diff options
Diffstat (limited to 'bin')
58 files changed, 623 insertions, 287 deletions
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index c0953d47..d62a822d 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.55 2011-03-06 01:14:19 tbox Exp $ +.\" $Id: dig.1,v 1.56 2011-11-05 01:14:48 tbox Exp $ .\" .hy 0 .ad l @@ -291,7 +291,7 @@ A synonym for .PP \fB+[no]adflag\fR .RS 4 -Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. +Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default. .RE .PP \fB+[no]cdflag\fR @@ -332,6 +332,9 @@ attempts to find the authoritative name servers for the zone containing the name Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. +.sp +\fB+dnssec\fR +is also set when +trace is set to better emulate the default queries from a nameserver. .RE .PP \fB+[no]cmd\fR @@ -463,7 +466,7 @@ bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively .RS 4 Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. \fB+noedns\fR -clears the remembered EDNS version. +clears the remembered EDNS version. EDNS is set to 0 by default. .RE .PP \fB+[no]multiline\fR diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 4e7a21f2..09c8f3f4 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.242 2011-03-11 06:11:20 marka Exp $ */ +/* $Id: dig.c,v 1.244 2011-11-04 14:19:17 each Exp $ */ /*! \file */ @@ -187,7 +187,7 @@ help(void) { " +domain=### (Set default domainname)\n" " +bufsize=### (Set EDNS0 Max UDP packet size)\n" " +ndots=### (Set NDOTS value)\n" -" +edns=### (Set EDNS version)\n" +" +edns=### (Set EDNS version) [0]\n" " +[no]search (Set whether to use searchlist)\n" " +[no]showsearch (Search with intermediate results)\n" " +[no]defname (Ditto)\n" @@ -216,7 +216,7 @@ help(void) { " +[no]qr (Print question before sending)\n" " +[no]nssearch (Search all authoritative nameservers)\n" " +[no]identify (ID responders in short answers)\n" -" +[no]trace (Trace delegation down from root)\n" +" +[no]trace (Trace delegation down from root [+dnssec])\n" " +[no]dnssec (Request DNSSEC records)\n" " +[no]nsid (Request Name Server ID)\n" #ifdef DIG_SIGCHASE @@ -1124,6 +1124,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->section_additional = ISC_FALSE; lookup->section_authority = ISC_TRUE; lookup->section_question = ISC_FALSE; + lookup->dnssec = ISC_TRUE; usesearch = ISC_FALSE; } break; @@ -1527,6 +1528,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (!is_batchfile) { debug("making new lookup"); default_lookup = make_empty_lookup(); + default_lookup->adflag = ISC_TRUE; + default_lookup->edns = 0; #ifndef NOPOSIX /* diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 659a0f42..af922af3 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.49 2011-03-05 23:52:29 tbox Exp $ --> +<!-- $Id: dig.docbook,v 1.51 2011-11-04 11:02:50 jreed Exp $ --> <refentry id="man.dig"> <refentryinfo> @@ -461,7 +461,8 @@ policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT-OUT range. AD=0 indicate that some part - of the answer was insecure or not validated. + of the answer was insecure or not validated. This + bit is set by default. </para> </listitem> </varlistentry> @@ -498,19 +499,17 @@ <varlistentry> <term><option>+[no]recurse</option></term> - <listitem> - <para> - Toggle the setting of the RD (recursion desired) bit in the - query. - This bit is set by default, which means <command>dig</command> - normally sends recursive queries. Recursion is automatically - disabled - when the <parameter>+nssearch</parameter> or - <parameter>+trace</parameter> query options are - used. - </para> - </listitem> - </varlistentry> + <listitem> + <para> + Toggle the setting of the RD (recursion desired) bit + in the query. This bit is set by default, which means + <command>dig</command> normally sends recursive + queries. Recursion is automatically disabled when + the <parameter>+nssearch</parameter> or + <parameter>+trace</parameter> query options are used. + </para> + </listitem> + </varlistentry> <varlistentry> <term><option>+[no]nssearch</option></term> @@ -530,20 +529,21 @@ <varlistentry> <term><option>+[no]trace</option></term> <listitem> - <para> - Toggle tracing of the delegation path from the root name servers - for - the name being looked up. Tracing is disabled by default. When - tracing is enabled, <command>dig</command> makes - iterative queries to - resolve the name being looked up. It will follow referrals from - the - root servers, showing the answer from each server that was used - to - resolve the lookup. - </para> - </listitem> - </varlistentry> + <para> + Toggle tracing of the delegation path from the root + name servers for the name being looked up. Tracing + is disabled by default. When tracing is enabled, + <command>dig</command> makes iterative queries to + resolve the name being looked up. It will follow + referrals from the root servers, showing the answer + from each server that was used to resolve the lookup. + </para> + <para> + <command>+dnssec</command> is also set when +trace is + set to better emulate the default queries from a nameserver. + </para> + </listitem> + </varlistentry> <varlistentry> <term><option>+[no]cmd</option></term> @@ -776,9 +776,10 @@ <listitem> <para> Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause a - EDNS query to be sent. <option>+noedns</option> clears the - remembered EDNS version. + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. <option>+noedns</option> + clears the remembered EDNS version. EDNS is set to + 0 by default. </para> </listitem> </varlistentry> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 327aedae..4087c6b9 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.50 2011-03-06 01:14:19 tbox Exp $ --> +<!-- $Id: dig.html,v 1.51 2011-11-05 01:14:48 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -315,7 +315,8 @@ policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT-OUT range. AD=0 indicate that some part - of the answer was insecure or not validated. + of the answer was insecure or not validated. This + bit is set by default. </p></dd> <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt> <dd><p> @@ -334,15 +335,13 @@ </p></dd> <dt><span class="term"><code class="option">+[no]recurse</code></span></dt> <dd><p> - Toggle the setting of the RD (recursion desired) bit in the - query. - This bit is set by default, which means <span><strong class="command">dig</strong></span> - normally sends recursive queries. Recursion is automatically - disabled - when the <em class="parameter"><code>+nssearch</code></em> or - <em class="parameter"><code>+trace</code></em> query options are - used. - </p></dd> + Toggle the setting of the RD (recursion desired) bit + in the query. This bit is set by default, which means + <span><strong class="command">dig</strong></span> normally sends recursive + queries. Recursion is automatically disabled when + the <em class="parameter"><code>+nssearch</code></em> or + <em class="parameter"><code>+trace</code></em> query options are used. + </p></dd> <dt><span class="term"><code class="option">+[no]nssearch</code></span></dt> <dd><p> When this option is set, <span><strong class="command">dig</strong></span> @@ -354,18 +353,21 @@ zone. </p></dd> <dt><span class="term"><code class="option">+[no]trace</code></span></dt> -<dd><p> - Toggle tracing of the delegation path from the root name servers - for - the name being looked up. Tracing is disabled by default. When - tracing is enabled, <span><strong class="command">dig</strong></span> makes - iterative queries to - resolve the name being looked up. It will follow referrals from - the - root servers, showing the answer from each server that was used - to - resolve the lookup. - </p></dd> +<dd> +<p> + Toggle tracing of the delegation path from the root + name servers for the name being looked up. Tracing + is disabled by default. When tracing is enabled, + <span><strong class="command">dig</strong></span> makes iterative queries to + resolve the name being looked up. It will follow + referrals from the root servers, showing the answer + from each server that was used to resolve the lookup. + </p> +<p> + <span><strong class="command">+dnssec</strong></span> is also set when +trace is + set to better emulate the default queries