From f5d31f05bda6a88f1513a06d3fd67e6fbaa0688e Mon Sep 17 00:00:00 2001 From: dougb Date: Sun, 10 Dec 2006 07:09:56 +0000 Subject: Vendor import of BIND 9.3.3 --- contrib/bind9/CHANGES | 342 +- contrib/bind9/COPYRIGHT | 4 +- contrib/bind9/FAQ | 395 +- contrib/bind9/FAQ.xml | 198 +- contrib/bind9/Makefile.in | 7 +- contrib/bind9/README | 18 +- contrib/bind9/bin/check/named-checkconf.8 | 25 +- contrib/bind9/bin/check/named-checkconf.c | 44 +- contrib/bind9/bin/check/named-checkconf.html | 16 +- contrib/bind9/bin/check/named-checkzone.8 | 45 +- contrib/bind9/bin/check/named-checkzone.docbook | 7 +- contrib/bind9/bin/check/named-checkzone.html | 20 +- contrib/bind9/bin/dig/dig.1 | 101 +- contrib/bind9/bin/dig/dig.c | 6 +- contrib/bind9/bin/dig/dig.html | 22 +- contrib/bind9/bin/dig/dighost.c | 99 +- contrib/bind9/bin/dig/host.1 | 15 +- contrib/bind9/bin/dig/host.c | 44 +- contrib/bind9/bin/dig/host.html | 12 +- contrib/bind9/bin/dig/include/dig/dig.h | 9 +- contrib/bind9/bin/dig/nslookup.1 | 91 +- contrib/bind9/bin/dig/nslookup.c | 5 +- contrib/bind9/bin/dig/nslookup.docbook | 7 +- contrib/bind9/bin/dig/nslookup.html | 22 +- contrib/bind9/bin/dnssec/dnssec-keygen.8 | 51 +- contrib/bind9/bin/dnssec/dnssec-keygen.html | 18 +- contrib/bind9/bin/dnssec/dnssec-signzone.8 | 55 +- contrib/bind9/bin/dnssec/dnssec-signzone.c | 8 +- contrib/bind9/bin/dnssec/dnssec-signzone.html | 16 +- contrib/bind9/bin/named/aclconf.c | 32 +- contrib/bind9/bin/named/client.c | 105 +- contrib/bind9/bin/named/config.c | 97 +- contrib/bind9/bin/named/controlconf.c | 134 +- contrib/bind9/bin/named/include/named/aclconf.h | 8 +- contrib/bind9/bin/named/include/named/client.h | 10 +- contrib/bind9/bin/named/include/named/config.h | 27 +- contrib/bind9/bin/named/include/named/control.h | 6 +- contrib/bind9/bin/named/include/named/globals.h | 6 +- contrib/bind9/bin/named/include/named/logconf.h | 6 +- contrib/bind9/bin/named/include/named/lwresd.h | 9 +- contrib/bind9/bin/named/include/named/server.h | 6 +- contrib/bind9/bin/named/include/named/sortlist.h | 15 +- contrib/bind9/bin/named/include/named/tkeyconf.h | 8 +- contrib/bind9/bin/named/include/named/tsigconf.h | 6 +- contrib/bind9/bin/named/include/named/zoneconf.h | 11 +- contrib/bind9/bin/named/interfacemgr.c | 16 +- contrib/bind9/bin/named/logconf.c | 60 +- contrib/bind9/bin/named/lwdgabn.c | 6 +- contrib/bind9/bin/named/lwdgrbn.c | 8 +- contrib/bind9/bin/named/lwresd.8 | 41 +- contrib/bind9/bin/named/lwresd.c | 25 +- contrib/bind9/bin/named/lwresd.html | 16 +- contrib/bind9/bin/named/main.c | 10 +- contrib/bind9/bin/named/named.8 | 52 +- contrib/bind9/bin/named/named.conf.5 | 52 +- contrib/bind9/bin/named/named.conf.docbook | 16 +- contrib/bind9/bin/named/named.conf.html | 47 +- contrib/bind9/bin/named/named.docbook | 9 +- contrib/bind9/bin/named/named.html | 23 +- contrib/bind9/bin/named/query.c | 81 +- contrib/bind9/bin/named/server.c | 293 +- contrib/bind9/bin/named/sortlist.c | 20 +- contrib/bind9/bin/named/tkeyconf.c | 12 +- contrib/bind9/bin/named/tsigconf.c | 28 +- contrib/bind9/bin/named/unix/os.c | 11 +- contrib/bind9/bin/named/update.c | 34 +- contrib/bind9/bin/named/zoneconf.c | 78 +- contrib/bind9/bin/nsupdate/nsupdate.8 | 63 +- contrib/bind9/bin/nsupdate/nsupdate.c | 10 +- contrib/bind9/bin/nsupdate/nsupdate.html | 20 +- contrib/bind9/bin/rndc/rndc-confgen.8 | 35 +- contrib/bind9/bin/rndc/rndc-confgen.html | 18 +- contrib/bind9/bin/rndc/rndc.8 | 30 +- contrib/bind9/bin/rndc/rndc.c | 52 +- contrib/bind9/bin/rndc/rndc.conf.5 | 19 +- contrib/bind9/bin/rndc/rndc.conf.html | 16 +- contrib/bind9/bin/rndc/rndc.html | 16 +- contrib/bind9/config.threads.in | 25 + contrib/bind9/configure.in | 196 +- contrib/bind9/doc/arm/Bv9ARM-book.xml | 583 +- contrib/bind9/doc/arm/Bv9ARM.ch01.html | 100 +- contrib/bind9/doc/arm/Bv9ARM.ch02.html | 44 +- contrib/bind9/doc/arm/Bv9ARM.ch03.html | 69 +- contrib/bind9/doc/arm/Bv9ARM.ch04.html | 246 +- contrib/bind9/doc/arm/Bv9ARM.ch05.html | 18 +- contrib/bind9/doc/arm/Bv9ARM.ch06.html | 663 +- contrib/bind9/doc/arm/Bv9ARM.ch07.html | 54 +- contrib/bind9/doc/arm/Bv9ARM.ch08.html | 36 +- contrib/bind9/doc/arm/Bv9ARM.ch09.html | 239 +- contrib/bind9/doc/arm/Bv9ARM.html | 162 +- contrib/bind9/doc/arm/Bv9ARM.pdf | 6797 ++++++++++---------- contrib/bind9/lib/bind/Makefile.in | 11 +- contrib/bind9/lib/bind/api | 2 +- contrib/bind9/lib/bind/config.h.in | 1 + contrib/bind9/lib/bind/configure | 1448 ++++- contrib/bind9/lib/bind/configure.in | 338 +- contrib/bind9/lib/bind/dst/dst_api.c | 23 +- contrib/bind9/lib/bind/dst/hmac_link.c | 25 +- .../bind9/lib/bind/include/arpa/nameser_compat.h | 7 +- contrib/bind9/lib/bind/include/isc/list.h | 8 +- contrib/bind9/lib/bind/include/netdb.h | 53 +- contrib/bind9/lib/bind/inet/inet_cidr_ntop.c | 10 +- contrib/bind9/lib/bind/inet/inet_net_ntop.c | 4 +- contrib/bind9/lib/bind/irs/dns.c | 4 +- contrib/bind9/lib/bind/irs/dns_ho.c | 22 +- contrib/bind9/lib/bind/irs/gai_strerror.c | 25 +- contrib/bind9/lib/bind/irs/gen_ho.c | 4 +- contrib/bind9/lib/bind/irs/getaddrinfo.c | 34 +- contrib/bind9/lib/bind/irs/gethostent.c | 4 +- contrib/bind9/lib/bind/irs/getnameinfo.c | 10 + contrib/bind9/lib/bind/irs/getprotoent_r.c | 8 +- contrib/bind9/lib/bind/irs/getservent_r.c | 16 +- contrib/bind9/lib/bind/irs/irp.c | 7 +- contrib/bind9/lib/bind/irs/irp_nw.c | 4 +- contrib/bind9/lib/bind/irs/irpmarshall.c | 6 +- contrib/bind9/lib/bind/irs/irs_data.c | 20 +- contrib/bind9/lib/bind/irs/lcl_ho.c | 4 +- contrib/bind9/lib/bind/irs/lcl_pr.c | 10 +- contrib/bind9/lib/bind/isc/ev_connects.c | 10 +- contrib/bind9/lib/bind/isc/eventlib.c | 9 +- contrib/bind9/lib/bind/isc/eventlib_p.h | 4 +- contrib/bind9/lib/bind/isc/heap.c | 8 +- contrib/bind9/lib/bind/isc/hex.c | 5 +- contrib/bind9/lib/bind/isc/memcluster.c | 9 +- contrib/bind9/lib/bind/nameser/ns_sign.c | 7 +- contrib/bind9/lib/bind/nameser/ns_verify.c | 6 +- contrib/bind9/lib/bind/port_after.h.in | 4 + contrib/bind9/lib/bind/port_before.h.in | 4 + contrib/bind9/lib/bind/resolv/mtctxres.c | 7 +- contrib/bind9/lib/bind/resolv/res_init.c | 17 +- contrib/bind9/lib/bind/resolv/res_send.c | 17 +- contrib/bind9/lib/bind/resolv/res_sendsigned.c | 5 +- contrib/bind9/lib/bind9/api | 2 +- contrib/bind9/lib/bind9/check.c | 205 +- contrib/bind9/lib/bind9/include/bind9/check.h | 9 +- contrib/bind9/lib/dns/Makefile.in | 7 +- contrib/bind9/lib/dns/acl.c | 42 +- contrib/bind9/lib/dns/adb.c | 7 +- contrib/bind9/lib/dns/api | 4 +- contrib/bind9/lib/dns/cache.c | 69 +- contrib/bind9/lib/dns/compress.c | 12 +- contrib/bind9/lib/dns/dispatch.c | 87 +- contrib/bind9/lib/dns/dnssec.c | 7 +- contrib/bind9/lib/dns/dst_api.c | 8 +- contrib/bind9/lib/dns/gen.c | 11 +- contrib/bind9/lib/dns/include/dns/acl.h | 38 +- contrib/bind9/lib/dns/include/dns/cache.h | 6 +- contrib/bind9/lib/dns/include/dns/compress.h | 10 +- contrib/bind9/lib/dns/include/dns/keytable.h | 10 +- contrib/bind9/lib/dns/include/dns/message.h | 29 +- contrib/bind9/lib/dns/include/dns/name.h | 11 +- contrib/bind9/lib/dns/include/dns/peer.h | 7 +- contrib/bind9/lib/dns/include/dns/rdataset.h | 12 +- contrib/bind9/lib/dns/include/dns/resolver.h | 6 +- contrib/bind9/lib/dns/include/dns/types.h | 6 +- contrib/bind9/lib/dns/include/dns/validator.h | 69 +- contrib/bind9/lib/dns/include/dns/xfrin.h | 12 +- contrib/bind9/lib/dns/include/dns/zone.h | 34 +- contrib/bind9/lib/dns/keytable.c | 13 +- contrib/bind9/lib/dns/lookup.c | 14 +- contrib/bind9/lib/dns/masterdump.c | 10 +- contrib/bind9/lib/dns/message.c | 46 +- contrib/bind9/lib/dns/name.c | 14 +- contrib/bind9/lib/dns/openssl_link.c | 8 +- contrib/bind9/lib/dns/openssldh_link.c | 77 +- contrib/bind9/lib/dns/openssldsa_link.c | 81 +- contrib/bind9/lib/dns/opensslrsa_link.c | 24 +- contrib/bind9/lib/dns/peer.c | 8 +- contrib/bind9/lib/dns/portlist.c | 6 +- contrib/bind9/lib/dns/rbtdb.c | 202 +- contrib/bind9/lib/dns/rdata.c | 6 +- contrib/bind9/lib/dns/rdata/generic/dlv_32769.c | 281 + contrib/bind9/lib/dns/rdata/generic/dlv_32769.h | 33 + contrib/bind9/lib/dns/rdataset.c | 16 +- contrib/bind9/lib/dns/request.c | 8 +- contrib/bind9/lib/dns/resolver.c | 51 +- contrib/bind9/lib/dns/tcpmsg.c | 7 +- contrib/bind9/lib/dns/tkey.c | 8 +- contrib/bind9/lib/dns/tsig.c | 43 +- contrib/bind9/lib/dns/validator.c | 435 +- contrib/bind9/lib/dns/xfrin.c | 67 +- contrib/bind9/lib/dns/zone.c | 94 +- contrib/bind9/lib/isc/api | 4 +- contrib/bind9/lib/isc/hash.c | 13 +- contrib/bind9/lib/isc/heap.c | 58 +- contrib/bind9/lib/isc/hmacmd5.c | 5 +- contrib/bind9/lib/isc/include/isc/heap.h | 143 +- contrib/bind9/lib/isc/include/isc/list.h | 12 +- contrib/bind9/lib/isc/include/isc/sockaddr.h | 14 +- contrib/bind9/lib/isc/include/isc/symtab.h | 5 +- contrib/bind9/lib/isc/lex.c | 20 +- contrib/bind9/lib/isc/log.c | 7 +- contrib/bind9/lib/isc/netscope.c | 6 +- contrib/bind9/lib/isc/nothreads/condition.c | 6 +- contrib/bind9/lib/isc/nothreads/mutex.c | 6 +- contrib/bind9/lib/isc/print.c | 13 +- contrib/bind9/lib/isc/sockaddr.c | 14 +- contrib/bind9/lib/isc/taskpool.c | 8 +- contrib/bind9/lib/isc/timer.c | 13 +- contrib/bind9/lib/isc/unix/entropy.c | 14 +- contrib/bind9/lib/isc/unix/fsaccess.c | 6 +- contrib/bind9/lib/isc/unix/ifiter_ioctl.c | 10 +- contrib/bind9/lib/isc/unix/ipv6.c | 6 +- contrib/bind9/lib/isc/unix/socket.c | 32 +- contrib/bind9/lib/isccc/api | 2 +- contrib/bind9/lib/isccfg/include/isccfg/cfg.h | 75 +- contrib/bind9/lib/isccfg/include/isccfg/grammar.h | 32 +- contrib/bind9/lib/isccfg/namedconf.c | 18 +- contrib/bind9/lib/isccfg/parser.c | 136 +- contrib/bind9/lib/lwres/api | 2 +- contrib/bind9/lib/lwres/gai_strerror.c | 6 +- contrib/bind9/lib/lwres/getaddrinfo.c | 30 +- contrib/bind9/lib/lwres/lwconfig.c | 6 +- contrib/bind9/lib/lwres/man/lwres.3 | 15 +- contrib/bind9/lib/lwres/man/lwres.html | 16 +- contrib/bind9/lib/lwres/man/lwres_buffer.3 | 53 +- contrib/bind9/lib/lwres/man/lwres_buffer.html | 130 +- contrib/bind9/lib/lwres/man/lwres_config.3 | 28 +- contrib/bind9/lib/lwres/man/lwres_config.html | 60 +- contrib/bind9/lib/lwres/man/lwres_context.3 | 29 +- contrib/bind9/lib/lwres/man/lwres_context.html | 61 +- contrib/bind9/lib/lwres/man/lwres_gabn.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_gabn.html | 42 +- contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 | 39 +- .../bind9/lib/lwres/man/lwres_gai_strerror.html | 10 +- contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html | 29 +- contrib/bind9/lib/lwres/man/lwres_gethostent.3 | 57 +- contrib/bind9/lib/lwres/man/lwres_gethostent.html | 51 +- contrib/bind9/lib/lwres/man/lwres_getipnode.3 | 49 +- contrib/bind9/lib/lwres/man/lwres_getipnode.html | 34 +- contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 | 30 +- contrib/bind9/lib/lwres/man/lwres_getnameinfo.html | 19 +- contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 | 33 +- .../bind9/lib/lwres/man/lwres_getrrsetbyname.html | 29 +- contrib/bind9/lib/lwres/man/lwres_gnba.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_gnba.html | 51 +- contrib/bind9/lib/lwres/man/lwres_hstrerror.3 | 29 +- contrib/bind9/lib/lwres/man/lwres_hstrerror.html | 12 +- contrib/bind9/lib/lwres/man/lwres_inetntop.3 | 17 +- contrib/bind9/lib/lwres/man/lwres_inetntop.html | 17 +- contrib/bind9/lib/lwres/man/lwres_noop.