diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2007-09-07 14:15:45 -0600 |
|---|---|---|
| committer | LaMont Jones <lamont@debian.org> | 2007-09-07 14:15:45 -0600 |
| commit | 4e926eed7fa226680baa6df59f0979a4ec61dc37 (patch) | |
| tree | d3fde8af0fd8d0eab9474b78f9e97f93602dc9c3 /bin | |
| parent | b839699f526d760de08fdb2c47b37987b3e90e3c (diff) | |
| download | bind9-4e926eed7fa226680baa6df59f0979a4ec61dc37.tar.gz | |
9.3.2b2
Diffstat (limited to 'bin')
39 files changed, 1734 insertions, 917 deletions
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 40bcc222..68b745ae 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -13,60 +13,58 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.12.6 2005/05/12 23:56:53 sra Exp $ +.\" $Id: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NAMED-CHECKCONF" 8 "June 14, 2000" "" "" -.SH NAME -named-checkconf \- named configuration file syntax checking tool +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +named\-checkconf \- named configuration file syntax checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fIdirectory\fR\fR] {filename} [\fB\-z\fR] +\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR] .SH "DESCRIPTION" .PP - \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file\&. +\fBnamed\-checkconf\fR +checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" .TP \-t \fIdirectory\fR -chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named\&. +chroot to +\fIdirectory\fR +so that include directives in the configuration file are processed as if run by a similarly chrooted named. .TP \-v -Print the version of the \fBnamed\-checkconf\fR program and exit\&. +Print the version of the +\fBnamed\-checkconf\fR +program and exit. .TP \-z -Perform a check load the master zonefiles found in \fInamed\&.conf\fR\&. +Perform a check load the master zonefiles found in +\fInamed.conf\fR. .TP \-j -When loading a zonefile read the journal if it exists\&. +When loading a zonefile read the journal if it exists. .TP filename -The name of the configuration file to be checked\&. If not specified, it defaults to \fI/etc/named\&.conf\fR\&. +The name of the configuration file to be checked. If not specified, it defaults to +\fI/etc/named.conf\fR. .SH "RETURN VALUES" .PP - \fBnamed\-checkconf\fR returns an exit status of 1 if errors were detected and 0 otherwise\&. +\fBnamed\-checkconf\fR +returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP - \fBnamed\fR(8), BIND 9 Administrator Reference Manual\&. +\fBnamed\fR(8), +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index 7db38bef..14b8ff89 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.html,v 1.5.2.1.4.10 2005/07/18 02:36:43 marka Exp $ --> +<!-- $Id: named-checkconf.html,v 1.5.2.1.4.12 2005/10/13 02:33:42 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkconf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkconf</span> — named configuration file syntax checking tool</p> @@ -32,14 +32,14 @@ <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514548"></a><h2>DESCRIPTION</h2> +<a name="id2525865"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a named configuration file. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514561"></a><h2>OPTIONS</h2> +<a name="id2525878"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> @@ -69,21 +69,21 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2514721"></a><h2>RETURN VALUES</h2> +<a name="id2525970"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514733"></a><h2>SEE ALSO</h2> +<a name="id2525982"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514825"></a><h2>AUTHOR</h2> +<a name="id2526006"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index d899c534..33402d5f 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -13,84 +13,99 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.11.2.1.8.7 2005/05/12 23:56:53 sra Exp $ +.\" $Id: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NAMED-CHECKZONE" 8 "June 13, 2000" "" "" -.SH NAME -named-checkzone \- zone file validity checking tool +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +named\-checkzone \- zone file validity checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename} +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename} .SH "DESCRIPTION" .PP - \fBnamed\-checkzone\fR checks the syntax and integrity of a zone file\&. It performs the same checks as \fBnamed\fR does when loading a zone\&. This makes\fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server\&. +\fBnamed\-checkzone\fR +checks the syntax and integrity of a zone file. It performs the same checks as +\fBnamed\fR +does when loading a zone. This makes +\fBnamed\-checkzone\fR +useful for checking zone files before configuring them into a name server. .SH "OPTIONS" .TP \-d -Enable debugging\&. +Enable debugging. .TP \-q -Quiet mode \- exit code only\&. +Quiet mode \- exit code only. .TP \-v -Print the version of the \fBnamed\-checkzone\fR program and exit\&. +Print the version of the +\fBnamed\-checkzone\fR +program and exit. .TP \-j -When loading the zone file read the journal if it exists\&. +When loading the zone file read the journal if it exists. .TP \-c \fIclass\fR -Specify the class of the zone\&. If not specified "IN" is assumed\&. +Specify the class of the zone. If not specified "IN" is assumed. .TP \-k \fImode\fR -Perform \fB"check\-name"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. +Perform +\fB"check\-name"\fR +checks with the specified failure mode. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. .TP \-n \fImode\fR -Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. +Specify whether NS records should be checked to see if they are addresses. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. .TP \-o \fIfilename\fR -Write zone output to \fIfilename\fR\&. +Write zone output to +\fIfilename\fR. .TP \-t \fIdirectory\fR -chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named\&. +chroot to +\fIdirectory\fR +so that include directives in the configuration file are processed as if run by a similarly chrooted named. .TP \-w \fIdirectory\fR -chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in \fInamed\&.conf\fR\&. +chdir to +\fIdirectory\fR +so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in +\fInamed.conf\fR. .TP \-D -Dump zone file in canonical format\&. +Dump zone file in canonical format. .TP zonename -The domain name of the zone being checked\&. +The domain name of the zone being checked. .TP filename -The name of the zone file\&. +The name of the zone file. .SH "RETURN VALUES" .PP - \fBnamed\-checkzone\fR returns an exit status of 1 if errors were detected and 0 otherwise\&. +\fBnamed\-checkzone\fR +returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP - \fBnamed\fR(8), RFC 1035, BIND 9 Administrator Reference Manual\&. +\fBnamed\fR(8), +RFC 1035, +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index 99507c46..cf544c94 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.html,v 1.5.2.2.4.12 2005/07/18 02:36:43 marka Exp $ --> +<!-- $Id: named-checkzone.html,v 1.5.2.2.4.13 2005/10/13 02:33:42 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkzone</span> — zone file validity checking tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514673"></a><h2>DESCRIPTION</h2> +<a name="id2525922"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> @@ -42,7 +42,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514693"></a><h2>OPTIONS</h2> +<a name="id2525942"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -111,14 +111,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515006"></a><h2>RETURN VALUES</h2> +<a name="id2526187"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2515019"></a><h2>SEE ALSO</h2> +<a name="id2526200"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <em class="citetitle">RFC 1035</em>, @@ -126,7 +126,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515046"></a><h2>AUTHOR</h2> +<a name="id2526227"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 92ac6777..7031217d 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -13,223 +13,411 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.9 2005/08/30 02:34:59 marka Exp $ +.\" $Id: dig.1,v 1.14.2.4.2.10 2005/10/13 02:33:42 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "DIG" 1 "Jun 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fIaddress\fR\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIfilename\fR\fR] [\fB\-k\ \fIfilename\fR\fR] [\fB\-p\ \fIport#\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-x\ \fIaddr\fR\fR] [\fB\-y\ \fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 \fBdig\fR [global\-queryopt...] [query...] .SH "DESCRIPTION" .PP - \fBdig\fR (domain information groper) is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use \fBdig\fR to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than \fBdig\fR\&. +\fBdig\fR +(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use +\fBdig\fR +to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than +\fBdig\fR. .PP -Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file\&. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR option is given\&. Unlike earlier versions, the BIND9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line\&. +Although +\fBdig\fR +is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the +\fB\-h\fR +option is given. Unlike earlier versions, the BIND9 implementation of +\fBdig\fR +allows multiple lookups to be issued from the command line. .PP -Unless it is told to query a specific name server, \fBdig\fR will try each of the servers listed in \fI/etc/resolv\&.conf\fR\&. +Unless it is told to query a specific name server, +\fBdig\fR +will try each of the servers listed in +\fI/etc/resolv.conf\fR. .PP -When no command line arguments or options are given, will perform an NS query for "\&." (the root)\&. +When no command line arguments or options are given, will perform an NS query for "." (the root). .PP -It is possible to set per\-user defaults for \fBdig\fR via \fI${HOME}/\&.digrc\fR\&. This file is read and any options in it are applied before the command line arguments\&. +It is possible to set per\-user defaults for +\fBdig\fR +via +\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. .SH "SIMPLE USAGE" .PP -A typical invocation of \fBdig\fR looks like: +A typical invocation of +\fBdig\fR +looks like: +.sp .nf dig @server name type .fi - where: +.sp +where: .TP \fBserver\fR -is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied \fIserver\fR argument is a hostname, \fBdig\fR resolves that name before querying that name server\&. If no \fIserver\fR argument is provided, \fBdig\fR consults \fI/etc/resolv\&.conf\fR and queries the name servers listed there\&. The reply from the name server that responds is displayed\&. +is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied +\fIserver\fR +argument is a hostname, +\fBdig\fR +resolves that name before querying that name server. If no +\fIserver\fR +argument is provided, +\fBdig\fR +consults +\fI/etc/resolv.conf\fR +and queries the name servers listed there. The reply from the name server that responds is displayed. .TP \fBname\fR -is the name of the resource record that is to be looked up\&. +is the name of the resource record that is to be looked up. .TP \fBtype\fR -indicates what type of query is required -- ANY, A, MX, SIG, etc\&. \fItype\fR can be any valid query type\&. If no \fItype\fR argument is supplied, \fBdig\fR will perform a lookup for an A record\&. +indicates what type of query is required \(em ANY, A, MX, SIG, etc. +\fItype\fR +can be any valid query type. If no +\fItype\fR +argument is supplied, +\fBdig\fR +will perform a lookup for an A record. .SH "OPTIONS" .PP -The \fB\-b\fR option sets the source IP address of the query to \fIaddress\fR\&. This must be a valid address on one of the host's network interfaces or "0\&.0\&.0\&.0" or "::"\&. An optional port may be specified by appending "#<port>" +The +\fB\-b\fR +option sets the source IP address of the query to +\fIaddress\fR. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>" .PP -The default query class (IN for internet) is overridden by the \fB\-c\fR option\&. \fIclass\fR is any valid class, such as HS for Hesiod records or CH for CHAOSNET records\&. +The default query class (IN for internet) is overridden by the +\fB\-c\fR +option. +\fIclass\fR +is any valid class, such as HS for Hesiod records or CH for CHAOSNET records. .PP -The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file \fIfilename\fR\&. The file contains a number of queries, one per line\&. Each entry in the file should be organised in the same way they would be presented as queries to \fBdig\fR using the command\-line interface\&. +The +\fB\-f\fR +option makes +\fBdig \fR +operate in batch mode by reading a list of lookup requests to process from the file +\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to +\fBdig\fR +using the command\-line interface. .PP -If a non\-standard port number is to be queried, the \fB\-p\fR option is used\&. \fIport#\fR is the port number that \fBdig\fR will send its queries instead of the standard DNS port number 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&. +If a non\-standard port number is to be queried, the +\fB\-p\fR +option is used. +\fIport#\fR +is the port number that +\fBdig\fR +will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number. .PP -The \fB\-4\fR option forces \fBdig\fR to only use IPv4 query transport\&. The \fB\-6\fR option forces \fBdig\fR to only use IPv6 query transport\&. +The +\fB\-4\fR +option forces +\fBdig\fR +to only use IPv4 query transport. The +\fB\-6\fR +option forces +\fBdig\fR +to only use IPv6 query transport. .PP -The \fB\-t\fR option sets the query type to \fItype\fR\&. It can be any valid query type which is supported in BIND9\&. The default query type "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, \fItype\fR is set to ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR\&. +The +\fB\-t\fR +option sets the query type to +\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the +\fB\-x\fR +option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, +\fItype\fR +is set to +ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was +\fIN\fR. .PP -Reverse lookups \- mapping addresses to names \- are simplified by the \fB\-x\fR option\&. \fIaddr\fR is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When this option is used, there is no need to provide the \fIname\fR, \fIclass\fR and \fItype\fR arguments\&. \fBdig\fR automatically performs a lookup for a name like 11\&.12\&.13\&.10\&.in\-addr\&.arpa and sets the query type and class to PTR and IN respectively\&. By default, IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&. To use the older RFC1886 method using the IP6\&.INT domain specify the \fB\-i\fR option\&. Bit string labels (RFC2874) are now experimental and are not attempted\&. +Reverse lookups \- mapping addresses to names \- are simplified by the +\fB\-x\fR +option. +\fIaddr\fR +is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the +\fIname\fR, +\fIclass\fR +and +\fItype\fR +arguments. +\fBdig\fR +automatically performs a lookup for a name like +11.12.13.10.in\-addr.arpa +and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the +\fB\-i\fR +option. Bit string labels (RFC2874) are now experimental and are not attempted. .PP -To sign the DNS queries sent by \fBdig\fR and their responses using transaction signatures (TSIG), specify a TSIG key file using the \fB\-k\fR option\&. You can also specify the TSIG key itself on the command line using the \fB\-y\fR option; \fIname\fR is the name of the TSIG key and \fIkey\fR is the actual key\&. The key is a base\-64 encoded string, typically generated by \fBdnssec\-keygen\fR(8)\&. Caution should be taken when using the \fB\-y\fR option on multi\-user systems as the key can be visible in the output from \fBps\fR(1 ) or in the shell's history file\&. When using TSIG authentication with \fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate \fBkey\fR and \fBserver\fR statements in \fInamed\&.conf\fR\&. +To sign the DNS queries sent by +\fBdig\fR +and their responses using transaction signatures (TSIG), specify a TSIG key file using the +\fB\-k\fR +option. You can also specify the TSIG key itself on the command line using the +\fB\-y\fR +option; +\fIname\fR +is the name of the TSIG key and +\fIkey\fR +is the actual key. The key is a base\-64 encoded string, typically generated by +\fBdnssec\-keygen\fR(8). Caution should be taken when using the +\fB\-y\fR +option on multi\-user systems as the key can be visible in the output from +\fBps\fR(1 ) +or in the shell's history file. When using TSIG authentication with +\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate +\fBkey\fR +and +\fBserver\fR +statements in +\fInamed.conf\fR. .SH "QUERY OPTIONS" .PP - \fBdig\fR provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&. +\fBdig\fR +provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies. .PP -Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string no to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form \fB+keyword=value\fR\&. The query options are: +Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string +no +to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +\fB+keyword=value\fR. The query options are: .TP \fB+[no]tcp\fR -Use [do not use] TCP when querying name servers\&. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used\&. +Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. .TP \fB+[no]vc\fR -Use [do not use] TCP when querying name servers\&. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&. +Use [do not use] TCP when querying name servers. This alternate syntax to +\fI+[no]tcp\fR +is provided for backwards compatibility. The "vc" stands for "virtual circuit". .TP \fB+[no]ignore\fR -Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&. +Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. .TP \fB+domain=somename\fR -Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR, and enable search list processing as if the \fI+search\fR option were given\&. +Set the search list to contain the single domain +\fIsomename\fR, as if specified in a +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR, and enable search list processing as if the +\fI+search\fR +option were given. .TP \fB+[no]search\fR -Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv\&.conf\fR (if any)\&. The search list is not used by default\&. +Use [do not use] the search list defined by the searchlist or domain directive in +\fIresolv.conf\fR +(if any). The search list is not used by default. .TP \fB+[no]defname\fR -Deprecated, treated as a synonym for \fI+[no]search\fR +Deprecated, treated as a synonym for +\fI+[no]search\fR .TP \fB+[no]aaonly\fR -Sets the "aa" flag in the query\&. +Sets the "aa" flag in the query. .TP \fB+[no]aaflag\fR -A synonym for \fI+[no]aaonly\fR\&. +A synonym for +\fI+[no]aaonly\fR. .TP \fB+[no]adflag\fR -Set [do not set] the AD (authentic data) bit in the query\&. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness\&. +Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. .TP \fB+[no]cdflag\fR -Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&. +Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. .TP \fB+[no]cl\fR -Display [do not display] the CLASS when printing the record\&. +Display [do not display] the CLASS when printing the record. .TP \fB+[no]ttlid\fR -Display [do not display] the TTL when printing the record\&. +Display [do not display] the TTL when printing the record. .TP \fB+[no]recurse\fR -Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means \fBdig\fR normally sends recursive queries\&. Recursion is automatically disabled when the \fI+nssearch\fR or \fI+trace\fR query options are used\&. +Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means +\fBdig\fR +normally sends recursive queries. Recursion is automatically disabled when the +\fI+nssearch\fR +or +\fI+trace\fR +query options are used. .TP \fB+[no]nssearch\fR -When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. +When this option is set, +\fBdig\fR +attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. .TP \fB+[no]trace\fR -Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&. +Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, +\fBdig\fR +makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. .TP \fB+[no]cmd\fR -toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied\&. This comment is printed by default\&. +toggles the printing of the initial comment in the output identifying the version of +\fBdig\fR +and the query options that have been applied. This comment is printed by default. .TP \fB+[no]short\fR -Provide a terse answer\&. The default is to print the answer in a verbose form\&. +Provide a terse answer. The default is to print the answer in a verbose form. .TP \fB+[no]identify\fR -Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&. +Show [or do not show] the IP address and port number that supplied the answer when the +\fI+short\fR +option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. .TP \fB+[no]comments\fR -Toggle the display of comment lines in the output\&. The default is to print comments\&. +Toggle the display of comment lines in the output. The default is to print comments. .TP \fB+[no]stats\fR -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behaviour is to print the query statistics\&. +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. .TP \fB+[no]qr\fR -Print [do not print] the query as it is sent\&. By default, the query is not printed\&. +Print [do not print] the query as it is sent. By default, the query is not printed. .TP \fB+[no]question\fR -Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&. +Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. .TP \fB+[no]answer\fR -Display [do not display] the answer section of a reply\&. The default is to display it\&. +Display [do not display] the answer section of a reply. The default is to display it. .TP \fB+[no]authority\fR -Display [do not display] the authority section of a reply\&. The default is to display it\&. +Display [do not display] the authority section of a reply. The default is to display it. .TP \fB+[no]additional\fR -Display [do not display] the additional section of a reply\&. The default is to display it\&. +Display [do not display] the additional section of a reply. The default is to display it. .TP \fB+[no]all\fR -Set or clear all display flags\&. +Set or clear all display flags. .TP \fB+time=T\fR -Sets the timeout for a query to \fIT\fR seconds\&. The default time out is 5 seconds\&. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied\&. +Sets the timeout for a query to +\fIT\fR +seconds. The default time out is 5 seconds. An attempt to set +\fIT\fR +to less than 1 will result in a query timeout of 1 second being applied. .TP \fB+tries=T\fR -Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3\&. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1\&. +Sets the number of times to try UDP queries to server to +\fIT\fR +instead of the default, 3. If +\fIT\fR +is less than or equal to zero, the number of tries is silently rounded up to 1. .TP \fB+retry=T\fR -Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2\&. Unlike \fI+tries\fR, this does not include the initial query\&. +Sets the number of times to retry UDP queries to server to +\fIT\fR +instead of the default, 2. Unlike +\fI+tries\fR, this does not include the initial query. .TP \fB+ndots=D\fR -Set the number of dots that have to appear in \fIname\fR to \fID\fR for it to be considered absolute\&. The default value is that defined using the ndots statement in \fI/etc/resolv\&.conf\fR, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the \fBsearch\fR or \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR\&. +Set the number of dots that have to appear in +\fIname\fR +to +\fID\fR +for it to be considered absolute. The default value is that defined using the ndots statement in +\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the +\fBsearch\fR +or +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR. .TP \fB+bufsize=B\fR -Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. +Set the UDP message buffer size advertised using EDNS0 to +\fIB\fR +bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. .TP \fB+[no]multiline\fR -Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output\&. +Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the +\fBdig\fR +output. .TP \fB+[no]fail\fR -Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behaviour\&. +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. .TP \fB+[no]besteffort\fR -Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&. +Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. .TP \fB+[no]dnssec\fR -Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&. +Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. .TP \fB+[no]sigchase\fR -Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&. +Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. .TP \fB+trusted\-key=####\fR -Specifies a file containing trusted keys to be used with \fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&. -If not specified \fBdig\fR will look for \fI/etc/trusted\-key\&.key\fR then \fItrusted\-key\&.key\fR in the current directory\&. -Requires dig be compiled with \-DDIG_SIGCHASE\&. +Specifies a file containing trusted keys to be used with +\fB+sigchase\fR. Each DNSKEY record must be on its own line. +.sp +If not specified +\fBdig\fR +will look for +\fI/etc/trusted\-key.key\fR +then +\fItrusted\-key.key\fR +in the current directory. +.sp +Requires dig be compiled with \-DDIG_SIGCHASE. .TP \fB+[no]topdown\fR -When chasing DNSSEC signature chains perform a top down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&. +When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. .SH "MULTIPLE QUERIES" .PP -The BIND 9 implementation of \fBdig \fR supports specifying multiple queries on the command line (in addition to supporting the \fB\-f\fR batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&. +The BIND 9 implementation of +\fBdig \fR +supports specifying multiple queries on the command line (in addition to supporting the +\fB\-f\fR +batch file option). Each of those queries can be supplied with its own set of flags, options and query options. .PP -In this case, each \fIquery\fR argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&. +In this case, each +\fIquery\fR +argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query. .PP -A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options\&. For example: +A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the +\fB+[no]cmd\fR +option) can be overridden by a query\-specific set of query options. For example: +.sp .nf -dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr +dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi - shows how \fBdig\fR could be used from the command line to make three lookups: an ANY query for www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of isc\&.org\&. A global query option of \fI+qr\fR is applied, so that \fBdig\fR shows the initial query it made for each lookup\&. The final query has a local query option of \fI+noqr\fR which means that \fBdig\fR will not print the initial query when it looks up the NS records for isc\&.org\&. +.sp +shows how +\fBdig\fR +could be used from the command line to make three lookups: an ANY query for +www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of +isc.org. A global query option of +\fI+qr\fR +is applied, so that +\fBdig\fR +shows the initial query it made for each lookup. The final query has a local query option of +\fI+noqr\fR +which means that +\fBdig\fR +will not print the initial query when it looks up the NS records for +isc.org. .SH "FILES" .PP - \fI/etc/resolv\&.conf\fR +\fI/etc/resolv.conf\fR .PP - \fI${HOME}/\&.digrc\fR +\fI${HOME}/.digrc\fR .SH "SEE ALSO" .PP - \fBhost\fR(1), \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035\&. +\fBhost\fR(1), +\fBnamed\fR(8), +\fBdnssec\-keygen\fR(8), +RFC1035. .SH "BUGS " .PP -There are probably too many query options\&. +There are probably too many query options. diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 5c646196..52df6608 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.28 2005/07/04 03:29:44 marka Exp $ */ +/* $Id: dig.c,v 1.157.2.13.2.29 2005/10/14 01:38:40 marka Exp $ */ #include <config.h> #include <stdlib.h> @@ -790,7 +790,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; case 'l': /* cl */ FULLCHECK("cl"); - noclass = !state; + noclass = ISC_TF(!state); break; case 'm': /* cmd */ FULLCHECK("cmd"); @@ -1026,7 +1026,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; case 't': /* ttlid */ FULLCHECK("ttlid"); - nottl = !state; + nottl = ISC_TF(!state); break; default: goto invalid_option; diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 462aa5c9..3425fb3d 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.6.2.4.2.12 2005/08/30 02:34:59 marka Exp $ --> +<!-- $Id: dig.html,v 1.6.2.4.2.13 2005/10/13 02:33:43 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dig</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>dig — DNS lookup utility</p> @@ -34,7 +34,7 @@ <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514727"></a><h2>DESCRIPTION</h2> +<a name="id2525976"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -69,7 +69,7 @@ are applied before the command line arguments. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514786"></a><h2>SIMPLE USAGE</h2> +<a name="id2526035"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -107,7 +107,7 @@ ANY, A, MX, SIG, etc. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514865"></a><h2>OPTIONS</h2> +<a name="id2526114"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid address on @@ -188,7 +188,7 @@ being used. In BIND, this is done by providing appropriate </p> </div> <div class="refsect1" lang="en"> -<a name="id2515116"></a><h2>QUERY OPTIONS</h2> +<a name="id2526365"></a><h2>QUERY OPTIONS</h2> <p> <span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -446,7 +446,7 @@ Requires dig be compiled with -DDIG_SIGCHASE. </p> </div> <div class="refsect1" lang="en"> -<a name="id2515852"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2527033"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports specifying multiple queries on the command line (in addition to @@ -487,7 +487,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2515911"></a><h2>FILES</h2> +<a name="id2527092"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> @@ -496,7 +496,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2515930"></a><h2>SEE ALSO</h2> +<a name="id2527111"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -505,7 +505,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2515969"></a><h2>BUGS </h2> +<a name="id2527149"></a><h2>BUGS </h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 83bc1f7b..6129fedb 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.30 2005/09/09 00:29:10 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.19.2.31 2005/10/14 01:38:40 marka Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -2092,7 +2092,7 @@ send_udp(dig_query_t *query) { */ static void connect_timeout(isc_task_t *task, isc_event_t *event) { - dig_lookup_t *l = NULL, *n; + dig_lookup_t *l = NULL; dig_query_t *query = NULL, *cq; UNUSED(task); @@ -2128,7 +2128,7 @@ connect_timeout(isc_task_t *task, isc_event_t *event) { debug("making new TCP request, %d tries left", l->retries); l->retries--; - n = requeue_lookup(l, ISC_TRUE); + requeue_lookup(l, ISC_TRUE); cancel_lookup(l); check_next_lookup(l); } diff --git a/bin/dig/host.1 b/bin/dig/host.1 index 24493879..cf44a5c3 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -13,69 +13,173 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.6 2005/05/13 02:43:18 marka Exp $ +.\" $Id: host.1,v 1.11.2.1.4.7 2005/10/13 02:33:43 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HOST" 1 "Jun 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" host \- DNS lookup utility .SH "SYNOPSIS" .HP 5 -\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-N\ \fIndots\fR\fR] [\fB\-R\ \fInumber\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-W\ \fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] +\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] .SH "DESCRIPTION" .PP - \fBhost\fR is a simple utility for performing DNS lookups\&. It is normally used to convert names to IP addresses and vice versa\&. When no arguments or options are given, \fBhost\fR prints a short summary of its command line arguments and options\&. -.PP - \fIname\fR is the domain name that is to be looked up\&. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case \fBhost\fR will by default perform a reverse lookup for that address\&. \fIserver\fR is an optional argument which is either the name or IP address of the name server that \fBhost\fR should query instead of the server or servers listed in \fI/etc/resolv\&.conf\fR\&. -.PP -The \fB\-a\fR (all) option is equivalent to setting the \fB\-v\fR option and asking \fBhost\fR to make a query of type ANY\&. -.PP -When the \fB\-C\fR option is used, \fBhost\fR will attempt to display the SOA records for zone \fIname\fR from all the listed authoritative name servers for that zone\&. The list of name servers is defined by the NS records that are found for the zone\&. -.PP -The \fB\-c\fR option instructs to make a DNS query of class \fIclass\fR\&. This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&. -.PP -Verbose output is generated by \fBhost\fR when the \fB\-d\fR or \fB\-v\fR option is used\&. The two options are equivalent\&. They have been provided for backwards compatibility\&. In previous versions, the \fB\-d\fR option switched on debugging traces and \fB\-v\fR enabled verbose output\&. -.PP -List mode is selected by the \fB\-l\fR option\&. This makes \fBhost\fR perform a zone transfer for zone \fIname\fR\&. Transfer the zone printing out the NS, PTR and address records (A/AAAA)\&. If combined with \fB\-a\fR all records will be printed\&. -.PP -The \fB\-i\fR option specifies that reverse lookups of IPv6 addresses should use the IP6\&.INT domain as defined in RFC1886\&. The default is to use IP6\&.ARPA\&. -.PP -The \fB\-N\fR option sets the number of dots that have to be in \fIname\fR for it to be considered absolute\&. The default value is that defined using the ndots statement in \fI/etc/resolv\&.conf\fR, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the \fBsearch\fR or \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR\&. -.PP -The number of UDP retries for a lookup can be changed with the \fB\-R\fR option\&. \fInumber\fR indicates how many times \fBhost\fR will repeat a query that does not get answered\&. The default number of retries is 1\&. If \fInumber\fR is negative or zero, the number of retries will default to 1\&. -.PP -Non\-recursive queries can be made via the \fB\-r\fR option\&. Setting this option clears the \fBRD\fR -- recursion desired -- bit in the query which \fBhost\fR makes\&. This should mean that the name server receiving the query will not attempt to resolve \fIname\fR\&. The \fB\-r\fR option enables \fBhost\fR to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers\&. -.PP -By default \fBhost\fR uses UDP when making queries\&. The \fB\-T\fR option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&. -.PP -The \fB\-4\fR option forces \fBhost\fR to only use IPv4 query transport\&. The \fB\-6\fR option forces \fBhost\fR to only use IPv6 query transport\&. -.PP -The \fB\-t\fR option is used to select the query type\&. \fItype\fR can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc\&. When no query type is specified, \fBhost\fR automatically selects an appropriate query type\&. By default it looks for A records, but if the \fB\-C\fR option was given, queries will be made for SOA records, and if \fIname\fR is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address, \fBhost\fR will query for PTR records\&. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&. \-t IXFR=12345678)\&. -.PP -The time to wait for a reply can be controlled through the \fB\-W\fR and \fB\-w\fR options\&. The \fB\-W\fR option makes \fBhost\fR wait for \fIwait\fR seconds\&. If \fIwait\fR is less than one, the wait interval is set to one second\&. When the \fB\-w\fR option is used, \fBhost\fR will effectively wait forever for a reply\&. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity\&. +\fBhost\fR +is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, +\fBhost\fR +prints a short summary of its command line arguments and options. +.PP +\fIname\fR +is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case +\fBhost\fR +will by default perform a reverse lookup for that address. +\fIserver\fR +is an optional argument which is either the name or IP address of the name server that +\fBhost\fR +should query instead of the server or servers listed in +\fI/etc/resolv.conf\fR. +.PP +The +\fB\-a\fR +(all) option is equivalent to setting the +\fB\-v\fR +option and asking +\fBhost\fR +to make a query of type ANY. +.PP +When the +\fB\-C\fR +option is used, +\fBhost\fR +will attempt to display the SOA records for zone +\fIname\fR +from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone. +.PP +The +\fB\-c\fR +option instructs to make a DNS query of class +\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet). +.PP +Verbose output is generated by +\fBhost\fR +when the +\fB\-d\fR +or +\fB\-v\fR +option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the +\fB\-d\fR +option switched on debugging traces and +\fB\-v\fR +enabled verbose output. +.PP +List mode is selected by the +\fB\-l\fR +option. This makes +\fBhost\fR +perform a zone transfer for zone +\fIname\fR. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with +\fB\-a\fR +all records will be printed. +.PP +The +\fB\-i\fR +option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA. +.PP +The +\fB\-N\fR +option sets the number of dots that have to be in +\fIname\fR +for it to be considered absolute. The default value is that defined using the ndots statement in +\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the +\fBsearch\fR +or +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR. +.PP +The number of UDP retries for a lookup can be changed with the +\fB\-R\fR +option. +\fInumber\fR +indicates how many times +\fBhost\fR +will repeat a query that does not get answered. The default number of retries is 1. If +\fInumber\fR +is negative or zero, the number of retries will default to 1. +.PP +Non\-recursive queries can be made via the +\fB\-r\fR +option. Setting this option clears the +\fBRD\fR +\(em recursion desired \(em bit in the query which +\fBhost\fR +makes. This should mean that the name server receiving the query will not attempt to resolve +\fIname\fR. The +\fB\-r\fR +option enables +\fBhost\fR +to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. +.PP +By default +\fBhost\fR +uses UDP when making queries. The +\fB\-T\fR +option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests. +.PP +The +\fB\-4\fR +option forces +\fBhost\fR +to only use IPv4 query transport. The +\fB\-6\fR +option forces +\fBhost\fR +to only use IPv6 query transport. +.PP +The +\fB\-t\fR +option is used to select the query type. +\fItype\fR +can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, +\fBhost\fR +automatically selects an appropriate query type. By default it looks for A records, but if the +\fB\-C\fR +option was given, queries will be made for SOA records, and if +\fIname\fR +is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address, +\fBhost\fR +will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. \-t IXFR=12345678). +.PP +The time to wait for a reply can be controlled through the +\fB\-W\fR +and +\fB\-w\fR +options. The +\fB\-W\fR +option makes +\fBhost\fR +wait for +\fIwait\fR +seconds. If +\fIwait\fR +is less than one, the wait interval is set to one second. When the +\fB\-w\fR +option is used, +\fBhost\fR +will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity. .SH "FILES" .PP - \fI/etc/resolv\&.conf\fR +\fI/etc/resolv.conf\fR .SH "SEE ALSO" .PP - \fBdig\fR(1), \fBnamed\fR(8)\&. +\fBdig\fR(1), +\fBnamed\fR(8). diff --git a/bin/dig/host.html b/bin/dig/host.html index c85246ab..7670868c 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.4.2.1.4.10 2005/07/18 02:36:44 marka Exp $ --> +<!-- $Id: host.html,v 1.4.2.1.4.12 2005/10/13 02:33:44 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>host</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>host — DNS lookup utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514584"></a><h2>DESCRIPTION</h2> +<a name="id2525901"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. @@ -155,13 +155,13 @@ value for an integer quantity. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514992"></a><h2>FILES</h2> +<a name="id2526241"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2515004"></a><h2>SEE ALSO</h2> +<a name="id2526253"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index 344c6ae3..3de04ca4 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -12,62 +12,61 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.6.4 2005/05/13 02:43:18 marka Exp $ +.\" $Id: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NSLOOKUP" 1 "Jun 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" nslookup \- query Internet name servers interactively .SH "SYNOPSIS" .HP 9 \fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server] .SH "DESCRIPTION" .PP - \fBNslookup\fR is a program to query Internet domain name servers\&. \fBNslookup\fR has two modes: interactive and non\-interactive\&. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain\&. Non\-interactive mode is used to print just the name and requested information for a host or domain\&. +\fBNslookup\fR +is a program to query Internet domain name servers. +\fBNslookup\fR +has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain. .SH "ARGUMENTS" .PP -Interactive mode is entered in the following cases: +Interactive mode is entered in the following cases: .TP 3 1. when no arguments are given (the default name server will be used) .TP 2. -when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server\&. -.LP +when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. .PP -Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument\&. The optional second argument specifies the host name or address of a name server\&. +Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP -Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen\&. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: .IP .nf nslookup \-query=hinfo \-timeout=10 .fi +Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: +.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi .SH "INTERACTIVE COMMANDS" .TP host [server] -Look up information for host using the current default server or using server, if specified\&. If host is an Internet address and the query type is A or PTR, the name of the host is returned\&. If host is a name and does not have a trailing period, the search list is used to qualify the name\&. -To look up a host not in the current domain, append a period to the name\&. +Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. +.sp +To look up a host not in the current domain, append a period to the name. .TP \fBserver\fR \fIdomain\fR .TP \fBlserver\fR \fIdomain\fR -Change the default server to \fIdomain\fR; \fBlserver\fR uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server\&. If an authoritative answer can't be found, the names of servers that might have the answer are returned\&. +Change the default server to +\fIdomain\fR; +\fBlserver\fR +uses the initial server to look up information about +\fIdomain\fR, while +\fBserver\fR +uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. .TP \fBroot\fR not implemented @@ -88,17 +87,18 @@ not implemented not implemented .TP \fBexit\fR -Exits the program\&. +Exits the program. .TP -\fBset\fR \fIkeyword[=value]\fR -This command is used to change state information that affects the lookups\&. Valid keywords are: +\fBset\fR \fIkeyword\fR\fI[=value]\fR +This command is used to change state information that affects the lookups. Valid keywords are: .RS .TP \fBall\fR -Prints the current values of the frequently used options to \fBset\fR\&. Information about the current default server and host is also printed\&. +Prints the current values of the frequently used options to +\fBset\fR. Information about the current default server and host is also printed. .TP \fBclass=\fR\fIvalue\fR -Change the query class to one of: +Change the query class to one of: .RS .TP \fBIN\fR @@ -114,55 +114,68 @@ the Hesiod class wildcard .RE .IP - The class specifies the protocol group of the information\&. +The class specifies the protocol group of the information. +.sp (Default = IN; abbreviation = cl) .TP -\fB\fI[no]\fRdebug\fR -Turn debugging mode on\&. A lot more information is printed about the packet sent to the server and the resulting answer\&. -(Default = nodebug; abbreviation = [no]deb) +\fB\fI[no]\fR\fR\fBdebug\fR +Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.sp +(Default = nodebug; abbreviation = +[no]deb) .TP -\fB\fI[no]\fRd2\fR -Turn debugging mode on\&. A lot more information is printed about the packet sent to the server and the resulting answer\&. +\fB\fI[no]\fR\fR\fBd2\fR +Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.sp (Default = nod2) .TP \fBdomain=\fR\fIname\fR -Sets the search list to \fIname\fR\&. +Sets the search list to +\fIname\fR. .TP -\fB\fI[no]\fRsearch\fR -If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&. +\fB\fI[no]\fR\fR\fBsearch\fR +If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. +.sp (Default = search) .TP \fBport=\fR\fIvalue\fR -Change the default TCP/UDP name server port to \fIvalue\fR\&. +Change the default TCP/UDP name server port to +\fIvalue\fR. +.sp (Default = 53; abbreviation = po) .TP \fBquerytype=\fR\fIvalue\fR .TP \fBtype=\fR\fIvalue\fR -Change the top of the information query\&. +Change the top of the information query. +.sp (Default = A; abbreviations = q, ty) .TP -\fB\fI[no]\fRrecurse\fR -Tell the name server to query other servers if it does not have the information\&. +\fB\fI[no]\fR\fR\fBrecurse\fR +Tell the name server to query other servers if it does not have the information. +.sp (Default = recurse; abbreviation = [no]rec) .TP \fBretry=\fR\fInumber\fR -Set the number of retries to number\&. +Set the number of retries to number. .TP \fBtimeout=\fR\fInumber\fR -Change the initial timeout interval for waiting for a reply to number seconds\&. +Change the initial timeout interval for waiting for a reply to number seconds. .TP -\fB\fI[no]\fRvc\fR -Always use a virtual circuit when sending requests to the server\&. +\fB\fI[no]\fR\fR\fBvc\fR +Always use a virtual circuit when sending requests to the server. +.sp (Default = novc) .RE .IP .SH "FILES" .PP - \fI/etc/resolv\&.conf\fR +\fI/etc/resolv.conf\fR .SH "SEE ALSO" .PP - \fBdig\fR(1), \fBhost\fR(1), \fBnamed\fR(8)\&. +\fBdig\fR(1), +\fBhost\fR(1), +\fBnamed\fR(8). .SH "AUTHOR" .PP Andrew Cherenson diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index 70f26c4b..fc2e4e80 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.html,v 1.1.6.7 2005/07/18 02:36:44 marka Exp $ --> +<!-- $Id: nslookup.html,v 1.1.6.9 2005/10/13 02:33:44 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nslookup</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456976"></a><div class="titlepage"></div> +<a name="id2463728"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nslookup — query Internet name servers interactively</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514587"></a><h2>DESCRIPTION</h2> +<a name="id2525973"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> @@ -43,7 +43,7 @@ domain. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514604"></a><h2>ARGUMENTS</h2> +<a name="id2525990"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -75,7 +75,7 @@ nslookup -query=hinfo -timeout=10 </p> </div> <div class="refsect1" lang="en"> -<a name="id2514647"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2526033"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> <dt><span class="term">host [<span class="optional">server</span>]</span></dt> <dd> @@ -241,13 +241,13 @@ the lookups. Valid keywords are: </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515241"></a><h2>FILES</h2> +<a name="id2526490"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2515254"></a><h2>SEE ALSO</h2> +<a name="id2526503"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, @@ -255,7 +255,7 @@ the lookups. Valid keywords are: </p> </div> <div class="refsect1" lang="en"> -<a name="id2515289"></a><h2>Author</h2> +<a name="id2526538"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 2f9dd76c..0f8f003d 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -13,118 +13,152 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.8 2005/08/30 02:35:00 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "DNSSEC-KEYGEN" 8 "June 30, 2000" "" "" -.SH NAME -dnssec-keygen \- DNSSEC key generation tool +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +dnssec\-keygen \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 14 -\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fIflag\fR\fR] [\fB\-g\ \fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fIprotocol\fR\fR] [\fB\-r\ \fIrandomdev\fR\fR] [\fB\-s\ \fIstrength\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-v\ \fIlevel\fR\fR] {name} +\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name} .SH "DESCRIPTION" .PP - \fBdnssec\-keygen\fR generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>\&. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845\&. +\fBdnssec\-keygen\fR +generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" .TP \-a \fIalgorithm\fR -Selects the cryptographic algorithm\&. The value of \fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5\&. These values are case insensitive\&. -Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended\&. For TSIG, HMAC\-MD5 is mandatory\&. -Note 2: HMAC\-MD5 and DH automatically set the \-k flag\&. +Selects the cryptographic algorithm. The value of +\fBalgorithm\fR +must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive. +.sp +Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. +.sp +Note 2: HMAC\-MD5 and DH automatically set the \-k flag. .TP \-b \fIkeysize\fR -Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. DSA keys must be between 512 and 1024 bits and an exact multiple of 64\&. HMAC\-MD5 keys must be between 1 and 512 bits\&. +Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. .TP \-n \fInametype\fR -Specifies the owner type of the key\&. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. +Specifies the owner type of the key. The value of +\fBnametype\fR +must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. .TP \-c \fIclass\fR -Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&. +Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. .TP \-e -If generating an RSAMD5/RSASHA1 key, use a large exponent\&. +If generating an RSAMD5/RSASHA1 key, use a large exponent. .TP \-f \fIflag\fR -Set the specified flag in the flag field of the KEY/DNSKEY record\&. The only recognized flag is KSK (Key Signing Key) DNSKEY\&. +Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY. .TP \-g \fIgenerator\fR -If generating a Diffie Hellman key, use this generator\&. Allowed values are 2 and 5\&. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2\&. +If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. .TP \-h -Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR\&. +Prints a short summary of the options and arguments to +\fBdnssec\-keygen\fR. .TP \-k -Generate KEY records rather than DNSKEY records\&. +Generate KEY records rather than DNSKEY records. .TP \-p \fIprotocol\fR -Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&. +Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. .TP \-r \fIrandomdev\fR -Specifies the source of randomness\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&. +Specifies the source of randomness. If the operating system does not provide a +\fI/dev/random\fR +or equivalent device, the default source of randomness is keyboard input. +\fIrandomdev\fR +specifies the name of a character device or file containing random data to be used instead of the default. The special value +\fIkeyboard\fR +indicates that keyboard input should be used. .TP \-s \fIstrength\fR -Specifies the strength value of the key\&. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC\&. +Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. .TP \-t \fItype\fR -Indicates the use of the key\&. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&. +Indicates the use of the key. +\fBtype\fR +must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. .TP \-v \fIlevel\fR -Sets the debugging level\&. +Sets the debugging level. .SH "GENERATED KEYS" .PP -When \fBdnssec\-keygen\fR completes successfully, it prints a string of the form \fIKnnnn\&.+aaa+iiiii\fR to the standard output\&. This is an identification string for the key it has generated\&. +When +\fBdnssec\-keygen\fR +completes successfully, it prints a string of the form +\fIKnnnn.+aaa+iiiii\fR +to the standard output. This is an identification string for the key it has generated. .TP 3 \(bu - \fInnnn\fR is the key name\&. +\fInnnn\fR +is the key name. .TP \(bu - \fIaaa\fR is the numeric representation of the algorithm\&. +\fIaaa\fR +is the numeric representation of the algorithm. .TP \(bu - \fIiiiii\fR is the key identifier (or footprint)\&. -.LP +\fIiiiii\fR +is the key identifier (or footprint). .PP - \fBdnssec\-keygen\fR creates two file, with names based on the printed string\&. \fIKnnnn\&.+aaa+iiiii\&.key\fR contains the public key, and\fIKnnnn\&.+aaa+iiiii\&.private\fR contains the private key\&. +\fBdnssec\-keygen\fR +creates two file, with names based on the printed string. +\fIKnnnn.+aaa+iiiii.key\fR +contains the public key, and +\fIKnnnn.+aaa+iiiii.private\fR +contains the private key. .PP -The \fI\&.key\fR file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&. +The +\fI.key\fR +file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement). .PP -The \fI\&.private\fR file contains algorithm specific fields\&. For obvious security reasons, this file does not have general read permission\&. +The +\fI.private\fR +file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission. .PP -Both \fI\&.key\fR and \fI\&.private\fR files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent\&. +Both +\fI.key\fR +and +\fI.private\fR +files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent. .SH "EXAMPLE" .PP -To generate a 768\-bit DSA key for the domain\fBexample\&.com\fR, the following command would be issued: +To generate a 768\-bit DSA key for the domain +\fBexample.com\fR, the following command would be issued: .PP - \fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example\&.com\fR +\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR .PP The command would print a string of the form: .PP - \fBKexample\&.com\&.+003+26160\fR +\fBKexample.com.+003+26160\fR .PP -In this example, \fBdnssec\-keygen\fR creates the files \fIKexample\&.com\&.+003+26160\&.key\fR and\fIKexample\&.com\&.+003+26160\&.private\fR +In this example, +\fBdnssec\-keygen\fR +creates the files +\fIKexample.com.+003+26160.key\fR +and +\fIKexample.com.+003+26160.private\fR .SH "SEE ALSO" .PP - \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, RFC 2535, RFC 2845, RFC 2539\&. +\fBdnssec\-signzone\fR(8), +BIND 9 Administrator Reference Manual, +RFC 2535, +RFC 2845, +RFC 2539. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 81705da6..00271faa 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.12 2005/08/30 02:35:01 marka Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.13 2005/10/13 02:33:45 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-keygen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-keygen</span> — DNSSEC key generation tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514707"></a><h2>DESCRIPTION</h2> +<a name="id2525956"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate @@ -41,7 +41,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514720"></a><h2>OPTIONS</h2> +<a name="id2525969"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -144,7 +144,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515125"></a><h2>GENERATED KEYS</h2> +<a name="id2526306"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> @@ -187,7 +187,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515213"></a><h2>EXAMPLE</h2> +<a name="id2526394"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -209,7 +209,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515259"></a><h2>SEE ALSO</h2> +<a name="id2526440"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -219,7 +219,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515292"></a><h2>AUTHOR</h2> +<a name="id2526473"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 4372aee1..63ffadba 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -13,112 +13,145 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.9 2005/06/26 00:05:50 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.10 2005/10/13 02:33:45 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "DNSSEC-SIGNZONE" 8 "June 30, 2000" "" "" -.SH NAME -dnssec-signzone \- DNSSEC zone signing tool +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +dnssec\-signzone \- DNSSEC zone signing tool .SH "SYNOPSIS" .HP 16 -\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-d\ \fIdirectory\fR\fR] [\fB\-e\ \fIend\-time\fR\fR] [\fB\-f\ \fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fIkey\fR\fR] [\fB\-l\ \fIdomain\fR\fR] [\fB\-i\ \fIinterval\fR\fR] [\fB\-n\ \fInthreads\fR\fR] [\fB\-o\ \fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fIrandomdev\fR\fR] [\fB\-s\ \fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...] +\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-n\ \fR\fB\fInthreads\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...] .SH "DESCRIPTION" .PP - \fBdnssec\-signzone\fR signs a zone\&. It generates NSEC and RRSIG records and produces a signed version of the zone\&. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a\fIkeyset\fR file for each child zone\&. +\fBdnssec\-signzone\fR +signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a +\fIkeyset\fR +file for each child zone. .SH "OPTIONS" .TP \-a -Verify all generated signatures\&. +Verify all generated signatures. .TP \-c \fIclass\fR -Specifies the DNS class of the zone\&. +Specifies the DNS class of the zone. .TP \-k \fIkey\fR -Treat specified key as a key signing key ignoring any key flags\&. This option may be specified multiple times\&. +Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times. .TP \-l \fIdomain\fR -Generate a DLV set in addition to the key (DNSKEY) and DS sets\&. The domain is appended to the name of the records\&. +Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records. .TP \-d \fIdirectory\fR -Look for \fIkeyset\fR files in \fBdirectory\fR as the directory +Look for +\fIkeyset\fR +files in +\fBdirectory\fR +as the directory .TP \-g -Generate DS records for child zones from keyset files\&. Existing DS records will be removed\&. +Generate DS records for child zones from keyset files. Existing DS records will be removed. .TP \-s \fIstart\-time\fR -Specify the date and time when the generated RRSIG records become valid\&. This can be either an absolute or relative time\&. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000\&. A relative start time is indicated by +N, which is N seconds from the current time\&. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used\&. +Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no +\fBstart\-time\fR +is specified, the current time minus 1 hour (to allow for clock skew) is used. .TP \-e \fIend\-time\fR -Specify the date and time when the generated RRSIG records expire\&. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation\&. A time relative to the start time is indicated with +N, which is N seconds from the start time\&. A time relative to the current time is indicated with now+N\&. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default\&. +Specify the date and time when the generated RRSIG records expire. As with +\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no +\fBend\-time\fR +is specified, 30 days from the start time is used as a default. .TP \-f \fIoutput\-file\fR -The name of the output file containing the signed zone\&. The default is to append \fI\&.signed\fR to the input file\&. +The name of the output file containing the signed zone. The default is to append +\fI.signed\fR +to the input file. .TP \-h -Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR\&. +Prints a short summary of the options and arguments to +\fBdnssec\-signzone\fR. .TP \-i \fIinterval\fR -When a previously signed zone is passed as input, records may be resigned\&. The \fBinterval\fR option specifies the cycle interval as an offset from the current time (in seconds)\&. If a RRSIG record expires after the cycle interval, it is retained\&. Otherwise, it is considered to be expiring soon, and it will be replaced\&. -The default cycle interval is one quarter of the difference between the signature end and start times\&. So if neither \fBend\-time\fR or \fBstart\-time\fR are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7\&.5 days\&. Therefore, if any existing RRSIG records are due to expire in less than 7\&.5 days, they would be replaced\&. +When a previously signed zone is passed as input, records may be resigned. The +\fBinterval\fR +option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced. +.sp +The default cycle interval is one quarter of the difference between the signature end and start times. So if neither +\fBend\-time\fR +or +\fBstart\-time\fR +are specified, +\fBdnssec\-signzone\fR +generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced. .TP \-n \fIncpus\fR -Specifies the number of threads to use\&. By default, one thread is started for each detected CPU\&. +Specifies the number of threads to use. By default, one thread is started for each detected CPU. .TP \-o \fIorigin\fR -The zone origin\&. If not specified, the name of the zone file is assumed to be the origin\&. +The zone origin. If not specified, the name of the zone file is assumed to be the origin. .TP \-p -Use pseudo\-random data when signing the zone\&. This is faster, but less secure, than using real random data\&. This option may be useful when signing large zones or when the entropy source is limited\&. +Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. .TP \-r \fIrandomdev\fR -Specifies the source of randomness\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&. +Specifies the source of randomness. If the operating system does not provide a +\fI/dev/random\fR +or equivalent device, the default source of randomness is keyboard input. +\fIrandomdev\fR +specifies the name of a character device or file containing random data to be used instead of the default. The special value +\fIkeyboard\fR +indicates that keyboard input should be used. .TP \-t -Print statistics at completion\&. +Print statistics at completion. .TP \-v \fIlevel\fR -Sets the debugging level\&. +Sets the debugging level. .TP \-z -Ignore KSK flag on key when determining what to sign\&. +Ignore KSK flag on key when determining what to sign. .TP zonefile -The file containing the zone to be signed\&. +The file containing the zone to be signed. .TP key -The keys used to sign the zone\&. If no keys are specified, the default all zone keys that have private key files in the current directory\&. +The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. .SH "EXAMPLE" .PP -The following command signs the \fBexample\&.com\fR zone with the DSA key generated in the \fBdnssec\-keygen\fR man page\&. The zone's keys must be in the zone\&. If there are\fIkeyset\fR files associated with child zones, they must be in the current directory\&.\fBexample\&.com\fR, the following command would be issued: +The following command signs the +\fBexample.com\fR +zone with the DSA key generated in the +\fBdnssec\-keygen\fR +man page. The zone's keys must be in the zone. If there are +\fIkeyset\fR +files associated with child zones, they must be in the current directory. +\fBexample.com\fR, the following command would be issued: .PP - \fBdnssec\-signzone \-o example\&.com db\&.example\&.com Kexample\&.com\&.+003+26160\fR +\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR .PP The command would print a string of the form: .PP -In this example, \fBdnssec\-signzone\fR creates the file \fIdb\&.example\&.com\&.signed\fR\&. This file should be referenced in a zone statement in a\fInamed\&.conf\fR file\&. +In this example, +\fBdnssec\-signzone\fR +creates the file +\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a +\fInamed.conf\fR +file. .SH "SEE ALSO" .PP - \fBdnssec\-keygen\fR(8), BIND 9 Administrator Reference Manual, RFC 2535\&. +\fBdnssec\-keygen\fR(8), +BIND 9 Administrator Reference Manual, +RFC 2535. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index f03697ff..93caf497 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.20 2005/03/17 03:58:24 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.139.2.2.4.21 2005/10/14 01:38:41 marka Exp $ */ #include <config.h> @@ -787,7 +787,6 @@ signname(dns_dbnode_t *node, dns_name_t *name) { dns_rdatasetiter_t *rdsiter; isc_boolean_t isdelegation = ISC_FALSE; isc_boolean_t hasds = ISC_FALSE; - isc_boolean_t atorigin; isc_boolean_t changed = ISC_FALSE; dns_diff_t del, add; char namestr[DNS_NAME_FORMATSIZE]; @@ -795,8 +794,6 @@ signname(dns_dbnode_t *node, dns_name_t *name) { dns_name_format(name, namestr, sizeof(namestr)); - atorigin = dns_name_equal(name, gorigin); - /* * Determine if this is a delegation point. */ @@ -1453,7 +1450,6 @@ warnifallksk(dns_db_t *db) { dns_dbnode_t *node = NULL; dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; - dst_key_t *pubkey; isc_result_t result; dns_rdata_key_t key; isc_boolean_t have_non_ksk = ISC_FALSE; @@ -1474,7 +1470,6 @@ warnifallksk(dns_db_t *db) { result = dns_rdataset_first(&rdataset); check_result(result, "dns_rdataset_first"); while (result == ISC_R_SUCCESS) { - pubkey = NULL; dns_rdata_reset(&rdata); dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &key, NULL); diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 25ae78a9..5cc8c074 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.13 2005/07/18 02:36:45 marka Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.14 2005/10/13 02:33:46 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-signzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514730"></a><h2>DESCRIPTION</h2> +<a name="id2525979"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514746"></a><h2>OPTIONS</h2> +<a name="id2525995"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -179,7 +179,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515254"></a><h2>EXAMPLE</h2> +<a name="id2526435"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span> @@ -203,7 +203,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515304"></a><h2>SEE ALSO</h2> +<a name="id2526485"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -211,7 +211,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515331"></a><h2>AUTHOR</h2> +<a name="id2526512"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 9bf17bee..58f24b06 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -13,96 +13,128 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.4 2005/05/13 02:43:19 marka Exp $ +.\" $Id: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "LWRESD" 8 "June 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" lwresd \- lightweight resolver daemon .SH "SYNOPSIS" .HP 7 -\fBlwresd\fR [\fB\-C\ \fIconfig\-file\fR\fR] [\fB\-d\ \fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fIpid\-file\fR\fR] [\fB\-n\ \fI#cpus\fR\fR] [\fB\-P\ \fIport\fR\fR] [\fB\-p\ \fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-u\ \fIuser\fR\fR] [\fB\-v\fR] +\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] .SH "DESCRIPTION" .PP -\fBlwresd\fR is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library\&. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol\&. +\fBlwresd\fR +is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol. .PP -\fBlwresd\fR listens for resolver queries on a UDP port on the IPv4 loopback interface, 127\&.0\&.0\&.1\&. This means that \fBlwresd\fR can only be used by processes running on the local machine\&. By default UDP port number 921 is used for lightweight resolver requests and responses\&. +\fBlwresd\fR +listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that +\fBlwresd\fR +can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses. .PP -Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol\&. When the DNS lookup completes, \fBlwresd\fR encodes the answers in the lightweight resolver format and returns them to the client that made the request\&. +Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes, +\fBlwresd\fR +encodes the answers in the lightweight resolver format and returns them to the client that made the request. .PP -If \fI/etc/resolv\&.conf\fR contains any\fBnameserver\fR entries, \fBlwresd\fR sends recursive DNS queries to those servers\&. This is similar to the use of forwarders in a caching name server\&. If no\fBnameserver\fR entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints\&. +If +\fI/etc/resolv.conf\fR +contains any +\fBnameserver\fR +entries, +\fBlwresd\fR +sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no +\fBnameserver\fR +entries are present, or if forwarding fails, +\fBlwresd\fR +resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" .TP \-C \fIconfig\-file\fR -Use \fIconfig\-file\fR as the configuration file instead of the default,\fI/etc/resolv\&.conf\fR\&. +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/resolv.conf\fR. .TP \-d \fIdebug\-level\fR -Set the daemon's debug level to \fIdebug\-level\fR\&. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases\&. +Set the daemon's debug level to +\fIdebug\-level\fR. Debugging traces from +\fBlwresd\fR +become more verbose as the debug level increases. .TP \-f -Run the server in the foreground (i\&.e\&. do not daemonize)\&. +Run the server in the foreground (i.e. do not daemonize). .TP \-g -Run the server in the foreground and force all logging to \fIstderr\fR\&. +Run the server in the foreground and force all logging to +\fIstderr\fR. .TP \-n \fI#cpus\fR -Create \fI#cpus\fR worker threads to take advantage of multiple CPUs\&. If not specified,\fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&. +Create +\fI#cpus\fR +worker threads to take advantage of multiple CPUs. If not specified, +\fBlwresd\fR +will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. .TP \-P \fIport\fR -Listen for lightweight resolver queries on port\fIport\fR\&. If not specified, the default is port 921\&. +Listen for lightweight resolver queries on port +\fIport\fR. If not specified, the default is port 921. .TP \-p \fIport\fR -Send DNS lookups to port \fIport\fR\&. If not specified, the default is port 53\&. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number\&. +Send DNS lookups to port +\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. .TP \-s -Write memory usage statistics to \fIstdout\fR on exit\&. +Write memory usage statistics to +\fIstdout\fR +on exit. .RS .B "Note:" -This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&. +This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE .TP \-t \fIdirectory\fR -\fBchroot()\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file\&. +\fBchroot()\fR +to +\fIdirectory\fR +after processing the command line arguments, but before reading the configuration file. .RS .B "Warning:" -This option should be used in conjunction with the\fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail\&. +This option should be used in conjunction with the +\fB\-u\fR +option, as chrooting a process running as root doesn't enhance security on most systems; the way +\fBchroot()\fR +is defined allows a process with root privileges to escape a chroot jail. .RE .TP \-u \fIuser\fR -\fBsetuid()\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports\&. +\fBsetuid()\fR +to +\fIuser\fR +after completing privileged operations, such as creating sockets that listen on privileged ports. .TP \-v -Report the version number and exit\&. +Report the version number and exit. .SH "FILES" .TP -\fI/etc/resolv\&.conf\fR -The default configuration file\&. +\fI/etc/resolv.conf\fR +The default configuration file. .TP -\fI/var/run/lwresd\&.pid\fR -The default process\-id file\&. +\fI/var/run/lwresd.pid\fR +The default process\-id file. .SH "SEE ALSO" .PP -\fBnamed\fR(8),\fBlwres\fR(3),\fBresolver\fR(5)\&. +\fBnamed\fR(8), +\fBlwres\fR(3), +\fBresolver\fR(5). .SH "AUTHOR" .PP -Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 7424acc1..439153aa 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.4.2.1.4.7 2005/07/18 02:36:45 marka Exp $ --> +<!-- $Id: lwresd.html,v 1.4.2.1.4.8 2005/10/13 02:33:47 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>lwresd</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514670"></a><h2>DESCRIPTION</h2> +<a name="id2525920"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514720"></a><h2>OPTIONS</h2> +<a name="id2525969"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> @@ -159,7 +159,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515057"></a><h2>FILES</h2> +<a name="id2526237"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -172,7 +172,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515096"></a><h2>SEE ALSO</h2> +<a name="id2526277"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, @@ -180,7 +180,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515134"></a><h2>AUTHOR</h2> +<a name="id2526315"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/named.8 b/bin/named/named.8 index d1887be6..e072c169 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -13,120 +13,170 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.5 2005/05/13 02:43:20 marka Exp $ +.\" $Id: named.8,v 1.17.208.6 2005/10/13 02:33:46 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NAMED" 8 "June 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fIconfig\-file\fR\fR] [\fB\-d\ \fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fI#cpus\fR\fR] [\fB\-p\ \fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-u\ \fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP -\fBnamed\fR is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC\&. For more information on the DNS, see RFCs 1033, 1034, and 1035\&. +\fBnamed\fR +is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035. .PP -When invoked without arguments, \fBnamed\fR will read the default configuration file\fI/etc/named\&.conf\fR, read any initial data, and listen for queries\&. +When invoked without arguments, +\fBnamed\fR +will read the default configuration file +\fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" .TP \-4 -Use IPv4 only even if the host machine is capable of IPv6\&.\fB\-4\fR and \fB\-6\fR are mutually exclusive\&. +Use IPv4 only even if the host machine is capable of IPv6. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. .TP \-6 -Use IPv6 only even if the host machine is capable of IPv4\&.\fB\-4\fR and \fB\-6\fR are mutually exclusive\&. +Use IPv6 only even if the host machine is capable of IPv4. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. .TP \-c \fIconfig\-file\fR -Use \fIconfig\-file\fR as the configuration file instead of the default,\fI/etc/named\&.conf\fR\&. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible\fBdirectory\fR option in the configuration file, \fIconfig\-file\fR should be an absolute pathname\&. +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible +\fBdirectory\fR +option in the configuration file, +\fIconfig\-file\fR +should be an absolute pathname. .TP \-d \fIdebug\-level\fR -Set the daemon's debug level to \fIdebug\-level\fR\&. Debugging traces from \fBnamed\fR become more verbose as the debug level increases\&. +Set the daemon's debug level to +\fIdebug\-level\fR. Debugging traces from +\fBnamed\fR +become more verbose as the debug level increases. .TP \-f -Run the server in the foreground (i\&.e\&. do not daemonize)\&. +Run the server in the foreground (i.e. do not daemonize). .TP \-g -Run the server in the foreground and force all logging to \fIstderr\fR\&. +Run the server in the foreground and force all logging to +\fIstderr\fR. .TP \-n \fI#cpus\fR -Create \fI#cpus\fR worker threads to take advantage of multiple CPUs\&. If not specified,\fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&. +Create +\fI#cpus\fR +worker threads to take advantage of multiple CPUs. If not specified, +\fBnamed\fR +will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. .TP \-p \fIport\fR -Listen for queries on port \fIport\fR\&. If not specified, the default is port 53\&. +Listen for queries on port +\fIport\fR. If not specified, the default is port 53. .TP \-s -Write memory usage statistics to \fIstdout\fR on exit\&. +Write memory usage statistics to +\fIstdout\fR +on exit. .RS .B "Note:" -This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&. +This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE .TP \-t \fIdirectory\fR -\fBchroot()\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file\&. +\fBchroot()\fR +to +\fIdirectory\fR +after processing the command line arguments, but before reading the configuration file. .RS .B "Warning:" -This option should be used in conjunction with the\fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail\&. +This option should be used in conjunction with the +\fB\-u\fR +option, as chrooting a process running as root doesn't enhance security on most systems; the way +\fBchroot()\fR +is defined allows a process with root privileges to escape a chroot jail. .RE .TP \-u \fIuser\fR -\fBsetuid()\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports\&. +\fBsetuid()\fR +to +\fIuser\fR +after completing privileged operations, such as creating sockets that listen on privileged ports. .RS .B "Note:" -On Linux, \fBnamed\fR uses the kernel's capability mechanism to drop all root privileges except the ability to \fBbind()\fR to a privileged port and set process resource limits\&. Unfortunately, this means that the \fB\-u\fR option only works when \fBnamed\fR is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after \fBsetuid()\fR\&. +On Linux, +\fBnamed\fR +uses the kernel's capability mechanism to drop all root privileges except the ability to +\fBbind()\fR +to a privileged port and set process resource limits. Unfortunately, this means that the +\fB\-u\fR +option only works when +\fBnamed\fR +is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after +\fBsetuid()\fR. .RE .TP \-v -Report the version number and exit\&. +Report the version number and exit. .TP \-x \fIcache\-file\fR -Load data from \fIcache\-file\fR into the cache of the default view\&. +Load data from +\fIcache\-file\fR +into the cache of the default view. .RS .B "Warning:" -This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&. +This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release. .RE .SH "SIGNALS" .PP -In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead\&. +In routine operation, signals should not be used to control the nameserver; +\fBrndc\fR +should be used instead. .TP SIGHUP -Force a reload of the server\&. +Force a reload of the server. .TP SIGINT, SIGTERM -Shut down the server\&. +Shut down the server. .PP -The result of sending any other signals to the server is undefined\&. +The result of sending any other signals to the server is undefined. .SH "CONFIGURATION" .PP -The \fBnamed\fR configuration file is too complex to describe in detail here\&. A complete description is provided in the BIND 9 Administrator Reference Manual\&. +The +\fBnamed\fR +configuration file is too complex to describe in detail here. A complete description is provided in the +BIND 9 Administrator Reference Manual. .SH "FILES" .TP -\fI/etc/named\&.conf\fR -The default configuration file\&. +\fI/etc/named.conf\fR +The default configuration file. .TP -\fI/var/run/named\&.pid\fR -The default process\-id file\&. +\fI/var/run/named.pid\fR +The default process\-id file. .SH "SEE ALSO" .PP -RFC 1033,RFC 1034,RFC 1035,\fBrndc\fR(8),\fBlwresd\fR(8),BIND 9 Administrator Reference Manual\&. +RFC 1033, +RFC 1034, +RFC 1035, +\fBrndc\fR(8), +\fBlwresd\fR(8), +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP -Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index f188a8d1..d0b690b1 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -12,38 +12,29 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.5 2005/05/13 02:43:20 marka Exp $ +.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NAMED.CONF" 5 "Aug 13, 2004" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" named.conf \- configuration file for named .SH "SYNOPSIS" .HP 11 -\fBnamed\&.conf\fR +\fBnamed.conf\fR .SH "DESCRIPTION" .PP -\fInamed\&.conf\fR is the configuration file for\fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: +\fInamed.conf\fR +is the configuration file for +\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .PP C style: /* */ .PP @@ -51,10 +42,12 @@ C++ style: // to end of line .PP Unix style: # to end of line .SH "ACL" +.sp .nf -acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. }; +acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi .SH "KEY" +.sp .nf key \fIdomain_name\fR { algorithm \fIstring\fR; @@ -62,13 +55,15 @@ key \fIdomain_name\fR { }; .fi .SH "MASTERS" +.sp .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&. + \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... }; .fi .SH "SERVER" +.sp .nf server ( \fIipv4_address\fR | \fIipv6_address\fR ) { bogus \fIboolean\fR; @@ -85,23 +80,26 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { support\-ixfr \fIboolean\fR; // obsolete }; .fi -.SH "TRUSTED-KEYS" +.SH "TRUSTED\-KEYS" +.sp .nf trusted\-keys { - \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&. + \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... }; .fi .SH "CONTROLS" +.sp .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] - allow { \fIaddress_match_element\fR; \&.\&.\&. } - [ keys { \fIstring\fR; \&.\&.\&. } ]; + allow { \fIaddress_match_element\fR; ... } + [ keys { \fIstring\fR; ... } ]; unix \fIunsupported\fR; // not implemented }; .fi .SH "LOGGING" +.sp .nf logging { channel \fIstring\fR { @@ -114,26 +112,28 @@ logging { print\-severity \fIboolean\fR; print\-category \fIboolean\fR; }; - category \fIstring\fR { \fIstring\fR; \&.\&.\&. }; + category \fIstring\fR { \fIstring\fR; ... }; }; .fi .SH "LWRES" +.sp .nf lwres { listen\-on [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; view \fIstring\fR \fIoptional_class\fR; - search { \fIstring\fR; \&.\&.\&. }; + search { \fIstring\fR; ... }; ndots \fIinteger\fR; }; .fi .SH "OPTIONS" +.sp .nf options { - avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. }; - avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. }; - blackhole { \fIaddress_match_element\fR; \&.\&.\&. }; + avoid\-v4\-udp\-ports { \fIport\fR; ... }; + avoid\-v6\-udp\-ports { \fIport\fR; ... }; + blackhole { \fIaddress_match_element\fR; ... }; coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; @@ -144,8 +144,8 @@ options { host\-statistics\-max \fInumber\fR; // not implemented hostname ( \fIquoted_string\fR | none ); interface\-interval \fIinteger\fR; - listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; - listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; + listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; + listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; match\-mapped\-addresses \fIboolean\fR; memstatistics\-file \fIquoted_string\fR; pid\-file ( \fIquoted_string\fR | none ); @@ -169,15 +169,15 @@ options { transfers\-out \fIinteger\fR; use\-ixfr \fIboolean\fR; version ( \fIquoted_string\fR | none ); - allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; - sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; - topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented + allow\-recursion { \fIaddress_match_element\fR; ... }; + sortlist { \fIaddress_match_element\fR; ... }; + topology { \fIaddress_match_element\fR; ... }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] - [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; @@ -201,28 +201,28 @@ options { dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. + \fIipv6_address\fR [port \fIinteger\fR] ); ... } edns\-udp\-size \fIinteger\fR; - root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; - disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; + root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; + disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; - allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query { \fIaddress_match_element\fR; ... }; + allow\-transfer { \fIaddress_match_element\fR; ... }; + allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; \&.\&.\&. }; - allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; + [ port \fIinteger\fR ]; ... }; + allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -246,7 +246,7 @@ options { use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; - allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete + allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete deallocate\-on\-exit \fIboolean\fR; // obsolete fake\-iquery \fIboolean\fR; // obsolete fetch\-glue \fIboolean\fR; // obsolete @@ -261,33 +261,34 @@ options { }; .fi .SH "VIEW" +.sp .nf view \fIstring\fR \fIoptional_class\fR { - match\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; - match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. }; + match\-clients { \fIaddress_match_element\fR; ... }; + match\-destinations { \fIaddress_match_element\fR; ... }; match\-recursive\-only \fIboolean\fR; key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; zone \fIstring\fR \fIoptional_class\fR { - \&.\&.\&. + ... }; server ( \fIipv4_address\fR | \fIipv6_address\fR ) { - \&.\&.\&. + ... }; trusted\-keys { - \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. + \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ... }; - allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; - sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; - topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented + allow\-recursion { \fIaddress_match_element\fR; ... }; + sortlist { \fIaddress_match_element\fR; ... }; + topology { \fIaddress_match_element\fR; ... }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] - [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; @@ -311,28 +312,28 @@ view \fIstring\fR \fIoptional_class\fR { dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. + \fIipv6_address\fR [port \fIinteger\fR] ); ... }; edns\-udp\-size \fIinteger\fR; - root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; - disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; + root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; + disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; - allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query { \fIaddress_match_element\fR; ... }; + allow\-transfer { \fIaddress_match_element\fR; ... }; + allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; \&.\&.\&. }; - allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; + [ port \fIinteger\fR ]; ... }; + allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -356,13 +357,14 @@ view \fIstring\fR \fIoptional_class\fR { use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; - allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete + allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete fetch\-glue \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete max\-ixfr\-log\-size \fIsize\fR; // obsolete }; .fi .SH "ZONE" +.sp .