from a nameserver. + </p> +</dd> <dt><span class="term"><code class="option">+[no]cmd</code></span></dt> <dd><p> Toggles the printing of the initial comment in the output @@ -505,9 +507,10 @@ <dt><span class="term"><code class="option">+edns=#</code></span></dt> <dd><p> Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause a - EDNS query to be sent. <code class="option">+noedns</code> clears the - remembered EDNS version. + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. <code class="option">+noedns</code> + clears the remembered EDNS version. EDNS is set to + 0 by default. </p></dd> <dt><span class="term"><code class="option">+[no]multiline</code></span></dt> <dd><p> @@ -578,7 +581,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2545228"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545301"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -624,7 +627,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545358"></a><h2>IDN SUPPORT</h2> +<a name="id2545363"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -638,14 +641,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545381"></a><h2>FILES</h2> +<a name="id2545385"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545398"></a><h2>SEE ALSO</h2> +<a name="id2545402"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -653,7 +656,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545435"></a><h2>BUGS</h2> +<a name="id2545440"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 21c5b1f5..95376f9a 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.340 2011-03-11 06:11:20 marka Exp $ */ +/* $Id: dighost.c,v 1.342 2011-11-06 23:18:07 marka Exp $ */ /*! \file * \note @@ -66,6 +66,7 @@ #include <dns/tsig.h> #include <dst/dst.h> +#include <dst/result.h> #include <isc/app.h> #include <isc/base64.h> @@ -925,6 +926,11 @@ setup_text_key(void) { secretsize = isc_buffer_usedlength(&secretbuf); + if (hmacname == NULL) { + result = DST_R_UNSUPPORTEDALG; + goto failure; + } + result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf); if (result != ISC_R_SUCCESS) goto failure; @@ -1838,12 +1844,10 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) * Return ISC_TRUE iff there was another searchlist entry. */ static isc_boolean_t -next_origin(dns_message_t *msg, dig_query_t *query) { +next_origin(dig_query_t *query) { dig_lookup_t *lookup; dig_searchlist_t *search; - UNUSED(msg); - INSIST(!free_now); debug("next_origin()"); @@ -3360,7 +3364,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (!l->doing_xfr || l->xfr_q == query) { if (msg->rcode != dns_rcode_noerror && (l->origin != NULL || l->need_search)) { - if (!next_origin(msg, query) || showsearch) { + if (!next_origin(query) || showsearch) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); } diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8 index bbac8bf0..6f785d3d 100644 --- a/bin/dnssec/dnssec-settime.8 +++ b/bin/dnssec/dnssec-settime.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-settime.8,v 1.16 2011-03-22 01:14:25 tbox Exp $ +.\" $Id: dnssec-settime.8,v 1.17 2011-11-05 01:14:48 tbox Exp $ .\" .hy 0 .ad l @@ -52,7 +52,7 @@ simply prints the key timing metadata already stored in the key. .PP When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR and -\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. +\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. The private file's permissions are always set to be inaccessible to anyone other than the owner (mode 0600). .SH "OPTIONS" .PP \-f diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index 9fb5f25f..f9abd10f 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.docbook,v 1.14 2011-03-21 15:56:35 each Exp $ --> +<!-- $Id: dnssec-settime.docbook,v 1.15 2011-11-03 20:21:37 each Exp $ --> <refentry id="man.dnssec-settime"> <refentryinfo> <date>July 15, 2009</date> @@ -83,7 +83,8 @@ <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated. Metadata fields are stored in the private file. A human-readable description of the metadata is also placed in comments in the key - file. + file. The private file's permissions are always set to be + inaccessible to anyone other than the owner (mode 0600). </para> </refsect1> diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html index 304ce587..c06b7b72 100644 --- a/bin/dnssec/dnssec-settime.html +++ b/bin/dnssec/dnssec-settime.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.html,v 1.16 2011-03-22 01:14:25 tbox Exp $ --> +<!-- $Id: dnssec-settime.html,v 1.17 2011-11-05 01:14:48 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -52,7 +52,8 @@ <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated. Metadata fields are stored in the private file. A human-readable description of the metadata is also placed in comments in the key - file. + file. The private file's permissions are always set to be + inaccessible to anyone other than the owner (mode 0600). </p> </div> <div class="refsect1" lang="en"> @@ -98,7 +99,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543594"></a><h2>TIMING OPTIONS</h2> +<a name="id2543662"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -177,7 +178,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543733"></a><h2>PRINTING OPTIONS</h2> +<a name="id2543801"></a><h2>PRINTING OPTIONS</h2> <p> <span><strong class="command">dnssec-settime</strong></span> can also be used to print the timing metadata associated with a key. diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 4b30c30e..a7935e67 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.63 2011-03-22 01:14:25 tbox Exp $ +.\" $Id: dnssec-signzone.8,v 1.64 2011-11-08 01:14:49 tbox Exp $ .\" .hy 0 .ad l @@ -147,7 +147,10 @@ must be later than .RS 4 The name of the output file containing the signed zone. The default is to append \fI.signed\fR -to the input filename. +to the input filename. If +\fBoutput\-file\fR +is set to +"\-", then the signed zone is written to the standard output, with a default output format of "full". .RE .PP \-h @@ -229,8 +232,9 @@ The zone origin. If not specified, the name of the zone file is assumed to be th .RS 4 The format of the output file containing the signed zone. Possible formats are \fB"text"\fR -(default) and -\fB"raw"\fR. +(default) +\fB"raw"\fR, and +\fB"full"\fR, which is text output in a format suitable for processing by external scripts. .RE .PP \-p diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 6fa199c8..77bb9d98 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.280 2011-10-11 19:26:05 each Exp $ */ +/* $Id: dnssec-signzone.c,v 1.282 2011-11-07 23:46:50 tbox Exp $ */ /*! \file */ @@ -37,6 +37,7 @@ #include <stdlib.h> #include <time.h> +#include <unistd.h> #include <isc/app.h> #include <isc/base32.h> @@ -133,7 +134,7 @@ static isc_mem_t *mctx = NULL; static isc_entropy_t *ectx = NULL; static dns_ttl_t zone_soa_min_ttl; static dns_ttl_t soa_ttl; -static FILE *fp; +static FILE *fp = NULL; static char *tempfile = NULL; static const dns_master_style_t *masterstyle; static dns_masterformat_t inputformat = dns_masterformat_text; @@ -174,6 +175,7 @@ static dns_ttl_t keyttl; static isc_boolean_t smartsign = ISC_FALSE; static isc_boolean_t remove_orphans = ISC_FALSE; static isc_boolean_t output_dnssec_only = ISC_FALSE; +static isc_boolean_t output_stdout = ISC_FALSE; #define INCSTAT(counter) \ if (printstats) { \ @@ -3403,30 +3405,32 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish, isc_uint64_t time_us; /* Time in microseconds */ isc_uint64_t time_ms; /* Time in milliseconds */ isc_uint64_t sig_ms; /* Signatures per millisecond */ + FILE *out = output_stdout ? stderr : stdout; - printf("Signatures generated: %10d\n", nsigned); - printf("Signatures retained: %10d\n", nretained); - printf("Signatures dropped: %10d\n", ndropped); - printf("Signatures successfully verified: %10d\n", nverified); - printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed); + fprintf(out, "Signatures generated: %10d\n", nsigned); + fprintf(out, "Signatures retained: %10d\n", nretained); + fprintf(out, "Signatures dropped: %10d\n", ndropped); + fprintf(out, "Signatures successfully verified: %10d\n", nverified); + fprintf(out, "Signatures unsuccessfully " + "verified: %10d\n", nverifyfailed); time_us = isc_time_microdiff(sign_finish, sign_start); time_ms = time_us / 1000; - printf("Signing time in seconds: %7u.