DNSSEC key generation tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549501"></a><h2>DESCRIPTION</h2> +<a name="id2543443"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535. It can also generate @@ -41,7 +41,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549514"></a><h2>OPTIONS</h2> +<a name="id2543456"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -133,7 +133,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549886"></a><h2>GENERATED KEYS</h2> +<a name="id2543691"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> @@ -154,7 +154,7 @@ </p></li> </ul></div> <p> - <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based + <span><strong class="command">dnssec-keygen</strong></span> creates two files, with names based on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code> contains the public key, and <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private @@ -166,18 +166,18 @@ statement). </p> <p> - The <code class="filename">.private</code> file contains algorithm specific + The <code class="filename">.private</code> file contains algorithm-specific fields. For obvious security reasons, this file does not have general read permission. </p> <p> Both <code class="filename">.key</code> and <code class="filename">.private</code> - files are generated for symmetric encryption algorithm such as + files are generated for symmetric encryption algorithms such as HMAC-MD5, even though the public and private key are equivalent. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549978"></a><h2>EXAMPLE</h2> +<a name="id2543783"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -195,11 +195,11 @@ <p> In this example, <span><strong class="command">dnssec-keygen</strong></span> creates the files <code class="filename">Kexample.com.+003+26160.key</code> and - <code class="filename">Kexample.com.+003+26160.private</code> + <code class="filename">Kexample.com.+003+26160.private</code>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550024"></a><h2>SEE ALSO</h2> +<a name="id2543829"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>, @@ -211,7 +211,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550076"></a><h2>AUTHOR</h2> +<a name="id2543881"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-makekeyset.8 b/bin/dnssec/dnssec-makekeyset.8 index 12e8ffda..903c077e 100644 --- a/bin/dnssec/dnssec-makekeyset.8 +++ b/bin/dnssec/dnssec-makekeyset.8 @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-makekeyset.8,v 1.16.2.8 2006/06/29 13:02:05 marka Exp $ +.\" $Id: dnssec-makekeyset.8,v 1.16.2.9 2006/12/12 01:42:53 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-makekeyset .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -43,29 +43,40 @@ generates a key set from one or more keys created by \fInnnn\fR is the zone name. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Verify all generated signatures. -.TP 3n +.RE +.PP \-s \fIstart\-time\fR +.RS 4 Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time is used. -.TP 3n +.RE +.PP \-e \fIend\-time\fR +.RS 4 Specify the date and time when the generated SIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-makekeyset\fR. -.TP 3n +.RE +.PP \-p +.RS 4 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -73,18 +84,25 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-t \fIttl\fR +.RS 4 Specify the TTL (time to live) of the KEY and SIG records. The default is 3600 seconds. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. -.TP 3n +.RE +.PP key +.RS 4 The list of keys to be included in the keyset file. These keys are expressed in the form \fIKnnnn.+aaa+iiiii\fR as generated by \fBdnssec\-keygen\fR. +.RE .SH "EXAMPLE" .PP The following command generates a keyset containing the DSA key for @@ -118,3 +136,6 @@ RFC 2535. Internet Systems Consortium .SH "COPYRIGHT" Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-makekeyset.html b/bin/dnssec/dnssec-makekeyset.html index 33e2d66e..4ca22cda 100644 --- a/bin/dnssec/dnssec-makekeyset.html +++ b/bin/dnssec/dnssec-makekeyset.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-makekeyset.html,v 1.4.2.14 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: dnssec-makekeyset.html,v 1.4.2.16 2007/01/26 23:26:58 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-makekeyset</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-makekeyset</span> — DNSSEC zone signing tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-makekeyset</code> [<code class="option">-a</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code><em class="replaceable"><code>ttl</code></em>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {key...}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549465"></a><h2>DESCRIPTION</h2> +<a name="id2543403"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-makekeyset</strong></span> generates a key set from one or more keys created by <span><strong class="command">dnssec-keygen</strong></span>. It creates @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549489"></a><h2>OPTIONS</h2> +<a name="id2543427"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -111,7 +111,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549804"></a><h2>EXAMPLE</h2> +<a name="id2543606"></a><h2>EXAMPLE</h2> <p> The following command generates a keyset containing the DSA key for <strong class="userinput"><code>example.com</code></strong> generated in the @@ -135,7 +135,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549850"></a><h2>SEE ALSO</h2> +<a name="id2543652"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>, @@ -144,7 +144,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549886"></a><h2>AUTHOR</h2> +<a name="id2543688"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-signkey.8 b/bin/dnssec/dnssec-signkey.8 index 146338cc..e5f011b2 100644 --- a/bin/dnssec/dnssec-signkey.8 +++ b/bin/dnssec/dnssec-signkey.8 @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signkey.8,v 1.18.2.7 2006/06/29 13:02:05 marka Exp $ +.\" $Id: dnssec-signkey.8,v 1.18.2.8 2006/12/12 01:42:53 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-signkey .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -43,32 +43,45 @@ signs a keyset. Typically the keyset will be for a child zone, and will have bee \fInnnn\fR is the zone name. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Verify all generated signatures. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specifies the DNS class of the key sets. -.TP 3n +.RE +.PP \-s \fIstart\-time\fR +.RS 4 Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time is used. -.TP 3n +.RE +.PP \-e \fIend\-time\fR +.RS 4 Specify the date and time when the generated SIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-signkey\fR. -.TP 3n +.RE +.PP \-p +.RS 4 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -76,15 +89,22 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. -.TP 3n +.RE +.PP keyset +.RS 4 The file containing the child's keyset. -.TP 3n +.RE +.PP key +.RS 4 The keys used to sign the child's keyset. +.RE .SH "EXAMPLE" .PP The DNS administrator for a DNSSEC\-aware @@ -118,3 +138,6 @@ keys. Internet Systems Consortium .SH "COPYRIGHT" Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-signkey.html b/bin/dnssec/dnssec-signkey.html index 81be9ccb..4f18f70b 100644 --- a/bin/dnssec/dnssec-signkey.html +++ b/bin/dnssec/dnssec-signkey.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signkey.html,v 1.4.2.13 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: dnssec-signkey.html,v 1.4.2.15 2007/01/26 23:26:58 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-signkey</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-signkey</span> — DNSSEC key set signing tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signkey</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyset} {key...}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549470"></a><h2>DESCRIPTION</h2> +<a name="id2543409"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-signkey</strong></span> signs a keyset. Typically the keyset will be for a child zone, and will have been generated @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549493"></a><h2>OPTIONS</h2> +<a name="id2543431"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -112,7 +112,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549750"></a><h2>EXAMPLE</h2> +<a name="id2543620"></a><h2>EXAMPLE</h2> <p> The DNS administrator for a DNSSEC-aware <strong class="userinput"><code>.com</code></strong> zone would use the following command to sign the @@ -131,7 +131,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549802"></a><h2>SEE ALSO</h2> +<a name="id2543672"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>, @@ -139,7 +139,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549841"></a><h2>AUTHOR</h2> +<a name="id2543710"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index d788ba67..ebf83bc6 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.9 2006/06/29 13:02:05 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.12 2007/05/09 03:32:21 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-signzone .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -43,42 +43,57 @@ file from the zone's parent, the parent's signatures will be incorporated into t \fIsignedkey\fR file for each child zone. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Verify all generated signatures. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specifies the DNS class of the zone. -.TP 3n +.RE +.PP \-d \fIdirectory\fR +.RS 4 Look for \fIsignedkey\fR files in \fBdirectory\fR as the directory -.TP 3n +.RE +.PP \-s \fIstart\-time\fR +.RS 4 Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time is used. -.TP 3n +.RE +.PP \-e \fIend\-time\fR +.RS 4 Specify the date and time when the generated SIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP 3n +.RE +.PP \-f \fIoutput\-file\fR +.RS 4 The name of the output file containing the signed zone. The default is to append \fI.signed\fR -to the input file. -.TP 3n +to the input filename. +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. -.TP 3n +.RE +.PP \-i \fIinterval\fR -When a previously signed zone is passed as input, records may be resigned. The +.RS 4 +When a previously\-signed zone is passed as input, records may be resigned. The \fBinterval\fR option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced. .sp @@ -89,17 +104,25 @@ or are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing SIG records are due to expire in less than 7.5 days, they would be replaced. -.TP 3n +.RE +.PP \-n \fIncpus\fR +.RS 4 Specifies the number of threads to use. By default, one thread is started for each detected CPU. -.TP 3n +.RE +.PP \-o \fIorigin\fR +.RS 4 The zone origin. If not specified, the name of the zone file is assumed to be the origin. -.TP 3n +.RE +.PP \-p +.RS 4 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -107,18 +130,27 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-t +.RS 4 Print statistics at completion. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. -.TP 3n +.RE +.PP zonefile +.RS 4 The file containing the zone to be signed. -.TP 3n +.RE +.PP key -The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. +.RS 4 +Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing. +.RE .SH "EXAMPLE" .PP The following command signs the @@ -150,4 +182,7 @@ RFC 2535. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index f4876f79..e490d90a 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.2.2.8 2005/06/24 00:18:41 marka Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.2.2.11 2007/05/09 02:11:44 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -155,7 +156,7 @@ <para> The name of the output file containing the signed zone. The default is to append <filename>.signed</filename> to the - input file. + input filename. </para> </listitem> </varlistentry> @@ -174,7 +175,7 @@ <term>-i <replaceable class="parameter">interval</replaceable></term> <listitem> <para> - When a previously signed zone is passed as input, records + When a previously-signed zone is passed as input, records may be resigned. The <option>interval</option> option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the @@ -273,9 +274,11 @@ <term>key</term> <listitem> <para> - The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. + Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing. </para> </listitem> </varlistentry> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 803bb660..100c2b21 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.4.2.14 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.4.2.18 2007/05/09 03:32:21 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-signzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-h</code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549515"></a><h2>DESCRIPTION</h2> +<a name="id2543457"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NXT and SIG records and produces a signed version of the zone. If there @@ -45,7 +45,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549534"></a><h2>OPTIONS</h2> +<a name="id2543476"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -85,7 +85,7 @@ <dd><p> The name of the output file containing the signed zone. The default is to append <code class="filename">.signed</code> to the - input file. + input filename. </p></dd> <dt><span class="term">-h</span></dt> <dd><p> @@ -95,7 +95,7 @@ <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt> <dd> <p> - When a previously signed zone is passed as input, records + When a previously-signed zone is passed as input, records may be resigned. The <code class="option">interval</code> option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the @@ -155,14 +155,16 @@ </p></dd> <dt><span class="term">key</span></dt> <dd><p> - The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. + Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing. </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549984"></a><h2>EXAMPLE</h2> +<a name="id2543858"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span> @@ -186,7 +188,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550034"></a><h2>SEE ALSO</h2> +<a name="id2543908"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>, @@ -195,7 +197,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550070"></a><h2>AUTHOR</h2> +<a name="id2543944"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/client.c b/bin/named/client.c index e2fef584..e91203f5 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.24 2006/07/22 01:09:04 marka Exp $ */ +/* $Id: client.c,v 1.176.2.28 2007/06/26 04:24:52 marka Exp $ */ #include <config.h> @@ -1087,7 +1087,7 @@ client_addopt(ns_client_t *client) { #endif /* - * No ENDS options in the default case. + * No EDNS options in the default case. */ rdata->data = NULL; rdata->length = 0; @@ -1284,6 +1284,14 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* + * Hash the incoming request here as it is after + * dns_dispatch_importrecv(). + */ + dns_dispatch_hash(&client->now, sizeof(client->now)); + dns_dispatch_hash(isc_buffer_base(buffer), + isc_buffer_usedlength(buffer)); + + /* * It's a request. Parse it. */ result = dns_message_parse(client->message, buffer, 0); @@ -1344,7 +1352,7 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* - * Do we understand this version of ENDS? + * Do we understand this version of EDNS? * * XXXRTH need library support for this! */ @@ -1393,6 +1401,7 @@ client_request(isc_task_t *task, isc_event_t *event) { "failed to get request's " "destination: %s", isc_result_totext(result)); + ns_client_next(client, ISC_R_SUCCESS); goto cleanup; } } else { diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index ba3b381e..f8d8c800 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.14 2006/03/01 01:34:05 marka Exp $ */ +/* $Id: controlconf.c,v 1.28.2.15 2006/12/07 04:52:57 marka Exp $ */ #include <config.h> @@ -687,7 +687,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, char *newstr = NULL; const char *str; const cfg_obj_t *obj; - controlkey_t *key = NULL; + controlkey_t *key; for (element = cfg_list_first(keylist); element != NULL; @@ -706,7 +706,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, key->secret.length = 0; ISC_LINK_INIT(key, link); ISC_LIST_APPEND(*keyids, key, link); - key = NULL; newstr = NULL; } return (ISC_R_SUCCESS); @@ -714,8 +713,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, cleanup: if (newstr != NULL) isc_mem_free(mctx, newstr); - if (key != NULL) - isc_mem_put(mctx, key, sizeof(*key)); free_controlkeylist(keyids, mctx); return (ISC_R_NOMEMORY); } diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c index 8ba89a21..7f0b043e 100644 --- a/bin/named/lwdgrbn.c +++ b/bin/named/lwdgrbn.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.11.2.3 2006/01/04 23:50:16 marka Exp $ */ +/* $Id: lwdgrbn.c,v 1.11.2.4 2006/12/07 04:52:57 marka Exp $ */ #include <config.h> @@ -183,8 +183,6 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens)); if (newrdatas != NULL) isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas)); - if (newlens != NULL) - isc_mem_put(mctx, newlens, used * sizeof(*oldlens)); return (result); } diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index ad8a9c5c..cd948fcb 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.2.6 2006/06/29 13:02:06 marka Exp $ +.\" $Id: lwresd.8,v 1.13.2.10 2007/05/16 06:57:45 marka Exp $ .\" .hy 0 .ad l .\" Title: lwresd .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ lwresd \- lightweight resolver daemon .SH "SYNOPSIS" .HP 7 -\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] +\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] .SH "DESCRIPTION" .PP \fBlwresd\fR @@ -60,42 +60,79 @@ entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" -.TP 3n +.PP +\-c \fIconfig\-file\fR +.RS 4 +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/lwresd.conf\fR. +<term>\-c</term> +can not be used with +<term>\-C</term>. +.RE +.PP \-C \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -.TP 3n +<term>\-C</term> +can not be used with +<term>\-c</term>. +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP +\-i \fIpid\-file\fR +.RS 4 +Use +\fIpid\-file\fR +as the PID file instead of the default, +\fI/var/run/lwresd.pid\fR. +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-P \fIport\fR +.RS 4 Listen for lightweight resolver queries on port \fIport\fR. If not specified, the default is port 921. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Send DNS lookups to port \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -103,9 +140,11 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR +.RS 4 +\fBChroot\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. @@ -114,25 +153,34 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR +.RS 4 +\fBSetuid\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. -.TP 3n +.RE +.PP \-v +.RS 4 Report the version number and exit. +.RE .SH "FILES" -.TP 3n +.PP \fI/etc/resolv.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/lwresd.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP \fBnamed\fR(8), @@ -142,4 +190,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 1494276b..3bdea272 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.6.2.4 2005/05/12 21:35:10 sra Exp $ --> +<!-- $Id: lwresd.docbook,v 1.6.2.8 2007/05/16 02:07:45 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -52,6 +53,7 @@ <refsynopsisdiv> <cmdsynopsis> <command>lwresd</command> + <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg> <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> <arg><option>-f</option></arg> @@ -108,14 +110,27 @@ <variablelist> <varlistentry> + <term>-c <replaceable class="parameter">config-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">config-file</replaceable> as the + configuration file instead of the default, + <filename>/etc/lwresd.conf</filename>. + <!-- Should this be an absolute path name? --> + <term>-c</term> can not be used with <term>-C</term>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-C <replaceable class="parameter">config-file</replaceable></term> <listitem> <para> - Use <replaceable - class="parameter">config-file</replaceable> as the - configuration file instead of the default, - <filename>/etc/resolv.conf</filename>. - </para> + Use <replaceable class="parameter">config-file</replaceable> as the + configuration file instead of the default, + <filename>/etc/resolv.conf</filename>. + <term>-C</term> can not be used with <term>-c</term>. + </para> </listitem> </varlistentry> @@ -127,7 +142,7 @@ class="parameter">debug-level</replaceable>. Debugging traces from <command>lwresd</command> become more verbose as the debug level increases. - </para> + </para> </listitem> </varlistentry> @@ -136,7 +151,7 @@ <listitem> <para> Run the server in the foreground (i.e. do not daemonize). - </para> + </para> </listitem> </varlistentry> @@ -146,11 +161,22 @@ <para> Run the server in the foreground and force all logging to <filename>stderr</filename>. - </para> + </para> </listitem> </varlistentry> <varlistentry> + <term>-i <replaceable class="parameter">pid-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">pid-file</replaceable> as the + PID file instead of the default, + <filename>/var/run/lwresd.pid</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-n <replaceable class="parameter">#cpus</replaceable></term> <listitem> <para> @@ -161,7 +187,7 @@ number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. - </para> + </para> </listitem> </varlistentry> @@ -172,7 +198,7 @@ Listen for lightweight resolver queries on port <replaceable class="parameter">port</replaceable>. If not specified, the default is port 921. - </para> + </para> </listitem> </varlistentry> @@ -186,7 +212,7 @@ way of testing the lightweight resolver daemon with a name server that listens for queries on a non-standard port number. - </para> + </para> </listitem> </varlistentry> @@ -196,7 +222,7 @@ <para> Write memory usage statistics to <filename>stdout</filename> on exit. - </para> + </para> <note> <para> This option is mainly of interest to BIND 9 developers @@ -210,17 +236,17 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - <function>chroot()</function> to <replaceable + <function>Chroot</function> to <replaceable class="parameter">directory</replaceable> after processing the command line arguments, but before reading the configuration file. - </para> + </para> <warning> <para> This option should be used in conjunction with the <option>-u</option> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <function>chroot()</function> is + systems; the way <function>chroot(2)</function> is defined allows a process with root privileges to escape a chroot jail. </para> @@ -232,11 +258,11 @@ <term>-u <replaceable class="parameter">user</replaceable></term> <listitem> <para> - <function>setuid()</function> to <replaceable + <function>Setuid</function> to <replaceable class="parameter">user</replaceable> after completing privileged operations, such as creating sockets that listen on privileged ports. - </para> + </para> </listitem> </varlistentry> @@ -245,7 +271,7 @@ <listitem> <para> Report the version number and exit. - </para> + </para> </listitem> </varlistentry> @@ -263,7 +289,7 @@ <listitem> <para> The default configuration file. - </para> + </para> </listitem> </varlistentry> @@ -272,7 +298,7 @@ <listitem> <para> The default process-id file. - </para> + </para> </listitem> </varlistentry> @@ -286,15 +312,15 @@ <citerefentry> <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> - </citerefentry>, + </citerefentry>, <citerefentry> <refentrytitle>lwres</refentrytitle> <manvolnum>3</manvolnum> - </citerefentry>, + </citerefentry>, <citerefentry> <refentrytitle>resolver</refentrytitle> <manvolnum>5</manvolnum> - </citerefentry>. + </citerefentry>. </para> </refsect1> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index ae544a27..40b4cf30 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,25 +14,25 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.4.2.12 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: lwresd.html,v 1.4.2.17 2007/05/16 06:57:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>lwresd</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549484"></a><h2>DESCRIPTION</h2> +<a name="id2543434"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,29 +67,44 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549533"></a><h2>OPTIONS</h2> +<a name="id2543483"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> +<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>config-file</code></em> as the + configuration file instead of the default, + <code class="filename">/etc/lwresd.conf</code>. + + <font color="red"><term>-c</term></font> can not be used with <font color="red"><term>-C</term></font>. + </p></dd> <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> - Use <em class="replaceable"><code>config-file</code></em> as the - configuration file instead of the default, - <code class="filename">/etc/resolv.conf</code>. - </p></dd> + Use <em class="replaceable"><code>config-file</code></em> as the + configuration file instead of the default, + <code class="filename">/etc/resolv.conf</code>. + <font color="red"><term>-C</term></font> can not be used with <font color="red"><term>-c</term></font>. + </p></dd> <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>. Debugging traces from <span><strong class="command">lwresd</strong></span> become more verbose as the debug level increases. - </p></dd> + </p></dd> <dt><span class="term">-f</span></dt> <dd><p> Run the server in the foreground (i.e. do not daemonize). - </p></dd> + </p></dd> <dt><span class="term">-g</span></dt> <dd><p> Run the server in the foreground and force all logging to <code class="filename">stderr</code>. - </p></dd> + </p></dd> +<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>pid-file</code></em> as the + PID file instead of the default, + <code class="filename">/var/run/lwresd.pid</code>. + </p></dd> <dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt> <dd><p> Create <em class="replaceable"><code>#cpus</code></em> worker threads @@ -98,13 +113,13 @@ number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. - </p></dd> + </p></dd> <dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt> <dd><p> Listen for lightweight resolver queries on port <em class="replaceable"><code>port</code></em>. If not specified, the default is port 921. - </p></dd> + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not @@ -112,13 +127,13 @@ way of testing the lightweight resolver daemon with a name server that listens for queries on a non-standard port number. - </p></dd> + </p></dd> <dt><span class="term">-s</span></dt> <dd> <p> Write memory usage statistics to <code class="filename">stdout</code> on exit. - </p> + </p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p> @@ -130,17 +145,17 @@ <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p> - <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after + <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after processing the command line arguments, but before reading the configuration file. - </p> + </p> <div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Warning</h3> <p> This option should be used in conjunction with the <code class="option">-u</code> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <code class="function">chroot()</code> is + systems; the way <code class="function">chroot(2)</code> is defined allows a process with root privileges to escape a chroot jail. </p> @@ -148,31 +163,31 @@ </dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd><p> - <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing + <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing privileged operations, such as creating sockets that listen on privileged ports. - </p></dd> + </p></dd> <dt><span class="term">-v</span></dt> <dd><p> Report the version number and exit. - </p></dd> + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549939"></a><h2>FILES</h2> +<a name="id2543821"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> The default configuration file. - </p></dd> + </p></dd> <dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt> <dd><p> The default process-id file. - </p></dd> + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549978"></a><h2>SEE ALSO</h2> +<a name="id2543861"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, @@ -180,7 +195,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550017"></a><h2>AUTHOR</h2> +<a name="id2543899"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/named.8 b/bin/named/named.8 index c1c87873..88954a16 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.2.8 2006/06/29 13:02:06 marka Exp $ +.\" $Id: named.8,v 1.17.2.12 2007/06/20 02:25:45 marka Exp $ .\" .hy 0 .ad l .\" Title: named .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -44,8 +44,9 @@ When invoked without arguments, will read the default configuration file \fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" -.TP 3n +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, @@ -54,32 +55,44 @@ as the configuration file instead of the default, option in the configuration file, \fIconfig\-file\fR should be an absolute pathname. -.TP 3n +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBnamed\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Listen for queries on port \fIport\fR. If not specified, the default is port 53. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -87,9 +100,11 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR +.RS 4 +\fBChroot\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. @@ -98,12 +113,14 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR +.RS 4 +\fBSetuid\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. @@ -112,19 +129,23 @@ after completing privileged operations, such as creating sockets that listen on On Linux, \fBnamed\fR uses the kernel's capability mechanism to drop all root privileges except the ability to -\fBbind()\fR +\fBbind(2)\fR to a privileged port and set process resource limits. Unfortunately, this means that the \fB\-u\fR option only works when \fBnamed\fR is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after -\fBsetuid()\fR. +\fBsetuid(2)\fR. .RE -.TP 3n +.RE +.PP \-v +.RS 4 Report the version number and exit. -.TP 3n +.RE +.PP \-x \fIcache\-file\fR +.RS 4 Load data from \fIcache\-file\fR into the cache of the default view. @@ -132,17 +153,22 @@ into the cache of the default view. .B "Warning:" This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release. .RE +.RE .SH "SIGNALS" .PP In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead. -.TP 3n +.PP SIGHUP +.RS 4 Force a reload of the server. -.TP 3n +.RE +.PP SIGINT, SIGTERM +.RS 4 Shut down the server. +.RE .PP The result of sending any other signals to the server is undefined. .SH "CONFIGURATION" @@ -152,17 +178,23 @@ The configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Reference Manual. .SH "FILES" -.TP 3n +.PP \fI/etc/named.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/named.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP RFC 1033, RFC 1034, RFC 1035, +\fBnamed\-checkconf\fR(8), +\fBnamed\-checkzone\fR(8), \fBrndc\fR(8), \fBlwresd\fR(8), \fBnamed.conf\fR(5), @@ -171,4 +203,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 7a867a2c..aec94a4f 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.6.11 2006/09/13 02:56:02 marka Exp $ +.\" $Id: named.conf.5,v 1.1.6.15 2007/06/20 02:25:45 marka Exp $ .\" .hy 0 .ad l .\" Title: \fInamed.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Aug 13, 2004 .\" Manual: BIND9 .\" Source: BIND9 @@ -46,14 +46,14 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp -.RS 3n +.RS 4 .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi .RE .SH "KEY" .sp -.RS 3n +.RS 4 .nf key \fIdomain_name\fR { algorithm \fIstring\fR; @@ -63,7 +63,7 @@ key \fIdomain_name\fR { .RE .SH "SERVER" .sp -.RS 3n +.RS 4 .nf server ( \fIipv4_address\fR | \fIipv6_address\fR ) { bogus \fIboolean\fR; @@ -83,7 +83,7 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { .RE .SH "TRUSTED\-KEYS" .sp -.RS 3n +.RS 4 .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... @@ -92,7 +92,7 @@ trusted\-keys { .RE .SH "CONTROLS" .sp -.RS 3n +.RS 4 .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) @@ -105,7 +105,7 @@ controls { .RE .SH "LOGGING" .sp -.RS 3n +.RS 4 .nf logging { channel \fIstring\fR { @@ -124,7 +124,7 @@ logging { .RE .SH "LWRES" .sp -.RS 3n +.RS 4 .nf lwres { listen\-on [ port \fIinteger\fR ] { @@ -138,7 +138,7 @@ lwres { .RE .SH "OPTIONS" .sp -.RS 3n +.RS 4 .nf options { blackhole { \fIaddress_match_element\fR; ... }; @@ -246,7 +246,7 @@ options { .RE .SH "VIEW" .sp -.RS 3n +.RS 4 .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; ... }; @@ -331,7 +331,7 @@ view \fIstring\fR \fIoptional_class\fR { .RE .SH "ZONE" .sp -.RS 3n +.RS 4 .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -392,7 +392,9 @@ zone \fIstring\fR \fIoptional_class\fR { .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), \fBrndc\fR(8), -\fBBIND 9 Administrator Reference Manual\fR(). +BIND 9 Administrator Reference Manual .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index d365bc4d..1bc8a4d0 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.1.6.8 2006/09/13 00:28:07 marka Exp $ --> +<!-- $Id: named.conf.docbook,v 1.1.6.12 2007/06/19 07:52:23 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -451,20 +452,21 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> </para> </refsect1> -<refsect1> -<title>SEE ALSO</title> -<para> -<citerefentry> -<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> -</citerefentry>, -<citerefentry> -<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> -</citerefentry>, -<citerefentry> -<refentrytitle>BIND 9 Administrator Reference Manual</refentrytitle> -</citerefentry>. -</para> -</refsect1> + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle> + </para> + </refsect1> </refentry> <!-- diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 37b162ab..1ee06a5b 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.1.6.16 2006/09/13 02:56:02 marka Exp $ --> +<!-- $Id: named.conf.html,v 1.1.6.21 2007/06/20 02:25:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549388"></a><h2>DESCRIPTION</h2> +<a name="id2543330"></a><h2>DESCRIPTION</h2> <p> <code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549417"></a><h2>ACL</h2> +<a name="id2543358"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549433"></a><h2>KEY</h2> +<a name="id2543374"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549452"></a><h2>SERVER</h2> +<a name="id2543394"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -86,7 +86,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549510"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543451"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -94,7 +94,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549536"></a><h2>CONTROLS</h2> +<a name="id2543477"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -106,7 +106,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549571"></a><h2>LOGGING</h2> +<a name="id2543512"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -124,7 +124,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549609"></a><h2>LWRES</h2> +<a name="id2543550"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -137,7 +137,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549651"></a><h2>OPTIONS</h2> +<a name="id2543592"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -252,7 +252,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2550075"></a><h2>VIEW</h2> +<a name="id2544085"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -349,7 +349,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2550548"></a><h2>ZONE</h2> +<a name="id2544489"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -414,18 +414,19 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2550848"></a><h2>FILES</h2> +<a name="id2544789"></a><h2>FILES</h2> <p> <code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2550860"></a><h2>SEE ALSO</h2> +<a name="id2544802"></a><h2>SEE ALSO</h2> <p> -<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, -<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, -<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>. -</p> + <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, + <em class="citetitle">BIND 9 Administrator Reference Manual</em> + </p> </div> </div></body> </html> diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 19eccef6..3a3486ef 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.5.2.6 2006/01/17 23:49:29 marka Exp $ --> +<!-- $Id: named.docbook,v 1.5.2.10 2007/06/19 07:52:23 marka Exp $ --> <refentry> <refentryinfo> @@ -36,6 +36,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -181,7 +182,7 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - <function>chroot()</function> to <replaceable + <function>Chroot</function> to <replaceable class="parameter">directory</replaceable> after processing the command line arguments, but before reading the configuration file. @@ -191,7 +192,7 @@ This option should be used in conjunction with the <option>-u</option> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <function>chroot()</function> is + systems; the way <function>chroot(2)</function> is defined allows a process with root privileges to escape a chroot jail. </para> @@ -203,7 +204,7 @@ <term>-u <replaceable class="parameter">user</replaceable></term> <listitem> <para> - <function>setuid()</function> to <replaceable + <function>Setuid</function> to <replaceable class="parameter">user</replaceable> after completing privileged operations, such as creating sockets that listen on privileged ports. @@ -212,13 +213,13 @@ <para> On Linux, <command>named</command> uses the kernel's capability mechanism to drop all root privileges - except the ability to <function>bind()</function> to a + except the ability to <function>bind(2)</function> to a privileged port and set process resource limits. Unfortunately, this means that the <option>-u</option> option only works when <command>named</command> is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges - to be retained after <function>setuid()</function>. + to be retained after <function>setuid(2)</function>. </para> </note> </listitem> @@ -335,6 +336,14 @@ <citetitle>RFC 1034</citetitle>, <citetitle>RFC 1035</citetitle>, <citerefentry> + <refentrytitle>named-checkconf</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named-checkzone</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>rndc</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, diff --git a/bin/named/named.html b/bin/named/named.html index 1fe72b06..18c37fec 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.4.2.15 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: named.html,v 1.4.2.20 2007/06/20 02:25:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named</span> — Internet domain name server</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549479"></a><h2>DESCRIPTION</h2> +<a name="id2543420"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549505"></a><h2>OPTIONS</h2> +<a name="id2543446"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> @@ -105,7 +105,7 @@ <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p> - <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after + <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after processing the command line arguments, but before reading the configuration file. </p> @@ -115,7 +115,7 @@ This option should be used in conjunction with the <code class="option">-u</code> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <code class="function">chroot()</code> is + systems; the way <code class="function">chroot(2)</code> is defined allows a process with root privileges to escape a chroot jail. </p> @@ -124,7 +124,7 @@ <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> <p> - <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing + <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing privileged operations, such as creating sockets that listen on privileged ports. </p> @@ -133,13 +133,13 @@ <p> On Linux, <span><strong class="command">named</strong></span> uses the kernel's capability mechanism to drop all root privileges - except the ability to <code class="function">bind()</code> to a + except the ability to <code class="function">bind(2)</code> to a privileged port and set process resource limits. Unfortunately, this means that the <code class="option">-u</code> option only works when <span><strong class="command">named</strong></span> is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges - to be retained after <code class="function">setuid()</code>. + to be retained after <code class="function">setuid(2)</code>. </p> </div> </dd> @@ -165,7 +165,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549949"></a><h2>SIGNALS</h2> +<a name="id2543754"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -186,7 +186,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549996"></a><h2>CONFIGURATION</h2> +<a name="id2543801"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is @@ -195,7 +195,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550013"></a><h2>FILES</h2> +<a name="id2543818"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -208,11 +208,13 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2550053"></a><h2>SEE ALSO</h2> +<a name="id2543858"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, @@ -220,7 +222,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550105"></a><h2>AUTHOR</h2> +<a name="id2543929"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/query.c b/bin/named/query.c index 3927d8a5..11ff7323 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.27 2006/05/18 03:19:09 marka Exp $ */ +/* $Id: query.c,v 1.198.2.30 2007/04/30 23:45:27 tbox Exp $ */ #include <config.h> @@ -671,7 +671,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, ISC_LOG_DEBUG(3), "%s approved", msg); } - } else { + } else { ns_client_aclmsg("query", name, client->view->rdclass, msg, sizeof(msg)); @@ -1387,7 +1387,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { * we could raise the priority of glue records. */ eresult = query_addadditional(client, name, dns_rdatatype_key); - } else if (type == dns_rdatatype_srv && trdataset != NULL) { + } else if (type == dns_rdatatype_srv && trdataset != NULL) { /* * If we're adding SRV records to the additional data * section, it's helpful if we add the SRV additional data @@ -3192,6 +3192,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * an error unless we were searching for * glue. Ugh. */ + if (!is_zone) { + authoritative = ISC_FALSE; + dns_rdatasetiter_destroy(&rdsiter); + if (RECURSIONOK(client)) { + result = query_recurse(client, + qtype, + NULL, + NULL); + if (result == ISC_R_SUCCESS) + client->query.attributes |= + NS_QUERYATTR_RECURSING; + else + QUERY_ERROR(DNS_R_SERVFAIL); } + goto addauth; + } /* * We were searching for SIG records in * a nonsecure zone. Send a "no error, @@ -3224,6 +3239,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) sigrdatasetp = &sigrdataset; else sigrdatasetp = NULL; + /* + * BIND 8 priming queries need the additional section. + */ + if (is_zone && qtype == dns_rdatatype_ns && + dns_name_equal(client->query.qname, dns_rootname)) + client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL; + query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf, DNS_SECTION_ANSWER); /* @@ -3770,7 +3792,7 @@ synth_finish(ns_client_t *client, isc_result_t result) { static signed char ascii2hex[256] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, diff --git a/bin/named/server.c b/bin/named/server.c index 737afbcf..20e7d472 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.37 2006/03/01 01:34:05 marka Exp $ */ +/* $Id: server.c,v 1.339.2.40 2007/04/03 23:42:54 tbox Exp $ */ #include <config.h> @@ -239,6 +239,12 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, keystruct.datalen = r.length; keystruct.data = r.base; + if (keystruct.algorithm == DST_ALG_RSAMD5 && + r.length > 1 && r.base[0] == 1 && r.base[1] == 3) + cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, + "trusted key '%s' has a weak exponent", + keynamestr); + CHECK(dns_rdata_fromstruct(NULL, keystruct.common.rdclass, keystruct.common.rdtype, @@ -3136,7 +3142,8 @@ isc_result_t ns_server_flushcache(ns_server_t *server, char *args) { char *ptr, *viewname; dns_view_t *view; - isc_boolean_t flushed = ISC_FALSE; + isc_boolean_t flushed; + isc_boolean_t found; isc_result_t result; /* Skip the command name. */ @@ -3149,22 +3156,27 @@ ns_server_flushcache(ns_server_t *server, char *args) { result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); + flushed = ISC_TRUE; + found = ISC_FALSE; for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { if (viewname != NULL && strcasecmp(viewname, view->name) != 0) continue; + found = ISC_TRUE; result = dns_view_flushcache(view); if (result != ISC_R_SUCCESS) - goto out; - flushed = ISC_TRUE; + flushed = ISC_FALSE; } - if (flushed) + if (flushed && found) { result = ISC_R_SUCCESS; - else - result = ISC_R_FAILURE; - out: + } else { + if (!found) + result = ISC_R_NOTFOUND; + else + result = ISC_R_FAILURE; + } isc_task_endexclusive(server->task); return (result); } diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8 index 8f686d68..52f8ee87 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.8 2006/06/29 13:02:06 marka Exp $ +.