+# Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+#

+# Permission to use, copy, modify, and/or distribute this software for any

+# purpose with or without fee is hereby granted, provided that the above

+# copyright notice and this permission notice appear in all copies.

+#

+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+# PERFORMANCE OF THIS SOFTWARE.

+

+# $Id: Makefile.in,v 1.13 2010-01-07 23:48:53 tbox Exp $

+

+srcdir = @srcdir@

+VPATH = @srcdir@

+top_srcdir = @top_srcdir@

+

+@BIND9_MAKE_INCLUDES@

+

+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \

+ ${LWRES_INCLUDES} ${OMAPI_INCLUDES}

+

+CDEFINES =

+CWARNINGS =

+

+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

+ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@

+ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@

+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@

+LWRESLIBS = ../../lib/lwres/liblwres.@A@

+

+DNSDEPLIBS = ../../lib/dns/libdns.@A@

+ISCDEPLIBS = ../../lib/isc/libisc.@A@

+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@

+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@

+

+LIBS = ${ISCLIBS} @LIBS@

+NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@

+

+SUBDIRS =

+

+TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ nsec3hash@EXEEXT@ \

+ genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@

+SRCS = arpaname.c named-journalprint.c nsec3hash.c genrandom.c \

+ isc-hmac-fixup.c

+

+MANPAGES = arpaname.1 named-journalprint.8 nsec3hash.8 genrandom.8 \

+ isc-hmac-fixup.8

+HTMLPAGES = arpaname.html named-journalprint.html nsec3hash.html \

+ genrandom.html isc-hmac-fixup.html

+MANOBJS = ${MANPAGES} ${HTMLPAGES}

+

+@BIND9_MAKE_RULES@

+

+arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}

+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ arpaname.@O@ \

+ ${ISCLIBS} ${LIBS}

+

+named-journalprint@EXEEXT@: named-journalprint.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}

+ export BASEOBJS="named-journalprint.@O@"; \

+ export LIBS0="${DNSLIBS}"; \

+ ${FINALBUILDCMD}

+

+nsec3hash@EXEEXT@: nsec3hash.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}

+ export BASEOBJS="nsec3hash.@O@"; \

+ export LIBS0="${DNSLIBS}"; \

+ ${FINALBUILDCMD}

+

+isc-hmac-fixup@EXEEXT@: isc-hmac-fixup.@O@ ${ISCDEPLIBS}

+ export BASEOBJS="isc-hmac-fixup.@O@"; \

+ export LIBS0="${ISCLIBS}"; \

+ ${FINALBUILDCMD}

+

+genrandom@EXEEXT@: genrandom.@O@

+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS}

+

+doc man:: ${MANOBJS}

+

+docclean manclean maintainer-clean::

+ rm -f ${MANOBJS}

+

+installdirs:

+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}

+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1

+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8

+

+install:: ${TARGETS} installdirs

+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} arpaname@EXEEXT@ ${DESTDIR}${sbindir}

+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-journalprint@EXEEXT@ ${DESTDIR}${sbindir}

+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsec3hash@EXEEXT@ ${DESTDIR}${sbindir}

+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} genrandom@EXEEXT@ ${DESTDIR}${sbindir}

+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} isc-hmac-fixup@EXEEXT@ ${DESTDIR}${sbindir}

+ ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1

+ ${INSTALL_DATA} ${srcdir}/isc-hmac-fixup.8 ${DESTDIR}${mandir}/man8

+ ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8

+ ${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8

+ ${INSTALL_DATA} ${srcdir}/genrandom.8 ${DESTDIR}${mandir}/man8

+

+clean distclean::

+ rm -f ${TARGETS}

+.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+.\"

+.\" Permission to use, copy, modify, and/or distribute this software for any

+.\" purpose with or without fee is hereby granted, provided that the above

+.\" copyright notice and this permission notice appear in all copies.

+.\"

+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+.\" PERFORMANCE OF THIS SOFTWARE.

+.\"

+.\" $Id: arpaname.1,v 1.4 2010-05-19 01:14:14 tbox Exp $

+.\"

+.hy 0

+.ad l

+.\" Title: arpaname

+.\" Author:

+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>

+.\" Date: March 4, 2009

+.\" Manual: BIND9

+.\" Source: BIND9

+.\"

+.TH "ARPANAME" "1" "March 4, 2009" "BIND9" "BIND9"

+.\" disable hyphenation

+.nh

+.\" disable justification (adjust text to left margin only)

+.ad l

+.SH "NAME"

+arpaname \- translate IP addresses to the corresponding ARPA names

+.SH "SYNOPSIS"

+.HP 9

+\fBarpaname\fR {\fIipaddress\ \fR...}

+.SH "DESCRIPTION"

+.PP

+\fBarpaname\fR

+translates IP addresses (IPv4 and IPv6) to the corresponding IN\-ADDR.ARPA or IP6.ARPA names.

+.SH "SEE ALSO"

+.PP

+BIND 9 Administrator Reference Manual.

+.SH "AUTHOR"

+.PP

+Internet Systems Consortium

+.SH "COPYRIGHT"

+Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")

+.br

+/*

+ * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ *

+ * Permission to use, copy, modify, and/or distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ * PERFORMANCE OF THIS SOFTWARE.

+ */

+

+/* $Id: arpaname.c,v 1.4 2009-10-27 03:05:33 marka Exp $ */

+

+#include "config.h"

+

+#include <isc/net.h>

+

+#include <stdio.h>

+

+#define UNUSED(x) (void)(x)

+

+int

+main(int argc, char *argv[]) {

+ unsigned char buf[16];

+ int i;

+

+ UNUSED(argc);

+

+ while (argv[1]) {

+ if (inet_pton(AF_INET6, argv[1], buf) == 1) {

+ for (i = 15; i >= 0; i--)

+ fprintf(stdout, "%X.%X.", buf[i] & 0xf,

+ (buf[i] >> 4) & 0xf);

+ fprintf(stdout, "IP6.ARPA\n");

+ argv++;

+ continue;

+ }

+ if (inet_pton(AF_INET, argv[1], buf) == 1) {

+ fprintf(stdout, "%u.%u.%u.%u.IN-ADDR.ARPA\n",

+ buf[3], buf[2], buf[1], buf[0]);