%03u\n", - (unsigned int) (time_ms / 1000), - (unsigned int) (time_ms % 1000)); + fprintf(out, "Signing time in seconds: %7u.%03u\n", + (unsigned int) (time_ms / 1000), + (unsigned int) (time_ms % 1000)); if (time_us > 0) { sig_ms = ((isc_uint64_t)nsigned * 1000000000) / time_us; - printf("Signatures per second: %7u.%03u\n", - (unsigned int) sig_ms / 1000, - (unsigned int) sig_ms % 1000); + fprintf(out, "Signatures per second: %7u.%03u\n", + (unsigned int) sig_ms / 1000, + (unsigned int) sig_ms % 1000); } time_us = isc_time_microdiff(timer_finish, timer_start); time_ms = time_us / 1000; - printf("Runtime in seconds: %7u.%03u\n", - (unsigned int) (time_ms / 1000), - (unsigned int) (time_ms % 1000)); + fprintf(out, "Runtime in seconds: %7u.%03u\n", + (unsigned int) (time_ms / 1000), + (unsigned int) (time_ms % 1000)); } int @@ -3453,7 +3457,7 @@ main(int argc, char *argv[]) { #endif unsigned int eflags; isc_boolean_t free_output = ISC_FALSE; - int tempfilelen; + int tempfilelen = 0; dns_rdataclass_t rdclass; isc_task_t **tasks = NULL; isc_buffer_t b; @@ -3565,6 +3569,8 @@ main(int argc, char *argv[]) { case 'f': output = isc_commandline_argument; + if (strcmp(output, "-") == 0) + output_stdout = ISC_TRUE; break; case 'g': @@ -3811,7 +3817,10 @@ main(int argc, char *argv[]) { outputformat = dns_masterformat_text; else if (strcasecmp(outputformatstr, "raw") == 0) outputformat = dns_masterformat_raw; - else + else if (strcasecmp(outputformatstr, "full") == 0) { + outputformat = dns_masterformat_text; + masterstyle = &dns_master_style_full; + } else fatal("unknown file format: %s\n", outputformatstr); } @@ -3967,21 +3976,26 @@ main(int argc, char *argv[]) { } } - tempfilelen = strlen(output) + 20; - tempfile = isc_mem_get(mctx, tempfilelen); - if (tempfile == NULL) - fatal("out of memory"); + if (output_stdout) { + fp = stdout; + if (outputformatstr == NULL) + masterstyle = &dns_master_style_full; + } else { + tempfilelen = strlen(output) + 20; + tempfile = isc_mem_get(mctx, tempfilelen); + if (tempfile == NULL) + fatal("out of memory"); - result = isc_file_mktemplate(output, tempfile, tempfilelen); - check_result(result, "isc_file_mktemplate"); + result = isc_file_mktemplate(output, tempfile, tempfilelen); + check_result(result, "isc_file_mktemplate"); - fp = NULL; - result = isc_file_openunique(tempfile, &fp); - if (result != ISC_R_SUCCESS) - fatal("failed to open temporary output file: %s", - isc_result_totext(result)); - removefile = ISC_TRUE; - setfatalcallback(&removetempfile); + result = isc_file_openunique(tempfile, &fp); + if (result != ISC_R_SUCCESS) + fatal("failed to open temporary output file: %s", + isc_result_totext(result)); + removefile = ISC_TRUE; + setfatalcallback(&removetempfile); + } print_time(fp); print_version(fp); @@ -4047,20 +4061,22 @@ main(int argc, char *argv[]) { check_result(result, "dns_master_dumptostream2"); } - result = isc_stdio_close(fp); - check_result(result, "isc_stdio_close"); - removefile = ISC_FALSE; - - result = isc_file_rename(tempfile, output); - if (result != ISC_R_SUCCESS) - fatal("failed to rename temp file to %s: %s\n", - output, isc_result_totext(result)); - DESTROYLOCK(&namelock); if (printstats) DESTROYLOCK(&statslock); - printf("%s\n", output); + if (!output_stdout) { + result = isc_stdio_close(fp); + check_result(result, "isc_stdio_close"); + removefile = ISC_FALSE; + + result = isc_file_rename(tempfile, output); + if (result != ISC_R_SUCCESS) + fatal("failed to rename temp file to %s: %s\n", + output, isc_result_totext(result)); + + printf("%s\n", output); + } dns_db_closeversion(gdb, &gversion, ISC_FALSE); dns_db_detach(&gdb); @@ -4071,7 +4087,8 @@ main(int argc, char *argv[]) { dns_dnsseckey_destroy(mctx, &key); } - isc_mem_put(mctx, tempfile, tempfilelen); + if (tempfilelen != 0) + isc_mem_put(mctx, tempfile, tempfilelen); if (free_output) isc_mem_free(mctx, output); diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index eeadca67..76830342 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.49 2011-03-21 07:26:47 each Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.50 2011-11-07 23:16:31 each Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> <date>June 05, 2009</date> @@ -288,8 +288,10 @@ <para> The name of the output file containing the signed zone. The default is to append <filename>.signed</filename> to - the - input filename. + the input filename. If <option>output-file</option> is + set to <literal>"-"</literal>, then the signed zone is + written to the standard output, with a default output + format of "full". </para> </listitem> </varlistentry> @@ -433,7 +435,9 @@ <para> The format of the output file containing the signed zone. Possible formats are <command>"text"</command> (default) - and <command>"raw"</command>. + <command>"raw"</command>, and <command>"full"</command>, + which is text output in a format suitable for processing + by external scripts. </para> </listitem> </varlistentry> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index e0d9c962..0c415ed3 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.49 2011-03-22 01:14:25 tbox Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.50 2011-11-08 01:14:49 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -155,8 +155,10 @@ <dd><p> The name of the output file containing the signed zone. The default is to append <code class="filename">.signed</code> to - the - input filename. + the input filename. If <code class="option">output-file</code> is + set to <code class="literal">"-"</code>, then the signed zone is + written to the standard output, with a default output + format of "full". </p></dd> <dt><span class="term">-h</span></dt> <dd><p> @@ -250,7 +252,9 @@ <dd><p> The format of the output file containing the signed zone. Possible formats are <span><strong class="command">"text"</strong></span> (default) - and <span><strong class="command">"raw"</strong></span>. + <span><strong class="command">"raw"</strong></span>, and <span><strong class="command">"full"</strong></span>, + which is text output in a format suitable for processing + by external scripts. </p></dd> <dt><span class="term">-p</span></dt> <dd><p> @@ -430,7 +434,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2545078"></a><h2>EXAMPLE</h2> +<a name="id2545088"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -460,14 +464,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2545133"></a><h2>SEE ALSO</h2> +<a name="id2545143"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2545158"></a><h2>AUTHOR</h2> +<a name="id2545168"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/client.c b/bin/named/client.c index 9fec223d..d28a50a6 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.281 2011-10-25 16:21:21 each Exp $ */ +/* $Id: client.c,v 1.284 2011-11-09 22:05:09 each Exp $ */ #include <config.h> @@ -240,8 +240,8 @@ ns_client_recursing(ns_client_t *client) { REQUIRE(client->state == NS_CLIENTSTATE_WORKING); LOCK(&client->manager->reclock); - ISC_LIST_APPEND(client->manager->recursing, client, rlink); client->state = NS_CLIENTSTATE_RECURSING; + ISC_LIST_APPEND(client->manager->recursing, client, rlink); UNLOCK(&client->manager->reclock); } @@ -349,10 +349,16 @@ exit_check(ns_client_t *client) { * I/O cancel is complete. Burn down all state * related to the current request. Ensure that * the client is no longer on the recursing list. + * + * We need to check whether the client is still linked, + * because it may already have been removed from the + * recursing list by ns_client_killoldestquery() */ if (client->state == NS_CLIENTSTATE_RECURSING) { LOCK(&manager->reclock); - ISC_LIST_UNLINK(manager->recursing, client, rlink); + if (ISC_LINK_LINKED(client, rlink)) + ISC_LIST_UNLINK(manager->recursing, + client, rlink); UNLOCK(&manager->reclock); } ns_client_endrequest(client); @@ -494,9 +500,9 @@ exit_check(ns_client_t *client) { * that has been done, lest the manager decide to reactivate * the dying client inbetween. */ + client->state = NS_CLIENTSTATE_INACTIVE; if (!ns_g_clienttest) ISC_QUEUE_PUSH(manager->inactive, client, ilink); - client->state = NS_CLIENTSTATE_INACTIVE; INSIST(client->recursionquota == NULL); if (client->state == client->newstate) { @@ -2689,10 +2695,11 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category, { char msgbuf[2048]; char peerbuf[ISC_SOCKADDR_FORMATSIZE]; - char signerbuf[DNS_NAME_FORMATSIZE]; + char signerbuf[DNS_NAME_FORMATSIZE], qnamebuf[DNS_NAME_FORMATSIZE]; const char *viewname = ""; - const char *sep1 = "", *sep2 = ""; - const char *signer = ""; + const char *sep1 = "", *sep2 = "", *sep3 = "", *sep4 = ""; + const char *signer = "", *qname = ""; + dns_name_t *q = NULL; vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); @@ -2704,15 +2711,25 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category, signer = signerbuf; } + q = client->query.origqname != NULL + ? client->query.origqname : client->query.qname; + if (q != NULL) { + dns_name_format(q, qnamebuf, sizeof(qnamebuf)); + sep2 = " ("; + sep3 = ")"; + qname = qnamebuf; + } + if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 && strcmp(client->view->name, "_default") != 0) { - sep2 = ": view "; + sep4 = ": view "; viewname = client->view->name; } isc_log_write(ns_g_lctx, category, module, level, - "client %s%s%s%s%s: %s", - peerbuf, sep1, signer, sep2, viewname, msgbuf); + "client %s%s%s%s%s%s%s%s: %s", + peerbuf, sep1, signer, sep2, qname, sep3, + sep4, viewname, msgbuf); } void @@ -2797,6 +2814,8 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { LOCK(&manager->reclock); client = ISC_LIST_HEAD(manager->recursing); while (client != NULL) { + INSIST(client->state == NS_CLIENTSTATE_RECURSING); + ns_client_name(client, peerbuf, sizeof(peerbuf)); if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 && @@ -2809,6 +2828,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { } LOCK(&client->query.fetchlock); + INSIST(client->query.qname != NULL); dns_name_format(client->query.qname, namebuf, sizeof(namebuf)); if (client->query.qname != client->query.origqname && client->query.origqname != NULL) { @@ -2836,7 +2856,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { "requesttime %d\n", peerbuf, sep, name, client->message->id, namebuf, typebuf, classbuf, origfor, original, client->requesttime); - client = ISC_LIST_NEXT(client, link); + client = ISC_LIST_NEXT(client, rlink); } UNLOCK(&manager->reclock); } diff --git a/bin/named/control.c b/bin/named/control.c index 1b23390b..418a8b2e 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.c,v 1.46 2011-10-28 06:20:04 each Exp $ */ +/* $Id: control.c,v 1.47 2011-11-03 23:05:30 each Exp $ */ /*! \file */ @@ -154,7 +154,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { } else if (command_compare(command, NS_COMMAND_DUMPSTATS)) { result = ns_server_dumpstats(ns_g_server); } else if (command_compare(command, NS_COMMAND_QUERYLOG)) { - result = ns_server_togglequerylog(ns_g_server); + result = ns_server_togglequerylog(ns_g_server, command); } else if (command_compare(command, NS_COMMAND_DUMPDB)) { ns_server_dumpdb(ns_g_server, command); result = ISC_R_SUCCESS; diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 82a770f3..a5ac4215 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.91 2011-06-17 23:47:49 tbox Exp $ */ +/* $Id: globals.h,v 1.92 2011-11-09 18:44:04 each Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -51,6 +51,7 @@ EXTERN isc_mem_t * ns_g_mctx INIT(NULL); EXTERN unsigned int ns_g_cpus INIT(0); +EXTERN unsigned int ns_g_udpdisp INIT(0); EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 3601e337..a4f14e19 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.115 2011-10-28 06:20:04 each Exp $ */ +/* $Id: server.h,v 1.116 2011-11-03 23:05:30 each Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 @@ -228,9 +228,10 @@ ns_server_retransfercommand(ns_server_t *server, char *args); */ isc_result_t -ns_server_togglequerylog(ns_server_t *server); +ns_server_togglequerylog(ns_server_t *server, char *args); /*%< - * Toggle logging of queries, as in BIND 8. + * Enable/disable logging of queries. (Takes "yes" or "no" argument, + * but can also be used as a toggle for backward comptibility.) */ /*% diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 7aae8414..6b96893f 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.100 2011-10-04 16:04:22 each Exp $ */ +/* $Id: interfacemgr.c,v 1.101 2011-11-09 18:44:03 each Exp $ */ /*! \file */ @@ -268,7 +268,7 @@ ns_interface_listenudp(ns_interface_t *ifp) { attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP; attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6; - ifp->nudpdispatch = ISC_MIN(ns_g_cpus, MAX_UDP_DISPATCH); + ifp->nudpdispatch = ISC_MIN(ns_g_udpdisp, MAX_UDP_DISPATCH); for (disp = 0; disp < ifp->nudpdispatch; disp++) { result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr, ns_g_socketmgr, diff --git a/bin/named/main.c b/bin/named/main.c index 88904e21..e1fd78f5 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.183 2011-03-11 06:11:21 marka Exp $ */ +/* $Id: main.c,v 1.185 2011-11-09 18:44:03 each Exp $ */ /*! \file */ @@ -418,7 +418,7 @@ parse_command_line(int argc, char *argv[]) { isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "46c:C:d:E:fFgi:lm:n:N:p:P:" - "sS:t:T:u:vVx:")) != -1) { + "sS:t:T:U:u:vVx:")) != -1) { switch (ch) { case '4': if (disable4) @@ -527,6 +527,11 @@ parse_command_line(int argc, char *argv[]) { fprintf(stderr, "unknown -T flag '%s\n", isc_commandline_argument); break; + case 'U': + ns_g_udpdisp = parse_int(isc_commandline_argument, + "number of UDP listeners " + "per interface"); + break; case 'u': ns_g_username = isc_commandline_argument; break; @@ -585,6 +590,12 @@ create_managers(void) { #else ns_g_cpus = 1; #endif + if (ns_g_udpdisp == 0 || ns_g_udpdisp > ns_g_cpus) + ns_g_udpdisp = ns_g_cpus; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, + ISC_LOG_INFO, "using %u UDP listener%s per interface", + ns_g_udpdisp, ns_g_udpdisp == 1 ? "" : "s"); + result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -793,6 +804,25 @@ setup(void) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "built with %s", ns_g_configargs); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "----------------------------------------------------"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "BIND 9 is maintained by Internet Systems Consortium,"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "Inc. (ISC), a non-profit 501(c)(3) public-benefit "); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "corporation. Support and training for BIND 9 are "); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "available at https://www.isc.org/support"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "----------------------------------------------------"); + dump_symboltable(); /* diff --git a/bin/named/named.8 b/bin/named/named.8 index 23805b04..53754526 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.41 2009-10-06 01:14:41 tbox Exp $ +.\" $Id: named.8,v 1.42 2011-11-10 01:15:59 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -168,6 +168,17 @@ is defined allows a process with root privileges to escape a chroot jail. .RE .RE .PP +\-U \fI#listeners\fR +.RS 4 +Use +\fI#listeners\fR +worker threads to listen for incoming UDP packets on each address. If not specified, +\fBnamed\fR +will use all of the worker threads for this purpose; the +\fB\-U\fR +option allows the number to be decreased but not increased. +.RE +.PP \-u \fIuser\fR .RS 4 Setuid to @@ -267,7 +278,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 71979ea3..47bc9a06 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.48 2011-09-07 01:14:42 tbox Exp $ +.\" $Id: named.conf.5,v 1.49 2011-11-07 01:15:02 tbox Exp $ .\" .hy 0 .ad l @@ -254,8 +254,7 @@ options { disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; - dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; - dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); + dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; @@ -425,7 +424,7 @@ view \fIstring\fR \fIoptional_class\fR { disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; - dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; + dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index eb48d25a..dfafe0b7 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.53 2011-09-06 22:29:32 smann Exp $ --> +<!