\" $Id: nsupdate.8,v 1.24.2.12 2007/05/09 03:32:21 marka Exp $ .\" .hy 0 .ad l .\" Title: nsupdate .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -55,7 +55,7 @@ operate in debug mode. This provides tracing information about the update reques .PP Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845. The signatures rely on a shared secret that should only be known to \fBnsupdate\fR -and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable +and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable \fBkey\fR and \fBserver\fR @@ -111,8 +111,9 @@ Every update request consists of zero or more prerequisites and zero or more upd command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP The command formats and their meaning are as follows: -.TP 3n -.HP 7 \fBserver\fR {servername} [port] +.PP +\fBserver\fR {servername} [port] +.RS 4 Sends all dynamic update requests to the name server \fIservername\fR. When no server statement is provided, \fBnsupdate\fR @@ -121,31 +122,39 @@ will send updates to the master server of the correct zone. The MNAME field of t is the port number on \fIservername\fR where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. -.TP 3n -.HP 6 \fBlocal\fR {address} [port] +.RE +.PP +\fBlocal\fR {address} [port] +.RS 4 Sends all dynamic update requests using the local \fIaddress\fR. When no local statement is provided, \fBnsupdate\fR will send updates using an address and port chosen by the system. \fIport\fR can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. -.TP 3n -.HP 5 \fBzone\fR {zonename} +.RE +.PP +\fBzone\fR {zonename} +.RS 4 Specifies that all updates are to be made to the zone \fIzonename\fR. If no \fIzone\fR statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input. -.TP 3n -.HP 6 \fBclass\fR {classname} +.RE +.PP +\fBclass\fR {classname} +.RS 4 Specify the default class. If no \fIclass\fR -is specified the default class is +is specified, the default class is \fIIN\fR. -.TP 3n -.HP 4 \fBkey\fR {name} {secret} -Specifies that all updates are to be TSIG signed using the +.RE +.PP +\fBkey\fR {name} {secret} +.RS 4 +Specifies that all updates are to be TSIG\-signed using the \fIkeyname\fR \fIkeysecret\fR pair. The @@ -154,17 +163,23 @@ command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR. -.TP 3n -.HP 16 \fBprereq nxdomain\fR {domain\-name} +.RE +.PP +\fBprereq nxdomain\fR {domain\-name} +.RS 4 Requires that no resource record of any type exists with name \fIdomain\-name\fR. -.TP 3n -.HP 16 \fBprereq yxdomain\fR {domain\-name} +.RE +.PP +\fBprereq yxdomain\fR {domain\-name} +.RS 4 Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type). -.TP 3n -.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq nxrrset\fR {domain\-name} [class] {type} +.RS 4 Requires that no resource record exists of the specified \fItype\fR, \fIclass\fR @@ -172,8 +187,10 @@ and \fIdomain\-name\fR. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} +.RS 4 This requires that a resource record of the specified \fItype\fR, \fIclass\fR @@ -182,8 +199,10 @@ and must exist. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RS 4 The \fIdata\fR from each set of prerequisites of this form sharing a common @@ -196,8 +215,10 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of \fIdomain\-name\fR. The \fIdata\fR are written in the standard text representation of the resource record's RDATA. -.TP 3n -.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RE +.PP +\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RS 4 Deletes any resource records named \fIdomain\-name\fR. If \fItype\fR @@ -208,19 +229,26 @@ is provided, only matching resource records will be removed. The internet class is not supplied. The \fIttl\fR is ignored, and is only allowed for compatibility. -.TP 3n -.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RE +.PP +\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RS 4 Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR. -.TP 3n -.HP 5 \fBshow\fR +.RE +.PP +\fBshow\fR +.RS 4 Displays the current message, containing all of the prerequisites and updates specified since the last send. -.TP 3n -.HP 5 \fBsend\fR +.RE +.PP +\fBsend\fR +.RS 4 Sends the current message. This is equivalent to entering a blank line. +.RE .PP Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" @@ -232,7 +260,7 @@ could be used to insert and delete resource records from the zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample.com\fR. .sp -.RS 3n +.RS 4 .nf # nsupdate > update delete oldhost.example.com A @@ -244,11 +272,11 @@ zone. Notice that the input in each example contains a trailing blank line so th .PP Any A records for \fBoldhost.example.com\fR -are deleted. and an A record for +are deleted. And an A record for \fBnewhost.example.com\fR -it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds). .sp -.RS 3n +.RS 4 .nf # nsupdate > prereq nxdomain nickname.example.com @@ -261,17 +289,23 @@ it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (8640 The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have SIG, KEY and NXT records.) .SH "FILES" -.TP 3n +.PP \fB/etc/resolv.conf\fR +.RS 4 used to identify default name server -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.key\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.private\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). +.RE .SH "SEE ALSO" .PP \fBRFC2136\fR(), @@ -286,4 +320,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 64f64d90..8575eaed 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.103.2.28 2006/06/09 23:50:52 marka Exp $ */ +/* $Id: nsupdate.c,v 1.103.2.31 2007/04/24 23:45:25 tbox Exp $ */ #include <config.h> @@ -153,6 +153,9 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); static void ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); +static void +error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); + #define STATUS_MORE (isc_uint16_t)0 #define STATUS_SEND (isc_uint16_t)1 #define STATUS_QUIT (isc_uint16_t)2 @@ -187,6 +190,16 @@ fatal(const char *format, ...) { } static void +error(const char *format, ...) { + va_list args; + + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); +} + +static void debug(const char *format, ...) { va_list args; @@ -1405,8 +1418,11 @@ user_interaction(void) { isc_uint16_t result = STATUS_MORE; ddebug("user_interaction()"); - while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) + while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) { result = get_next_command(); + if (!interactive && result == STATUS_SYNTAX) + fatal("syntax error"); + } if (result == STATUS_SEND) return (ISC_TRUE); return (ISC_FALSE); @@ -1640,8 +1656,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) { setzoneclass(dns_rdataclass_none); return; } - isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + reqinfo = NULL; isc_event_free(&event); reqev = NULL; @@ -1698,6 +1715,19 @@ recvsoa(isc_task_t *task, isc_event_t *event) { rcvmsg->rcode != dns_rcode_nxdomain) fatal("response to SOA query was unsuccessful"); + if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(userzone, namebuf, sizeof(namebuf)); + error("specified zone '%s' does not exist (NXDOMAIN)", + namebuf); + dns_message_destroy(&rcvmsg); + dns_request_destroy(&request); + dns_message_destroy(&soaquery); + ddebug("Out of recvsoa"); + done_update(); + return; + } + lookforsoa: if (pass == 0) section = DNS_SECTION_ANSWER; @@ -1852,16 +1882,6 @@ start_update(void) { ddebug("start_update()"); - result = dns_message_firstname(updatemsg, section); - if (result == ISC_R_NOMORE) { - section = DNS_SECTION_PREREQUISITE; - result = dns_message_firstname(updatemsg, section); - } - if (result != ISC_R_SUCCESS) { - done_update(); - return; - } - if (userzone != NULL && userserver != NULL) { send_update(userzone, userserver, localaddr); setzoneclass(dns_rdataclass_none); @@ -1872,7 +1892,8 @@ start_update(void) { &soaquery); check_result(result, "dns_message_create"); - soaquery->flags |= DNS_MESSAGEFLAG_RD; + if (userserver == NULL) + soaquery->flags |= DNS_MESSAGEFLAG_RD; result = dns_message_gettempname(soaquery, &name); check_result(result, "dns_message_gettempname"); @@ -1882,10 +1903,24 @@ start_update(void) { dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa); - firstname = NULL; - dns_message_currentname(updatemsg, section, &firstname); - dns_name_init(name, NULL); - dns_name_clone(firstname, name); + if (userzone != NULL) { + dns_name_init(name, NULL); + dns_name_clone(userzone, name); + } else { + result = dns_message_firstname(updatemsg, section); + if (result == ISC_R_NOMORE) { + section = DNS_SECTION_PREREQUISITE; + result = dns_message_firstname(updatemsg, section); + } + if (result != ISC_R_SUCCESS) { + done_update(); + return; + } + firstname = NULL; + dns_message_currentname(updatemsg, section, &firstname); + dns_name_init(name, NULL); + dns_name_clone(firstname, name); + } ISC_LIST_INIT(name->list); ISC_LIST_APPEND(name->list, rdataset, link); diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index a3760246..cb65d876 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.docbook,v 1.8.2.9 2005/05/12 21:35:11 sra Exp $ --> +<!-- $Id: nsupdate.docbook,v 1.8.2.14 2007/05/09 02:11:44 marka Exp $ --> <refentry> <refentryinfo> @@ -34,6 +34,8 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -107,7 +109,7 @@ HMAC-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. -For instance suitable +For instance, suitable <type>key</type> and <type>server</type> @@ -202,11 +204,9 @@ name server. The command formats and their meaning are as follows: <variablelist> <varlistentry><term> -<cmdsynopsis> <command>server</command> <arg choice="req">servername</arg> <arg choice="opt">port</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -228,11 +228,9 @@ used. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>local</command> <arg choice="req">address</arg> <arg choice="opt">port</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -250,10 +248,8 @@ If no port number is specified, the system will assign one. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>zone</command> <arg choice="req">zonename</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -269,30 +265,26 @@ will attempt determine the correct zone to update based on the rest of the input </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>class</command> <arg choice="req">classname</arg> -</cmdsynopsis> </term> <listitem> <para> Specify the default class. -If no <parameter>class</parameter> is specified the default class is +If no <parameter>class</parameter> is specified, the default class is <parameter>IN</parameter>. </para> </listitem> </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>key</command> <arg choice="req">name</arg> <arg choice="req">secret</arg> -</cmdsynopsis> </term> <listitem> <para> -Specifies that all updates are to be TSIG signed using the +Specifies that all updates are to be TSIG-signed using the <parameter>keyname</parameter> <parameter>keysecret</parameter> pair. The <command>key</command> command overrides any key specified on the command line via @@ -302,10 +294,8 @@ overrides any key specified on the command line via </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq nxdomain</command> <arg choice="req">domain-name</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -317,10 +307,8 @@ Requires that no resource record of any type exists with name <varlistentry><term> -<cmdsynopsis> <command>prereq yxdomain</command> <arg choice="req">domain-name</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -332,12 +320,10 @@ exists (has as at least one resource record, of any type). </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq nxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -355,12 +341,10 @@ is omitted, IN (internet) is assumed. <varlistentry><term> -<cmdsynopsis> <command>prereq yxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -378,13 +362,11 @@ is omitted, IN (internet) is assumed. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq yxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> <arg choice="req" rep="repeat">data</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -412,13 +394,11 @@ RDATA. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>update delete</command> <arg choice="req">domain-name</arg> <arg choice="opt">ttl</arg> <arg choice="opt">class</arg> <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg> -</cmdsynopsis> </term> <listitem> <para> @@ -439,14 +419,12 @@ is ignored, and is only allowed for compatibility. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>update add</command> <arg choice="req">domain-name</arg> <arg choice="req">ttl</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> <arg choice="req" rep="repeat">data</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -460,9 +438,7 @@ and </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>show</command> -</cmdsynopsis> </term> <listitem> <para> @@ -473,9 +449,7 @@ updates specified since the last send. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>send</command> -</cmdsynopsis> </term> <listitem> <para> @@ -516,10 +490,10 @@ master name server for Any A records for <type>oldhost.example.com</type> are deleted. -and an A record for +And an A record for <type>newhost.example.com</type> -it IP address 172.16.1.1 is added. -The newly-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. +The newly-added record has a 1 day TTL (86400 seconds). <programlisting> # nsupdate > prereq nxdomain nickname.example.com diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 7d5c7b58..e1224a6a 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.9.2.15 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: nsupdate.html,v 1.9.2.20 2007/05/09 03:32:21 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nsupdate</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nsupdate — Dynamic DNS update utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549432"></a><h2>DESCRIPTION</h2> +<a name="id2543377"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -77,7 +77,7 @@ HMAC-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. -For instance suitable +For instance, suitable <span class="type">key</span> and <span class="type">server</span> @@ -141,7 +141,7 @@ This may be preferable when a batch of update requests is made. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549633"></a><h2>INPUT FORMAT</h2> +<a name="id2543509"></a><h2>INPUT FORMAT</h2> <p> <span><strong class="command">nsupdate</strong></span> reads input from @@ -170,7 +170,9 @@ The command formats and their meaning are as follows: </p> <div class="variablelist"><dl> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">server</code> {servername} [port]</p></div> +<span><strong class="command">server</strong></span> + {servername} + [port] </span></dt> <dd><p> Sends all dynamic update requests to the name server @@ -188,7 +190,9 @@ If no port number is specified, the default DNS port number of 53 is used. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">local</code> {address} [port]</p></div> +<span><strong class="command">local</strong></span> + {address} + [port] </span></dt> <dd><p> Sends all dynamic update requests using the local @@ -202,7 +206,8 @@ can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">zone</code> {zonename}</p></div> +<span><strong class="command">zone</strong></span> + {zonename} </span></dt> <dd><p> Specifies that all updates are to be made to the zone @@ -214,32 +219,37 @@ statement is provided, will attempt determine the correct zone to update based on the rest of the input. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">class</code> {classname}</p></div> +<span><strong class="command">class</strong></span> + {classname} </span></dt> <dd><p> Specify the default class. -If no <em class="parameter"><code>class</code></em> is specified the default class is +If no <em class="parameter"><code>class</code></em> is specified, the default class is <em class="parameter"><code>IN</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">key</code> {name} {secret}</p></div> +<span><strong class="command">key</strong></span> + {name} + {secret} </span></dt> <dd><p> -Specifies that all updates are to be TSIG signed using the +Specifies that all updates are to be TSIG-signed using the <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair. The <span><strong class="command">key</strong></span> command overrides any key specified on the command line via <code class="option">-y</code> or <code class="option">-k</code>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code> {domain-name}</p></div> +<span><strong class="command">prereq nxdomain</strong></span> + {domain-name} </span></dt> <dd><p> Requires that no resource record of any type exists with name <em class="parameter"><code>domain-name</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code> {domain-name}</p></div> +<span><strong class="command">prereq yxdomain</strong></span> + {domain-name} </span></dt> <dd><p> Requires that @@ -247,7 +257,10 @@ Requires that exists (has as at least one resource record, of any type). </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code> {domain-name} [class] {type}</p></div> +<span><strong class="command">prereq nxrrset</strong></span> + {domain-name} + [class] + {type} </span></dt> <dd><p> Requires that no resource record exists of the specified @@ -260,7 +273,10 @@ If is omitted, IN (internet) is assumed. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type}</p></div> +<span><strong class="command">prereq yxrrset</strong></span> + {domain-name} + [class] + {type} </span></dt> <dd><p> This requires that a resource record of the specified @@ -274,7 +290,11 @@ If is omitted, IN (internet) is assumed. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type} {data...}</p></div> +<span><strong class="command">prereq yxrrset</strong></span> + {domain-name} + [class] + {type} + {data...} </span></dt> <dd><p> The @@ -298,7 +318,11 @@ are written in the standard text representation of the resource record's RDATA. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">update delete</code> {domain-name} [ttl] [class] [type [data...]]</p></div> +<span><strong class="command">update delete</strong></span> + {domain-name} + [ttl] + [class] + [type [data...]] </span></dt> <dd><p> Deletes any resource records named @@ -315,7 +339,12 @@ is not supplied. The is ignored, and is only allowed for compatibility. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">update add</code> {domain-name} {ttl} [class] {type} {data...}</p></div> +<span><strong class="command">update add</strong></span> + {domain-name} + {ttl} + [class] + {type} + {data...} </span></dt> <dd><p> Adds a new resource record with the specified @@ -325,14 +354,14 @@ and <em class="parameter"><code>data</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">show</code> </p></div> +<span><strong class="command">show</strong></span> </span></dt> <dd><p> Displays the current message, containing all of the prerequisites and updates specified since the last send. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">send</code> </p></div> +<span><strong class="command">send</strong></span> </span></dt> <dd><p> Sends the current message. This is equivalent to entering a blank line. @@ -345,7 +374,7 @@ Lines beginning with a semicolon are comments and are ignored. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550311"></a><h2>EXAMPLES</h2> +<a name="id2544142"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -370,10 +399,10 @@ master name server for Any A records for <span class="type">oldhost.example.com</span> are deleted. -and an A record for +And an A record for <span class="type">newhost.example.com</span> -it IP address 172.16.1.1 is added. -The newly-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. +The newly-added record has a 1 day TTL (86400 seconds). </p> <pre class="programlisting"> # nsupdate @@ -398,7 +427,7 @@ SIG, KEY and NXT records.) </p> </div> <div class="refsect1" lang="en"> -<a name="id2550355"></a><h2>FILES</h2> +<a name="id2544186"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -417,7 +446,7 @@ base-64 encoding of HMAC-MD5 key created by </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2550423"></a><h2>SEE ALSO</h2> +<a name="id2544323"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>, @@ -430,7 +459,7 @@ base-64 encoding of HMAC-MD5 key created by </p> </div> <div class="refsect1" lang="en"> -<a name="id2550488"></a><h2>BUGS</h2> +<a name="id2544388"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in index e0efefd5..0cb920db 100644 --- a/bin/rndc/Makefile.in +++ b/bin/rndc/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.32.2.6 2004/07/20 07:00:12 marka Exp $ +# $Id: Makefile.in,v 1.32.2.8 2007/01/19 00:55:48 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -45,6 +45,8 @@ RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${DNSDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} +SRCS= rndc.c rndc-confgen.c + SUBDIRS = unix TARGETS = rndc rndc-confgen diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8 index 36eb4ae3..7311deaf 100644 --- a/bin/rndc/rndc-confgen.8 +++ b/bin/rndc/rndc-confgen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.12 2006/06/29 13:02:06 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.3.2.14 2007/01/30 00:10:37 marka Exp $ .\" .hy 0 .ad l .\" Title: rndc\-confgen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Aug 27, 2001 .\" Manual: BIND9 .\" Source: BIND9 @@ -56,8 +56,9 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Do automatic \fBrndc\fR configuration. This creates a file @@ -88,31 +89,43 @@ to be used as drop\-in replacements for BIND 8 and \fBndc\fR, with no changes to the existing BIND 8 \fInamed.conf\fR file. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP 3n +.RE +.PP \-c \fIkeyfile\fR +.RS 4 Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP 3n +.RE +.PP \-k \fIkeyname\fR +.RS 4 Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP 3n +.RE +.PP \-r \fIrandomfile\fR +.RS 4 Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -120,14 +133,18 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIaddress\fR +.RS 4 Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP 3n +.RE +.PP \-t \fIchrootdir\fR +.RS 4 Used with the \fB\-a\fR option to specify a directory where @@ -136,8 +153,10 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP 3n +.RE +.PP \-u \fIuser\fR +.RS 4 Used with the \fB\-a\fR option to set the owner of the @@ -145,6 +164,7 @@ option to set the owner of the file generated. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed. +.RE .SH "EXAMPLES" .PP To allow @@ -173,4 +193,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2001\-2003 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook index b30f5f66..0b33fb72 100644 --- a/bin/rndc/rndc-confgen.docbook +++ b/bin/rndc/rndc-confgen.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.docbook,v 1.3.2.5 2005/05/12 21:35:12 sra Exp $ --> +<!-- $Id: rndc-confgen.docbook,v 1.3.2.7 2007/01/29 23:57:17 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html index cd2def23..46086f71 100644 --- a/bin/rndc/rndc-confgen.html +++ b/bin/rndc/rndc-confgen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.html,v 1.3.2.18 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: rndc-confgen.html,v 1.3.2.21 2007/01/30 00:10:37 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc-confgen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc-confgen</span> — rndc key generation tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549479"></a><h2>DESCRIPTION</h2> +<a name="id2543420"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc-confgen</strong></span> generates configuration files for <span><strong class="command">rndc</strong></span>. It can be used as a @@ -48,7 +48,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549525"></a><h2>OPTIONS</h2> +<a name="id2543466"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> @@ -137,7 +137,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549956"></a><h2>EXAMPLES</h2> +<a name="id2543761"></a><h2>EXAMPLES</h2> <p> To allow <span><strong class="command">rndc</strong></span> to be used with no manual configuration, run @@ -156,7 +156,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550000"></a><h2>SEE ALSO</h2> +<a name="id2543804"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, @@ -165,7 +165,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550042"></a><h2>AUTHOR</h2> +<a name="id2543847"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 15063aff..87a573af 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.2.6 2006/06/29 13:02:06 marka Exp $ +.\" $Id: rndc.8,v 1.24.2.11 2007/06/20 02:25:45 marka Exp $ .\" .hy 0 .ad l .\" Title: rndc .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -47,20 +47,22 @@ is invoked with no command line options or arguments, it prints a short summary communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of \fBrndc\fR and -\fBnamed\fR -named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. +\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. .PP \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" -.TP 3n +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc.conf\fR. -.TP 3n +.RE +.PP \-k \fIkey\-file\fR +.RS 4 Use \fIkey\-file\fR as the key file instead of the default, @@ -69,30 +71,41 @@ as the key file instead of the default, will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist. -.TP 3n +.RE +.PP \-s \fIserver\fR +.RS 4 \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for -\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. -.TP 3n +\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the +\fBrndc\fR +configuration file will be used. +.RE +.PP \-p \fIport\fR +.RS 4 Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953. -.TP 3n +.RE +.PP \-V +.RS 4 Enable verbose logging. -.TP 3n -\-y \fIkeyid\fR +.RE +.PP +\-y \fIkey_id\fR +.RS 4 Use the key -\fIkeyid\fR +\fIkey_id\fR from the configuration file. -\fIkeyid\fR +\fIkey_id\fR must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no -\fIkeyid\fR +\fIkey_id\fR is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. +.RE .PP For the complete set of commands supported by \fBrndc\fR, see the BIND 9 Administrator Reference Manual or run @@ -114,11 +127,14 @@ Several error messages could be clearer. .PP \fBrndc.conf\fR(5), \fBnamed\fR(8), -\fBnamed.conf\fR(5) +\fBnamed.conf\fR(5), \fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 0120fc91..5eb34685 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.2.6 2006/06/29 13:02:06 marka Exp $ +.\" $Id: rndc.conf.5,v 1.21.2.9 2007/05/09 03:32:21 marka Exp $ .\" .hy 0 .ad l .\" Title: \fIrndc.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -101,7 +101,7 @@ program, also known as does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" .sp -.RS 3n +.RS 4 .nf options { default\-server localhost; @@ -128,7 +128,7 @@ To generate a random secret with .PP A complete \fIrndc.conf\fR -file, including the randomly generated key, will be written to the standard output. Commented out +file, including the randomly generated key, will be written to the standard output. Commented\-out \fBkey\fR and \fBcontrols\fR @@ -158,4 +158,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook index 96e3720b..aca6b5bc 100644 --- a/bin/rndc/rndc.conf.docbook +++ b/bin/rndc/rndc.conf.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.docbook,v 1.4.2.4 2005/05/12 21:35:12 sra Exp $ --> +<!-- $Id: rndc.conf.docbook,v 1.4.2.7 2007/05/09 02:11:44 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -166,7 +167,7 @@ <para> A complete <filename>rndc.conf</filename> file, including the randomly generated key, will be written to the standard - output. Commented out <option>key</option> and + output. Commented-out <option>key</option> and <option>controls</option> statements for <filename>named.conf</filename> are also printed. </para> diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index 59ca71c3..c2a67e05 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.html,v 1.5.2.14 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: rndc.conf.html,v 1.5.2.18 2007/05/09 03:32:21 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">rndc.conf</code> — rndc configuration file</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549398"></a><h2>DESCRIPTION</h2> +<a name="id2543339"></a><h2>DESCRIPTION</h2> <p> <code class="filename">rndc.conf</code> is the configuration file for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control @@ -105,7 +105,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549601"></a><h2>EXAMPLE</h2> +<a name="id2543474"></a><h2>EXAMPLE</h2> <pre class="programlisting"> options { default-server localhost; @@ -139,7 +139,7 @@ <p> A complete <code class="filename">rndc.conf</code> file, including the randomly generated key, will be written to the standard - output. Commented out <code class="option">key</code> and + output. Commented-out <code class="option">key</code> and <code class="option">controls</code> statements for <code class="filename">named.conf</code> are also printed. </p> @@ -151,7 +151,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549730"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2543534"></a><h2>NAME SERVER CONFIGURATION</h2> <p> The name server must be configured to accept rndc connections and to recognize the key specified in the <code class="filename">rndc.conf</code> @@ -161,7 +161,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549750"></a><h2>SEE ALSO</h2> +<a name="id2543555"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, @@ -170,7 +170,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549793"></a><h2>AUTHOR</h2> +<a name="id2543597"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index 1e9976aa..c34153d8 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -1,8 +1,8 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.docbook,v 1.7.2.4 2005/05/12 21:35:12 sra Exp $ --> +<!-- $Id: rndc.docbook,v 1.7.2.9 2007/06/19 07:52:23 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -77,7 +78,7 @@ <command>rndc</command> communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - <command>rndc</command> and <command>named</command> named + <command>rndc</command> and <command>named</command>, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -124,14 +125,13 @@ <varlistentry> <term>-s <replaceable class="parameter">server</replaceable></term> <listitem> - <para> - <replaceable class="parameter">server</replaceable> is - the name or address of the server which matches a - server statement in the configuration file for - <command>rndc</command>. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. + <para><replaceable class="parameter">server</replaceable> is + the name or address of the server which matches a + server statement in the configuration file for + <command>rndc</command>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <command>rndc</command> + configuration file will be used. </para> </listitem> </varlistentry> @@ -157,15 +157,15 @@ </varlistentry> <varlistentry> - <term>-y <replaceable class="parameter">keyid</replaceable></term> + <term>-y <replaceable class="parameter">key_id</replaceable></term> <listitem> <para> - Use the key <replaceable class="parameter">keyid</replaceable> + Use the key <replaceable class="parameter">key_id</replaceable> from the configuration file. - <replaceable class="parameter">keyid</replaceable> must be + <replaceable class="parameter">key_id</replaceable> must be known by named with the same algorithm and secret string in order for control message validation to succeed. - If no <replaceable class="parameter">keyid</replaceable> + If no <replaceable class="parameter">key_id</replaceable> is specified, <command>rndc</command> will first look for a key clause in the server statement of the server being used, or if no server statement is present for that @@ -217,7 +217,7 @@ <citerefentry> <refentrytitle>named.conf</refentrytitle> <manvolnum>5</manvolnum> - </citerefentry> + </citerefentry>, <citerefentry> <refentrytitle>ndc</refentrytitle> <manvolnum>8</manvolnum> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 10673e2d..1817a2d5 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.html,v 1.7.2.13 2006/06/29 13:02:06 marka Exp $ --> +<!-- $Id: rndc.html,v 1.7.2.19 2007/06/20 02:25:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc</span> — name server control utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549451"></a><h2>DESCRIPTION</h2> +<a name="id2543393"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -46,7 +46,7 @@ <span><strong class="command">rndc</strong></span> communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named + <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549492"></a><h2>OPTIONS</h2> +<a name="id2543433"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> @@ -79,14 +79,13 @@ does not exist. </p></dd> <dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt> -<dd><p> - <em class="replaceable"><code>server</code></em> is - the name or address of the server which matches a - server statement in the configuration file for - <span><strong class="command">rndc</strong></span>. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. +<dd><p><em class="replaceable"><code>server</code></em> is + the name or address of the server which matches a + server statement in the configuration file for + <span><strong class="command">rndc</strong></span>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <span><strong class="command">rndc</strong></span> + configuration file will be used. </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> @@ -98,14 +97,14 @@ <dd><p> Enable verbose logging. </p></dd> -<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt> +<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt> <dd><p> - Use the key <em class="replaceable"><code>keyid</code></em> + Use the key <em class="replaceable"><code>key_id</code></em> from the configuration file. - <em class="replaceable"><code>keyid</code></em> must be + <em class="replaceable"><code>key_id</code></em> must be known by named with the same algorithm and secret string in order for control message validation to succeed. - If no <em class="replaceable"><code>keyid</code></em> + If no <em class="replaceable"><code>key_id</code></em> is specified, <span><strong class="command">rndc</strong></span> will first look for a key clause in the server statement of the server being used, or if no server statement is present for that @@ -123,7 +122,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549811"></a><h2>LIMITATIONS</h2> +<a name="id2543619"></a><h2>LIMITATIONS</h2> <p> <span><strong class="command">rndc</strong></span> does not yet support all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> utility. @@ -137,17 +136,17 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549840"></a><h2>SEE ALSO</h2> +<a name="id2543648"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, - <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span> + <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549892"></a><h2>AUTHOR</h2> +<a name="id2543700"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/tests/journalprint.c b/bin/tests/journalprint.c index 86fcd46c..af3469ff 100644 --- a/bin/tests/journalprint.c +++ b/bin/tests/journalprint.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journalprint.c,v 1.3.2.5 2006/08/25 05:25:49 marka Exp $ */ +/* $Id: journalprint.c,v 1.3.2.7 2007/02/27 23:45:21 tbox Exp $ */ #include <config.h> @@ -33,7 +33,7 @@ main(int argc, char **argv) { isc_mem_t *mctx = NULL; if (argc != 2) { - printf("usage: %s journal", argv[0]); + printf("usage: %s journal\n", argv[0]); return(1); } diff --git a/bin/tests/names/dns_name_fromwire_8_data b/bin/tests/names/dns_name_fromwire_8_data index 744da071..9ddd3f3d 100644 --- a/bin/tests/names/dns_name_fromwire_8_data +++ b/bin/tests/names/dns_name_fromwire_8_data @@ -1,5 +1,5 @@ # -# test data for dns_name_fromwire_8 +# test data for dns_name_fromwire_9 # format: # <msgfile> <testname_offset> <downcase> # <dc_method> <exp_name> <exp_result> @@ -27,4 +27,4 @@ # ISC_R_UNEXPECTEDEND # DNS_R_TOOMANYHOPS # -wire_test8.data 383 1 DNS_COMPRESS_ALL vix.com. DNS_R_TOOMANYHOPS +wire_test8.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE diff --git a/bin/tests/names/dns_name_fromwire_9_data b/bin/tests/names/dns_name_fromwire_9_data deleted file mode 100644 index 47c8a068..00000000 --- a/bin/tests/names/dns_name_fromwire_9_data +++ /dev/null @@ -1,30 +0,0 @@ -# -# test data for dns_name_fromwire_9 -# format: -# <msgfile> <testname_offset> <downcase> -# <dc_method> <exp_name> <exp_result> -# -# where msgfile contains a DNS message in hex form -# -# and where testname_offset is the byte offset in this message of -# the start of a name -# -# and where downcase is 1 or 0 -# -# and where dc_method is one of -# DNS_COMPRESS_ALL -# DNS_COMPRESS_GLOBAL14 -# DNS_COMPRESS_NONE -# -# and where exp_name is the expected name after any decompression -# or case conversion -# -# and where exp_result may be one of -# ISC_R_NOSPACE -# DNS_R_BADLABELTYPE -# DNS_R_DISALLOWED -# DNS_R_BADPOINTER -# ISC_R_UNEXPECTEDEND -# DNS_R_TOOMANYHOPS -# -wire_test9.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c index c9f2f15a..d0ae0a9d 100644 --- a/bin/tests/names/t_names.c +++ b/bin/tests/names/t_names.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_names.c,v 1.32.2.5 2006/01/04 23:50:17 marka Exp $ */ +/* $Id: t_names.c,v 1.32.2.6 2006/12/07 13:25:58 marka Exp $ */ #include <config.h> @@ -2139,10 +2139,6 @@ static const char *a48 = "returns ISC_R_UNEXPECTEDEND"; static const char *a49 = - "when there are too many compression pointers, " - "dns_name_fromwire() returns DNS_R_TOOMANYHOPS"; - -static const char *a50 = "when there is not enough space in target, " "dns_name_fromwire(name, source, dcts, downcase, target) " "returns ISC_R_NOSPACE"; @@ -2327,11 +2323,8 @@ t_dns_name_fromwire(void) { t_assert("dns_name_fromwire", 7, T_REQUIRED, a48); t_dns_name_fromwire_x("dns_name_fromwire_7_data", BUFLEN); - t_assert("dns_name_fromwire", 8, T_REQUIRED, a49); - t_dns_name_fromwire_x("dns_name_fromwire_8_data", BUFLEN); - - t_assert("dns_name_fromwire", 9, T_REQUIRED, a50); - t_dns_name_fromwire_x("dns_name_fromwire_9_data", 2); + t_assert("dns_name_fromwire", 9, T_REQUIRED, a49); + t_dns_name_fromwire_x("dns_name_fromwire_8_data", 2); } diff --git a/bin/tests/names/wire_test9.data b/bin/tests/names/wire_test9.data deleted file mode 100644 index 505134ac..00000000 --- a/bin/tests/names/wire_test9.data +++ /dev/null @@ -1,13 +0,0 @@ -# -# a global14 compression pointer -# -000a85800001000300000003 -0376697803636f6d0000020001c00c00 -02000100000e10000b05697372763102 -7061c00cc00c0002000100000e100009 -066e732d657874c00cc00c0002000100 -000e10000e036e733104676e61630363 -6f6d00c0250001000100000e100004cc -98b886c03c0001000100000e100004cc -98b840c051000100010002a14a0004c6 -97f8f6 diff --git a/bin/tests/system/start.sh b/bin/tests/system/start.sh index f12ce476..f0ed12b4 100644 --- a/bin/tests/system/start.sh +++ b/bin/tests/system/start.sh @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2001 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: start.sh,v 1.38.2.1 2004/03/09 06:09:42 marka Exp $ +# $Id: start.sh,v 1.38.2.3 2007/01/18 00:06:02 marka Exp $ . ./conf.sh $PERL start.pl "$@" diff --git a/bin/tests/system/stop.sh b/bin/tests/system/stop.sh index c6318f7b..0fd66049 100644 --- a/bin/tests/system/stop.sh +++ b/bin/tests/system/stop.sh @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2001 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: stop.sh,v 1.21.2.1 2004/03/09 06:09:43 marka Exp $ +# $Id: stop.sh,v 1.21.2.3 2007/01/18 00:06:02 marka Exp $ . ./conf.sh $PERL ./stop.pl "$@" diff --git a/bin/win32/BINDInstall/BINDInstall.dsp b/bin/win32/BINDInstall/BINDInstall.dsp index 59da2cd4..ed1abbab 100644 --- a/bin/win32/BINDInstall/BINDInstall.dsp +++ b/bin/win32/BINDInstall/BINDInstall.dsp @@ -43,11 +43,11 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /c
# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG" /d "_AFXDLL"
+# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
@@ -69,11 +69,11 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR /Yu"stdafx.h" /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR /Yu"stdafx.h" /FD /GZ /c
# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG" /d "_AFXDLL"
+# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
diff --git a/bin/win32/BINDInstall/BINDInstall.mak b/bin/win32/BINDInstall/BINDInstall.mak index 9f105294..330953a0 100644 --- a/bin/win32/BINDInstall/BINDInstall.mak +++ b/bin/win32/BINDInstall/BINDInstall.mak @@ -124,7 +124,7 @@ CLEAN : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
.c{$(INTDIR)}.obj::
$(CPP) @<<
@@ -159,7 +159,7 @@ CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\.. MTL=midl.exe
MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32
RSC=rc.exe
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "NDEBUG" /d "_AFXDLL"
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "NDEBUG"
BSC32=bscmake.exe
BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
BSC32_SBRS= \
@@ -214,7 +214,7 @@ CLEAN : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
.c{$(INTDIR)}.obj::
$(CPP) @<<
@@ -249,7 +249,7 @@ CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" MTL=midl.exe
MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32
RSC=rc.exe
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "_DEBUG" /d "_AFXDLL"
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "_DEBUG"
BSC32=bscmake.exe
BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
BSC32_SBRS= \
@@ -345,7 +345,7 @@ SOURCE=.\StdAfx.cpp !IF "$(CFG)" == "BINDInstall - Win32 Release"
-CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP_SWITCHES=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
"$(INTDIR)\StdAfx.obj" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
$(CPP) @<<
@@ -355,7 +355,7 @@ CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I ". !ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
-CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+CPP_SWITCHES=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
"$(INTDIR)\StdAfx.obj" "$(INTDIR)\StdAfx.sbr" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
$(CPP) @<<
diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp index cc36f0be..c6fa6b65 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.cpp +++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.cpp,v 1.6.2.17 2006/11/08 02:00:49 marka Exp $ */ +/* $Id: BINDInstallDlg.cpp,v 1.6.2.21 2007/06/27 01:52:19 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -109,23 +109,15 @@ const FileData installFiles[] = {"msvcrt.dll", FileData::WinSystem, FileData::Critical, TRUE}, # endif #endif -#if _MSC_VER >= 1400 - {"mfc80.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"mfc80u.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"mfcm80.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"mfcm80u.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"Microsoft.VC80.MFC.manifest", FileData::BinDir, FileData::Critical, FALSE}, - {"msvcm80.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"msvcp80.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"msvcr80.dll", FileData::BinDir, FileData::Critical, FALSE}, - {"Microsoft.VC80.CRT.manifest", FileData::BinDir, FileData::Critical, FALSE}, -#elif _MSC_VER >= 1310 +#if _MSC_VER < 1400 +#if _MSC_VER >= 1310 {"mfc71.dll", FileData::WinSystem, FileData::Critical, TRUE}, {"msvcr71.dll", FileData::WinSystem, FileData::Critical, TRUE}, -#elif _MSC_VER > 1200 +#elif _MSC_VER > 1200 && _MSC_VER < 1310 {"mfc70.dll", FileData::WinSystem, FileData::Critical, TRUE}, {"msvcr70.dll", FileData::WinSystem, FileData::Critical, TRUE}, #endif +#endif {"bindevt.dll", FileData::BinDir, FileData::Normal, FALSE}, {"libisc.dll", FileData::BinDir, FileData::Critical, FALSE}, {"libisccfg.dll", FileData::BinDir, FileData::Critical, FALSE}, @@ -416,6 +408,16 @@ void CBINDInstallDlg::OnInstall() } } +#if _MSC_VER >= 1400 + /* + * Install Visual Studio libraries. As per: + * http://blogs.msdn.com/astebner/archive/2006/08/23/715755.aspx + * + * Vcredist_x86.exe /q:a /c:"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log" + */ + /*system(".\\Vcredist_x86.exe /q:a /c:\"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log\"");*/ + system(".\\Vcredist_x86.exe"); +#endif try { CreateDirs(); |