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_noop.html | 42 +- contrib/bind9/lib/lwres/man/lwres_packet.3 | 48 +- contrib/bind9/lib/lwres/man/lwres_packet.html | 20 +- contrib/bind9/lib/lwres/man/lwres_resutil.3 | 25 +- contrib/bind9/lib/lwres/man/lwres_resutil.html | 32 +- contrib/bind9/libtool.m4 | 2 +- contrib/bind9/ltmain.sh | 14 +- contrib/bind9/make/rules.in | 10 +- contrib/bind9/version | 8 +- 251 files changed, 11994 insertions(+), 7126 deletions(-) create mode 100644 contrib/bind9/lib/dns/rdata/generic/dlv_32769.c create mode 100644 contrib/bind9/lib/dns/rdata/generic/dlv_32769.h (limited to 'contrib/bind9') diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index b45cec7..f4b36d9 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,5 +1,37 @@ - --- 9.3.2-P2 released --- + --- 9.3.3 released --- + +2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] + +2104. [port] Fix Solaris SMF error message. + +2103. [port] Add /usr/sfw to list of locations for OpenSSL + under Solaris. + +2102. [port] Silence solaris 10 warnings. + +2101. [bug] OpenSSL version checks were not quite right. + [RT #16476] + +2100. [port] win32: copy libeay32.dll to Build\Debug. + +2099. [port] win32: more manifiest issues. + + --- 9.3.3rc3 released --- + +2096. [bug] libbind: handle applications that fail to detect + res_init() failures better. + +2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and + net_cidr_ntop_ipv6(). [RT #16388] + +2094. [contrib] Update named-bootconf. [RT# 16404] + +2092. [bug] win32: dig, host, nslookup. Use registry config + if resolv.conf does not exist or no nameservers + listed. [RT #15877] + +2091. [port] dighost.c: race condition on cleanup. [RT #16417] 2090. [port] win32: Visual C++ 2005 command line manifest support. [RT #16417] @@ -12,15 +44,307 @@ 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] +2086. [port] libbind: FreeBSD now has get*by*_r() functions. + [RT #16403] + +2085. [doc] win32: added index.html and README to zip. [RT #16201] + +2084. [contrib] dbus update for 9.3.3rc2. + 2083. [port] win32: Visual C++ 2005 support. - --- 9.3.2-P1 released --- +2082. [doc] Document 'cache-file' as a test only option. + + --- 9.3.3rc2 released --- + +2081. [port] libbind: minor 64-bit portability fix in memcluster.c. + [RT #16360] + +2080. [port] libbind: res_init.c did not compile on older versions + of Solaris. [RT #16363] + +2076. [bug] Several files were missing #include + causing build failures on OSF. [RT #16341] + +2074. [bug] dns_request_createvia2(), dns_request_createvia3(), + dns_request_createraw2() and dns_request_createraw3() + failed to send multiple UDP requests. [RT #16349] 2066. [security] Handle SIG queries gracefully. [RT #16300] + --- 9.3.3rc1 released --- + +2071. [port] Test whether gcc accepts -fno-strict-aliasing. + [RT #16324] + +2070. [bug] The remote address was not always displayed when + reporting dispatch failures. [RT #16315] + +2069. [bug] Cross compiling was not working. [RT #16330] + +2067. [bug] 'rndc' could close the socket too early triggering + a INSIST under Windows. [RT #16317] + +2065. [bug] libbind: probe for HPUX prototypes for + endprotoent_r() and endservent_r(). [RT 16313] + +2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] + +2063. [bug] Change #1955 introduced a bug which caused the first + 'rndc flush' call to not free memory. [RT #16244] + +2062. [bug] 'dig +nssearch' was reusing a buffer before it had + been returned by the socket code. [RT #16307] + +2057. [bug] Make setting "ra" dependent on both allow-query and + allow-recursion. [RT #16290] + +2056. [bug] dig: ixfr= was not being treated case insensitively + at all times. [RT #15955] + +2055. [bug] Missing goto after dropping multicast query. + [RT #15944] + +2054. [port] freebsd: do not explicitly link against -lpthread. + [RT #16170] + +2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] + +2052. [bug] 'rndc' improve connect failed message to report + the failing address. [RT #15978] + +2051. [port] More strtol() fixes. [RT #16249] + +2050. [bug] Parsing of NSAP records was not case insensitive. + [RT #16287] + +2049. [bug] Restore SOA before AXFR when falling back from + a attempted IXFR when transfering in a zone. + Allow a initial SOA query before attempting + a AXFR to be requested. [RT #16156] + +2048. [bug] It was possible to loop forever when using + avoid-v4-udp-ports / avoid-v6-udp-ports when + the OS always returned the same local port. + [RT #16182] + +2047. [bug] Failed to initialise the interface flags to zero. + [RT #16245] + +2043. [port] nsupdate/nslookup: Force the flushing of the prompt + for interactive sessions. [RT#16148] + +2038. [bug] dig/nslookup/host was unlinking from wrong list + when handling errors. [RT #16122] + +2037. [func] When unlinking the first or last element in a list + check that the list head points to the element to + be unlinked. [RT #15959] + +2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. + [RT #16075] + +2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] + + --- 9.3.3b1 released --- + +2031. [bug] Emit a error message when "rndc refresh" is called on + a non slave/stub zone. [RT # 16073] + +2030. [bug] We were being overly conservative when disabling + openssl engine support. [RT #16030] + +2029. [bug] host printed out the server multiple times when + specified on the command line. [RT #15992] + +2028. [port] linux: socket.c compatability for old systems. + [RT #16015] + +2027. [port] libbind: Solaris x86 support. [RT #16020] + +2026. [bug] Rate limit the two recursive client exceeded messages. + [RT #16044] + +2024. [bug] named emited spurious "zone serial unchanged" + messages on reload. [RT #16027] + +2023. [bug] "make install" should create ${localstatedir}/run and + ${sysconfdir} if they do not exist. [RT #16033] + +2016. [bug] Return a partial answer if recursion is not + allowed but requested and we had the answer + to the original qname. [RT #15945] + +2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR + responses more gracefully. [RT #15941] + +2009. [bug] libbind: coverity fixes. [RT #15808] + +2005. [bug] libbind: Retransmission timeouts should be + based on which attempt it is to the nameserver + and not the nameserver itself. [RT #13548] + +2004. [bug] dns_tsig_sign() could pass a NULL pointer to + dst_context_destroy() when cleaning up after a + error. [RT #15835] + +2003. [bug] libbind: The DNS name/address lookup functions could + occasionally follow a random pointer due to + structures not being completely zeroed. [RT #15806] + +2002. [bug] libbind: tighten the constraints on when + struct addrinfo._ai_pad exists. [RT #15783] + +2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] + +1998. [bug] Restrict handling of fifos as sockets to just SunOS. + This allows named to connect to entropy gathering + daemons that use fifos instead of sockets. [RT #15840] + +1997. [bug] Named was failing to replace negative cache entries + when a positive one for the type was learnt. + [RT #15818] + +1995. [bug] 'host' was reporting multiple "is an alias" messages. + [RT #15702] + +1994. [port] OpenSSL 0.9.8 support. [RT #15694] + +1993. [bug] Log messsage, via syslog, were missing the space + after the timestamp if "print-time yes" was specified. + [RT #15844] + +1991. [cleanup] The configuration data, once read, should be treated + as readonly. Expand the use of const to enforce this + at compile time. [RT #15813] + +1990. [bug] libbind: isc's override of broken gettimeofday() + implementions was not always effective. + [RT #15709] + +1989. [bug] win32: don't check the service password when + re-installing. [RT #15882] + +1985. [protocol] DLV has now been assigned a official type code of + 32769. [RT #15807] + + Note: care should be taken to ensure you upgrade + both named and dnssec-signzone at the same time for + zones with DLV records where named is the master + server for the zone. Also any zones that contain + DLV records should be removed when upgrading a slave + zone. You do not however have to upgrade all + servers for a zone with DLV records simultaniously. + +1982. [bug] DNSKEY was being accepted on the parent side of + a delegation. KEY is still accepted there for + RFC 3007 validated updates. [RT #15620] + +1981. [bug] win32: condition.c:wait() could fail to reattain + the mutex lock. + +1979. [port] linux: allow named to drop core after changing + user ids. [RT #15753] + +1978. [port] Handle systems which have a broken recvmsg(). + [RT #15742] + +1977. [bug] Silence noisy log message. [RT #15704] + +1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] + +1975. [bug] libbind: isc_gethexstring() could misparse multi-line + hex strings with comments. [RT #15814] + +1974. [doc] List each of the zone types and associated zone + options seperately in the ARM. + +1972. [contrib] DBUS dynamic forwarders integation from + Jason Vas Dias . + +1971. [port] linux: make detection of missing IF_NAMESIZE more + robust. [RT #15443] + +1970. [bug] nsupdate: adjust UDP timeout when falling back to + unsigned SOA query. [RT #15775] + +1969. [bug] win32: the socket code was freeing the socket + structure too early. [RT #15776] + +1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] + +1966. [bug] Don't set CD when we have fallen back to plain DNS. + [RT #15727] + +1963. [port] Tru64 4.0E doesn't support send() and recv(). + [RT #15586] + +1962. [bug] Named failed to clear old update-policy when it + was removed. [RT #15491] + +1961. [bug] Check the port and address of responses forwarded + to dispatch. [RT #15474] + +1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. + [RT #15465] + +1958. [bug] Named failed to update the zone's secure state + until the zone was reloaded. [RT #15412] + +1957. [bug] Dig mishandled responses to class ANY queries. + [RT #15402] + +1956. [bug] Improve cross compile support, 'gen' is now built + by native compiler. See README for additional + cross compile support information. [RT #15148] + +1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] + +1952. [port] hpux: tell the linker to build a runtime link + path "-Wl,+b:". [RT #14816]. + +1951. [security] Drop queries from particular well known ports. + Don't return FORMERR to queries from particular + well known ports. [RT #15636] + +1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() + a TCP socket. This prevents the source address being + set for TCP connections. [RT #15628] + +1948. [bug] If was possible to trigger a REQUIRE failure in + xfrin.c:maybe_free() if named ran out of memory. + [RT #15568] + +1946. [bug] resume_dslookup() could trigger a REQUIRE failure + when using forwarders. [RT #15549] + +1944. [cleanup] isc_hash_create() does not need a read/write lock. + [RT #15522] + +1943. [bug] Set the loadtime after rolling forward the journal. + [RT #15647] + +1942. [bug] If the name of a DNSKEY match that of one in + trusted-keys do not attempt to validate the DNSKEY + using the parents DS RRset. [RT #15649] + 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] +1940. [bug] Fixed a number of error conditions reported by + Coverity. + +1939. [bug] The resolver could dereference a null pointer after + validation if all the queries have timed out. + [RT #15528] + +1938. [bug] The validator was not correctly handling unsecure + negative responses at or below a SEP. [RT #15528] + +1919. [contrib] queryperf: a set of new features: collecting/printing + response delays, printing intermediate results, and + adjusting query rate for the "target" qps. + --- 9.3.2 released --- --- 9.3.2rc1 released --- @@ -338,14 +662,14 @@ 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. -1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and +1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. -1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and +1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. -1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and - IN6ADDR_LOOPBACK_INIT macros. +1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and + IN6ADDR_LOOPBACK_INIT macros. 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] @@ -1188,8 +1512,8 @@ 1414. [func] Support for KSK flag. -1413. [func] Explictly request the (re-)generation of DS records from - keysets (dnssec-signzone -g). +1413. [func] Explicitly request the (re-)generation of DS records + from keysets (dnssec-signzone -g). 1412. [func] You can now specify servers to be tried if a nameserver has IPv6 address and you only support IPv4 or the @@ -5586,7 +5910,7 @@ , , or . - 119. [cleanup] structure definitions for generic rdata stuctures do + 119. [cleanup] structure definitions for generic rdata structures do not have _generic_ in their names. 