-- $Id: named.conf.docbook,v 1.55 2011-11-07 00:25:53 each Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> @@ -285,8 +285,7 @@ options { disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; - dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>; - dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); + dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; @@ -474,7 +473,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; - dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>; + dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 833eaedb..93919343 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.57 2011-09-07 01:14:42 tbox Exp $ --> +<!-- $Id: named.conf.html,v 1.58 2011-11-07 01:15:02 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -251,8 +251,7 @@ options {<br> disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> - dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br> - dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> + dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> <br> @@ -362,7 +361,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544583"></a><h2>VIEW</h2> +<a name="id2544580"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -439,7 +438,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> - dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br> + dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> <br> @@ -526,7 +525,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545292"></a><h2>ZONE</h2> +<a name="id2545296"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint | redirect |<br> @@ -623,12 +622,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545682"></a><h2>FILES</h2> +<a name="id2545685"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545693"></a><h2>SEE ALSO</h2> +<a name="id2545697"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 214f8ac6..2dd8fbee 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.26 2009-10-05 17:30:49 fdupont Exp $ --> +<!-- $Id: named.docbook,v 1.28 2011-11-09 23:46:23 tbox Exp $ --> <refentry id="man.named"> <refentryinfo> <date>May 21, 2009</date> @@ -43,6 +43,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -69,6 +70,7 @@ <arg><option>-s</option></arg> <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg> <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> <arg><option>-v</option></arg> <arg><option>-V</option></arg> @@ -282,6 +284,20 @@ </varlistentry> <varlistentry> + <term>-U <replaceable class="parameter">#listeners</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">#listeners</replaceable> + worker threads to listen for incoming UDP packets on each + address. If not specified, <command>named</command> will + use all of the worker threads for this purpose; the + <option>-U</option> option allows the number to be + decreased but not increased. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-u <replaceable class="parameter">user</replaceable></term> <listitem> <para>Setuid diff --git a/bin/named/named.html b/bin/named/named.html index fa869c4c..4034604d 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.33 2009-10-06 01:14:41 tbox Exp $ --> +<!-- $Id: named.html,v 1.34 2011-11-10 01:15:58 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543480"></a><h2>DESCRIPTION</h2> +<a name="id2543492"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543505"></a><h2>OPTIONS</h2> +<a name="id2543516"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -178,6 +178,15 @@ </p> </div> </dd> +<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>#listeners</code></em> + worker threads to listen for incoming UDP packets on each + address. If not specified, <span><strong class="command">named</strong></span> will + use all of the worker threads for this purpose; the + <code class="option">-U</code> option allows the number to be + decreased but not increased. + </p></dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> <p>Setuid @@ -228,7 +237,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543962"></a><h2>SIGNALS</h2> +<a name="id2544003"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -249,7 +258,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544010"></a><h2>CONFIGURATION</h2> +<a name="id2544119"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided @@ -266,7 +275,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544046"></a><h2>FILES</h2> +<a name="id2544155"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -279,7 +288,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544086"></a><h2>SEE ALSO</h2> +<a name="id2544263"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -292,7 +301,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544293"></a><h2>AUTHOR</h2> +<a name="id2544333"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/query.c b/bin/named/query.c index ec5a4824..cc422657 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.377 2011-10-28 11:46:49 marka Exp $ */ +/* $Id: query.c,v 1.378 2011-11-16 09:44:31 each Exp $ */ /*! \file */ @@ -1381,11 +1381,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1426,8 +1424,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1885,10 +1884,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ diff --git a/bin/named/server.c b/bin/named/server.c index c1cefd25..872a41be 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.625 2011-10-28 12:08:04 tbox Exp $ */ +/* $Id: server.c,v 1.630 2011-11-09 18:44:03 each Exp $ */ /*! \file */ @@ -2604,14 +2604,19 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (result == ISC_R_SUCCESS) { /* If set to "auto", use the version from the defaults */ const cfg_obj_t *dlvobj; + const char *dom; dlvobj = cfg_listelt_value(cfg_list_first(obj)); - if (!strcmp(cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain")), - "auto") && - cfg_obj_isvoid(cfg_tuple_get(dlvobj, "trust-anchor"))) { - auto_dlv = ISC_TRUE; - obj = NULL; - result = cfg_map_get(ns_g_defaults, - "dnssec-lookaside", &obj); + dom = cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain")); + if (cfg_obj_isvoid(cfg_tuple_get(dlvobj, "trust-anchor"))) { + /* If "no", skip; if "auto", use global default */ + if (!strcasecmp(dom, "no")) + result = ISC_R_NOTFOUND; + else if (!strcasecmp(dom, "auto")) { + auto_dlv = ISC_TRUE; + obj = NULL; + result = cfg_map_get(ns_g_defaults, + "dnssec-lookaside", &obj); + } } } @@ -2850,7 +2855,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, CHECK(dns_zone_create(&zone, mctx)); CHECK(dns_zone_setorigin(zone, name)); dns_zone_setview(zone, view); - CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone)); + CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, + zone)); dns_zone_setclass(zone, view->rdclass); dns_zone_settype(zone, dns_zone_master); dns_zone_setstats(zone, ns_g_server->zonestats); @@ -6134,8 +6140,28 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { } isc_result_t -ns_server_togglequerylog(ns_server_t *server) { - server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE; +ns_server_togglequerylog(ns_server_t *server, char *args) { + isc_boolean_t value; + char *ptr; + + /* Skip the command name. */ + ptr = next_token(&args, " \t"); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + ptr = next_token(&args, " \t"); + if (ptr == NULL) + value = server->log_queries ? ISC_FALSE : ISC_TRUE; + else if (strcasecmp(ptr, "yes") == 0 || strcasecmp(ptr, "on") == 0) + value = ISC_TRUE; + else if (strcasecmp(ptr, "no") == 0 || strcasecmp(ptr, "off") == 0) + value = ISC_FALSE; + else + return (ISC_R_NOTFOUND); + + if (server->log_queries == value) + return (ISC_R_SUCCESS); + + server->log_queries = value; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, @@ -6956,6 +6982,7 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { #ifdef ISC_PLATFORM_USETHREADS "CPUs found: %u\n" "worker threads: %u\n" + "UDP listeners per interface: %u\n" #endif "number of zones: %u\n" "debug level: %d\n" @@ -6968,7 +6995,7 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { "server is up and running", ns_g_version, ob, alt, cb, #ifdef ISC_PLATFORM_USETHREADS - ns_g_cpus_detected, ns_g_cpus, + ns_g_cpus_detected, ns_g_cpus, ns_g_udpdisp, #endif zonecount, ns_g_debuglevel, xferrunning, xferdeferred, soaqueries, server->log_queries ? "ON" : "OFF", @@ -7938,7 +7965,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putuint8(text, 0); } else CHECK(result); - } else { + } else if (list) { privatetype = dns_zone_getprivatetype(zone); origin = dns_zone_getorigin(zone); CHECK(dns_zone_getdb(zone, &db)); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 43e975a3..cdb6a887 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.196 2011-05-23 22:25:32 each Exp $ */ +/* $Id: nsupdate.c,v 1.197 2011-11-03 04:29:28 each Exp $ */ /*! \file */ @@ -2280,6 +2280,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_message_destroy(&soaquery); ddebug("Out of recvsoa"); done_update(); + seenerror = ISC_TRUE; return; } diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index 62080ac6..cfb6c262 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.136 2011-10-28 06:20:05 each Exp $ */ +/* $Id: rndc.c,v 1.138 2011-11-03 23:05:30 each Exp $ */ /*! \file */ @@ -127,7 +127,8 @@ command is one of the following:\n\ loadkeys zone [class [view]]\n\ Update keys without signing immediately.