+ argv++;

+ continue;

+ }

+ return (1);

+ }

+ fflush(stdout);

+ return(ferror(stdout));

+}

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "&#8212;">]>

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+

+<!-- $Id: arpaname.docbook,v 1.1 2009-03-04 01:30:27 marka Exp $ -->

+<refentry id="man.arpaname">

+ <refentryinfo>

+ <date>March 4, 2009</date>

+ </refentryinfo>

+

+ <refmeta>

+ <refentrytitle><application>arpaname</application></refentrytitle>

+ <manvolnum>1</manvolnum>

+ <refmiscinfo>BIND9</refmiscinfo>

+ </refmeta>

+

+ <refnamediv>

+ <refname><application>arpaname</application></refname>

+ <refpurpose>translate IP addresses to the corresponding ARPA names</refpurpose>

+ </refnamediv>

+

+ <docinfo>

+ <copyright>

+ <year>2009</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ </docinfo>

+

+ <refsynopsisdiv>

+ <cmdsynopsis>

+ <command>arpaname</command>

+ <arg choice="req" rep="repeat"><replaceable class="parameter">ipaddress </replaceable></arg>

+ </cmdsynopsis>

+ </refsynopsisdiv>

+

+ <refsect1>

+ <title>DESCRIPTION</title>

+ <para>

+ <command>arpaname</command> translates IP addresses (IPv4 and

+ IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>SEE ALSO</title>

+ <para>

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>AUTHOR</title>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

+ </para>

+ </refsect1>

+

+</refentry><!--

+ - Local variables:

+ - mode: sgml

+ - End:

+-->

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+<!-- $Id: arpaname.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ -->

+<html>

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

+<title>arpaname</title>

+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

+</head>

+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">

+<a name="man.arpaname"></a><div class="titlepage"></div>

+<div class="refnamediv">

+<h2>Name</h2>

+<p><span class="application">arpaname</span> &#8212; translate IP addresses to the corresponding ARPA names</p>

+</div>

+<div class="refsynopsisdiv">

+<h2>Synopsis</h2>

+<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543345"></a><h2>DESCRIPTION</h2>

+<p>

+ <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and

+ IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543357"></a><h2>SEE ALSO</h2>

+<p>

+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543371"></a><h2>AUTHOR</h2>

+<p><span class="corpauthor">Internet Systems Consortium</span>

+ </p>

+</div>

+</div></body>

+</html>

+.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+.\"

+.\" Permission to use, copy, modify, and/or distribute this software for any

+.\" purpose with or without fee is hereby granted, provided that the above

+.\" copyright notice and this permission notice appear in all copies.

+.\"

+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+.\" PERFORMANCE OF THIS SOFTWARE.

+.\"

+.\" $Id: genrandom.8,v 1.8 2010-05-19 01:14:14 tbox Exp $

+.\"

+.hy 0

+.ad l

+.\" Title: genrandom

+.\" Author:

+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>

+.\" Date: Feb 19, 2009

+.\" Manual: BIND9

+.\" Source: BIND9

+.\"

+.TH "GENRANDOM" "8" "Feb 19, 2009" "BIND9" "BIND9"

+.\" disable hyphenation

+.nh

+.\" disable justification (adjust text to left margin only)

+.ad l

+.SH "NAME"

+genrandom \- generate a file containing random data

+.SH "SYNOPSIS"

+.HP 10

+\fBgenrandom\fR [\fB\-n\ \fR\fB\fInumber\fR\fR] {\fIsize\fR} {\fIfilename\fR}

+.SH "DESCRIPTION"

+.PP

+\fBgenrandom\fR

+generates a file or a set of files containing a specified quantity of pseudo\-random data, which can be used as a source of entropy for other commands on systems with no random device.

+.SH "ARGUMENTS"

+.PP

+\-n \fInumber\fR

+.RS 4

+In place of generating one file, generates

+\fBnumber\fR

+(from 2 to 9) files, appending

+\fBnumber\fR

+to the name.

+.RE

+.PP

+size

+.RS 4

+The size of the file, in kilobytes, to generate.

+.RE

+.PP

+domain

+.RS 4

+The file name into which random data should be written.

+.RE

+.SH "SEE ALSO"

+.PP

+\fBrand\fR(3),

+\fBarc4random\fR(3)

+.SH "AUTHOR"

+.PP

+Internet Systems Consortium

+.SH "COPYRIGHT"

+Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+.br

+/*

+ * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+ * Copyright (C) 2000-2003 Internet Software Consortium.

+ *

+ * Permission to use, copy, modify, and/or distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ * PERFORMANCE OF THIS SOFTWARE.

+ */

+

+/* $Id: genrandom.c,v 1.7 2010-05-17 23:51:04 tbox Exp $ */

+

+/*! \file */

+#include <config.h>

+

+#include <isc/commandline.h>

+#include <isc/print.h>

+#include <isc/stdlib.h>

+#include <isc/util.h>

+

+#include <stdio.h>

+#include <string.h>

+

+const char *program = "genrandom";

+

+ISC_PLATFORM_NORETURN_PRE static void

+usage(void) ISC_PLATFORM_NORETURN_POST;

+

+static void

+usage(void) {

+ fprintf(stderr, "usage: %s [-n 2..9] k file\n", program);

+ exit(1);

+}

+

+static void

+generate(char *filename, unsigned int bytes) {

+ FILE *fp;

+

+ fp = fopen(filename, "w");

+ if (fp == NULL) {

+ printf("failed to open %s\n", filename);

+ exit(1);

+ }

+

+ while (bytes > 0) {

+#ifndef HAVE_ARC4RANDOM

+ unsigned short int x = (rand() & 0xFFFF);

+#else

+ unsigned short int x = (arc4random() & 0xFFFF);

+#endif

+ unsigned char c = x & 0xFF;

+ if (putc(c, fp) == EOF) {

+ printf("error writing to %s\n", filename);

+ exit(1);

+ }

+ c = x >> 8;

+ if (putc(c, fp) == EOF) {

+ printf("error writing to %s\n", filename);

+ exit(1);

+ }

+ bytes -= 2;

+ }

+ fclose(fp);

+}

+

+int

+main(int argc, char **argv) {

+ unsigned int bytes;

+ unsigned int k;

+ char *endp;

+ int c, i, n = 1;

+ size_t len;

+ char *name;

+

+ isc_commandline_errprint = ISC_FALSE;

+

+ while ((c = isc_commandline_parse(argc, argv, "hn:")) != EOF) {

+ switch (c) {

+ case 'n':

+ n = strtol(isc_commandline_argument, &endp, 10);

+ if ((*endp != 0) || (n <= 1) || (n > 9))

+ usage();

+ break;

+

+ case '?':

+ if (isc_commandline_option != '?')