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting diff --git a/contrib/bind9/COPYRIGHT b/contrib/bind9/COPYRIGHT index 484dac8..8bbcf24 100644 --- a/contrib/bind9/COPYRIGHT +++ b/contrib/bind9/COPYRIGHT @@ -1,4 +1,4 @@ -Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.6.2.2.8.3 2005/01/10 23:51:37 marka Exp $ +$Id: COPYRIGHT,v 1.6.2.2.8.4 2006/01/04 00:37:22 marka Exp $ Portions Copyright (C) 1996-2001 Nominum, Inc. diff --git a/contrib/bind9/FAQ b/contrib/bind9/FAQ index 9b806cb..5c6a2a7 100644 --- a/contrib/bind9/FAQ +++ b/contrib/bind9/FAQ @@ -4,26 +4,36 @@ Frequently Asked Questions about BIND 9 Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads? -A: Linux threads do not fully implement the Posix threads (pthreads) standard. - In particular, setuid() operates only on the current thread, not the full - process. Because of this limitation, BIND 9 cannot use setuid() on Linux as - it can on all other supported platforms. setuid() cannot be called before - creating threads, since the server does not start listening on reserved - ports until after threads have started. +A: Linux threads do not fully implement the Posix threads (pthreads) standard. In + particular, setuid() operates only on the current thread, not the full process. + Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on + all other supported platforms. setuid() cannot be called before creating + threads, since the server does not start listening on reserved ports until + after threads have started. In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve capabilities across a setuid() call is present. This allows BIND 9 to call - setuid() early, while retaining the ability to bind reserved ports. This is - a Linux-specific hack. + setuid() early, while retaining the ability to bind reserved ports. This is a + Linux-specific hack. - On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less - of a security risk than a root process that has not dropped privileges. + On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of + a security risk than a root process that has not dropped privileges. If Linux threads ever work correctly, this restriction will go away. Configuring BIND9 with the --disable-threads option (the default) causes a non-threaded version to be built, which will allow -u to be used. +Q: Why do I get the following errors: + + general: errno2result.c:109: unexpected error: + general: unable to convert errno to isc_result: 14: Bad address + client: UDP client handler shutting down due to fatal receive error: unexpected error + +A: This is the result of a Linux kernel bug. + + See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 + Q: Why does named log the warning message "no TTL specified - using SOA MINTTL instead"? @@ -40,23 +50,26 @@ A: Your zone file is illegal according to RFC1035. It must either have a line Q: Why do I see 5 (or more) copies of named on Linux? A: Linux threads each show up as a process under ps. The approximate number of - threads running is n+4, where n is the number of CPUs. Note that the amount - of memory used is not cumulative; if each process is using 10M of memory, - only a total of 10M is used. + threads running is n+4, where n is the number of CPUs. Note that the amount of + memory used is not cumulative; if each process is using 10M of memory, only a + total of 10M is used. + + Newer versions of Linux's ps command hide the individual threads and require -L + to display them. Q: Why does BIND 9 log "permission denied" errors accessing its configuration files or zones on my Linux system even though it is running as root? -A: On Linux, BIND 9 drops most of its root privileges on startup. This - including the privilege to open files owned by other users. Therefore, if - the server is running as root, the configuration files and zone files should - also be owned by root. +A: On Linux, BIND 9 drops most of its root privileges on startup. This including + the privilege to open files owned by other users. Therefore, if the server is + running as root, the configuration files and zone files should also be owned by + root. -Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file - bar: ran out of space"? +Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar: + ran out of space"? -A: This is often caused by TXT records with missing close quotes. Check that - all TXT records containing quoted strings have both open and close quotes. +A: This is often caused by TXT records with missing close quotes. Check that all + TXT records containing quoted strings have both open and close quotes. Q: How do I produce a usable core file from a multithreaded named on Linux? @@ -68,16 +81,16 @@ A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable Q: How do I restrict people from looking up the server version? -A: Put a "version" option containing something other than the real version in - the "options" section of named.conf. Note doing this will not prevent - attacks and may impede people trying to diagnose problems with your server. - Also it is possible to "fingerprint" nameservers to determine their version. +A: Put a "version" option containing something other than the real version in the + "options" section of named.conf. Note doing this will not prevent attacks and + may impede people trying to diagnose problems with your server. Also it is + possible to "fingerprint" nameservers to determine their version. Q: How do I restrict only remote users from looking up the server version? -A: The following view statement will intercept lookups as the internal view - that holds the version information will be matched last. The caveats of the - previous answer still apply, of course. +A: The following view statement will intercept lookups as the internal view that + holds the version information will be matched last. The caveats of the previous + answer still apply, of course. view "chaos" chaos { match-clients { ; }; @@ -91,48 +104,45 @@ A: The following view statement will intercept lookups as the internal view Q: What do "no source of entropy found" or "could not open entropy source foo" mean? -A: The server requires a source of entropy to perform certain operations, - mostly DNSSEC related. These messages indicate that you have no source of - entropy. On systems with /dev/random or an equivalent, it is used by - default. A source of entropy can also be defined using the random-device - option in named.conf. +A: The server requires a source of entropy to perform certain operations, mostly + DNSSEC related. These messages indicate that you have no source of entropy. On + systems with /dev/random or an equivalent, it is used by default. A source of + entropy can also be defined using the random-device option in named.conf. Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why? A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed under /usr. Check that the correct named is running. -Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. - I'm sure I have the keys set up correctly, but the server is rejecting the - TSIG. Why? +Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm + sure I have the keys set up correctly, but the server is rejecting the TSIG. + Why? -A: This may be a clock skew problem. Check that the the clocks on the client - and server are properly synchronised (e.g., using ntp). +A: This may be a clock skew problem. Check that the the clocks on the client and + server are properly synchronised (e.g., using ntp). Q: I'm trying to compile BIND 9, and "make" is failing due to files not being found. Why? A: Using a parallel or distributed "make" to build BIND 9 is not supported, and - doesn't work. If you are using one of these, use normal make or gmake - instead. + doesn't work. If you are using one of these, use normal make or gmake instead. -Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging - error messages like "notify to 10.0.0.1#53 failed: unexpected end of input". - What's wrong? +Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error + messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's + wrong? -A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in - BIND 8.2.4. It can be safely ignored - the notify has been acted on by the - slave despite the error message. +A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND + 8.2.4. It can be safely ignored - the notify has been acted on by the slave + despite the error message. Q: I keep getting log messages like the following. Why? Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update - failed: 'RRset exists (value dependent)' prerequisite not satisfied - (NXRRSET) + failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET) -A: DNS updates allow the update request to test to see if certain conditions - are met prior to proceeding with the update. The message above is saying - that conditions were not met and the update is not proceeding. See doc/rfc/ +A: DNS updates allow the update request to test to see if certain conditions are + met prior to proceeding with the update. The message above is saying that + conditions were not met and the update is not proceeding. See doc/rfc/ rfc2136.txt for more details on prerequisites. Q: I keep getting log messages like the following. Why? @@ -140,11 +150,11 @@ Q: I keep getting log messages like the following. Why? Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update - protocol. Windows 2000 machines have a habit of sending dynamic update - requests to DNS servers without being specifically configured to do so. If - the update requests are coming from a Windows 2000 machine, see http:// - support.microsoft.com/support/kb/articles/q246/8/04.asp for information - about how to turn them off. + protocol. Windows 2000 machines have a habit of sending dynamic update requests + to DNS servers without being specifically configured to do so. If the update + requests are coming from a Windows 2000 machine, see http:// + support.microsoft.com/support/kb/articles/q246/8/04.asp for information about + how to turn them off. Q: I see a log message like the following. Why? @@ -152,59 +162,59 @@ Q: I see a log message like the following. Why? A: You are most likely running named as a non-root user, and that user does not have permission to write in /var/run. The common ways of fixing this are to - create a /var/run/named directory owned by the named user and set pid-file - to "/var/run/named/named.pid", or set pid-file to "named.pid", which will - put the file in the directory specified by the directory option (which, in - this case, must be writable by the named user). - -Q: When I do a "dig . ns", many of the A records for the root servers are - missing. Why? - -A: This is normal and harmless. It is a somewhat confusing side effect of the - way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to - avoid promoting glue into answers. - - When BIND 9 first starts up and primes its cache, it receives the root - server addresses as additional data in an authoritative response from a root - server, and these records are eligible for inclusion as additional data in - responses. Subsequently it receives a subset of the root server addresses as - additional data in a non-authoritative (referral) response from a root - server. This causes the addresses to now be considered non-authoritative - (glue) data, which is not eligible for inclusion in responses. + create a /var/run/named directory owned by the named user and set pid-file to " + /var/run/named/named.pid", or set pid-file to "named.pid", which will put the + file in the directory specified by the directory option (which, in this case, + must be writable by the named user). + +Q: When I do a "dig . ns", many of the A records for the root servers are missing. + Why? + +A: This is normal and harmless. It is a somewhat confusing side effect of the way + BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid + promoting glue into answers. + + When BIND 9 first starts up and primes its cache, it receives the root server + addresses as additional data in an authoritative response from a root server, + and these records are eligible for inclusion as additional data in responses. + Subsequently it receives a subset of the root server addresses as additional + data in a non-authoritative (referral) response from a root server. This causes + the addresses to now be considered non-authoritative (glue) data, which is not + eligible for inclusion in responses. The server does have a complete set of root server addresses cached at all times, it just may not include all of them as additional data, depending on - whether they were last received as answers or as glue. You can always look - up the addresses with explicit queries like "dig a.root-servers.net A". + whether they were last received as answers or as glue. You can always look up + the addresses with explicit queries like "dig a.root-servers.net A". Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why? -A: This may be caused by a bug in the Windows 2000 DNS server where DNS - messages larger than 16K are not handled properly. This can be worked around - by setting the option "transfer-format one-answer;". Also check whether your - zone contains domain names with embedded spaces or other special characters, - like "John\032Doe\213s\032Computer", since such names have been known to - cause Windows 2000 slaves to incorrectly reject the zone. +A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages + larger than 16K are not handled properly. This can be worked around by setting + the option "transfer-format one-answer;". Also check whether your zone contains + domain names with embedded spaces or other special characters, like "John\ + 032Doe\213s\032Computer", since such names have been known to cause Windows + 2000 slaves to incorrectly reject the zone. Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP? -A: A zone can be updated either by editing zone files and reloading the server - or by dynamic update, but not both. If you have enabled dynamic update for a - zone using the "allow-update" option, you are not supposed to edit the zone - file by hand, and the server will not attempt to reload it. +A: A zone can be updated either by editing zone files and reloading the server or + by dynamic update, but not both. If you have enabled dynamic update for a zone + using the "allow-update" option, you are not supposed to edit the zone file by + hand, and the server will not attempt to reload it. Q: I can query the nameserver from the nameserver but not from other machines. Why? -A: This is usually the result of the firewall configuration stopping the - queries and / or the replies. +A: This is usually the result of the firewall configuration stopping the queries + and / or the replies. Q: How can I make a server a slave for both an internal and an external view at - the same time? When I tried, both views on the slave were transferred from - the same view on the master. + the same time? When I tried, both views on the slave were transferred from the + same view on the master. -A: You will need to give the master and slave multiple IP addresses and use - those to make sure you reach the correct view on the other machine. +A: You will need to give the master and slave multiple IP addresses and use those + to make sure you reach the correct view on the other machine. Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias) internal: @@ -232,8 +242,8 @@ A: You will need to give the master and slave multiple IP addresses and use transfer-source 10.0.1.4; query-source address 10.0.1.4; - You put the external address on the alias so that all the other dns clients - on these boxes see the internal view by default. + You put the external address on the alias so that all the other dns clients on + these boxes see the internal view by default. A: BIND 9.3 and later: Use TSIG to select the appropriate view. @@ -248,7 +258,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. }; view "external" { match-clients { key external; any; }; - server 10.0.0.2 { keys external; }; + server 10.0.1.2 { keys external; }; recursion no; ... }; @@ -264,7 +274,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. }; view "external" { match-clients { key external; any; }; - server 10.0.0.1 { keys external; }; + server 10.0.1.1 { keys external; }; recursion no; ... }; @@ -272,8 +282,8 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there. A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use - certain interrupts as a source of random events. You can make this permanent - by setting rand_irqs in /etc/rc.conf. + certain interrupts as a source of random events. You can make this permanent by + setting rand_irqs in /etc/rc.conf. /etc/rc.conf rand_irqs="3 14 15" @@ -283,34 +293,33 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use Q: Why is named listening on UDP port other than 53? A: Named uses a system selected port to make queries of other nameservers. This - behaviour can be overridden by using query-source to lock down the port and/ - or address. See also notify-source and transfer-source. + behaviour can be overridden by using query-source to lock down the port and/or + address. See also notify-source and transfer-source. -Q: I get error messages like "multiple RRs of singleton type" and "CNAME and - other data" when transferring a zone. What does this mean? +Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other + data" when transferring a zone. What does this mean? A: These indicate a malformed master zone. You can identify the exact records - involved by transferring the zone using dig then running named-checkzone on - it. + involved by transferring the zone using dig then running named-checkzone on it. dig axfr example.com @master-server > tmp named-checkzone example.com tmp - A CNAME record cannot exist with the same name as another record except for - the DNSSEC records which prove its existance (NSEC). + A CNAME record cannot exist with the same name as another record except for the + DNSSEC records which prove its existance (NSEC). RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its - aliases cannot be different. This rule also insures that a cached CNAME can - be used without checking with an authoritative server for other RR types." + aliases cannot be different. This rule also insures that a cached CNAME can be + used without checking with an authoritative server for other RR types." -Q: I get error messages like "named.conf:99: unexpected end of input" where 99 - is the last line of named.conf. +Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is + the last line of named.conf. A: Some text editors (notepad and wordpad) fail to put a line title indication - (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" - a blank line to the end of the file. Named expects to see EOF immediately - after EOL and treats text files where this is not met as truncated. + (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a + blank line to the end of the file. Named expects to see EOF immediately after + EOL and treats text files where this is not met as truncated. Q: I get warning messages like "zone example.com/IN: refresh: failure trying master 1.2.3.4#53: timed out". @@ -319,15 +328,15 @@ A: Check that you can make UDP queries from the slave to the master dig +norec example.com soa @1.2.3.4 - You could be generating queries faster than the slave can cope with. Lower - the serial query rate. + You could be generating queries faster than the slave can cope with. Lower the + serial query rate. serial-query-rate 5; // default 20 Q: How do I share a dynamic zone between multiple views? -A: You choose one view to be master and the second a slave and transfer the - zone between views. +A: You choose one view to be master and the second a slave and transfer the zone + between views. Master 10.0.1.1: key "external" { @@ -370,14 +379,14 @@ Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master file primaries/wireless.ietf56.ietf.org: no owner". A: This error is produced when a line in the master file contains leading white - space (tab/space) but the is no current record owner name to inherit the - name from. Usually this is the result of putting white space before a - comment. Forgeting the "@" for the SOA record or indenting the master file. + space (tab/space) but the is no current record owner name to inherit the name + from. Usually this is the result of putting white space before a comment. + Forgeting the "@" for the SOA record or indenting the master file. Q: Why are my logs in GMT (UTC). -A: You are running chrooted (-t) and have not supplied local timzone - information in the chroot area. +A: You are running chrooted (-t) and have not supplied local timzone information + in the chroot area. FreeBSD: /etc/localtime Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo @@ -395,23 +404,23 @@ Q: I get "rndc: connect failed: connection refused" when I try to run rndc. A: This is usually a configuration error. - First ensure that named is running and no errors are being reported at - startup (/var/log/messages or equivalent). Running "named -g " from a title can help at this point. + First ensure that named is running and no errors are being reported at startup + (/var/log/messages or equivalent). Running "named -g " from a + title can help at this point. Secondly ensure that named is configured to use rndc either by "rndc-confgen - -a", rndc-confgen or manually. The Administrators Reference manual has - details on how to do this. + -a", rndc-confgen or manually. The Administrators Reference manual has details + on how to do this. Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/ rndc.conf for the default server. Update /etc/rndc.conf if necessary so that the default server listed in /etc/rndc.conf matches the addresses used in named.conf. "localhost" has two address (127.0.0.1 and ::1). - If you use "rndc-confgen -a" and named is running with -t or -u ensure that - /etc/rndc.conf has the correct ownership and that a copy is in the chroot - area. You can do this by re-running "rndc-confgen -a" with appropriate -t - and -u arguments. + If you use "rndc-confgen -a" and named is running with -t or -u ensure that / + etc/rndc.conf has the correct ownership and that a copy is in the chroot area. + You can do this by re-running "rndc-confgen -a" with appropriate -t and -u + arguments. Q: I don't get RRSIG's returned when I use "dig +dnssec". @@ -419,12 +428,11 @@ A: You need to ensure DNSSEC is enabled (dnssec-enable yes;). Q: I get "Error 1067" when starting named under Windows. -A: This is the service manager saying that named exited. You need to examine - the Application log in the EventViewer to find out why. +A: This is the service manager saying that named exited. You need to examine the + Application log in the EventViewer to find out why. - Common causes are that you failed to create "named.conf" (usually "C:\ - windows\dns\etc\named.conf") or failed to specify the directory in - named.conf. + Common causes are that you failed to create "named.conf" (usually "C:\windows\ + dns\etc\named.conf") or failed to specify the directory in named.conf. options { Directory "C:\windows\dns\etc"; @@ -439,11 +447,11 @@ A: These indicate a filesystem permission error preventing named creating / "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied" - Named needs write permission on the directory containing the file. Named - writes the new cache file to a temporary file then renames it to the name - specified in named.conf to ensure that the contents are always complete. - This is to prevent named loading a partial zone in the event of power - failure or similar interrupting the write of the master file. + Named needs write permission on the directory containing the file. Named writes + the new cache file to a temporary file then renames it to the name specified in + named.conf to ensure that the contents are always complete. This is to prevent + named loading a partial zone in the event of power failure or similar + interrupting the write of the master file. Note file names are relative to the directory specified in options and any chroot directory ([/][]). @@ -489,8 +497,8 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are If you are not using these private addresses then a client has queried for them. You can just ignore the messages, get the offending client to stop - sending you these messages as they are most probably leaking them or setup - your own zones empty zones to serve answers to these queries. + sending you these messages as they are most probably leaking them or setup your + own zones empty zones to serve answers to these queries. zone "10.IN-ADDR.ARPA" { type master; @@ -523,3 +531,102 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are Future versions of named are likely to do this automatically. +Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core - + + Why can't named update slave zone database files? + + Why can't named create DDNS journal files or update the master zones from + journals? + + Why can't named create custom log files? + +A: Red Hat Security Enhanced Linux (SELinux) policy security protections : + + Red Hat have adopted the National Security Agency's SELinux security policy ( + see http://www.nsa.gov/selinux ) and recommendations for BIND security , which + are more secure than running named in a chroot and make use of the bind-chroot + environment unecessary . + + By default, named is not allowed by the SELinux policy to write, create or + delete any files EXCEPT in these directories: + + $ROOTDIR/var/named/slaves + $ROOTDIR/var/named/data + $ROOTDIR/var/tmp + + + where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed. + + The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var + /named directory, the default location for master zone database files. + + SELinux policy overrules file access permissions - so even if all the files + under /var/named have ownership named:named and mode rw-rw-r--, named will + still not be able to write or create files except in the directories above, + with SELinux in Enforcing mode. + + So, to allow named to update slave or DDNS zone files, it is best to locate + them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as: + + zone "slave.zone." IN { + type slave; + file "slaves/slave.zone.db"; + ... + }; + zone "ddns.zone." IN { + type master; + allow-updates {...}; + file "slaves/ddns.zone.db"; + }; + + + To allow named to create its cache dump and statistics files, for example, you + could use named.conf options statements such as: + + options { + ... + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + ... + }; + + + You can also tell SELinux to allow named to update any zone database files, by + setting the SELinux tunable boolean parameter 'named_write_master_zones=1', + using the system-config-securitylevel GUI, using the 'setsebool' command, or in + /etc/selinux/targeted/booleans. + + You can disable SELinux protection for named entirely by setting the + 'named_disable_trans=1' SELinux tunable boolean parameter. + + The SELinux named policy defines these SELinux contexts for named: + + named_zone_t : for zone database files - $ROOTDIR/var/named/* + named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* + named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} + + + If you want to retain use of the SELinux policy for named, and put named files + in different locations, you can do so by changing the context of the custom + file locations . + + To create a custom configuration file location, eg. '/root/named.conf', to use + with the 'named -c' option, do: + + # chcon system_u:object_r:named_conf_t /root/named.conf + + + To create a custom modifiable named data location, eg. '/var/log/named' for a + log file, do: + + # chcon system_u:object_r:named_cache_t /var/log/named + + + To create a custom zone file location, eg. /root/zones/, do: + + # chcon system_u:object_r:named_zone_t /root/zones/{.,*} + + + See these man-pages for more information : selinux(8), named_selinux(8), chcon + (1), setsebool(8) + diff --git a/contrib/bind9/FAQ.xml b/contrib/bind9/FAQ.xml index 963cd0a..8c43ed5 100644 --- a/contrib/bind9/FAQ.xml +++ b/contrib/bind9/FAQ.xml @@ -1,7 +1,7 @@ - +