\n\ stats Write server statistics to the statistics file.\n\ - querylog Toggle query logging.\n\ + querylog newstate\n\ + Enable / disable query logging.\n\ dumpdb [-all|-cache|-zones] [view ...]\n\ Dump cache(s) to the dump file (named_dump.db).\n\ secroots [view ...]\n\ @@ -145,11 +146,16 @@ command is one of the following:\n\ flush [view] Flushes the server's cache for a view.\n\ flushname name [view]\n\ Flush the given name from the server's cache(s)\n\ + flushtree name [view]\n\ + Flush all names under the given name from the server's cache(s)\n\ status Display status of the server.\n\ recursing Dump the queries that are currently recursing (named.recursing)\n\ + tsig-list List all currently active TSIG keys, including both statically\n\ + configured and TKEY-negotiated keys.\n\ + tsig-delete keyname [view] \n\ + Delete a TKEY-negotiated TSIG key.\n\ validation newstate [view]\n\ Enable / disable DNSSEC validation.\n\ - *restart Restart the server.\n\ addzone [\"file\"] zone [class [view]] { zone-options }\n\ Add zone to given view. Requires new-zone-file option.\n\ delzone [\"file\"] zone [class [view]]\n\ @@ -163,6 +169,7 @@ command is one of the following:\n\ signing -clear all zone [class [view]]\n\ Remove the private records for all keys that have\n\ finished signing the given zone.\n\ + *restart Restart the server.\n\ \n\ * == not yet implemented\n\ Version: %s\n", diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index ed312151..ae4ac3e3 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.37 2011-03-30 15:48:41 smann Exp $ +# $Id: Makefile.in,v 1.38 2011-11-01 18:35:53 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -36,6 +36,7 @@ test: subdirs testclean clean distclean:: if test -f ./cleanall.sh; then sh ./cleanall.sh; fi + rm -f systests.output distclean:: rm -f conf.sh diff --git a/bin/tests/system/autosign/clean.sh b/bin/tests/system/autosign/clean.sh index f33a5524..1a00e773 100644 --- a/bin/tests/system/autosign/clean.sh +++ b/bin/tests/system/autosign/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.12 2011-07-08 01:43:26 each Exp $ +# $Id: clean.sh,v 1.13 2011-10-30 23:05:13 each Exp $ rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk rm -f active.key inact.key del.key unpub.key standby.key rev.key @@ -30,6 +30,7 @@ rm -f random.data rm -f ns1/root.db rm -f ns2/example.db rm -f ns2/private.secure.example.db ns2/bar.db +rm -f ns3/autonsec3.example.db rm -f ns3/nsec.example.db rm -f ns3/nsec3.example.db rm -f ns3/nsec3.nsec3.example.db @@ -49,3 +50,4 @@ rm -f ns3/prepub.example.db.in rm -f ns3/secure-to-insecure2.example.db rm -f ns3/nozsk.example.db ns3/inaczsk.example.db rm -f ns3/ttl*.db +rm -f signing.out.* diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2 index 59b51de7..fedbceb8 100644 --- a/bin/tests/system/checkconf/dnssec.2 +++ b/bin/tests/system/checkconf/dnssec.2 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.2,v 1.4 2011-05-08 07:12:47 marka Exp $ */ +/* $Id: dnssec.2,v 1.5 2011-11-07 00:14:11 marka Exp $ */ options { dnssec-enable no; @@ -29,3 +29,8 @@ view view2 { match-clients { none; }; dnssec-validation auto; }; + +view view3 { + match-clients { none; }; + auto-dnssec maintain; +}; diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3 index eebaced2..6aec354f 100644 --- a/bin/tests/system/checkconf/dnssec.3 +++ b/bin/tests/system/checkconf/dnssec.3 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.3,v 1.4 2011-05-08 07:12:48 marka Exp $ */ +/* $Id: dnssec.3,v 1.5 2011-11-07 00:14:11 marka Exp $ */ options { dnssec-validation no; @@ -29,3 +29,18 @@ view view2 { match-clients { none; }; dnssec-enable yes; }; + +view view3 { + match-clients { none; }; + dnssec-lookaside auto; +}; + +view view4 { + match-clients { none; }; + dnssec-lookaside no; +}; + +view view5 { + match-clients { none; }; + auto-dnssec off; +}; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 3b626d97..5bbe8bf7 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.7 2011-05-07 23:47:28 tbox Exp $ +# $Id: tests.sh,v 1.8 2011-11-07 00:14:11 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -43,6 +43,7 @@ status=`expr $status + $ret` echo "I: checking named-checkconf dnssec warnings" ret=0 $CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 +$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1 $CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1 $CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 # this one should have no warnings diff --git a/bin/tests/system/dlzexternal/Makefile.in b/bin/tests/system/dlzexternal/Makefile.in index 5565736a..21447a1d 100644 --- a/bin/tests/system/dlzexternal/Makefile.in +++ b/bin/tests/system/dlzexternal/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.3 2011-03-11 07:11:07 each Exp $ +# $Id: Makefile.in,v 1.4 2011-11-16 00:42:07 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -49,7 +49,7 @@ dlopen@EXEEXT@: ${DLOPENOBJS} -o $@ ${DLOPENOBJS} ${LIBS} driver.@SO@: ${SO_OBJS} - @SO_LD@ -o $@ driver.o + ${LIBTOOL_MODE_LINK} @SO_LD@ -o $@ driver.@O@ clean distclean:: rm -f ${TARGETS} diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 0e98ee7d..7e8d54da 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.44 2011-10-28 06:20:05 each Exp $ +# $Id: clean.sh,v 1.45 2011-10-30 23:11:24 each Exp $ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk @@ -28,6 +28,7 @@ rm -f ns3/expiring.example.db ns3/nosign.example.db rm -f ns2/private.secure.example.db rm -f ns2/badparam.db ns2/badparam.db.bad rm -f ns2/single-nsec3.db +rm -f ns2/nsec3chain-test.db rm -f */example.bk rm -f dig.out.* rm -f random.data diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index 679e426f..72099593 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db.in,v 1.30 2011-03-05 06:35:41 marka Exp $ +; $Id: example.db.in,v 1.31 2011-11-04 05:36:28 each Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -73,6 +73,10 @@ dynamic A 10.53.0.3 mustbesecure NS ns.mustbesecure ns.mustbesecure A 10.53.0.3 +; A subdomain with expired signatures +expired NS ns.expired +ns.expired A 10.53.0.3 + ; A rfc2535 signed zone w/ CNAME rfc2535 NS ns.rfc2535 ns.rfc2535 A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index e03de223..a41dbc83 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.49 2011-03-21 20:31:22 marka Exp $ +# $Id: sign.sh,v 1.50 2011-11-04 05:36:28 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -33,7 +33,7 @@ zonefile=example.db for subdomain in secure bogus dynamic keyless nsec3 optout nsec3-unknown \ optout-unknown multiple rsasha256 rsasha512 kskonly update-nsec3 \ auto-nsec auto-nsec3 secure.below-cname ttlpatch split-dnssec \ - split-smart + split-smart expired do cp ../ns3/dsset-$subdomain.example. . done diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 962226e5..053a0353 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.42 2011-05-23 20:10:02 each Exp $ +# $Id: sign.sh,v 1.43 2011-11-04 05:36:28 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -271,7 +271,7 @@ zonefile=expired.example.db kskname=`$KEYGEN -q -r $RANDFILE -fk $zone` zskname=`$KEYGEN -q -r $RANDFILE $zone` cat $infile $kskname.key $zskname.key >$zonefile -$SIGNER -P -r $RANDFILE -o $zone -s -3h -e +1h $zonefile > /dev/null 2>&1 +$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1 rm -f $kskname.