+ fprintf(stderr, "%s: invalid argument -%c\n",

+ program, isc_commandline_option);

+ case 'h':

+ usage();

+

+ default:

+ fprintf(stderr, "%s: unhandled option -%c\n",

+ program, isc_commandline_option);

+ exit(1);

+ }

+ }

+

+ if (isc_commandline_index + 2 != argc)

+ usage();

+

+ k = strtoul(argv[isc_commandline_index++], &endp, 10);

+ if (*endp != 0)

+ usage();

+ bytes = k << 10;

+

+#ifndef HAVE_ARC4RANDOM

+ srand(0x12345678);

+#endif

+ if (n == 1) {

+ generate(argv[isc_commandline_index], bytes);

+ return (0);

+ }

+

+ len = strlen(argv[isc_commandline_index]) + 2;

+ name = (char *) malloc(len);

+ if (name == NULL) {

+ perror("malloc");

+ exit(1);

+ }

+

+ for (i = 1; i <= n; i++) {

+ snprintf(name, len, "%s%d", argv[isc_commandline_index], i);

+ generate(name, bytes);

+ }

+ free(name);

+

+ return (0);

+}

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "&#8212;">]>

+<!--

+ - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+

+<!-- $Id: genrandom.docbook,v 1.6 2010-05-17 23:51:05 tbox Exp $ -->

+<refentry id="man.genrandom">

+ <refentryinfo>

+ <date>Feb 19, 2009</date>

+ </refentryinfo>

+

+ <refmeta>

+ <refentrytitle><application>genrandom</application></refentrytitle>

+ <manvolnum>8</manvolnum>

+ <refmiscinfo>BIND9</refmiscinfo>

+ </refmeta>

+

+ <refnamediv>

+ <refname><application>genrandom</application></refname>

+ <refpurpose>generate a file containing random data</refpurpose>

+ </refnamediv>

+

+ <docinfo>

+ <copyright>

+ <year>2009</year>

+ <year>2010</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ </docinfo>

+

+ <refsynopsisdiv>

+ <cmdsynopsis>

+ <command>genrandom</command>

+ <arg><option>-n <replaceable class="parameter">number</replaceable></option></arg>

+ <arg choice="req"><replaceable class="parameter">size</replaceable></arg>

+ <arg choice="req"><replaceable class="parameter">filename</replaceable></arg>

+ </cmdsynopsis>

+ </refsynopsisdiv>

+

+ <refsect1>

+ <title>DESCRIPTION</title>

+ <para>

+ <command>genrandom</command>

+ generates a file or a set of files containing a specified quantity

+ of pseudo-random data, which can be used as a source of entropy for

+ other commands on systems with no random device.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>ARGUMENTS</title>

+ <variablelist>

+ <varlistentry>

+ <term>-n <replaceable class="parameter">number</replaceable></term>

+ <listitem>

+ <para>

+ In place of generating one file, generates <option>number</option>

+ (from 2 to 9) files, appending <option>number</option> to the name.

+ </para>

+ </listitem>

+ </varlistentry>

+

+ <varlistentry>

+ <term>size</term>

+ <listitem>

+ <para>

+ The size of the file, in kilobytes, to generate.

+ </para>

+ </listitem>

+ </varlistentry>

+

+ <varlistentry>

+ <term>domain</term>

+ <listitem>

+ <para>

+ The file name into which random data should be written.

+ </para>

+ </listitem>

+ </varlistentry>

+ </variablelist>

+ </refsect1>

+

+ <refsect1>

+ <title>SEE ALSO</title>

+ <para>

+ <citerefentry>

+ <refentrytitle>rand</refentrytitle><manvolnum>3</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>arc4random</refentrytitle><manvolnum>3</manvolnum>

+ </citerefentry>

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>AUTHOR</title>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

+ </para>

+ </refsect1>

+

+</refentry><!--

+ - Local variables:

+ - mode: sgml

+ - End:

+-->

+<!--

+ - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+<!-- $Id: genrandom.html,v 1.8 2010-05-19 01:14:14 tbox Exp $ -->

+<html>

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

+<title>genrandom</title>

+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

+</head>

+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">

+<a name="man.genrandom"></a><div class="titlepage"></div>

+<div class="refnamediv">

+<h2>Name</h2>

+<p><span class="application">genrandom</span> &#8212; generate a file containing random data</p>

+</div>

+<div class="refsynopsisdiv">

+<h2>Synopsis</h2>

+<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543363"></a><h2>DESCRIPTION</h2>

+<p>

+ <span><strong class="command">genrandom</strong></span>

+ generates a file or a set of files containing a specified quantity

+ of pseudo-random data, which can be used as a source of entropy for

+ other commands on systems with no random device.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543376"></a><h2>ARGUMENTS</h2>

+<div class="variablelist"><dl>

+<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>

+<dd><p>

+ In place of generating one file, generates <code class="option">number</code>

+ (from 2 to 9) files, appending <code class="option">number</code> to the name.

+ </p></dd>

+<dt><span class="term">size</span></dt>

+<dd><p>

+ The size of the file, in kilobytes, to generate.

+ </p></dd>

+<dt><span class="term">domain</span></dt>

+<dd><p>

+ The file name into which random data should be written.

+ </p></dd>

+</dl></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543436"></a><h2>SEE ALSO</h2>

+<p>

+ <span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,

+ <span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543463"></a><h2>AUTHOR</h2>

+<p><span class="corpauthor">Internet Systems Consortium</span>

+ </p>

+</div>

+</div></body>

+</html>

+.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")

+.\"

+.\" Permission to use, copy, modify, and/or distribute this software for any

+.\" purpose with or without fee is hereby granted, provided that the above

+.\" copyright notice and this permission notice appear in all copies.