Frequently Asked Questions about BIND 9 @@ -67,6 +67,26 @@ + Why do I get the following errors: +general: errno2result.c:109: unexpected error: +general: unable to convert errno to isc_result: 14: Bad address +client: UDP client handler shutting down due to fatal receive error: unexpected error + + + + + This is the result of a Linux kernel bug. + + + See: + http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 + + + + + + + Why does named log the warning message no TTL specified - using SOA MINTTL instead? @@ -105,6 +125,10 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) + + Newer versions of Linux's ps command hide the individual threads + and require -L to display them. + @@ -516,7 +540,7 @@ Master 10.0.1.1: }; view "external" { match-clients { key external; any; }; - server 10.0.0.2 { keys external; }; + server 10.0.1.2 { keys external; }; recursion no; ... }; @@ -532,7 +556,7 @@ Slave 10.0.1.2: }; view "external" { match-clients { key external; any; }; - server 10.0.0.1 { keys external; }; + server 10.0.1.1 { keys external; }; recursion no; ... }; @@ -997,11 +1021,177 @@ empty: 1 3600 1200 604800 10800 ) @ 10800 IN NS <name-of-server>. + Future versions of named are likely to do this automatically. + + + + + I'm running BIND on Red Hat Enterprise Linux or Fedora Core - + + + Why can't named update slave zone database files? + + + Why can't named create DDNS journal files or update + the master zones from journals? + + + Why can't named create custom log files? + + + + + + Red Hat Security Enhanced Linux (SELinux) policy security + protections : + + + + Red Hat have adopted the National Security Agency's + SELinux security policy ( see http://www.nsa.gov/selinux + ) and recommendations for BIND security , which are more + secure than running named in a chroot and make use of + the bind-chroot environment unecessary . + + + + By default, named is not allowed by the SELinux policy + to write, create or delete any files EXCEPT in these + directories: + + +$ROOTDIR/var/named/slaves +$ROOTDIR/var/named/data +$ROOTDIR/var/tmp + + + where $ROOTDIR may be set in /etc/sysconfig/named if + bind-chroot is installed. + + + + The SELinux policy particularly does NOT allow named to modify + the $ROOTDIR/var/named directory, the default location for master + zone database files. + + + + SELinux policy overrules file access permissions - so + even if all the files under /var/named have ownership + named:named and mode rw-rw-r--, named will still not be + able to write or create files except in the directories + above, with SELinux in Enforcing mode. + + + + So, to allow named to update slave or DDNS zone files, + it is best to locate them in $ROOTDIR/var/named/slaves, + with named.conf zone statements such as: + + +zone "slave.zone." IN { + type slave; + file "slaves/slave.zone.db"; + ... +}; +zone "ddns.zone." IN { + type master; + allow-updates {...}; + file "slaves/ddns.zone.db"; +}; + + + + + + To allow named to create its cache dump and statistics + files, for example, you could use named.conf options + statements such as: + + +options { + ... + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + ... +}; + + + + + + You can also tell SELinux to allow named to update any + zone database files, by setting the SELinux tunable boolean + parameter 'named_write_master_zones=1', using the + system-config-securitylevel GUI, using the 'setsebool' + command, or in /etc/selinux/targeted/booleans. + + + + You can disable SELinux protection for named entirely by + setting the 'named_disable_trans=1' SELinux tunable boolean + parameter. + + + + The SELinux named policy defines these SELinux contexts for named: + + +named_zone_t : for zone database files - $ROOTDIR/var/named/* +named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* +named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} + + + + + + If you want to retain use of the SELinux policy for named, + and put named files in different locations, you can do + so by changing the context of the custom file locations + . + + + + To create a custom configuration file location, eg. + '/root/named.conf', to use with the 'named -c' option, + do: + + +# chcon system_u:object_r:named_conf_t /root/named.conf + + + + + + To create a custom modifiable named data location, eg. + '/var/log/named' for a log file, do: + + +# chcon system_u:object_r:named_cache_t /var/log/named + + + + + + To create a custom zone file location, eg. /root/zones/, do: + + +# chcon system_u:object_r:named_zone_t /root/zones/{.,*} + + + + + + See these man-pages for more information : selinux(8), + named_selinux(8), chcon(1), setsebool(8) + + +
diff --git a/contrib/bind9/Makefile.in b/contrib/bind9/Makefile.in index a2a0653..7f3a688 100644 --- a/contrib/bind9/Makefile.in +++ b/contrib/bind9/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.41.2.2.2.2 2004/03/08 04:04:12 marka Exp $ +# $Id: Makefile.in,v 1.41.2.2.2.4 2006/05/19 00:04:00 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -44,7 +44,8 @@ maintainer-clean:: rm -f configure installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \ + ${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir} install:: isc-config.sh installdirs ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} diff --git a/contrib/bind9/README b/contrib/bind9/README index 574b07d..709df12 100644 --- a/contrib/bind9/README +++ b/contrib/bind9/README @@ -194,6 +194,9 @@ BIND 9.2.0 --with-libtool does not work on AIX. + --with-libtool does not work on SunOS 4. configure + requires "printf" which is not available. + A bug in the Windows 2000 DNS server can cause zone transfers from a BIND 9 server to a W2K server to fail. For details, see the "Zone Transfers" section in doc/misc/migration. @@ -226,7 +229,7 @@ Building Red Hat Linux 7.1 Debian GNU/Linux 2.2 and 3.0 Mandrake 8.1 - OpenBSD 2.6, 2.8, 2.9 + OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8 UnixWare 7.1.1 HP-UX 10.20 BSD/OS 4.2 @@ -265,10 +268,23 @@ Building Enable DNSSEC signature chasing support in dig. -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and -DDIG_SIGCHASE_BU=1) + Disable dropping queries from particular well known ports. + -DNS_CLIENT_DROPPORT=0 LDFLAGS Linker flags. Defaults to empty string. + The following need to be set when cross compiling. + + BUILD_CC + The native C compiler. + BUILD_CFLAGS (optional) + BUILD_CPPFLAGS (optional) + Possible Settings: + -DNEED_OPTARG=1 (optarg is not declared in ) + BUILD_LDFLAGS (optional) + BUILD_LIBS (optional) + To build shared libraries, specify "--with-libtool" on the configure command line. diff --git a/contrib/bind9/bin/check/named-checkconf.8 b/contrib/bind9/bin/check/named-checkconf.8 index 68b745a..7d06335 100644 --- a/contrib/bind9/bin/check/named-checkconf.8 +++ b/contrib/bind9/bin/check/named-checkconf.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $ +.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named\-checkconf +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 14, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -36,24 +39,24 @@ named\-checkconf \- named configuration file syntax checking tool \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" -.TP +.TP 3n \-t \fIdirectory\fR chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP +.TP 3n \-v Print the version of the \fBnamed\-checkconf\fR program and exit. -.TP +.TP 3n \-z Perform a check load the master zonefiles found in \fInamed.conf\fR. -.TP +.TP 3n \-j When loading a zonefile read the journal if it exists. -.TP +.TP 3n filename The name of the configuration file to be checked. If not specified, it defaults to \fI/etc/named.conf\fR. @@ -68,3 +71,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/check/named-checkconf.c b/contrib/bind9/bin/check/named-checkconf.c index e7f9138..f50461d 100644 --- a/contrib/bind9/bin/check/named-checkconf.c +++ b/contrib/bind9/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.12.12.9 2005/03/03 06:33:38 marka Exp $ */ +/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */ #include @@ -60,9 +60,9 @@ usage(void) { } static isc_result_t -directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { +directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { isc_result_t result; - char *directory; + const char *directory; REQUIRE(strcasecmp("directory", clausename) == 0); @@ -85,18 +85,18 @@ directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { } static isc_result_t -configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig, - isc_mem_t *mctx) +configure_zone(const char *vclass, const char *view, + const cfg_obj_t *zconfig, isc_mem_t *mctx) { isc_result_t result; const char *zclass; const char *zname; const char *zfile; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *classobj = NULL; - cfg_obj_t *typeobj = NULL; - cfg_obj_t *fileobj = NULL; - cfg_obj_t *dbobj = NULL; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *classobj = NULL; + const cfg_obj_t *typeobj = NULL; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *dbobj = NULL; zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); classobj = cfg_tuple_get(zconfig, "class"); @@ -125,12 +125,12 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig, } static isc_result_t -configure_view(const char *vclass, const char *view, cfg_obj_t *config, - cfg_obj_t *vconfig, isc_mem_t *mctx) +configure_view(const char *vclass, const char *view, const cfg_obj_t *config, + const cfg_obj_t *vconfig, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *voptions; - cfg_obj_t *zonelist; + const cfg_listelt_t *element; + const cfg_obj_t *voptions; + const cfg_obj_t *zonelist; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; @@ -148,7 +148,7 @@ configure_view(const char *vclass, const char *view, cfg_obj_t *config, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *zconfig = cfg_listelt_value(element); + const cfg_obj_t *zconfig = cfg_listelt_value(element); tresult = configure_zone(vclass, view, zconfig, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; @@ -158,11 +158,11 @@ configure_view(const char *vclass, const char *view, cfg_obj_t *config, static isc_result_t -load_zones_fromconfig(cfg_obj_t *config, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *classobj; - cfg_obj_t *views; - cfg_obj_t *vconfig; +load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { + const cfg_listelt_t *element; + const cfg_obj_t *classobj; + const cfg_obj_t *views; + const cfg_obj_t *vconfig; const char *vclass; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; diff --git a/contrib/bind9/bin/check/named-checkconf.html b/contrib/bind9/bin/check/named-checkconf.html index 14b8ff8..2283c51 100644 --- a/contrib/bind9/bin/check/named-checkconf.html +++ b/contrib/bind9/bin/check/named-checkconf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + named-checkconf - +
-
+