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -371,31 +373,31 @@ zone \fIstring\fR \fIoptional_class\fR { masters [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. + \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ... }; database \fIstring\fR; delegation\-only \fIboolean\fR; check\-names ( fail | warn | ignore ); dialup \fIdialuptype\fR; ixfr\-from\-differences \fIboolean\fR; - allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; - allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query { \fIaddress_match_element\fR; ... }; + allow\-transfer { \fIaddress_match_element\fR; ... }; + allow\-update { \fIaddress_match_element\fR; ... }; + allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; update\-policy { ( grant | deny ) \fIstring\fR ( name | subdomain | wildcard | self ) \fIstring\fR - \fIrrtypelist\fR; \&.\&.\&. + \fIrrtypelist\fR; ... }; notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; \&.\&.\&. }; - allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; + [ port \fIinteger\fR ]; ... }; + allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -428,7 +430,9 @@ zone \fIstring\fR \fIoptional_class\fR { .fi .SH "FILES" .PP - \fI/etc/named\&.conf\fR +\fI/etc/named.conf\fR .SH "SEE ALSO" .PP - \fBnamed\fR(8), \fBrndc\fR(8), \fBBIND 9 Adminstrators Reference Manual\fR()\&. +\fBnamed\fR(8), +\fBrndc\fR(8), +\fBBIND 9 Adminstrators Reference Manual\fR(). diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index d25407d1..8b3b517d 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.1.4.8 2005/07/18 02:36:45 marka Exp $ --> +<!-- $Id: named.conf.html,v 1.1.4.10 2005/10/13 02:33:48 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514571"></a><h2>DESCRIPTION</h2> +<a name="id2525889"></a><h2>DESCRIPTION</h2> <p> <code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514600"></a><h2>ACL</h2> +<a name="id2525917"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514616"></a><h2>KEY</h2> +<a name="id2525933"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514635"></a><h2>MASTERS</h2> +<a name="id2525953"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514749"></a><h2>SERVER</h2> +<a name="id2525998"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -95,7 +95,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514807"></a><h2>TRUSTED-KEYS</h2> +<a name="id2526056"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -103,7 +103,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514833"></a><h2>CONTROLS</h2> +<a name="id2526082"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -115,7 +115,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514868"></a><h2>LOGGING</h2> +<a name="id2526117"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -133,7 +133,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514906"></a><h2>LWRES</h2> +<a name="id2526155"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -146,7 +146,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514948"></a><h2>OPTIONS</h2> +<a name="id2526197"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -289,7 +289,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2515541"></a><h2>VIEW</h2> +<a name="id2526858"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -407,7 +407,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2516088"></a><h2>ZONE</h2> +<a name="id2527269"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -483,13 +483,13 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2516357"></a><h2>FILES</h2> +<a name="id2527606"></a><h2>FILES</h2> <p> <code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2516370"></a><h2>SEE ALSO</h2> +<a name="id2527619"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.html b/bin/named/named.html index 85f6a5d2..f266e70a 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.4.2.1.4.8 2005/07/18 02:36:46 marka Exp $ --> +<!-- $Id: named.html,v 1.4.2.1.4.9 2005/10/13 02:33:47 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named</span> — Internet domain name server</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514674"></a><h2>DESCRIPTION</h2> +<a name="id2525923"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514699"></a><h2>OPTIONS</h2> +<a name="id2525948"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -177,7 +177,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515116"></a><h2>SIGNALS</h2> +<a name="id2526297"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -198,7 +198,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515163"></a><h2>CONFIGURATION</h2> +<a name="id2526412"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is @@ -207,7 +207,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515180"></a><h2>FILES</h2> +<a name="id2526429"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -220,7 +220,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515220"></a><h2>SEE ALSO</h2> +<a name="id2526469"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, @@ -231,7 +231,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515262"></a><h2>AUTHOR</h2> +<a name="id2526512"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/update.c b/bin/named/update.c index 325381a8..6c2d7597 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.25 2004/10/21 01:40:22 marka Exp $ */ +/* $Id: update.c,v 1.88.2.5.2.27 2005/10/08 00:21:06 marka Exp $ */ #include <config.h> @@ -2723,8 +2723,8 @@ updatedone_action(isc_task_t *task, isc_event_t *event) { INSIST(client->nupdates > 0); client->nupdates--; respond(client, uev->result); - ns_client_detach(&client); isc_event_free(&event); + ns_client_detach(&client); } /* @@ -2740,8 +2740,8 @@ forward_fail(isc_task_t *task, isc_event_t *event) { INSIST(client->nupdates > 0); client->nupdates--; respond(client, DNS_R_SERVFAIL); - ns_client_detach(&client); isc_event_free(&event); + ns_client_detach(&client); } diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index 9fb2697a..687c287f 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.c,v 1.101.2.5.2.10 2004/04/02 06:08:17 marka Exp $ */ +/* $Id: xfrout.c,v 1.101.2.5.2.12 2005/10/14 02:13:05 marka Exp $ */ #include <config.h> @@ -868,7 +868,7 @@ xfrout_log1(ns_client_t *client, dns_name_t *zonename, const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6); static void -xfrout_log(xfrout_ctx_t *xfr, unsigned int level, const char *fmt, ...) +xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...) ISC_FORMAT_PRINTF(3, 4); /**************************************************************************/ @@ -1710,7 +1710,7 @@ xfrout_log1(ns_client_t *client, dns_name_t *zonename, * Logging function for use when there is a xfrout_ctx_t. */ static void -xfrout_log(xfrout_ctx_t *xfr, unsigned int level, const char *fmt, ...) { +xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...) { va_list ap; va_start(ap, fmt); xfrout_logv(xfr->client, xfr->qname, xfr->qclass, level, fmt, ap); diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8 index 194e41ff..602a55b1 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.8 @@ -13,144 +13,286 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.7 2005/05/12 23:57:00 sra Exp $ +.\" $Id: nsupdate.8,v 1.24.2.2.2.8 2005/10/13 02:33:48 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "NSUPDATE" 8 "Jun 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [\fB\fB\-y\ \fIkeyname:secret\fR\fR\fR | \fB\fB\-k\ \fIkeyfile\fR\fR\fR] [\fB\-t\ \fItimeout\fR\fR] [\fB\-u\ \fIudptimeout\fR\fR] [\fB\-r\ \fIudpretries\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] .SH "DESCRIPTION" .PP - \fBnsupdate\fR is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server\&. This allows resource records to be added or removed from a zone without manually editing the zone file\&. A single update request can contain requests to add or remove more than one resource record\&. +\fBnsupdate\fR +is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record. .PP -Zones that are under dynamic control via \fBnsupdate\fR or a DHCP server should not be edited by hand\&. Manual edits could conflict with dynamic updates and cause data to be lost\&. +Zones that are under dynamic control via +\fBnsupdate\fR +or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost. .PP -The resource records that are dynamically added or removed with \fBnsupdate\fR have to be in the same zone\&. Requests are sent to the zone's master server\&. This is identified by the MNAME field of the zone's SOA record\&. +The resource records that are dynamically added or removed with +\fBnsupdate\fR +have to be in the same zone. Requests are sent to the zone's master server. This is identified by the MNAME field of the zone's SOA record. .PP -The \fB\-d\fR option makes \fBnsupdate\fR operate in debug mode\&. This provides tracing information about the update requests that are made and the replies received from the name server\&. +The +\fB\-d\fR +option makes +\fBnsupdate\fR +operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server. .PP -Transaction signatures can be used to authenticate the Dynamic DNS updates\&. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931\&. TSIG relies on a shared secret that should only be known to \fBnsupdate\fR and the name server\&. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104\&. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other\&. For instance suitable \fBkey\fR and \fBserver\fR statements would be added to \fI/etc/named\&.conf\fR so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication\&. SIG(0) uses public key cryptography\&. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server\&. \fBnsupdate\fR does not read \fI/etc/named\&.conf\fR\&. +Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to +\fBnsupdate\fR +and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable +\fBkey\fR +and +\fBserver\fR +statements would be added to +\fI/etc/named.conf\fR +so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. +\fBnsupdate\fR +does not read +\fI/etc/named.conf\fR. .PP - \fBnsupdate\fR uses the \fB\-y\fR or \fB\-k\fR option (with an HMAC\-MD5 key) to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests\&. These options are mutually exclusive\&. With the \fB\-k\fR option, \fBnsupdate\fR reads the shared secret from the file \fIkeyfile\fR, whose name is of the form \fIK{name}\&.+157\&.+{random}\&.private\fR\&. For historical reasons, the file \fIK{name}\&.+157\&.+{random}\&.key\fR must also be present\&. When the \fB\-y\fR option is used, a signature is generated from \fIkeyname:secret\&.\fR \fIkeyname\fR is the name of the key, and \fIsecret\fR is the base64 encoded shared secret\&. Use of the \fB\-y\fR option is discouraged because the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from \fBps\fR(1 ) or in a history file maintained by the user's shell\&. +\fBnsupdate\fR +uses the +\fB\-y\fR +or +\fB\-k\fR +option (with an HMAC\-MD5 key) to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests. These options are mutually exclusive. With the +\fB\-k\fR +option, +\fBnsupdate\fR +reads the shared secret from the file +\fIkeyfile\fR, whose name is of the form +\fIK{name}.+157.+{random}.private\fR. For historical reasons, the file +\fIK{name}.+157.+{random}.key\fR +must also be present. When the +\fB\-y\fR +option is used, a signature is generated from +\fIkeyname:secret.\fR\fIkeyname\fR +is the name of the key, and +\fIsecret\fR +is the base64 encoded shared secret. Use of the +\fB\-y\fR +option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from +\fBps\fR(1 ) +or in a history file maintained by the user's shell. .PP -The \fB\-k\fR may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests\&. In this case, the key specified is not an HMAC\-MD5 key\&. +The +\fB\-k\fR +may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key. .PP -By default \fBnsupdate\fR uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used\&. The \fB\-v\fR option makes \fBnsupdate\fR use a TCP connection\&. This may be preferable when a batch of update requests is made\&. +By default +\fBnsupdate\fR +uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The +\fB\-v\fR +option makes +\fBnsupdate\fR +use a TCP connection. This may be preferable when a batch of update requests is made. .PP -The \fB\-t\fR option sets the maximum time a update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&. +The +\fB\-t\fR +option sets the maximum time a update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. .PP -The \fB\-u\fR option sets the UDP retry interval\&. The default is 3 seconds\&. If zero the interval will be computed from the timeout interval and number of UDP retries\&. +The +\fB\-u\fR +option sets the UDP retry interval. The default is 3 seconds. If zero the interval will be computed from the timeout interval and number of UDP retries. .PP -The \fB\-r\fR option sets the number of UDP retries\&. The default is 3\&. If zero only one update request will be made\&. +The +\fB\-r\fR +option sets the number of UDP retries. The default is 3. If zero only one update request will be made. .SH "INPUT FORMAT" .PP - \fBnsupdate\fR reads input from \fIfilename\fR or standard input\&. Each command is supplied on exactly one line of input\&. Some commands are for administrative purposes\&. The others are either update instructions or prerequisite checks on the contents of the zone\&. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone\&. These conditions must be met if the entire update request is to succeed\&. Updates will be rejected if the tests for the prerequisite conditions fail\&. +\fBnsupdate\fR +reads input from +\fIfilename\fR +or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail. .PP -Every update request consists of zero or more prerequisites and zero or more updates\&. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone\&. A blank input line (or the \fBsend\fR command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server\&. +Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the +\fBsend\fR +command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP -The command formats and their meaning are as follows: +The command formats and their meaning are as follows: .TP .HP 7 \fBserver\fR {servername} [port] -Sends all dynamic update requests to the name server \fIservername\fR\&. When no server statement is provided, \fBnsupdate\fR will send updates to the master server of the correct zone\&. The MNAME field of that zone's SOA record will identify the master server for that zone\&. \fIport\fR is the port number on \fIservername\fR where the dynamic update requests get sent\&. If no port number is specified, the default DNS port number of 53 is used\&. +Sends all dynamic update requests to the name server +\fIservername\fR. When no server statement is provided, +\fBnsupdate\fR +will send updates to the master server of the correct zone. The MNAME field of that zone's SOA record will identify the master server for that zone. +\fIport\fR +is the port number on +\fIservername\fR +where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. .TP .HP 6 \fBlocal\fR {address} [port] -Sends all dynamic update requests using the local \fIaddress\fR\&. When no local statement is provided, \fBnsupdate\fR will send updates using an address and port chosen by the system\&. \fIport\fR can additionally be used to make requests come from a specific port\&. If no port number is specified, the system will assign one\&. +Sends all dynamic update requests using the local +\fIaddress\fR. When no local statement is provided, +\fBnsupdate\fR +will send updates using an address and port chosen by the system. +\fIport\fR +can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. .TP .HP 5 \fBzone\fR {zonename} -Specifies that all updates are to be made to the zone \fIzonename\fR\&. If no \fIzone\fR statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input\&. +Specifies that all updates are to be made to the zone +\fIzonename\fR. If no +\fIzone\fR +statement is provided, +\fBnsupdate\fR +will attempt determine the correct zone to update based on the rest of the input. .TP .HP 6 \fBclass\fR {classname} -Specify the default class\&. If no \fIclass\fR is specified the default class is \fIIN\fR\&. +Specify the default class. If no +\fIclass\fR +is specified the default class is +\fIIN\fR. .TP .HP 4 \fBkey\fR {name} {secret} -Specifies that all updates are to be TSIG signed using the \fIkeyname\fR \fIkeysecret\fR pair\&. The \fBkey\fR command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR\&. +Specifies that all updates are to be TSIG signed using the +\fIkeyname\fR\fIkeysecret\fR +pair. The +\fBkey\fR +command overrides any key specified on the command line via +\fB\-y\fR +or +\fB\-k\fR. .TP .HP 16 \fBprereq nxdomain\fR {domain\-name} -Requires that no resource record of any type exists with name \fIdomain\-name\fR\&. +Requires that no resource record of any type exists with name +\fIdomain\-name\fR. .TP .HP 16 \fBprereq yxdomain\fR {domain\-name} -Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type)\&. +Requires that +\fIdomain\-name\fR +exists (has as at least one resource record, of any type). .TP .HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} -Requires that no resource record exists of the specified \fItype\fR, \fIclass\fR and \fIdomain\-name\fR\&. If \fIclass\fR is omitted, IN (internet) is assumed\&. +Requires that no resource record exists of the specified +\fItype\fR, +\fIclass\fR +and +\fIdomain\-name\fR. If +\fIclass\fR +is omitted, IN (internet) is assumed. .TP .