+.\"

+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+.\" PERFORMANCE OF THIS SOFTWARE.

+.\"

+.\" $Id: isc-hmac-fixup.8,v 1.4 2010-05-19 01:14:14 tbox Exp $

+.\"

+.hy 0

+.ad l

+.\" Title: isc\-hmac\-fixup

+.\" Author:

+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>

+.\" Date: January 5, 2010

+.\" Manual: BIND9

+.\" Source: BIND9

+.\"

+.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9"

+.\" disable hyphenation

+.nh

+.\" disable justification (adjust text to left margin only)

+.ad l

+.SH "NAME"

+isc\-hmac\-fixup \- fixes HMAC keys generated by older versions of BIND

+.SH "SYNOPSIS"

+.HP 15

+\fBisc\-hmac\-fixup\fR {\fIalgorithm\fR} {\fIsecret\fR}

+.SH "DESCRIPTION"

+.PP

+Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations.

+.PP

+This bug has been fixed in BIND 9.7. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys.

+\fBisc\-hmac\-fixup\fR

+modifies those keys to restore compatibility.

+.PP

+To modify a key, run

+\fBisc\-hmac\-fixup\fR

+and specify the key's algorithm and secret on the command line. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret. (If the secret did not require conversion, then it will be printed without modification.)

+.SH "SECURITY CONSIDERATIONS"

+.PP

+Secrets that have been converted by

+\fBisc\-hmac\-fixup\fR

+are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength."

+.SH "SEE ALSO"

+.PP

+BIND 9 Administrator Reference Manual,

+RFC 2104.

+.SH "AUTHOR"

+.PP

+Internet Systems Consortium

+.SH "COPYRIGHT"

+Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")

+.br

+/*

+ * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")

+ *

+ * Permission to use, copy, modify, and/or distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ * PERFORMANCE OF THIS SOFTWARE.

+ */

+

+/* $Id: isc-hmac-fixup.c,v 1.4 2010-03-10 02:17:52 marka Exp $ */

+

+#include <config.h>

+

+#include <isc/base64.h>

+#include <isc/buffer.h>

+#include <isc/md5.h>

+#include <isc/region.h>

+#include <isc/result.h>

+#include <isc/sha1.h>

+#include <isc/sha2.h>

+#include <isc/stdio.h>

+#include <isc/string.h>

+

+#define HMAC_LEN 64

+

+int

+main(int argc, char **argv) {

+ isc_buffer_t buf;

+ unsigned char key[1024];

+ char secret[1024];

+ char base64[(1024*4)/3];

+ isc_region_t r;

+ isc_result_t result;

+

+ if (argc != 3) {

+ fprintf(stderr, "Usage:\t%s algorithm secret\n", argv[0]);

+ fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | "

+ "SHA256 | SHA384 | SHA512)\n");

+ return (1);

+ }

+

+ isc_buffer_init(&buf, secret, sizeof(secret));

+ result = isc_base64_decodestring(argv[2], &buf);

+ if (result != ISC_R_SUCCESS) {

+ fprintf(stderr, "error: %s\n", isc_result_totext(result));

+ return (1);

+ }

+ isc__buffer_usedregion(&buf, &r);

+

+ if (!strcasecmp(argv[1], "md5") ||

+ !strcasecmp(argv[1], "hmac-md5")) {

+ if (r.length > HMAC_LEN) {

+ isc_md5_t md5ctx;

+ isc_md5_init(&md5ctx);

+ isc_md5_update(&md5ctx, r.base, r.length);

+ isc_md5_final(&md5ctx, key);

+

+ r.base = key;

+ r.length = ISC_MD5_DIGESTLENGTH;

+ }

+ } else if (!strcasecmp(argv[1], "sha1") ||

+ !strcasecmp(argv[1], "hmac-sha1")) {

+ if (r.length > ISC_SHA1_DIGESTLENGTH) {

+ isc_sha1_t sha1ctx;

+ isc_sha1_init(&sha1ctx);

+ isc_sha1_update(&sha1ctx, r.base, r.length);

+ isc_sha1_final(&sha1ctx, key);

+

+ r.base = key;

+ r.length = ISC_SHA1_DIGESTLENGTH;

+ }

+ } else if (!strcasecmp(argv[1], "sha224") ||

+ !strcasecmp(argv[1], "hmac-sha224")) {

+ if (r.length > ISC_SHA224_DIGESTLENGTH) {

+ isc_sha224_t sha224ctx;

+ isc_sha224_init(&sha224ctx);

+ isc_sha224_update(&sha224ctx, r.base, r.length);

+ isc_sha224_final(key, &sha224ctx);

+

+ r.base = key;

+ r.length = ISC_SHA224_DIGESTLENGTH;

+ }

+ } else if (!strcasecmp(argv[1], "sha256") ||

+ !strcasecmp(argv[1], "hmac-sha256")) {

+ if (r.length > ISC_SHA256_DIGESTLENGTH) {

+ isc_sha256_t sha256ctx;

+ isc_sha256_init(&sha256ctx);

+ isc_sha256_update(&sha256ctx, r.base, r.length);

+ isc_sha256_final(key, &sha256ctx);

+

+ r.base = key;

+ r.length = ISC_SHA256_DIGESTLENGTH;

+ }

+ } else if (!strcasecmp(argv[1], "sha384") ||

+ !strcasecmp(argv[1], "hmac-sha384")) {

+ if (r.length > ISC_SHA384_DIGESTLENGTH) {

+ isc_sha384_t sha384ctx;

+ isc_sha384_init(&sha384ctx);

+ isc_sha384_update(&sha384ctx, r.base, r.length);

+ isc_sha384_final(key, &sha384ctx);

+

+ r.base = key;

+ r.length = ISC_SHA384_DIGESTLENGTH;

+ }

+ } else if (!strcasecmp(argv[1], "sha512") ||

+ !strcasecmp(argv[1], "hmac-sha512")) {

+ if (r.length > ISC_SHA512_DIGESTLENGTH) {

+ isc_sha512_t sha512ctx;

+ isc_sha512_init(&sha512ctx);

+ isc_sha512_update(&sha512ctx, r.base, r.length);

+ isc_sha512_final(key, &sha512ctx);

+

+ r.base = key;

+ r.length = ISC_SHA512_DIGESTLENGTH;