Name

named-checkconf — named configuration file syntax checking tool

@@ -32,14 +32,14 @@

named-checkconf [-v] [-j] [-t directory] {filename} [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file.

-

OPTIONS

+

OPTIONS

-t directory

@@ -69,21 +69,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/check/named-checkzone.8 b/contrib/bind9/bin/check/named-checkzone.8 index 33402d5..f50085c 100644 --- a/contrib/bind9/bin/check/named-checkzone.8 +++ b/contrib/bind9/bin/check/named-checkzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $ +.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named\-checkzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 13, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -40,61 +43,61 @@ does when loading a zone. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server. .SH "OPTIONS" -.TP +.TP 3n \-d Enable debugging. -.TP +.TP 3n \-q Quiet mode \- exit code only. -.TP +.TP 3n \-v Print the version of the \fBnamed\-checkzone\fR program and exit. -.TP +.TP 3n \-j When loading the zone file read the journal if it exists. -.TP +.TP 3n \-c \fIclass\fR Specify the class of the zone. If not specified "IN" is assumed. -.TP +.TP 3n \-k \fImode\fR Perform -\fB"check\-name"\fR +\fB"check\-names"\fR checks with the specified failure mode. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP +.TP 3n \-n \fImode\fR Specify whether NS records should be checked to see if they are addresses. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP +.TP 3n \-o \fIfilename\fR Write zone output to \fIfilename\fR. -.TP +.TP 3n \-t \fIdirectory\fR chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP +.TP 3n \-w \fIdirectory\fR chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in \fInamed.conf\fR. -.TP +.TP 3n \-D Dump zone file in canonical format. -.TP +.TP 3n zonename The domain name of the zone being checked. -.TP +.TP 3n filename The name of the zone file. .SH "RETURN VALUES" @@ -109,3 +112,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/check/named-checkzone.docbook b/contrib/bind9/bin/check/named-checkzone.docbook index ce0d78b..a24e92b 100644 --- a/contrib/bind9/bin/check/named-checkzone.docbook +++ b/contrib/bind9/bin/check/named-checkzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -35,6 +35,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -134,7 +135,7 @@ -k mode - Perform "check-name" checks with the specified failure mode. + Perform "check-names" checks with the specified failure mode. Possible modes are "fail", "warn" (default) and "ignore". diff --git a/contrib/bind9/bin/check/named-checkzone.html b/contrib/bind9/bin/check/named-checkzone.html index cf544c9..8f5195a 100644 --- a/contrib/bind9/bin/check/named-checkzone.html +++ b/contrib/bind9/bin/check/named-checkzone.html @@ -1,5 +1,5 @@ - + named-checkzone - +
-
+

Name

named-checkzone — zone file validity checking tool

@@ -32,7 +32,7 @@

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named @@ -42,7 +42,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -67,7 +67,7 @@

-k mode

- Perform "check-name" checks with the specified failure mode. + Perform "check-names" checks with the specified failure mode. Possible modes are "fail", "warn" (default) and "ignore". @@ -111,14 +111,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), RFC 1035, @@ -126,7 +126,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/dig/dig.1 b/contrib/bind9/bin/dig/dig.1 index 7031217..735f31c 100644 --- a/contrib/bind9/bin/dig/dig.1 +++ b/contrib/bind9/bin/dig/dig.1 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.10 2005/10/13 02:33:42 marka Exp $ +.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dig +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -68,12 +71,14 @@ A typical invocation of \fBdig\fR looks like: .sp +.RS 3n .nf dig @server name type .fi +.RE .sp where: -.TP +.TP 3n \fBserver\fR is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR @@ -86,10 +91,10 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP +.TP 3n \fBname\fR is the name of the resource record that is to be looked up. -.TP +.TP 3n \fBtype\fR indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR @@ -197,18 +202,18 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP +.TP 3n \fB+[no]tcp\fR Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP +.TP 3n \fB+[no]vc\fR Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP +.TP 3n \fB+[no]ignore\fR Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP +.TP 3n \fB+domain=somename\fR Set the search list to contain the single domain \fIsomename\fR, as if specified in a @@ -217,35 +222,35 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP +.TP 3n \fB+[no]search\fR Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP +.TP 3n \fB+[no]defname\fR Deprecated, treated as a synonym for \fI+[no]search\fR -.TP +.TP 3n \fB+[no]aaonly\fR Sets the "aa" flag in the query. -.TP +.TP 3n \fB+[no]aaflag\fR A synonym for \fI+[no]aaonly\fR. -.TP +.TP 3n \fB+[no]adflag\fR Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP +.TP 3n \fB+[no]cdflag\fR Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP +.TP 3n \fB+[no]cl\fR Display [do not display] the CLASS when printing the record. -.TP +.TP 3n \fB+[no]ttlid\fR Display [do not display] the TTL when printing the record. -.TP +.TP 3n \fB+[no]recurse\fR Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR @@ -254,74 +259,74 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP +.TP 3n \fB+[no]nssearch\fR When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP +.TP 3n \fB+[no]trace\fR Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP +.TP 3n \fB+[no]cmd\fR toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP +.TP 3n \fB+[no]short\fR Provide a terse answer. The default is to print the answer in a verbose form. -.TP +.TP 3n \fB+[no]identify\fR Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP +.TP 3n \fB+[no]comments\fR Toggle the display of comment lines in the output. The default is to print comments. -.TP +.TP 3n \fB+[no]stats\fR This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP +.TP 3n \fB+[no]qr\fR Print [do not print] the query as it is sent. By default, the query is not printed. -.TP +.TP 3n \fB+[no]question\fR Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP +.TP 3n \fB+[no]answer\fR Display [do not display] the answer section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]authority\fR Display [do not display] the authority section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]additional\fR Display [do not display] the additional section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]all\fR Set or clear all display flags. -.TP +.TP 3n \fB+time=T\fR Sets the timeout for a query to \fIT\fR seconds. The default time out is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP +.TP 3n \fB+tries=T\fR Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1. -.TP +.TP 3n \fB+retry=T\fR Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2. Unlike \fI+tries\fR, this does not include the initial query. -.TP +.TP 3n \fB+ndots=D\fR Set the number of dots that have to appear in \fIname\fR @@ -334,29 +339,29 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP +.TP 3n \fB+bufsize=B\fR Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP +.TP 3n \fB+[no]multiline\fR Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP +.TP 3n \fB+[no]fail\fR Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP +.TP 3n \fB+[no]besteffort\fR Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP +.TP 3n \fB+[no]dnssec\fR Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.TP +.TP 3n \fB+[no]sigchase\fR Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.TP +.TP 3n \fB+trusted\-key=####\fR Specifies a file containing trusted keys to be used with \fB+sigchase\fR. Each DNSKEY record must be on its own line. @@ -370,7 +375,7 @@ then in the current directory. .sp Requires dig be compiled with \-DDIG_SIGCHASE. -.TP +.TP 3n \fB+[no]topdown\fR When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. .SH "MULTIPLE QUERIES" @@ -389,9 +394,11 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp +.RS 3n .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi +.RE .sp shows how \fBdig\fR @@ -421,3 +428,5 @@ RFC1035. .SH "BUGS " .PP There are probably too many query options. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/dig.c b/contrib/bind9/bin/dig/dig.c index 52df6608..619e029 100644 --- a/contrib/bind9/bin/dig/dig.c +++ b/contrib/bind9/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.29 2005/10/14 01:38:40 marka Exp $ */ +/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */ #include #include @@ -1437,7 +1437,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, * Anything which isn't an option */ if (open_type_class) { - if (strncmp(rv[0], "ixfr=", 5) == 0) { + if (strncasecmp(rv[0], "ixfr=", 5) == 0) { rdtype = dns_rdatatype_ixfr; result = ISC_R_SUCCESS; } else { diff --git a/contrib/bind9/bin/dig/dig.html b/contrib/bind9/bin/dig/dig.html index 3425fb3..06771b3 100644 --- a/contrib/bind9/bin/dig/dig.html +++ b/contrib/bind9/bin/dig/dig.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dig - +
-
+

Name

dig — DNS lookup utility

@@ -34,7 +34,7 @@

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -69,7 +69,7 @@ are applied before the command line arguments.

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of dig looks like:

@@ -107,7 +107,7 @@ ANY, A, MX, SIG, etc.

-

OPTIONS

+

OPTIONS

The -b option sets the source IP address of the query to address. This must be a valid address on @@ -188,7 +188,7 @@ being used. In BIND, this is done by providing appropriate

-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -446,7 +446,7 @@ Requires dig be compiled with -DDIG_SIGCHASE.

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports specifying multiple queries on the command line (in addition to @@ -487,7 +487,7 @@ will not print the initial query when it looks up the NS records for

-

FILES

+

FILES

/etc/resolv.conf

@@ -496,7 +496,7 @@ will not print the initial query when it looks up the NS records for

-

SEE ALSO

+

SEE ALSO

host(1), named(8), @@ -505,7 +505,7 @@ will not print the initial query when it looks up the NS records for