* $zskname.* # diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index ae124415..74eaaa2e 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.101 2011-10-28 06:20:05 each Exp $ +# $Id: tests.sh,v 1.104 2011-11-07 23:16:31 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -86,6 +86,17 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +# test AD bit: +# - dig +noadflag +echo "I:checking that AD is not set without +adflag or +dnssec ($n)" +ret=0 +$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 +$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` echo "I:checking for AD in authoritative answer ($n)" ret=0 $DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 @@ -1094,6 +1105,18 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking dnssec-signzone output format ($n)" +ret=0 +( +cd signer +$SIGNER -O full -f - -Sxt -o example example.db > signer.out.3 2>&1 +$SIGNER -O text -f - -Sxt -o example example.db > signer.out.4 2>&1 +) || ret=1 +awk '/IN *SOA/ {if (NF != 11) exit(1)}' signer/signer.out.3 || ret=1 +awk '/IN *SOA/ {if (NF != 7) exit(1)}' signer/signer.out.4 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking validated data are not cached longer than originalttl ($n)" ret=0 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -1273,8 +1296,18 @@ status=`expr $status + $ret` echo "I:checking expired signatures remain with "'"allow-update { none; };"'" and no keys available ($n)" ret=0 -$DIG $DIGOPTS +noauth expired.example. +dnssec @10.53.0.3 soa > dig.out.ns2.test$n || ret=1 -grep "RRSIG.SOA" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +noauth expired.example. +dnssec @10.53.0.3 soa > dig.out.ns3.test$n || ret=1 +grep "RRSIG.SOA" dig.out.ns3.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi + +status=`expr $status + $ret` +echo "I:checking expired signatures do not validate ($n)" +ret=0 +$DIG $DIGOPTS +noauth expired.example. +dnssec @10.53.0.4 soa > dig.out.ns4.test$n || ret=1 +grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +grep "expired.example .*: RRSIG has expired" ns4/named.run > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index d3bd19d8..ddc42dff 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.5 2011-10-28 06:20:05 each Exp $ +# $Id: clean.sh,v 1.6 2011-10-30 22:59:45 each Exp $ rm -f */named.memstats rm -f */named.run @@ -32,6 +32,14 @@ rm -f ns3/noixfr.bk rm -f ns3/noixfr.bk.jnl rm -f ns3/noixfr.bk.signed rm -f ns3/noixfr.bk.signed.jnl +rm -f ns3/master.db +rm -f ns3/master.db.jnl +rm -f ns3/master.db.signed +rm -f ns3/master.db.signed.jnl +rm -f ns3/dynamic.db +rm -f ns3/dynamic.db.jnl +rm -f ns3/dynamic.db.signed +rm -f ns3/dynamic.db.signed.jnl rm -f ns4/K* rm -f ns4/noixfr.db rm -f ns4/noixfr.db.jnl @@ -41,6 +49,7 @@ rm -f ns5/bits.bk rm -f ns5/bits.bk.jnl rm -f ns5/bits.bk.signed rm -f ns5/bits.bk.signed.jnl +rm -f */*.jbk rm -f random.data rm -f dig.out.ns*.test* rm -f signing.out* diff --git a/bin/tests/system/limits/tests.sh b/bin/tests/system/limits/tests.sh index aa2f0d65..00697607 100644 --- a/bin/tests/system/limits/tests.sh +++ b/bin/tests/system/limits/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.17 2007-06-19 23:47:03 tbox Exp $ +# $Id: tests.sh,v 1.19 2011-11-04 23:46:15 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -43,13 +43,13 @@ $DIG +tcp +norec 4000.example. @10.53.0.1 a -p 5300 > dig.out.4000 || status=1 $PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1 echo "I:exactly maximum rrset" -$DIG +tcp +norec a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \ +$DIG +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \ || status=1 #dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset $PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1 echo "I:exceed maximum rrset (5000 A records)" -$DIG +tcp +norec 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1 +$DIG +tcp +norec +noadd 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1 # Look for truncation bit (tc). grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || { echo "I:TC bit was not set" diff --git a/bin/tests/system/masterformat/clean.sh b/bin/tests/system/masterformat/clean.sh index f78832fc..23319389 100755 --- a/bin/tests/system/masterformat/clean.sh +++ b/bin/tests/system/masterformat/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.7 2011-10-26 23:46:14 tbox Exp $ +# $Id: clean.sh,v 1.8 2011-10-30 22:55:12 each Exp $ rm -f named-compilezone rm -f ns1/example.db.raw @@ -23,3 +23,4 @@ rm -f dig.out.* rm -f */named.memstats rm -f ns2/transfer.db.* rm -f ns2/formerly-text.db +rm -f ns2/db-* diff --git a/bin/tests/system/rpz/ns3/crash2 b/bin/tests/system/rpz/ns3/crash2 index 72ed4a10..11030e7e 100644 --- a/bin/tests/system/rpz/ns3/crash2 +++ b/bin/tests/system/rpz/ns3/crash2 @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: crash2,v 1.2 2011-10-28 11:46:50 marka Exp $ +; $Id: crash2,v 1.3 2011-11-18 19:32:13 each Exp $ ; a valid zone containing records that caused crashes @@ -23,3 +23,6 @@ ns A 10.53.0.3 ; #18 in test1, crashed new ASSERT() in rbtdb.c c1 A 172.16.1.1 + +; #16 in test2, crashed new ASSERT() in rbtdb.c +c2 A 172.16.1.16 diff --git a/bin/tests/system/rpz/test2 b/bin/tests/system/rpz/test2 index 6d18ab97..00f5bc1b 100644 --- a/bin/tests/system/rpz/test2 +++ b/bin/tests/system/rpz/test2 @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test2,v 1.5 2011-10-13 01:32:32 vjs Exp $ +; $Id: test2,v 1.6 2011-11-18 19:32:13 each Exp $ ; Use comment lines instead of blank lines to combine update requests into @@ -53,6 +53,10 @@ send ; prefer QNAME to IP for a5-4.tld2 update add 32.4.5.168.192.rpz-ip.bl 300 CNAME a12.tld2. update add a5-4.tld2.bl 300 CNAME a14.tld4. - -; wildcard CNAMEs -;update add +; +; assert in rbtdb.c +; 16 +update add 32.16.1.16.172.rpz-ip.bl 300 CNAME . +send +update add c2.crash2.tld3.bl-2 300 A 127.0.0.16 +send diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 5901e62b..75ce53a4 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.9 2011-10-28 11:46:50 marka Exp $ +# $Id: tests.sh,v 1.10 2011-11-18 19:32:13 each Exp $ # test response policy zones (RPZ) @@ -231,6 +231,7 @@ nochange a4-1-aaaa.tld2 -tAAAA addr 127.0.0.1 a5-1-2.tld2 # 11 prefer smallest policy address addr 127.0.0.1 a5-3.tld2 # 12 prefer first conflicting IP zone addr 14.14.14.14 a5-4.tld2 # 13 prefer QNAME to IP +nxdomain c2.crash2.tld3 # 16 assert in rbtdb.c end_group # check that IP addresses for previous group were deleted from the radix tree diff --git a/bin/tests/system/runall.sh b/bin/tests/system/runall.sh index c427aa9a..460d5713 100644 --- a/bin/tests/system/runall.sh +++ b/bin/tests/system/runall.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: runall.sh,v 1.10 2010-03-04 23:50:34 tbox Exp $ +# $Id: runall.sh,v 1.12 2011-11-01 23:47:00 tbox Exp $ # # Run all the system tests. @@ -26,13 +26,14 @@ SYSTEMTESTTOP=. status=0 -for d in $SUBDIRS -do - sh run.sh $d || status=1 -done +{ + for d in $SUBDIRS + do + sh run.sh $d || status=1 + done -$PERL testsock.pl || { - cat <<EOF >&2 + $PERL testsock.pl || { + cat <<EOF >&2 I: I:NOTE: Many of the tests were skipped because they require that I: the IP addresses 10.53.0.1 through 10.53.0.7 are configured @@ -40,7 +41,11 @@ I: as alias addresses on the loopback interface. Please run I: "bin/tests/system/ifconfig.sh up" as root to configure them I: and rerun the tests. EOF - exit 0; -} + exit 0; + } +} | tee "systests.output" + +echo "I:System test result summary:" +grep '^R:' systests.output | sort | uniq -c | sed -e 's/^/I: /' -e 's/R://' exit $status diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh index 8f868095..845686b0 100644 --- a/bin/tests/system/smartsign/tests.sh +++ b/bin/tests/system/smartsign/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.18 2011-10-25 03:57:08 marka Exp $ +# $Id: tests.sh,v 1.19 2011-11-02 13:59:07 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -109,7 +109,11 @@ echo "$pzoneout" | grep 'KSKs: 1 active, 0 stand-by, 0 revoked' > /dev/null || r echo "$pzoneout" | grep 'ZSKs: 1 active, 0 present, 0 revoked' > /dev/null || ret=1 echo "$czoneout" | grep 