+ }

+ } else {

+ fprintf(stderr, "unknown hmac/digest algorithm: %s\n", argv[1]);

+ return (1);

+ }

+

+ isc_buffer_init(&buf, base64, sizeof(base64));

+ result = isc_base64_totext(&r, 0, "", &buf);

+ if (result != ISC_R_SUCCESS) {

+ fprintf(stderr, "error: %s\n", isc_result_totext(result));

+ return (1);

+ }

+ fprintf(stdout, "%.*s\n", (int)isc_buffer_usedlength(&buf), base64);

+ return (0);

+}

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "&#8212;">]>

+<!--

+ - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+

+<!-- $Id: isc-hmac-fixup.docbook,v 1.2 2010-01-07 21:52:11 each Exp $ -->

+<refentry id="man.isc-hmac-fixup">

+ <refentryinfo>

+ <date>January 5, 2010</date>

+ </refentryinfo>

+

+ <refmeta>

+ <refentrytitle><application>isc-hmac-fixup</application></refentrytitle>

+ <manvolnum>1</manvolnum>

+ <refmiscinfo>BIND9</refmiscinfo>

+ </refmeta>

+

+ <refnamediv>

+ <refname><application>isc-hmac-fixup</application></refname>

+ <refpurpose>fixes HMAC keys generated by older versions of BIND</refpurpose>

+ </refnamediv>

+

+ <docinfo>

+ <copyright>

+ <year>2010</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ </docinfo>

+

+ <refsynopsisdiv>

+ <cmdsynopsis>

+ <command>isc-hmac-fixup</command>

+ <arg choice="req"><replaceable class="parameter">algorithm</replaceable></arg>

+ <arg choice="req"><replaceable class="parameter">secret</replaceable></arg>

+ </cmdsynopsis>

+ </refsynopsisdiv>

+

+ <refsect1>

+ <title>DESCRIPTION</title>

+ <para>

+ Versions of BIND 9 up to and including BIND 9.6 had a bug causing

+ HMAC-SHA* TSIG keys which were longer than the digest length of the

+ hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys

+ longer than 256 bits, etc) to be used incorrectly, generating a

+ message authentication code that was incompatible with other DNS

+ implementations.

+ </para>

+ <para>

+ This bug has been fixed in BIND 9.7. However, the fix may

+ cause incompatibility between older and newer versions of

+ BIND, when using long keys. <command>isc-hmac-fixup</command>

+ modifies those keys to restore compatibility.

+ </para>

+ <para>

+ To modify a key, run <command>isc-hmac-fixup</command> and

+ specify the key's algorithm and secret on the command line. If the

+ secret is longer than the digest length of the algorithm (64 bytes

+ for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a

+ new secret will be generated consisting of a hash digest of the old

+ secret. (If the secret did not require conversion, then it will be

+ printed without modification.)

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>SECURITY CONSIDERATIONS</title>

+ <para>

+ Secrets that have been converted by <command>isc-hmac-fixup</command>

+ are shortened, but as this is how the HMAC protocol works in

+ operation anyway, it does not affect security. RFC 2104 notes,

+ "Keys longer than [the digest length] are acceptable but the

+ extra length would not significantly increase the function

+ strength."

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>SEE ALSO</title>

+ <para>

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,

+ <citetitle>RFC 2104</citetitle>.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>AUTHOR</title>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

+ </para>

+ </refsect1>

+

+</refentry><!--

+ - Local variables:

+ - mode: sgml

+ - End:

+-->

+<!--

+ - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+<!-- $Id: isc-hmac-fixup.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ -->

+<html>

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

+<title>isc-hmac-fixup</title>

+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

+</head>

+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">

+<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>

+<div class="refnamediv">

+<h2>Name</h2>

+<p><span class="application">isc-hmac-fixup</span> &#8212; fixes HMAC keys generated by older versions of BIND</p>

+</div>

+<div class="refsynopsisdiv">

+<h2>Synopsis</h2>

+<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543351"></a><h2>DESCRIPTION</h2>

+<p>

+ Versions of BIND 9 up to and including BIND 9.6 had a bug causing

+ HMAC-SHA* TSIG keys which were longer than the digest length of the

+ hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys

+ longer than 256 bits, etc) to be used incorrectly, generating a

+ message authentication code that was incompatible with other DNS

+ implementations.

+ </p>

+<p>

+ This bug has been fixed in BIND 9.7. However, the fix may

+ cause incompatibility between older and newer versions of

+ BIND, when using long keys. <span><strong class="command">isc-hmac-fixup</strong></span>

+ modifies those keys to restore compatibility.

+ </p>

+<p>

+ To modify a key, run <span><strong class="command">isc-hmac-fixup</strong></span> and

+ specify the key's algorithm and secret on the command line. If the

+ secret is longer than the digest length of the algorithm (64 bytes

+ for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a

+ new secret will be generated consisting of a hash digest of the old

+ secret. (If the secret did not require conversion, then it will be

+ printed without modification.)

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543374"></a><h2>SECURITY CONSIDERATIONS</h2>

+<p>

+ Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>

+ are shortened, but as this is how the HMAC protocol works in

+ operation anyway, it does not affect security. RFC 2104 notes,

+ "Keys longer than [the digest length] are acceptable but the

+ extra length would not significantly increase the function

+ strength."

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543388"></a><h2>SEE ALSO</h2>

+<p>

+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

+ <em class="citetitle">RFC 2104</em>.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543405"></a><h2>AUTHOR</h2>

+<p><span class="corpauthor">Internet Systems Consortium</span>

+ </p>

+</div>

+</div></body>

+</html>

+.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+.\"

+.\" Permission to use, copy, modify, and/or distribute this software for any

+.\" purpose with or without fee is hereby granted, provided that the above

+.\" copyright notice and this permission notice appear in all copies.

+.\"

+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+.\" PERFORMANCE OF THIS SOFTWARE.