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/contrib/bind9/bin/dig/dighost.c b/contrib/bind9/bin/dig/dighost.c index 6129fed..398711d 100644 --- a/contrib/bind9/bin/dig/dighost.c +++ b/contrib/bind9/bin/dig/dighost.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.31 2005/10/14 01:38:40 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -315,6 +315,9 @@ static void recv_done(isc_task_t *task, isc_event_t *event); static void +send_udp(dig_query_t *query); + +static void connect_timeout(isc_task_t *task, isc_event_t *event); static void @@ -945,9 +948,8 @@ setup_system(void) { if (lwresult != LWRES_R_SUCCESS) fatal("lwres_context_create failed"); - if (isc_file_exists(RESOLV_CONF)) - lwresult = lwres_conf_parse(lwctx, RESOLV_CONF); - if (lwresult != LWRES_R_SUCCESS) + lwresult = lwres_conf_parse(lwctx, RESOLV_CONF); + if (lwresult != LWRES_R_SUCCESS && lwresult != LWRES_R_NOTFOUND) fatal("parse of %s failed", RESOLV_CONF); lwconf = lwres_conf_get(lwctx); @@ -1194,7 +1196,10 @@ clear_query(dig_query_t *query) { isc_mempool_put(commctx, query->recvspace); isc_buffer_invalidate(&query->recvbuf); isc_buffer_invalidate(&query->lengthbuf); - isc_mem_free(mctx, query); + if (query->waiting_senddone) + query->pending_free = ISC_TRUE; + else + isc_mem_free(mctx, query); } /* @@ -1219,9 +1224,10 @@ try_clear_lookup(dig_lookup_t *lookup) { debug("query to %s still pending", q->servname); q = ISC_LIST_NEXT(q, link); } - return (ISC_FALSE); } + return (ISC_FALSE); } + /* * At this point, we know there are no queries on the lookup, * so can make it go away also. @@ -1254,7 +1260,6 @@ try_clear_lookup(dig_lookup_t *lookup) { return (ISC_TRUE); } - /* * If we can, start the next lookup in the queue running. * This assumes that the lookup on the head of the queue hasn't been @@ -1784,9 +1789,9 @@ setup_lookup(dig_lookup_t *lookup) { check_result(result, "dns_compress_init"); debug("starting to render the message"); - isc_buffer_init(&lookup->sendbuf, lookup->sendspace, COMMSIZE); + isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE); result = dns_message_renderbegin(lookup->sendmsg, &cctx, - &lookup->sendbuf); + &lookup->renderbuf); check_result(result, "dns_message_renderbegin"); if (lookup->udpsize > 0 || lookup->dnssec) { if (lookup->udpsize == 0) @@ -1809,7 +1814,7 @@ setup_lookup(dig_lookup_t *lookup) { /* * Force TCP mode if the request is larger than 512 bytes. */ - if (isc_buffer_usedlength(&lookup->sendbuf) > 512) + if (isc_buffer_usedlength(&lookup->renderbuf) > 512) lookup->tcp_mode = ISC_TRUE; lookup->pending = ISC_FALSE; @@ -1825,6 +1830,8 @@ setup_lookup(dig_lookup_t *lookup) { query, lookup); query->lookup = lookup; query->waiting_connect = ISC_FALSE; + query->waiting_senddone = ISC_FALSE; + query->pending_free = ISC_FALSE; query->recv_made = ISC_FALSE; query->first_pass = ISC_TRUE; query->first_soa_rcvd = ISC_FALSE; @@ -1848,6 +1855,7 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE); isc_buffer_init(&query->lengthbuf, query->lengthspace, 2); isc_buffer_init(&query->slbuf, query->slspace, 2); + query->sendbuf = lookup->renderbuf; ISC_LINK_INIT(query, link); ISC_LIST_ENQUEUE(lookup->q, query, link); @@ -1865,18 +1873,43 @@ setup_lookup(dig_lookup_t *lookup) { */ static void send_done(isc_task_t *_task, isc_event_t *event) { + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + isc_buffer_t *b = NULL; + dig_query_t *query, *next; + dig_lookup_t *l; + REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE); UNUSED(_task); LOCK_LOOKUP; - isc_event_free(&event); - debug("send_done()"); sendcount--; debug("sendcount=%d", sendcount); INSIST(sendcount >= 0); + + for (b = ISC_LIST_HEAD(sevent->bufferlist); + b != NULL; + b = ISC_LIST_HEAD(sevent->bufferlist)) + ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); + + query = event->ev_arg; + query->waiting_senddone = ISC_FALSE; + l = query->lookup; + + if (l->ns_search_only && !l->trace_root) { + debug("sending next, since searching"); + next = ISC_LIST_NEXT(query, link); + if (next != NULL) + send_udp(next); + } + + isc_event_free(&event); + + if (query->pending_free) + isc_mem_free(mctx, query); + check_if_done(); UNLOCK_LOOKUP; } @@ -2020,7 +2053,6 @@ send_tcp_connect(dig_query_t *query) { static void send_udp(dig_query_t *query) { dig_lookup_t *l = NULL; - dig_query_t *next; isc_result_t result; debug("send_udp(%p)", query); @@ -2062,27 +2094,16 @@ send_udp(dig_query_t *query) { debug("recvcount=%d", recvcount); } ISC_LIST_INIT(query->sendlist); - ISC_LINK_INIT(&l->sendbuf, link); - ISC_LIST_ENQUEUE(query->sendlist, &l->sendbuf, - link); + ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); debug("sending a request"); TIME_NOW(&query->time_sent); INSIST(query->sock != NULL); + query->waiting_senddone = ISC_TRUE; result = isc_socket_sendtov(query->sock, &query->sendlist, global_task, send_done, query, &query->sockaddr, NULL); check_result(result, "isc_socket_sendtov"); sendcount++; - /* - * If we're at the endgame of a nameserver search, we need to - * immediately bring up all the queries. Do it here. - */ - if (l->ns_search_only && !l->trace_root) { - debug("sending next, since searching"); - next = ISC_LIST_NEXT(query, link); - if (next != NULL) - send_udp(next); - } } /* @@ -2171,6 +2192,10 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { recvcount--; INSIST(recvcount >= 0); + b = ISC_LIST_HEAD(sevent->bufferlist); + INSIST(b == &query->lengthbuf); + ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); + if (sevent->result == ISC_R_CANCELED) { isc_event_free(&event); l = query->lookup; @@ -2196,8 +2221,6 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } - b = ISC_LIST_HEAD(sevent->bufferlist); - ISC_LIST_DEQUEUE(sevent->bufferlist, &query->lengthbuf, link); length = isc_buffer_getuint16(b); if (length == 0) { isc_event_free(&event); @@ -2254,16 +2277,12 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { isc_buffer_clear(&query->slbuf); isc_buffer_clear(&query->lengthbuf); - isc_buffer_putuint16(&query->slbuf, - (isc_uint16_t) query->lookup->sendbuf.used); + isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used); ISC_LIST_INIT(query->sendlist); ISC_LINK_INIT(&query->slbuf, link); ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link); - if (include_question) { - ISC_LINK_INIT(&query->lookup->sendbuf, link); - ISC_LIST_ENQUEUE(query->sendlist, &query->lookup->sendbuf, - link); - } + if (include_question) + ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); ISC_LINK_INIT(&query->lengthbuf, link); ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link); @@ -2275,6 +2294,7 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { if (!query->first_soa_rcvd) { debug("sending a request in launch_next_query"); TIME_NOW(&query->time_sent); + query->waiting_senddone = ISC_TRUE; result = isc_socket_sendv(query->sock, &query->sendlist, global_task, send_done, query); check_result(result, "isc_socket_sendv"); @@ -2558,6 +2578,10 @@ recv_done(isc_task_t *task, isc_event_t *event) { REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE); sevent = (isc_socketevent_t *)event; + b = ISC_LIST_HEAD(sevent->bufferlist); + INSIST(b == &query->recvbuf); + ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link); + if ((l->tcp_mode) && (l->timer != NULL)) isc_timer_touch(l->timer); if ((!l->pending && !l->ns_search_only) || cancel_now) { @@ -2591,9 +2615,6 @@ recv_done(isc_task_t *task, isc_event_t *event) { return; } - b = ISC_LIST_HEAD(sevent->bufferlist); - ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link); - if (!l->tcp_mode && !isc_sockaddr_equal(&sevent->address, &query->sockaddr)) { char buf1[ISC_SOCKADDR_FORMATSIZE]; diff --git a/contrib/bind9/bin/dig/host.1 b/contrib/bind9/bin/dig/host.1 index cf44a5c..3a0432c 100644 --- a/contrib/bind9/bin/dig/host.1 +++ b/contrib/bind9/bin/dig/host.1 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.7 2005/10/13 02:33:43 marka Exp $ +.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: host +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -183,3 +186,5 @@ will effectively wait forever for a reply. The time to wait for a response will .PP \fBdig\fR(1), \fBnamed\fR(8). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/host.c b/contrib/bind9/bin/dig/host.c index 468d53b..7d8ce9b 100644 --- a/contrib/bind9/bin/dig/host.c +++ b/contrib/bind9/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.76.2.5.2.13 2005/07/04 03:29:45 marka Exp $ */ +/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */ #include #include @@ -37,6 +37,7 @@ #include #include #include +#include #include @@ -45,6 +46,7 @@ static isc_boolean_t default_lookups = ISC_TRUE; static int seen_error = -1; static isc_boolean_t list_addresses = ISC_TRUE; static dns_rdatatype_t list_type = dns_rdatatype_a; +static isc_boolean_t printed_server = ISC_FALSE; static const char *opcodetext[] = { "QUERY", @@ -351,6 +353,32 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner, return (ISC_R_SUCCESS); } +static void +chase_cnamechain(dns_message_t *msg, dns_name_t *qname) { + isc_result_t result; + dns_rdataset_t *rdataset; + dns_rdata_cname_t cname; + dns_rdata_t rdata = DNS_RDATA_INIT; + unsigned int i = msg->counts[DNS_SECTION_ANSWER]; + + while (i-- > 0) { + rdataset = NULL; + result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname, + dns_rdatatype_cname, 0, NULL, + &rdataset); + if (result != ISC_R_SUCCESS) + return; + result = dns_rdataset_first(rdataset); + check_result(result, "dns_rdataset_first"); + dns_rdata_reset(&rdata); + dns_rdataset_current(rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &cname, NULL); + check_result(result, "dns_rdata_tostruct"); + dns_name_copy(&cname.cname, qname, NULL); + dns_rdata_freestruct(&cname); + } +} + isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { isc_boolean_t did_flag = ISC_FALSE; @@ -367,7 +395,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { */ force_error = (seen_error == 1) ? 1 : 0; seen_error = 1; - if (listed_server) { + if (listed_server && !printed_server) { char sockstr[ISC_SOCKADDR_FORMATSIZE]; printf("Using domain server:\n"); @@ -376,6 +404,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { sizeof(sockstr)); printf("Address: %s\n", sockstr); printf("Aliases: \n\n"); + printed_server = ISC_TRUE; } if (msg->rcode != 0) { @@ -389,10 +418,15 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) { char namestr[DNS_NAME_FORMATSIZE]; dig_lookup_t *lookup; + dns_fixedname_t fixed; + dns_name_t *name; /* Add AAAA and MX lookups. */ - - dns_name_format(query->lookup->name, namestr, sizeof(namestr)); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + dns_name_copy(query->lookup->name, name, NULL); + chase_cnamechain(msg, name); + dns_name_format(name, namestr, sizeof(namestr)); lookup = clone_lookup(query->lookup, ISC_FALSE); if (lookup != NULL) { strncpy(lookup->textname, namestr, diff --git a/contrib/bind9/bin/dig/host.html b/contrib/bind9/bin/dig/host.html index 7670868..4c16215 100644 --- a/contrib/bind9/bin/dig/host.html +++ b/contrib/bind9/bin/dig/host.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + host - +
-
+

Name

host — DNS lookup utility

@@ -32,7 +32,7 @@

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-4] [-6] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. @@ -155,13 +155,13 @@ value for an integer quantity.

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8). diff --git a/contrib/bind9/bin/dig/include/dig/dig.h b/contrib/bind9/bin/dig/include/dig/dig.h index 431d109..91dae5c 100644 --- a/contrib/bind9/bin/dig/include/dig/dig.h +++ b/contrib/bind9/bin/dig/include/dig/dig.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.71.2.6.2.11 2005/07/04 03:29:45 marka Exp $ */ +/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */ #ifndef DIG_H #define DIG_H @@ -146,7 +146,7 @@ isc_boolean_t sigchase; char onamespace[BUFSIZE]; isc_buffer_t namebuf; isc_buffer_t onamebuf; - isc_buffer_t sendbuf; + isc_buffer_t renderbuf; char *sendspace; dns_name_t *name; isc_timer_t *timer; @@ -173,6 +173,8 @@ isc_boolean_t sigchase; struct dig_query { dig_lookup_t *lookup; isc_boolean_t waiting_connect, + pending_free, + waiting_senddone, first_pass, first_soa_rcvd, second_rr_rcvd, @@ -198,6 +200,7 @@ struct dig_query { ISC_LINK(dig_query_t) link; isc_sockaddr_t sockaddr; isc_time_t time_sent; + isc_buffer_t sendbuf; }; struct dig_server { diff --git a/contrib/bind9/bin/dig/nslookup.1 b/contrib/bind9/bin/dig/nslookup.1 index 3de04ca..7b1d4d2 100644 --- a/contrib/bind9/bin/dig/nslookup.1 +++ b/contrib/bind9/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,14 +12,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $ +.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: nslookup +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -39,26 +42,28 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3 +.TP 3n 1. when no arguments are given (the default name server will be used) -.TP +.TP 3n 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. +.sp +.RE .PP Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi +.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP +.TP 3n host [server] Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP +.TP 3n \fBserver\fR \fIdomain\fR -.TP +.TP 3n \fBlserver\fR \fIdomain\fR Change the default server to \fIdomain\fR; @@ -67,107 +72,107 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP +.TP 3n \fBroot\fR not implemented -.TP +.TP 3n \fBfinger\fR not implemented -.TP +.TP 3n \fBls\fR not implemented -.TP +.TP 3n \fBview\fR not implemented -.TP +.TP 3n \fBhelp\fR not implemented -.TP +.TP 3n \fB?\fR not implemented -.TP +.TP 3n \fBexit\fR Exits the program. -.TP +.TP 3n \fBset\fR \fIkeyword\fR\fI[=value]\fR This command is used to change state information that affects the lookups. Valid keywords are: -.RS -.TP +.RS 3n +.TP 3n \fBall\fR Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP +.TP 3n \fBclass=\fR\fIvalue\fR Change the query class to one of: -.RS -.TP +.RS 3n +.TP 3n \fBIN\fR the Internet class -.TP +.TP 3n \fBCH\fR the Chaos class -.TP +.TP 3n \fBHS\fR the Hesiod class -.TP +.TP 3n \fBANY\fR wildcard .RE -.IP +.IP "" 3n The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBdebug\fR Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. .sp (Default = nodebug; abbreviation = [no]deb) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBd2\fR Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. .sp (Default = nod2) -.TP +.TP 3n \fBdomain=\fR\fIname\fR Sets the search list to \fIname\fR. -.TP +.TP 3n \fB\fI[no]\fR\fR\fBsearch\fR If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP +.TP 3n \fBport=\fR\fIvalue\fR Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP +.TP 3n \fBquerytype=\fR\fIvalue\fR -.TP +.TP 3n \fBtype=\fR\fIvalue\fR -Change the top of the information query. +Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBrecurse\fR Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP +.TP 3n \fBretry=\fR\fInumber\fR Set the number of retries to number. -.TP +.TP 3n \fBtimeout=\fR\fInumber\fR Change the initial timeout interval for waiting for a reply to number seconds. -.TP +.TP 3n \fB\fI[no]\fR\fR\fBvc\fR Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP +.IP "" 3n .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -179,3 +184,5 @@ Always use a virtual circuit when sending requests to the server. .SH "AUTHOR" .PP Andrew Cherenson +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/nslookup.c b/contrib/bind9/bin/dig/nslookup.c index ab9ed68..5ae64d0 100644 --- a/contrib/bind9/bin/dig/nslookup.c +++ b/contrib/bind9/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.90.2.4.2.10 2005/07/12 05:47:42 marka Exp $ */ +/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */ #include @@ -708,6 +708,7 @@ get_next_command(void) { if (buf == NULL) fatal("memory allocation failure"); fputs("> ", stderr); + fflush(stderr); isc_app_block(); ptr = fgets(buf, COMMSIZE, stdin); isc_app_unblock(); diff --git a/contrib/bind9/bin/dig/nslookup.docbook b/contrib/bind9/bin/dig/nslookup.docbook index 189fabe..741ad34 100644 --- a/contrib/bind9/bin/dig/nslookup.docbook +++ b/contrib/bind9/bin/dig/nslookup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + - + nslookup - +

-
+

Name

nslookup — query Internet name servers interactively

@@ -31,7 +31,7 @@

nslookup [-option] [name | -] [server]

-

DESCRIPTION

+

DESCRIPTION

Nslookup is a program to query Internet domain name servers. Nslookup @@ -43,7 +43,7 @@ domain.