'KSKs: 1 active, 1 stand-by, 1 revoked' > /dev/null || ret=1 echo "$czoneout" | grep 'ZSKs: 1 active, 2 present, 0 revoked' > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then + echo "I: parent $pzoneout" + echo "I: child $czoneout" + echo "I:failed"; +fi status=`expr $status + $ret` echo "I:checking parent zone DNSKEY set" diff --git a/bin/tests/system/stub/tests.sh b/bin/tests/system/stub/tests.sh index 536d070c..ad42a5dd 100644 --- a/bin/tests/system/stub/tests.sh +++ b/bin/tests/system/stub/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.14 2007-06-19 23:47:05 tbox Exp $ +# $Id: tests.sh,v 1.16 2011-11-02 23:46:24 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -23,17 +23,29 @@ SYSTEMTESTTOP=.. status=0 echo "I:trying an axfr that should be denied (NOTAUTH)" -$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1 -grep "; Transfer failed." dig.out.ns3 > /dev/null || status=1 +ret=0 +$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1 +grep "; Transfer failed." dig.out.ns3 > /dev/null || ret=1 +[ $ret = 0 ] || { status=1; echo "I:failed"; } echo "I:look for stub zone data without recursion (should not be found)" -$DIG +tcp +norec data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 \ - || status=1 -$PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || status=1 +for i in 1 2 3 4 5 6 7 8 9 +do + ret=0 + $DIG +tcp +norec data.child.example. \ + @10.53.0.3 txt -p 5300 > dig.out.ns3 || ret=1 + grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 + [ $ret = 0 ] && break + sleep 1 +done +$PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || ret=1 +[ $ret = 0 ] || { status=1; echo "I:failed"; } echo "I:look for stub zone data with recursion (should be found)" -$DIG +tcp data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 || status=1 -$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || status=1 +ret=0 +$DIG +tcp data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 || ret=1 +$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || ret=1 +[ $ret = 0 ] || { status=1; echo "I:failed"; } echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh index 5d672d6e..700f567a 100644 --- a/bin/tests/system/tkey/clean.sh +++ b/bin/tests/system/tkey/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,9 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.6 2007-09-26 03:22:44 marka Exp $ +# $Id: clean.sh,v 1.8 2011-11-03 23:46:26 tbox Exp $ rm -f dig.out.* random.data ns1/named.conf rm -f K* ns1/K* rm -f */named.memstats +rm -f rndc.out diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in index ad3869df..3e80ed7e 100644 --- a/bin/tests/system/tkey/ns1/named.conf.in +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf.in,v 1.8 2009-01-30 23:47:50 tbox Exp $ */ +/* $Id: named.conf.in,v 1.10 2011-11-03 23:46:26 tbox Exp $ */ controls { /* empty */ }; @@ -34,6 +34,15 @@ options { allow-query-cache { any; }; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + key "tkeytest." { algorithm hmac-md5; secret "0123456789ab"; diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh index ae6adda9..d39d39fa 100644 --- a/bin/tests/system/tkey/tests.sh +++ b/bin/tests/system/tkey/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.9 2009-07-19 23:47:55 tbox Exp $ +# $Id: tests.sh,v 1.11 2011-11-03 23:46:26 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -79,5 +79,34 @@ do status=`expr $status + $ret` done +echo "I:creating new key using owner name bar.example." +ret=0 +keyname=`./keycreate $dhkeyname bar.example.` || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" + echo "I:exit status: $status" + exit $status +fi +status=`expr $status + $ret` + +echo "I:checking the key with 'rndc tsig-list'" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out +grep "key \"bar.example.server" rndc.out > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:deleting the key with 'rndc tsig-delete'" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out +grep "key \"bar.example.server" rndc.out > /dev/null && ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh index 0f50c796..95f3118c 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2005-2007, 2011 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5 2007-06-19 23:47:06 tbox Exp $ +# $Id: tests.sh,v 1.7 2011-11-06 23:46:40 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -213,6 +213,15 @@ if [ $ret -eq 1 ] ; then echo "I: failed"; status=1 fi +echo "I:attempting fetch with bad tsig algorithm" +ret=0 +$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + -y "badalgo:invalid:$sha512" @10.53.0.1 soa -p 5300 > dig.out.badalgo 2>&1 || ret=1 +grep -i "Couldn't create key invalid: algorithm is unsupported" dig.out.badalgo > /dev/null || ret=1 +if [ $ret -eq 1 ] ; then + echo "I: failed"; status=1 +fi + exit $status diff --git a/bin/tests/system/tsiggss/clean.sh b/bin/tests/system/tsiggss/clean.sh index eeb9aab5..e67d0b9c 100644 --- a/bin/tests/system/tsiggss/clean.sh +++ b/bin/tests/system/tsiggss/clean.sh @@ -8,4 +8,5 @@ rm -f ns1/*.db ns1/K*.key ns1/K*.private rm -f ns1/_default.tsigkeys rm -f */named.memstats rm -f authsock.pid +rm -f random.data rm -f ns1/core diff --git a/bin/tests/system/unknown/ns1/example-in.db b/bin/tests/system/unknown/ns1/example-in.db index 3c5e4924..b6950dfb 100644 --- a/bin/tests/system/unknown/ns1/example-in.db +++ b/bin/tests/system/unknown/ns1/example-in.db @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2000, 2001 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example-in.db,v 1.7 2007-06-19 23:47:06 tbox Exp $ +; $Id: example-in.db,v 1.9 2011-11-02 23:46:24 tbox Exp $ $TTL 300 ; 5 minutes @ SOA mname1. . ( @@ -39,6 +39,9 @@ a10 IN TYPE1 \# 4 0A000001 a11 IN TYPE1 \# 4 0a000001 a12 IN A \# 4 0A000001 +null IN NULL \# 1 00 +empty IN NULL \# 0 + txt1 IN TXT "hello" txt2 CLASS1 TXT "hello" txt3 IN TYPE16 "hello" diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh index 20e8ff65..2967a585 100644 --- a/bin/tests/system/unknown/tests.sh +++ b/bin/tests/system/unknown/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.10 2007-06-19 23:47:06 tbox Exp $ +# $Id: tests.sh,v 1.12 2011-11-02 23:46:24 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -63,6 +63,20 @@ do status=`expr $status + $ret` done +echo "I:querying for NULL record" +ret=0 +$DIG +short $DIGOPTS null.example null in > dig.out || ret=1 +echo '\# 1 00' | diff - dig.out || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + +echo "I:querying for empty NULL record" +ret=0 +$DIG +short $DIGOPTS empty.example null in > dig.out || ret=1 +echo '\# 0' | diff - dig.out || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + echo "I:querying for various representations of a CLASS10 TYPE1 record" for i in 1 2 do diff --git a/bin/tests/system/upforwd/clean.sh b/bin/tests/system/upforwd/clean.sh index c7acb9bc..f18a1054 100644 --- a/bin/tests/system/upforwd/clean.sh +++ b/bin/tests/system/upforwd/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.9 2007-09-26 03:22:44 marka Exp $ +# $Id: clean.sh,v 1.11 2011-10-30 23:46:15 tbox Exp $ # # Clean up after zone transfer tests. @@ -23,4 +23,5 @@ rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1 dig.out.ns3 dig.out.ns1.after rm -f ns1/*.jnl ns2/*.jnl ns3/*.jnl ns1/example.db ns2/*.bk ns3/*.bk +rm -f ns3/nomaster1.db rm -f */named.memstats diff --git a/bin/tools/nsec3hash.c b/bin/tools/nsec3hash.c index 0e2a910c..137ccc72 100644 --- a/bin/tools/nsec3hash.c +++ b/bin/tools/nsec3hash.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec3hash.c,v 1.6 2009-10-06 21:20:44 each Exp $ */ +/* $Id: nsec3hash.c,v 1.8 2011-11-02 23:46:24 tbox Exp $ */ #include <config.h> @@ -60,7 +60,8 @@ check_result(isc_result_t result, const char *message) { static void usage() { - fatal("salt hash iterations domain"); + printf("Usage: %s salt algorithm iterations domain\n", program); + exit(1); } int diff --git a/bin/win32/BINDInstall/StdAfx.h b/bin/win32/BINDInstall/StdAfx.h index d5929bba..9ed780d8 100644 --- a/bin/win32/BINDInstall/StdAfx.h +++ b/bin/win32/BINDInstall/StdAfx.h @@ -3,6 +3,11 @@ // are changed infrequently // +/* + * Minimum version is Windows XP + */ +#define _WIN32_WINNT 0x0501 + #ifndef _CRT_SECURE_NO_DEPRECATE #define _CRT_SECURE_NO_DEPRECATE 1 #endif |