+.\"

+.\" $Id: named-journalprint.8,v 1.4 2010-05-19 01:14:14 tbox Exp $

+.\"

+.hy 0

+.ad l

+.\" Title: named\-journalprint

+.\" Author:

+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>

+.\" Date: Feb 18, 2009

+.\" Manual: BIND9

+.\" Source: BIND9

+.\"

+.TH "NAMED\-JOURNALPRINT" "8" "Feb 18, 2009" "BIND9" "BIND9"

+.\" disable hyphenation

+.nh

+.\" disable justification (adjust text to left margin only)

+.ad l

+.SH "NAME"

+named\-journalprint \- print zone journal in human\-readable form

+.SH "SYNOPSIS"

+.HP 19

+\fBnamed\-journalprint\fR {\fIjournal\fR}

+.SH "DESCRIPTION"

+.PP

+\fBnamed\-journalprint\fR

+prints the contents of a zone journal file in a human\-readable form.

+.PP

+Journal files are automatically created by

+\fBnamed\fR

+when changes are made to dynamic zones (e.g., by

+\fBnsupdate\fR). They record each addition or deletion of a resource record, in binary format, allowing the changes to be re\-applied to the zone when the server is restarted after a shutdown or crash. By default, the name of the journal file is formed by appending the extension

+\fI.jnl\fR

+to the name of the corresponding zone file.

+.PP

+\fBnamed\-journalprint\fR

+converts the contents of a given journal file into a human\-readable text format. Each line begins with "add" or "del", to indicate whether the record was added or deleted, and continues with the resource record in master\-file format.

+.SH "SEE ALSO"

+.PP

+\fBnamed\fR(8),

+\fBnsupdate\fR(8),

+BIND 9 Administrator Reference Manual.

+.SH "AUTHOR"

+.PP

+Internet Systems Consortium

+.SH "COPYRIGHT"

+Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")

+.br

+/*

+ * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")

+ * Copyright (C) 2000, 2001 Internet Software Consortium.

+ *

+ * Permission to use, copy, modify, and/or distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ * PERFORMANCE OF THIS SOFTWARE.

+ */

+

+/* $Id: named-journalprint.c,v 1.2 2009-12-04 21:59:23 marka Exp $ */

+

+/*! \file */

+#include <config.h>

+

+#include <isc/log.h>

+#include <isc/mem.h>

+#include <isc/util.h>

+

+#include <dns/journal.h>

+#include <dns/log.h>

+#include <dns/result.h>

+#include <dns/types.h>

+

+#include <stdlib.h>

+

+/*

+ * Setup logging to use stderr.

+ */

+static isc_result_t

+setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {

+ isc_logdestination_t destination;

+ isc_logconfig_t *logconfig = NULL;

+ isc_log_t *log = NULL;

+

+ RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);

+ isc_log_setcontext(log);

+ dns_log_init(log);

+ dns_log_setcontext(log);

+

+ destination.file.stream = errout;

+ destination.file.name = NULL;

+ destination.file.versions = ISC_LOG_ROLLNEVER;

+ destination.file.maximum_size = 0;

+ RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",

+ ISC_LOG_TOFILEDESC,

+ ISC_LOG_DYNAMIC,

+ &destination, 0) == ISC_R_SUCCESS);

+ RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",

+ NULL, NULL) == ISC_R_SUCCESS);

+

+ *logp = log;

+ return (ISC_R_SUCCESS);

+}

+

+int

+main(int argc, char **argv) {

+ char *file;

+ isc_mem_t *mctx = NULL;

+ isc_result_t result;

+ isc_log_t *lctx = NULL;

+

+ if (argc != 2) {

+ printf("usage: %s journal\n", argv[0]);

+ return(1);

+ }

+

+ file = argv[1];

+

+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);

+ RUNTIME_CHECK(setup_logging(mctx, stderr, &lctx) == ISC_R_SUCCESS);

+

+ result = dns_journal_print(mctx, file, stdout);

+ if (result == DNS_R_NOJOURNAL)

+ fprintf(stderr, "%s\n", dns_result_totext(result));

+ isc_log_destroy(&lctx);

+ isc_mem_detach(&mctx);

+ return(result != ISC_R_SUCCESS ? 1 : 0);

+}

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "&#8212;">]>

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+

+<!-- $Id: named-journalprint.docbook,v 1.2 2009-12-04 21:59:23 marka Exp $ -->

+<refentry id="man.named-journalprint">

+ <refentryinfo>

+ <date>Feb 18, 2009</date>

+ </refentryinfo>

+

+ <refmeta>

+ <refentrytitle><application>named-journalprint</application></refentrytitle>

+ <manvolnum>8</manvolnum>

+ <refmiscinfo>BIND9</refmiscinfo>

+ </refmeta>

+

+ <refnamediv>

+ <refname><application>named-journalprint</application></refname>

+ <refpurpose>print zone journal in human-readable form</refpurpose>

+ </refnamediv>

+

+ <docinfo>

+ <copyright>

+ <year>2009</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ </docinfo>

+

+ <refsynopsisdiv>

+ <cmdsynopsis>

+ <command>named-journalprint</command>

+ <arg choice="req"><replaceable class="parameter">journal</replaceable></arg>

+ </cmdsynopsis>

+ </refsynopsisdiv>

+

+ <refsect1>

+ <title>DESCRIPTION</title>

+ <para>

+ <command>named-journalprint</command>

+ prints the contents of a zone journal file in a human-readable

+ form.

+ </para>

+ <para>

+ Journal files are automatically created by <command>named</command>

+ when changes are made to dynamic zones (e.g., by

+ <command>nsupdate</command>). They record each addition

+ or deletion of a resource record, in binary format, allowing the

+ changes to be re-applied to the zone when the server is

+ restarted after a shutdown or crash. By default, the name of

+ the journal file is formed by appending the extension

+ <filename>.jnl</filename> to the name of the corresponding

+ zone file.

+ </para>

+ <para>

+ <command>named-journalprint</command> converts the contents of a given

+ journal file into a human-readable text format. Each line begins

+ with "add" or "del", to indicate whether the record was added or

+ deleted, and continues with the resource record in master-file

+ format.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>SEE ALSO</title>

+ <para>

+ <citerefentry>

+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>nsupdate</refentrytitle><manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>AUTHOR</title>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

+ </para>

+ </refsect1>

+

+</refentry><!--

+ - Local variables:

+ - mode: sgml

+ - End:

+-->

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+<!-- $Id: named-journalprint.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ -->

+<html>

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

+<title>named-journalprint</title>

+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

+</head>

+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">

+<a name="man.named-journalprint"></a><div class="titlepage"></div>

+<div class="refnamediv">

+<h2>Name</h2>

+<p><span class="application">named-journalprint</span> &#8212; print zone journal in human-readable form</p>

+</div>

+<div class="refsynopsisdiv">

+<h2>Synopsis</h2>

+<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543342"></a><h2>DESCRIPTION</h2>

+<p>

+ <span><strong class="command">named-journalprint</strong></span>

+ prints the contents of a zone journal file in a human-readable

+ form.