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} -This requires that a resource record of the specified \fItype\fR, \fIclass\fR and \fIdomain\-name\fR must exist\&. If \fIclass\fR is omitted, IN (internet) is assumed\&. +This requires that a resource record of the specified +\fItype\fR, +\fIclass\fR +and +\fIdomain\-name\fR +must exist. If +\fIclass\fR +is omitted, IN (internet) is assumed. .TP .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} -The \fIdata\fR from each set of prerequisites of this form sharing a common \fItype\fR, \fIclass\fR, and \fIdomain\-name\fR are combined to form a set of RRs\&. This set of RRs must exactly match the set of RRs existing in the zone at the given \fItype\fR, \fIclass\fR, and \fIdomain\-name\fR\&. The \fIdata\fR are written in the standard text representation of the resource record's RDATA\&. +The +\fIdata\fR +from each set of prerequisites of this form sharing a common +\fItype\fR, +\fIclass\fR, and +\fIdomain\-name\fR +are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given +\fItype\fR, +\fIclass\fR, and +\fIdomain\-name\fR. The +\fIdata\fR +are written in the standard text representation of the resource record's RDATA. .TP .HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] -Deletes any resource records named \fIdomain\-name\fR\&. If \fItype\fR and \fIdata\fR is provided, only matching resource records will be removed\&. The internet class is assumed if \fIclass\fR is not supplied\&. The \fIttl\fR is ignored, and is only allowed for compatibility\&. +Deletes any resource records named +\fIdomain\-name\fR. If +\fItype\fR +and +\fIdata\fR +is provided, only matching resource records will be removed. The internet class is assumed if +\fIclass\fR +is not supplied. The +\fIttl\fR +is ignored, and is only allowed for compatibility. .TP .HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} -Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR\&. +Adds a new resource record with the specified +\fIttl\fR, +\fIclass\fR +and +\fIdata\fR. .TP .HP 5 \fBshow\fR -Displays the current message, containing all of the prerequisites and updates specified since the last send\&. +Displays the current message, containing all of the prerequisites and updates specified since the last send. .TP .HP 5 \fBsend\fR -Sends the current message\&. This is equivalent to entering a blank line\&. +Sends the current message. This is equivalent to entering a blank line. .TP .HP 7 \fBanswer\fR -Displays the answer\&. +Displays the answer. .PP -Lines beginning with a semicolon are comments and are ignored\&. +Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" .PP -The examples below show how \fBnsupdate\fR could be used to insert and delete resource records from the \fBexample\&.com\fR zone\&. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample\&.com\fR\&. +The examples below show how +\fBnsupdate\fR +could be used to insert and delete resource records from the +\fBexample.com\fR +zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for +\fBexample.com\fR. +.sp .nf # nsupdate -> update delete oldhost\&.example\&.com A -> update add newhost\&.example\&.com 86400 A 172\&.16\&.1\&.1 +> update delete oldhost.example.com A +> update add newhost.example.com 86400 A 172.16.1.1 > send .fi +.sp .PP -Any A records for \fBoldhost\&.example\&.com\fR are deleted\&. and an A record for \fBnewhost\&.example\&.com\fR it IP address 172\&.16\&.1\&.1 is added\&. The newly\-added record has a 1 day TTL (86400 seconds) +Any A records for +\fBoldhost.example.com\fR +are deleted. and an A record for +\fBnewhost.example.com\fR +it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) +.sp .nf # nsupdate -> prereq nxdomain nickname\&.example\&.com -> update add nickname\&.example\&.com 86400 CNAME somehost\&.example\&.com +> prereq nxdomain nickname.example.com +> update add nickname.example.com 86400 CNAME somehost.example.com > send .fi +.sp .PP -The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname\&.example\&.com\fR\&. If there are, the update request fails\&. If this name does not exist, a CNAME for it is added\&. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME\&. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records\&.) +The prerequisite condition gets the name server to check that there are no resource records of any type for +\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.) .SH "FILES" .TP -\fB/etc/resolv\&.conf\fR +\fB/etc/resolv.conf\fR used to identify default name server .TP -\fBK{name}\&.+157\&.+{random}\&.key\fR -base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8)\&. +\fBK{name}.+157.+{random}.key\fR +base\-64 encoding of HMAC\-MD5 key created by +\fBdnssec\-keygen\fR(8). .TP -\fBK{name}\&.+157\&.+{random}\&.private\fR -base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8)\&. +\fBK{name}.+157.+{random}.private\fR +base\-64 encoding of HMAC\-MD5 key created by +\fBdnssec\-keygen\fR(8). .SH "SEE ALSO" .PP - \fBRFC2136\fR(), \fBRFC3007\fR(), \fBRFC2104\fR(), \fBRFC2845\fR(), \fBRFC1034\fR(), \fBRFC2535\fR(), \fBRFC2931\fR(), \fBnamed\fR(8), \fBdnssec\-keygen\fR(8)\&. +\fBRFC2136\fR(), +\fBRFC3007\fR(), +\fBRFC2104\fR(), +\fBRFC2845\fR(), +\fBRFC1034\fR(), +\fBRFC2535\fR(), +\fBRFC2931\fR(), +\fBnamed\fR(8), +\fBdnssec\-keygen\fR(8). .SH "BUGS" .PP -The TSIG key is redundantly stored in two separate files\&. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases\&. +The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 7a1fd4b3..74ba2fbe 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.9.2.3.2.10 2005/07/18 02:36:46 marka Exp $ --> +<!-- $Id: nsupdate.html,v 1.9.2.3.2.12 2005/10/13 02:33:49 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nsupdate</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nsupdate — Dynamic DNS update utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514579"></a><h2>DESCRIPTION</h2> +<a name="id2525896"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -160,7 +160,7 @@ and number of UDP retries. </p> </div> <div class="refsect1" lang="en"> -<a name="id2514872"></a><h2>INPUT FORMAT</h2> +<a name="id2526121"></a><h2>INPUT FORMAT</h2> <p> <span><strong class="command">nsupdate</strong></span> reads input from @@ -370,7 +370,7 @@ Lines beginning with a semicolon are comments and are ignored. </p> </div> <div class="refsect1" lang="en"> -<a name="id2515569"></a><h2>EXAMPLES</h2> +<a name="id2526749"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -423,7 +423,7 @@ RRSIG, DNSKEY and NSEC records.) </p> </div> <div class="refsect1" lang="en"> -<a name="id2515612"></a><h2>FILES</h2> +<a name="id2526793"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -442,7 +442,7 @@ base-64 encoding of HMAC-MD5 key created by </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2514315"></a><h2>SEE ALSO</h2> +<a name="id2525155"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>, @@ -456,7 +456,7 @@ base-64 encoding of HMAC-MD5 key created by </p> </div> <div class="refsect1" lang="en"> -<a name="id2514387"></a><h2>BUGS</h2> +<a name="id2525226"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8 index 522710d0..b29f0095 100644 --- a/bin/rndc/rndc-confgen.8 +++ b/bin/rndc/rndc-confgen.8 @@ -13,83 +13,171 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.5.2.6 2005/05/13 02:43:21 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.7 2005/10/13 02:33:50 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "RNDC-CONFGEN" 8 "Aug 27, 2001" "" "" -.SH NAME -rndc-confgen \- rndc key generation tool +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +rndc\-confgen \- rndc key generation tool .SH "SYNOPSIS" .HP 13 -\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fIkeysize\fR\fR] [\fB\-c\ \fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fIkeyname\fR\fR] [\fB\-p\ \fIport\fR\fR] [\fB\-r\ \fIrandomfile\fR\fR] [\fB\-s\ \fIaddress\fR\fR] [\fB\-t\ \fIchrootdir\fR\fR] [\fB\-u\ \fIuser\fR\fR] +\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] .SH "DESCRIPTION" .PP - \fBrndc\-confgen\fR generates configuration files for \fBrndc\fR\&. It can be used as a convenient alternative to writing the \fIrndc\&.conf\fR file and the corresponding \fBcontrols\fR and \fBkey\fR statements in \fInamed\&.conf\fR by hand\&. Alternatively, it can be run with the \fB\-a\fR option to set up a \fIrndc\&.key\fR file and avoid the need for a \fIrndc\&.conf\fR file and a \fBcontrols\fR statement altogether\&. +\fBrndc\-confgen\fR +generates configuration files for +\fBrndc\fR. It can be used as a convenient alternative to writing the +\fIrndc.conf\fR +file and the corresponding +\fBcontrols\fR +and +\fBkey\fR +statements in +\fInamed.conf\fR +by hand. Alternatively, it can be run with the +\fB\-a\fR +option to set up a +\fIrndc.key\fR +file and avoid the need for a +\fIrndc.conf\fR +file and a +\fBcontrols\fR +statement altogether. .SH "OPTIONS" .TP \-a -Do automatic \fBrndc\fR configuration\&. This creates a file \fIrndc\&.key\fR in \fI/etc\fR (or whatever \fIsysconfdir\fR was specified as when BIND was built) that is read by both \fBrndc\fR and \fBnamed\fR on startup\&. The \fIrndc\&.key\fR file defines a default command channel and authentication key allowing \fBrndc\fR to communicate with \fBnamed\fR on the local host with no further configuration\&. -Running \fBrndc\-confgen \-a\fR allows BIND 9 and \fBrndc\fR to be used as drop\-in replacements for BIND 8 and \fBndc\fR, with no changes to the existing BIND 8 \fInamed\&.conf\fR file\&. -If a more elaborate configuration than that generated by \fBrndc\-confgen \-a\fR is required, for example if rndc is to be used remotely, you should run \fBrndc\-confgen\fR without the \fB\-a\fR option and set up a \fIrndc\&.conf\fR and \fInamed\&.conf\fR as directed\&. +Do automatic +\fBrndc\fR +configuration. This creates a file +\fIrndc.key\fR +in +\fI/etc\fR +(or whatever +\fIsysconfdir\fR +was specified as when +BIND +was built) that is read by both +\fBrndc\fR +and +\fBnamed\fR +on startup. The +\fIrndc.key\fR +file defines a default command channel and authentication key allowing +\fBrndc\fR +to communicate with +\fBnamed\fR +on the local host with no further configuration. +.sp +Running +\fBrndc\-confgen \-a\fR +allows BIND 9 and +\fBrndc\fR +to be used as drop\-in replacements for BIND 8 and +\fBndc\fR, with no changes to the existing BIND 8 +\fInamed.conf\fR +file. +.sp +If a more elaborate configuration than that generated by +\fBrndc\-confgen \-a\fR +is required, for example if rndc is to be used remotely, you should run +\fBrndc\-confgen\fR +without the +\fB\-a\fR +option and set up a +\fIrndc.conf\fR +and +\fInamed.conf\fR +as directed. .TP \-b \fIkeysize\fR -Specifies the size of the authentication key in bits\&. Must be between 1 and 512 bits; the default is 128\&. +Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. .TP \-c \fIkeyfile\fR -Used with the \fB\-a\fR option to specify an alternate location for \fIrndc\&.key\fR\&. +Used with the +\fB\-a\fR +option to specify an alternate location for +\fIrndc.key\fR. .TP \-h -Prints a short summary of the options and arguments to \fBrndc\-confgen\fR\&. +Prints a short summary of the options and arguments to +\fBrndc\-confgen\fR. .TP \-k \fIkeyname\fR -Specifies the key name of the rndc authentication key\&. This must be a valid domain name\&. The default is \fBrndc\-key\fR\&. +Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is +\fBrndc\-key\fR. .TP \-p \fIport\fR -Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR\&. The default is 953\&. +Specifies the command channel port where +\fBnamed\fR +listens for connections from +\fBrndc\fR. The default is 953. .TP \-r \fIrandomfile\fR -Specifies a source of random data for generating the authorization\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&. +Specifies a source of random data for generating the authorization. If the operating system does not provide a +\fI/dev/random\fR +or equivalent device, the default source of randomness is keyboard input. +\fIrandomdev\fR +specifies the name of a character device or file containing random data to be used instead of the default. The special value +\fIkeyboard\fR +indicates that keyboard input should be used. .TP \-s \fIaddress\fR -Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR\&. The default is the loopback address 127\&.0\&.0\&.1\&. +Specifies the IP address where +\fBnamed\fR +listens for command channel connections from +\fBrndc\fR. The default is the loopback address 127.0.0.1. .TP \-t \fIchrootdir\fR -Used with the \fB\-a\fR option to specify a directory where \fBnamed\fR will run chrooted\&. An additional copy of the \fIrndc\&.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR\&. +Used with the +\fB\-a\fR +option to specify a directory where +\fBnamed\fR +will run chrooted. An additional copy of the +\fIrndc.key\fR +will be written relative to this directory so that it will be found by the chrooted +\fBnamed\fR. .TP \-u \fIuser\fR -Used with the \fB\-a\fR option to set the owner of the \fIrndc\&.key\fR file generated\&. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed\&. +Used with the +\fB\-a\fR +option to set the owner of the +\fIrndc.key\fR +file generated. If +\fB\-t\fR +is also specified only the file in the chroot area has its owner changed. .SH "EXAMPLES" .PP -To allow \fBrndc\fR to be used with no manual configuration, run +To allow +\fBrndc\fR +to be used with no manual configuration, run .PP - \fBrndc\-confgen \-a\fR +\fBrndc\-confgen \-a\fR .PP -To print a sample \fIrndc\&.conf\fR file and corresponding \fBcontrols\fR and \fBkey\fR statements to be manually inserted into \fInamed\&.conf\fR, run +To print a sample +\fIrndc.conf\fR +file and corresponding +\fBcontrols\fR +and +\fBkey\fR +statements to be manually inserted into +\fInamed.conf\fR, run .PP - \fBrndc\-confgen\fR +\fBrndc\-confgen\fR .SH "SEE ALSO" .PP - \fBrndc\fR(8), \fBrndc\&.conf\fR(5), \fBnamed\fR(8), BIND 9 Administrator Reference Manual\&. +\fBrndc\fR(8), +\fBrndc.conf\fR(5), +\fBnamed\fR(8), +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html index 8b648b00..ca754008 100644 --- a/bin/rndc/rndc-confgen.html +++ b/bin/rndc/rndc-confgen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.9 2005/07/18 02:36:46 marka Exp $ --> +<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.11 2005/10/13 02:33:51 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc-confgen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc-confgen</span> — rndc key generation tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514594"></a><h2>DESCRIPTION</h2> +<a name="id2525911"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc-confgen</strong></span> generates configuration files for <span><strong class="command">rndc</strong></span>. It can be used as a @@ -48,7 +48,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514708"></a><h2>OPTIONS</h2> +<a name="id2525957"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> @@ -148,7 +148,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2515090"></a><h2>EXAMPLES</h2> +<a name="id2526270"></a><h2>EXAMPLES</h2> <p> To allow <span><strong class="command">rndc</strong></span> to be used with no manual configuration, run @@ -167,7 +167,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515133"></a><h2>SEE ALSO</h2> +<a name="id2526314"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, @@ -176,7 +176,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515176"></a><h2>AUTHOR</h2> +<a name="id2526357"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 5ea9d4b0..fba5529e 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -13,73 +13,106 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.206.4 2005/05/12 23:57:01 sra Exp $ +.\" $Id: rndc.8,v 1.24.206.5 2005/10/13 02:33:49 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "RNDC" 8 "June 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" rndc \- name server control utility .SH "SYNOPSIS" .HP 5 -\fBrndc\fR [\fB\-c\ \fIconfig\-file\fR\fR] [\fB\-k\ \fIkey\-file\fR\fR] [\fB\-s\ \fIserver\fR\fR] [\fB\-p\ \fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fIkey_id\fR\fR] {command} +\fBrndc\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command} .SH "DESCRIPTION" .PP - \fBrndc\fR controls the operation of a name server\&. It supersedes the \fBndc\fR utility that was provided in old BIND releases\&. If\fBrndc\fR is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments\&. +\fBrndc\fR +controls the operation of a name server. It supersedes the +\fBndc\fR +utility that was provided in old BIND releases. If +\fBrndc\fR +is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments. .PP - \fBrndc\fR communicates with the name server over a TCP connection, sending commands authenticated with digital signatures\&. In the current versions of\fBrndc\fR and \fBnamed\fR named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection\&. This provides TSIG\-style authentication for the command request and the name server's response\&. All commands sent over the channel must be signed by a key_id known to the server\&. +\fBrndc\fR +communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of +\fBrndc\fR +and +\fBnamed\fR +named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. .PP - \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use\&. +\fBrndc\fR +reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" .TP \-c \fIconfig\-file\fR -Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc\&.conf\fR\&. +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/rndc.conf\fR. .TP \-k \fIkey\-file\fR -Use \fIkey\-file\fR as the key file instead of the default, \fI/etc/rndc\&.key\fR\&. The key in \fI/etc/rndc\&.key\fR will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist\&. +Use +\fIkey\-file\fR +as the key file instead of the default, +\fI/etc/rndc.key\fR. The key in +\fI/etc/rndc.key\fR +will be used to authenticate commands sent to the server if the +\fIconfig\-file\fR +does not exist. .TP \-s \fIserver\fR - \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for \fBrndc\fR\&. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used\&. +\fIserver\fR +is the name or address of the server which matches a server statement in the configuration file for +\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. .TP \-p \fIport\fR -Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953\&. +Send commands to TCP port +\fIport\fR +instead of BIND 9's default control channel port, 953. .TP \-V -Enable verbose logging\&. +Enable verbose logging. .TP \-y \fIkeyid\fR -Use the key \fIkeyid\fR from the configuration file\&. \fIkeyid\fR must be known by named with the same algorithm and secret string in order for control message validation to succeed\&. If no \fIkeyid\fR is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement\&. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers\&. It should therefore not have general read or write access\&. +Use the key +\fIkeyid\fR +from the configuration file. +\fIkeyid\fR +must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no +\fIkeyid\fR +is specified, +\fBrndc\fR +will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. .PP -For the complete set of commands supported by \fBrndc\fR, see the BIND 9 Administrator Reference Manual or run \fBrndc\fR without arguments to see its help message\&. +For the complete set of commands supported by +\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run +\fBrndc\fR +without arguments to see its help message. .SH "LIMITATIONS" .PP - \fBrndc\fR does not yet support all the commands of the BIND 8 \fBndc\fR utility\&. +\fBrndc\fR +does not yet support all the commands of the BIND 8 +\fBndc\fR +utility. .PP -There is currently no way to provide the shared secret for a \fBkey_id\fR without using the configuration file\&. +There is currently no way to provide the shared secret for a +\fBkey_id\fR +without using the configuration file. .PP -Several error messages could be clearer\&. +Several error messages could be clearer. .SH "SEE ALSO" .PP - \fBrndc\&.conf\fR(5), \fBnamed\fR(8), \fBnamed\&.conf\fR(5) \fBndc\fR(8), BIND 9 Administrator Reference Manual\&. +\fBrndc.conf\fR(5), +\fBnamed\fR(8), +\fBnamed.conf\fR(5)\fBndc\fR(8), +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 67c44b10..1c21e363 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -13,38 +13,30 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.206.4 2005/05/12 23:57:01 sra Exp $ +.\" $Id: rndc.conf.5,v 1.21.206.5 2005/10/13 02:33:50 marka Exp $ .\" .hy 0 .ad l -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "RNDC.CONF" 5 "June 30, 2000" "" "" -.SH NAME +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "\\FIRNDC.CONF\\FR" "5" "June 30, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" rndc.conf \- rndc configuration file .SH "SYNOPSIS" .HP 10 -\fBrndc\&.conf\fR +\fBrndc.conf\fR .SH "DESCRIPTION" .PP - \fIrndc\&.conf\fR is the configuration file for \fBrndc\fR, the BIND 9 name server control utility\&. This file has a similar structure and syntax to\fInamed\&.conf\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: +\fIrndc.conf\fR +is the configuration file for +\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to +\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .PP C style: /* */ .PP @@ -52,16 +44,60 @@ C++ style: // to end of line .PP Unix style: # to end of line .PP - \fIrndc\&.conf\fR is much simpler than\fInamed\&.conf\fR\&. The file uses three statements: an options statement, a server statement and a key statement\&. -.PP -The \fBoptions\fR statement contains three clauses\&. The \fBdefault\-server\fR clause is followed by the name or address of a name server\&. This host will be used when no name server is given as an argument to\fBrndc\fR\&. The \fBdefault\-key\fR clause is followed by the name of a key which is identified by a \fBkey\fR statement\&. If no\fBkeyid\fR is provided on the rndc command line, and no \fBkey\fR clause is found in a matching\fBserver\fR statement, this default key will be used to authenticate the server's commands and responses\&. The\fBdefault\-port\fR clause is followed by the port to connect to on the remote name server\&. If no\fBport\fR option is provided on the rndc command line, and no \fBport\fR clause is found in a matching \fBserver\fR statement, this default port will be used to connect\&. -.PP -After the \fBserver\fR keyword, the server statement includes a string which is the hostname or address for a name server\&. The statement has two possible clauses:\fBkey\fR and \fBport\fR\&. The key name must match the name of a key statement in the file\&. The port number specifies the port to connect to\&. -.PP -The \fBkey\fR statement begins with an identifying string, the name of the key\&. The statement has two clauses\&.\fBalgorithm\fR identifies the encryption algorithm for \fBrndc\fR to use; currently only HMAC\-MD5 is supported\&. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key\&. The base\-64 string is enclosed in double quotes\&. -.PP -There are two common ways to generate the base\-64 string for the secret\&. The BIND 9 program \fBrndc\-confgen\fR can be used to generate a random key, or the\fBmmencode\fR program, also known as\fBmimencode\fR, can be used to generate a base\-64 string from known input\&. \fBmmencode\fR does not ship with BIND 9 but is available on many systems\&. See the EXAMPLE section for sample command lines for each\&. +\fIrndc.conf\fR +is much simpler than +\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement. +.PP +The +\fBoptions\fR +statement contains three clauses. The +\fBdefault\-server\fR +clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to +\fBrndc\fR. The +\fBdefault\-key\fR +clause is followed by the name of a key which is identified by a +\fBkey\fR +statement. If no +\fBkeyid\fR +is provided on the rndc command line, and no +\fBkey\fR +clause is found in a matching +\fBserver\fR +statement, this default key will be used to authenticate the server's commands and responses. The +\fBdefault\-port\fR +clause is followed by the port to connect to on the remote name server. If no +\fBport\fR +option is provided on the rndc command line, and no +\fBport\fR +clause is found in a matching +\fBserver\fR +statement, this default port will be used to connect. +.PP +After the +\fBserver\fR +keyword, the server statement includes a string which is the hostname or address for a name server. The statement has two possible clauses: +\fBkey\fR +and +\fBport\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. +.PP +The +\fBkey\fR +statement begins with an identifying string, the name of the key. The statement has two clauses. +\fBalgorithm\fR +identifies the encryption algorithm for +\fBrndc\fR +to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes. +.PP +There are two common ways to generate the base\-64 string for the secret. The BIND 9 program +\fBrndc\-confgen\fR +can be used to generate a random key, or the +\fBmmencode\fR +program, also known as +\fBmimencode\fR, can be used to generate a base\-64 string from known input. +\fBmmencode\fR +does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" +.sp .nf options { default\-server localhost; @@ -76,23 +112,43 @@ There are two common ways to generate the base\-64 string for the secret\&. The }; .fi .PP -In the above example, \fBrndc\fR will by default use the server at localhost (127\&.0\&.0\&.1) and the key called samplekey\&. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret\&. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes\&. +In the above example, +\fBrndc\fR +will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes. .PP -To generate a random secret with \fBrndc\-confgen\fR: +To generate a random secret with +\fBrndc\-confgen\fR: .PP - \fBrndc\-confgen\fR +\fBrndc\-confgen\fR .PP -A complete \fIrndc\&.conf\fR file, including the randomly generated key, will be written to the standard output\&. Commented out \fBkey\fR and \fBcontrols\fR statements for \fInamed\&.conf\fR are also printed\&. +A complete +\fIrndc.conf\fR +file, including the randomly generated key, will be written to the standard output. Commented out +\fBkey\fR +and +\fBcontrols\fR +statements for +\fInamed.conf\fR +are also printed. .PP -To generate a base\-64 secret with \fBmmencode\fR: +To generate a base\-64 secret with +\fBmmencode\fR: .PP - \fBecho "known plaintext for a secret" | mmencode\fR +\fBecho "known plaintext for a secret" | mmencode\fR .SH "NAME SERVER CONFIGURATION" .PP -The name server must be configured to accept rndc connections and to recognize the key specified in the \fIrndc\&.conf\fR file, using the controls statement in \fInamed\&.conf\fR\&. See the sections on the \fBcontrols\fR statement in the BIND 9 Administrator Reference Manual for details\&. +The name server must be configured to accept rndc connections and to recognize the key specified in the +\fIrndc.conf\fR +file, using the controls statement in +\fInamed.conf\fR. See the sections on the +\fBcontrols\fR +statement in the BIND 9 Administrator Reference Manual for details. .SH "SEE ALSO" .PP - \fBrndc\fR(8), \fBrndc\-confgen\fR(8), \fBmmencode\fR(1), BIND 9 Administrator Reference Manual\&. +\fBrndc\fR(8), +\fBrndc\-confgen\fR(8), +\fBmmencode\fR(1), +BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP - Internet Systems Consortium +Internet Systems Consortium diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index 095107dd..05db0eca 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.html,v 1.5.2.1.4.8 2005/07/18 02:36:47 marka Exp $ --> +<!-- $Id: rndc.conf.html,v 1.5.2.1.4.10 2005/10/13 02:33:51 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">rndc.conf</code> — rndc configuration file</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514516"></a><h2>DESCRIPTION</h2> +<a name="id2525833"></a><h2>DESCRIPTION</h2> <p> <code class="filename">rndc.conf</code> is the configuration file for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control @@ -105,7 +105,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514787"></a><h2>EXAMPLE</h2> +<a name="id2525968"></a><h2>EXAMPLE</h2> <pre class="programlisting"> options { default-server localhost; @@ -151,7 +151,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514916"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2526028"></a><h2>NAME SERVER CONFIGURATION</h2> <p> The name server must be configured to accept rndc connections and to recognize the key specified in the <code class="filename">rndc.conf</code> @@ -161,7 +161,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514936"></a><h2>SEE ALSO</h2> +<a name="id2526049"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, @@ -170,7 +170,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514979"></a><h2>AUTHOR</h2> +<a name="id2526091"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 3dd5089b..d23f4682 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.html,v 1.7.2.1.4.8 2005/07/18 02:36:47 marka Exp $ --> +<!-- $Id: rndc.html,v 1.7.2.1.4.10 2005/10/13 02:33:50 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.68.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2456972"></a><div class="titlepage"></div> +<a name="id2463721"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc</span> — name server control utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2514569"></a><h2>DESCRIPTION</h2> +<a name="id2525886"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514678"></a><h2>OPTIONS</h2> +<a name="id2525927"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> @@ -123,7 +123,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2514929"></a><h2>LIMITATIONS</h2> +<a name="id2526109"></a><h2>LIMITATIONS</h2> <p> <span><strong class="command">rndc</strong></span> does not yet support all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> utility. @@ -137,7 +137,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515026"></a><h2>SEE ALSO</h2> +<a name="id2526138"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -147,7 +147,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2515078"></a><h2>AUTHOR</h2> +<a name="id2526190"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 76161934..bed867dc 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -15,12 +15,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.10.12.5 2004/09/07 04:17:14 marka Exp $ +# $Id: clean.sh,v 1.10.12.7 2005/09/13 00:34:53 marka Exp $ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* rm -f ns1/root.db ns2/example.db ns3/secure.example.db rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl +rm -f ns2/private.secure.example.db rm -f */example.bk rm -f dig.out.* rm -f random.data diff --git a/bin/tests/system/views/clean.sh b/bin/tests/system/views/clean.sh index 2de375c9..c52cf76d 100644 --- a/bin/tests/system/views/clean.sh +++ b/bin/tests/system/views/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -15,12 +15,12 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.7.206.2 2004/03/10 01:05:55 marka Exp $ +# $Id: clean.sh,v 1.7.206.4 2005/09/13 00:34:54 marka Exp $ # # Clean up after zone transfer tests. # -rm -f ns3/example.bk dig.out.ns2 dig.out.ns3 +rm -f ns3/example.bk dig.out.ns?.? rm -f ns2/named.conf ns2/example.db ns3/named.conf ns3/internal.bk diff --git a/bin/tests/system/xferquota/clean.sh b/bin/tests/system/xferquota/clean.sh index b1344091..12c44cf3 100644 --- a/bin/tests/system/xferquota/clean.sh +++ b/bin/tests/system/xferquota/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.8.206.2 2004/03/10 01:05:56 marka Exp $ +# $Id: clean.sh,v 1.8.206.4 2005/09/13 00:34:54 marka Exp $ # # Clean up after zone transfer quota tests. @@ -24,3 +24,4 @@ rm -f ns1/zone*.example.db ns1/zones.conf rm -f ns2/zone*.example.bk ns2/zones.conf rm -f dig.out.* ns2/changing.bk +rm -f ns1/changing.db diff --git a/bin/win32/BINDInstall/BINDInstall.rc b/bin/win32/BINDInstall/BINDInstall.rc index 733591d3..8bcb636b 100644 --- a/bin/win32/BINDInstall/BINDInstall.rc +++ b/bin/win32/BINDInstall/BINDInstall.rc @@ -78,7 +78,7 @@ STYLE DS_MODALFRAME | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_APPWINDOW CAPTION "BIND 9 Installer" -FONT 8, "MS Sans Serif" +FONT 8, "MS Sans Serif",0,0,0x1 BEGIN EDITTEXT IDC_TARGETDIR,7,62,196,14,ES_AUTOHSCROLL EDITTEXT IDC_ACCOUNT_NAME,7,94,196,14,ES_AUTOHSCROLL @@ -305,6 +305,8 @@ BEGIN IDS_CREATEACCOUNT_FAILED "Unable to Create Account for the Service." IDS_ERR_PASSWORD "Passwords entered did not match. Please reenter password." IDS_ERR_UPDATE_SERVICE "Error updating service\n(%s)" + IDS_ERR_NULLPASSWORD "Service account password cannot be null" + IDS_ERR_WHITESPACE "Service account password has leading/trailing whitespace" END #endif // English (U.S.) resources diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp index a9c7e68f..511ab6e8 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.cpp +++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.cpp,v 1.6.2.6.2.10 2004/05/18 01:20:04 marka Exp $ */ +/* $Id: BINDInstallDlg.cpp,v 1.6.2.6.2.12 2005/10/11 23:54:48 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -385,6 +385,7 @@ void CBINDInstallDlg::OnUninstall() { */ void CBINDInstallDlg::OnInstall() { BOOL success = FALSE; + int oldlen; if (CheckBINDService()) StopBINDService(); @@ -393,18 +394,45 @@ void CBINDInstallDlg::OnInstall() { UpdateData(); - /* Check that the Passwords entered match */ + /* + * Check that the Passwords entered match. + */ if (m_accountPassword != m_accountPasswordConfirm) { MsgBox(IDS_ERR_PASSWORD); return; } - /* Check the entered account name */ + /* + * Check that there is not leading / trailing whitespace. + * This is for compatability with the standard password dialog. + * Passwords really should be treated as opaque blobs. + */ + oldlen = m_accountPassword.GetLength(); + m_accountPassword.TrimLeft(); + m_accountPassword.TrimRight(); + if (m_accountPassword.GetLength() != oldlen) { + MsgBox(IDS_ERR_WHITESPACE); + return; + } + + /* + * Check that the Password is not null. + */ + if (m_accountPassword.GetLength() == 0) { + MsgBox(IDS_ERR_NULLPASSWORD); + return; + } + + /* + * Check the entered account name. + */ if (ValidateServiceAccount() == FALSE) return; - /* For Registration we need to know if account was changed */ + /* + * For Registration we need to know if account was changed. + */ if(m_accountName != m_currentAccount) m_accountUsed = FALSE; @@ -462,15 +490,13 @@ void CBINDInstallDlg::OnInstall() { SetCurrent(IDS_ADD_REMOVE); if (RegCreateKey(HKEY_LOCAL_MACHINE, BIND_UNINSTALL_SUBKEY, - &hKey) == ERROR_SUCCESS) { - char winDir[MAX_PATH]; + &hKey) == ERROR_SUCCESS) { CString buf(BIND_DISPLAY_NAME); - GetWindowsDirectory(winDir, MAX_PATH); RegSetValueEx(hKey, "DisplayName", 0, REG_SZ, (LPBYTE)(LPCTSTR)buf, buf.GetLength()); - buf.Format("%s\\BINDInstall.exe", winDir); + buf.Format("%s\\BINDInstall.exe", m_binDir); RegSetValueEx(hKey, "UninstallString", 0, REG_SZ, (LPBYTE)(LPCTSTR)buf, buf.GetLength()); RegCloseKey(hKey); diff --git a/bin/win32/BINDInstall/resource.h b/bin/win32/BINDInstall/resource.h index fd142d32..14b50846 100644 --- a/bin/win32/BINDInstall/resource.h +++ b/bin/win32/BINDInstall/resource.h @@ -56,6 +56,8 @@ #define IDS_CREATEACCOUNT_FAILED 55 #define IDS_ERR_PASSWORD 56 #define IDS_ERR_UPDATE_SERVICE 57 +#define IDS_ERR_NULLPASSWORD 58 +#define IDS_ERR_WHITESPACE 59 #define IDD_BINDINSTALL_DIALOG 102 #define IDR_MAINFRAME 128 #define IDD_BROWSE 129 |