+ </p>

+<p>

+ Journal files are automatically created by <span><strong class="command">named</strong></span>

+ when changes are made to dynamic zones (e.g., by

+ <span><strong class="command">nsupdate</strong></span>). They record each addition

+ or deletion of a resource record, in binary format, allowing the

+ changes to be re-applied to the zone when the server is

+ restarted after a shutdown or crash. By default, the name of

+ the journal file is formed by appending the extension

+ <code class="filename">.jnl</code> to the name of the corresponding

+ zone file.

+ </p>

+<p>

+ <span><strong class="command">named-journalprint</strong></span> converts the contents of a given

+ journal file into a human-readable text format. Each line begins

+ with "add" or "del", to indicate whether the record was added or

+ deleted, and continues with the resource record in master-file

+ format.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543378"></a><h2>SEE ALSO</h2>

+<p>

+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

+ <span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,

+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543409"></a><h2>AUTHOR</h2>

+<p><span class="corpauthor">Internet Systems Consortium</span>

+ </p>

+</div>

+</div></body>

+</html>

+.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+.\"

+.\" Permission to use, copy, modify, and/or distribute this software for any

+.\" purpose with or without fee is hereby granted, provided that the above

+.\" copyright notice and this permission notice appear in all copies.

+.\"

+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+.\" PERFORMANCE OF THIS SOFTWARE.

+.\"

+.\" $Id: nsec3hash.8,v 1.5 2010-05-19 01:14:14 tbox Exp $

+.\"

+.hy 0

+.ad l

+.\" Title: nsec3hash

+.\" Author:

+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>

+.\" Date: Feb 18, 2009

+.\" Manual: BIND9

+.\" Source: BIND9

+.\"

+.TH "NSEC3HASH" "8" "Feb 18, 2009" "BIND9" "BIND9"

+.\" disable hyphenation

+.nh

+.\" disable justification (adjust text to left margin only)

+.ad l

+.SH "NAME"

+nsec3hash \- generate NSEC3 hash

+.SH "SYNOPSIS"

+.HP 10

+\fBnsec3hash\fR {\fIsalt\fR} {\fIalgorithm\fR} {\fIiterations\fR} {\fIdomain\fR}

+.SH "DESCRIPTION"

+.PP

+\fBnsec3hash\fR

+generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.

+.SH "ARGUMENTS"

+.PP

+salt

+.RS 4

+The salt provided to the hash algorithm.

+.RE

+.PP

+algorithm

+.RS 4

+A number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA\-1, which is indicated by the number 1; consequently "1" is the only useful value for this argument.

+.RE

+.PP

+iterations

+.RS 4

+The number of additional times the hash should be performed.

+.RE

+.PP

+domain

+.RS 4

+The domain name to be hashed.

+.RE

+.SH "SEE ALSO"

+.PP

+BIND 9 Administrator Reference Manual,

+RFC 5155.

+.SH "AUTHOR"

+.PP

+Internet Systems Consortium

+.SH "COPYRIGHT"

+Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")

+.br

+/*

+ * Copyright (C) 2006, 2008, 2009 Internet Systems Consortium, Inc. ("ISC")

+ *

+ * Permission to use, copy, modify, and/or distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ * PERFORMANCE OF THIS SOFTWARE.

+ */

+

+/* $Id: nsec3hash.c,v 1.6 2009-10-06 21:20:44 each Exp $ */

+

+#include <config.h>

+

+#include <stdlib.h>

+#include <stdarg.h>

+

+#include <isc/base32.h>

+#include <isc/buffer.h>

+#include <isc/hex.h>

+#include <isc/iterated_hash.h>

+#include <isc/print.h>

+#include <isc/result.h>

+#include <isc/string.h>

+#include <isc/types.h>

+

+#include <dns/fixedname.h>

+#include <dns/name.h>

+#include <dns/nsec3.h>

+#include <dns/types.h>

+

+const char *program = "nsec3hash";

+

+ISC_PLATFORM_NORETURN_PRE static void

+fatal(const char *format, ...) ISC_PLATFORM_NORETURN_POST;

+

+static void

+fatal(const char *format, ...) {

+ va_list args;

+

+ fprintf(stderr, "%s: ", program);

+ va_start(args, format);

+ vfprintf(stderr, format, args);

+ va_end(args);

+ fprintf(stderr, "\n");

+ exit(1);

+}

+

+static void

+check_result(isc_result_t result, const char *message) {

+ if (result != ISC_R_SUCCESS)

+ fatal("%s: %s", message, isc_result_totext(result));

+}

+

+static void

+usage() {

+ fatal("salt hash iterations domain");

+}

+

+int

+main(int argc, char **argv) {

+ dns_fixedname_t fixed;

+ dns_name_t *name;

+ isc_buffer_t buffer;

+ isc_region_t region;

+ isc_result_t result;

+ unsigned char hash[NSEC3_MAX_HASH_LENGTH];

+ unsigned char salt[DNS_NSEC3_SALTSIZE];

+ unsigned char text[1024];

+ unsigned int hash_alg;

+ unsigned int length;

+ unsigned int iterations;

+ unsigned int salt_length;

+

+ if (argc != 5)

+ usage();

+

+ if (strcmp(argv[1], "-") == 0) {

+ salt_length = 0;

+ salt[0] = 0;

+ } else {

+ isc_buffer_init(&buffer, salt, sizeof(salt));

+ result = isc_hex_decodestring(argv[1], &buffer);

+ check_result(result, "isc_hex_decodestring(salt)");

+ salt_length = isc_buffer_usedlength(&buffer);

+ if (salt_length > DNS_NSEC3_SALTSIZE)

+ fatal("salt too long");

+ }

+ hash_alg = atoi(argv[2]);

+ if (hash_alg > 255U)

+ fatal("hash algorithm too large");

+ iterations = atoi(argv[3]);

+ if (iterations > 0xffffU)

+ fatal("iterations to large");

+

+ dns_fixedname_init(&fixed);

+ name = dns_fixedname_name(&fixed);

+ isc_buffer_init(&buffer, argv[4], strlen(argv[4]));

+ isc_buffer_add(&buffer, strlen(argv[4]));

+ result = dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL);

+ check_result(result, "dns_name_fromtext() failed");

+

+ dns_name_downcase(name, name, NULL);

+ length = isc_iterated_hash(hash, hash_alg, iterations, salt,

+ salt_length, name->ndata, name->length);

+ if (length == 0)

+ fatal("isc_iterated_hash failed");

+ region.base = hash;

+ region.length = length;

+ isc_buffer_init(&buffer, text, sizeof(text));

+ isc_base32hex_totext(&region, 1, "", &buffer);

+ fprintf(stdout, "%.*s (salt=%s, hash=%u, iterations=%u)\n",

+ (int)isc_buffer_usedlength(&buffer), text, argv[1], hash_alg, iterations);

+ return(0);

+}

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "&#8212;">]>

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+

+<!-- $Id: nsec3hash.docbook,v 1.3 2009-03-02 23:47:43 tbox Exp $ -->

+<refentry id="man.nsec3hash">

+ <refentryinfo>

+ <date>Feb 18, 2009</date>

+ </refentryinfo>

+

+ <refmeta>

+ <refentrytitle><application>nsec3hash</application></refentrytitle>

+ <manvolnum>8</manvolnum>

+ <refmiscinfo>BIND9</refmiscinfo>

+ </refmeta>

+

+ <refnamediv>

+ <refname><application>nsec3hash</application></refname>

+ <refpurpose>generate NSEC3 hash</refpurpose>

+ </refnamediv>

+

+ <docinfo>

+ <copyright>

+ <year>2009</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ </docinfo>

+

+ <refsynopsisdiv>

+ <cmdsynopsis>

+ <command>nsec3hash</command>

+ <arg choice="req"><replaceable class="parameter">salt</replaceable></arg>

+ <arg choice="req"><replaceable class="parameter">algorithm</replaceable></arg>

+ <arg choice="req"><replaceable class="parameter">iterations</replaceable></arg>

+ <arg choice="req"><replaceable class="parameter">domain</replaceable></arg>

+ </cmdsynopsis>

+ </refsynopsisdiv>

+

+ <refsect1>

+ <title>DESCRIPTION</title>

+ <para>

+ <command>nsec3hash</command> generates an NSEC3 hash based on

+ a set of NSEC3 parameters. This can be used to check the validity

+ of NSEC3 records in a signed zone.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>ARGUMENTS</title>

+ <variablelist>

+ <varlistentry>

+ <term>salt</term>

+ <listitem>

+ <para>

+ The salt provided to the hash algorithm.

+ </para>

+ </listitem>

+ </varlistentry>

+

+ <varlistentry>

+ <term>algorithm</term>

+ <listitem>

+ <para>

+ A number indicating the hash algorithm. Currently the

+ only supported hash algorithm for NSEC3 is SHA-1, which is

+ indicated by the number 1; consequently "1" is the only

+ useful value for this argument.

+ </para>

+ </listitem>

+ </varlistentry>

+

+ <varlistentry>

+ <term>iterations</term>

+ <listitem>

+ <para>

+ The number of additional times the hash should be performed.

+ </para>

+ </listitem>

+ </varlistentry>

+

+ <varlistentry>

+ <term>domain</term>

+ <listitem>

+ <para>

+ The domain name to be hashed.

+ </para>

+ </listitem>

+ </varlistentry>

+ </variablelist>

+ </refsect1>

+

+ <refsect1>

+ <title>SEE ALSO</title>

+ <para>

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,

+ <citetitle>RFC 5155</citetitle>.

+ </para>

+ </refsect1>

+

+ <refsect1>

+ <title>AUTHOR</title>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

+ </para>

+ </refsect1>

+

+</refentry><!--

+ - Local variables:

+ - mode: sgml

+ - End:

+-->

+<!--

+ - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")

+ -

+ - Permission to use, copy, modify, and/or distribute this software for any

+ - purpose with or without fee is hereby granted, provided that the above

+ - copyright notice and this permission notice appear in all copies.

+ -

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

+-->

+<!-- $Id: nsec3hash.html,v 1.5 2010-05-19 01:14:14 tbox Exp $ -->

+<html>

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

+<title>nsec3hash</title>

+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

+</head>

+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">

+<a name="man.nsec3hash"></a><div class="titlepage"></div>

+<div class="refnamediv">

+<h2>Name</h2>

+<p><span class="application">nsec3hash</span> &#8212; generate NSEC3 hash</p>

+</div>

+<div class="refsynopsisdiv">

+<h2>Synopsis</h2>

+<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543367"></a><h2>DESCRIPTION</h2>

+<p>

+ <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on

+ a set of NSEC3 parameters. This can be used to check the validity

+ of NSEC3 records in a signed zone.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543380"></a><h2>ARGUMENTS</h2>

+<div class="variablelist"><dl>

+<dt><span class="term">salt</span></dt>

+<dd><p>

+ The salt provided to the hash algorithm.

+ </p></dd>

+<dt><span class="term">algorithm</span></dt>

+<dd><p>

+ A number indicating the hash algorithm. Currently the

+ only supported hash algorithm for NSEC3 is SHA-1, which is

+ indicated by the number 1; consequently "1" is the only

+ useful value for this argument.

+ </p></dd>

+<dt><span class="term">iterations</span></dt>

+<dd><p>

+ The number of additional times the hash should be performed.

+ </p></dd>

+<dt><span class="term">domain</span></dt>

+<dd><p>

+ The domain name to be hashed.

+ </p></dd>

+</dl></div>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543442"></a><h2>SEE ALSO</h2>

+<p>

+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

+ <em class="citetitle">RFC 5155</em>.

+ </p>

+</div>

+<div class="refsect1" lang="en">

+<a name="id2543459"></a><h2>AUTHOR</h2>

+<p><span class="corpauthor">Internet Systems Consortium</span>

+ </p>

+</div>

+</div></body>

+</html>