-

ARGUMENTS

+

ARGUMENTS

Interactive mode is entered in the following cases:

@@ -75,7 +75,7 @@ nslookup -query=hinfo -timeout=10

-

INTERACTIVE COMMANDS

+

INTERACTIVE COMMANDS

host [server]
@@ -200,7 +200,7 @@ the lookups. Valid keywords are:
type=value

- Change the top of the information query. + Change the type of the information query.

(Default = A; abbreviations = q, ty) @@ -241,13 +241,13 @@ the lookups. Valid keywords are:

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), host(1), @@ -255,7 +255,7 @@ the lookups. Valid keywords are:

-

Author

+

Author

Andrew Cherenson

diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.8 b/contrib/bind9/bin/dnssec/dnssec-keygen.8 index 0f8f003..35bb0ef 100644 --- a/contrib/bind9/bin/dnssec/dnssec-keygen.8 +++ b/contrib/bind9/bin/dnssec/dnssec-keygen.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dnssec\-keygen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -36,7 +39,7 @@ dnssec\-keygen \- DNSSEC key generation tool \fBdnssec\-keygen\fR generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC . It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" -.TP +.TP 3n \-a \fIalgorithm\fR Selects the cryptographic algorithm. The value of \fBalgorithm\fR @@ -45,37 +48,37 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. .sp Note 2: HMAC\-MD5 and DH automatically set the \-k flag. -.TP +.TP 3n \-b \fIkeysize\fR Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. -.TP +.TP 3n \-n \fInametype\fR Specifies the owner type of the key. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. -.TP +.TP 3n \-c \fIclass\fR Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. -.TP +.TP 3n \-e If generating an RSAMD5/RSASHA1 key, use a large exponent. -.TP +.TP 3n \-f \fIflag\fR Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY. -.TP +.TP 3n \-g \fIgenerator\fR If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR. -.TP +.TP 3n \-k Generate KEY records rather than DNSKEY records. -.TP +.TP 3n \-p \fIprotocol\fR Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. -.TP +.TP 3n \-r \fIrandomdev\fR Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR @@ -84,15 +87,15 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-s \fIstrength\fR Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. -.TP +.TP 3n \-t \fItype\fR Indicates the use of the key. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. -.TP +.TP 3n \-v \fIlevel\fR Sets the debugging level. .SH "GENERATED KEYS" @@ -102,18 +105,20 @@ When completes successfully, it prints a string of the form \fIKnnnn.+aaa+iiiii\fR to the standard output. This is an identification string for the key it has generated. -.TP 3 +.TP 3n \(bu \fInnnn\fR is the key name. -.TP +.TP 3n \(bu \fIaaa\fR is the numeric representation of the algorithm. -.TP +.TP 3n \(bu \fIiiiii\fR is the key identifier (or footprint). +.sp +.RE .PP \fBdnssec\-keygen\fR creates two file, with names based on the printed string. @@ -162,3 +167,5 @@ RFC 2539. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.html b/contrib/bind9/bin/dnssec/dnssec-keygen.html index 00271fa..7a15099 100644 --- a/contrib/bind9/bin/dnssec/dnssec-keygen.html +++ b/contrib/bind9/bin/dnssec/dnssec-keygen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dnssec-keygen - +
-
+

Name

dnssec-keygen — DNSSEC key generation tool

@@ -32,7 +32,7 @@

dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate @@ -41,7 +41,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -144,7 +144,7 @@
-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, it prints a string of the form Knnnn.+aaa+iiiii @@ -187,7 +187,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -209,7 +209,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -219,7 +219,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.8 b/contrib/bind9/bin/dnssec/dnssec-signzone.8 index 63ffadb..734eca6 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.8 +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.10 2005/10/13 02:33:45 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dnssec\-signzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -38,49 +41,49 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version \fIkeyset\fR file for each child zone. .SH "OPTIONS" -.TP +.TP 3n \-a Verify all generated signatures. -.TP +.TP 3n \-c \fIclass\fR Specifies the DNS class of the zone. -.TP +.TP 3n \-k \fIkey\fR Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times. -.TP +.TP 3n \-l \fIdomain\fR Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records. -.TP +.TP 3n \-d \fIdirectory\fR Look for \fIkeyset\fR files in \fBdirectory\fR as the directory -.TP +.TP 3n \-g Generate DS records for child zones from keyset files. Existing DS records will be removed. -.TP +.TP 3n \-s \fIstart\-time\fR Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used. -.TP +.TP 3n \-e \fIend\-time\fR Specify the date and time when the generated RRSIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP +.TP 3n \-f \fIoutput\-file\fR The name of the output file containing the signed zone. The default is to append \fI.signed\fR to the input file. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. -.TP +.TP 3n \-i \fIinterval\fR When a previously signed zone is passed as input, records may be resigned. The \fBinterval\fR @@ -93,16 +96,16 @@ or are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced. -.TP +.TP 3n \-n \fIncpus\fR Specifies the number of threads to use. By default, one thread is started for each detected CPU. -.TP +.TP 3n \-o \fIorigin\fR The zone origin. If not specified, the name of the zone file is assumed to be the origin. -.TP +.TP 3n \-p Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP +.TP 3n \-r \fIrandomdev\fR Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR @@ -111,19 +114,19 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-t Print statistics at completion. -.TP +.TP 3n \-v \fIlevel\fR Sets the debugging level. -.TP +.TP 3n \-z Ignore KSK flag on key when determining what to sign. -.TP +.TP 3n zonefile The file containing the zone to be signed. -.TP +.TP 3n key The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. .SH "EXAMPLE" @@ -155,3 +158,5 @@ RFC 2535. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.c b/contrib/bind9/bin/dnssec/dnssec-signzone.c index 93caf49..4ac840d 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.c +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.21 2005/10/14 01:38:41 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */ #include @@ -1292,10 +1292,6 @@ nsecify(void) { result = dns_dbiterator_next(dbiter); continue; } - if (result != ISC_R_SUCCESS) { - dns_db_detachnode(gdb, &nextnode); - break; - } if (!dns_name_issubdomain(nextname, gorigin) || (zonecut != NULL && dns_name_issubdomain(nextname, zonecut))) diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.html b/contrib/bind9/bin/dnssec/dnssec-signzone.html index 5cc8c07..bd92631 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.html +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dnssec-signzone - +
-
+

Name

dnssec-signzone — DNSSEC zone signing tool

@@ -32,7 +32,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-n nthreads] [-o origin] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -179,7 +179,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated in the dnssec-keygen @@ -203,7 +203,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, @@ -211,7 +211,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/aclconf.c b/contrib/bind9/bin/named/aclconf.c index 8b6d0c7..102a891 100644 --- a/contrib/bind9/bin/named/aclconf.c +++ b/contrib/bind9/bin/named/aclconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */ +/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */ #include @@ -54,10 +54,10 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) { * Find the definition of the named acl whose name is "name". */ static isc_result_t -get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { +get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { isc_result_t result; - cfg_obj_t *acls = NULL; - cfg_listelt_t *elt; + const cfg_obj_t *acls = NULL; + const cfg_listelt_t *elt; result = cfg_map_get(cctx, "acl", &acls); if (result != ISC_R_SUCCESS) @@ -65,7 +65,7 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { for (elt = cfg_list_first(acls); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *acl = cfg_listelt_value(elt); + const cfg_obj_t *acl = cfg_listelt_value(elt); const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); if (strcasecmp(aclname, name) == 0) { *ret = cfg_tuple_get(acl, "value"); @@ -76,15 +76,15 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { } static isc_result_t -convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, +convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target) { isc_result_t result; - cfg_obj_t *cacl = NULL; + const cfg_obj_t *cacl = NULL; dns_acl_t *dacl; dns_acl_t loop; - char *aclname = cfg_obj_asstring(nameobj); + const char *aclname = cfg_obj_asstring(nameobj); /* Look for an already-converted version. */ for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); @@ -113,7 +113,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, */ memset(&loop, 0, sizeof(loop)); ISC_LINK_INIT(&loop, nextincache); - loop.name = aclname; + DE_CONST(aclname, loop.name); loop.magic = LOOP_MAGIC; ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache); result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl); @@ -131,7 +131,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, } static isc_result_t -convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { +convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { isc_result_t result; isc_buffer_t buf; dns_fixedname_t fixname; @@ -154,8 +154,8 @@ convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { } isc_result_t -ns_acl_fromconfig(cfg_obj_t *caml, - cfg_obj_t *cctx, +ns_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target) @@ -164,7 +164,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, unsigned int count; dns_acl_t *dacl = NULL; dns_aclelement_t *de; - cfg_listelt_t *elt; + const cfg_listelt_t *elt; REQUIRE(target != NULL && *target == NULL); @@ -183,7 +183,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *ce = cfg_listelt_value(elt); + const cfg_obj_t *ce = cfg_listelt_value(elt); if (cfg_obj_istuple(ce)) { /* This must be a negated element. */ ce = cfg_tuple_get(ce, "value"); @@ -215,7 +215,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, goto cleanup; } else if (cfg_obj_isstring(ce)) { /* ACL name */ - char *name = cfg_obj_asstring(ce); + const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0) { de->type = dns_aclelementtype_localhost; } else if (strcasecmp(name, "localnets") == 0) { diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c index baecc23..b0ce793 100644 --- a/contrib/bind9/bin/named/client.c +++ b/contrib/bind9/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.26 2005/07/27 02:53:14 marka Exp $ */ +/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */ #include @@ -164,6 +164,12 @@ struct ns_clientmgr { * Must be greater than any valid state. */ +/* + * Enable ns_client_dropport() by default. + */ +#ifndef NS_CLIENT_DROPPORT +#define NS_CLIENT_DROPPORT 1 +#endif static void client_read(ns_client_t *client); static void client_accept(ns_client_t *client); @@ -285,8 +291,17 @@ exit_check(ns_client_t *client) { } /* * I/O cancel is complete. Burn down all state - * related to the current request. + * related to the current request. Ensure that + * the client is on the active list and not the + * recursing list. */ + LOCK(&client->manager->lock); + if (client->list == &client->manager->recursing) { + ISC_LIST_UNLINK(*client->list, client, link); + ISC_LIST_APPEND(client->manager->active, client, link); + client->list = &client->manager->active; + } + UNLOCK(&client->manager->lock); ns_client_endrequest(client); client->state = NS_CLIENTSTATE_READING; @@ -972,6 +987,34 @@ ns_client_send(ns_client_t *client) { ns_client_next(client, result); } +#if NS_CLIENT_DROPPORT +#define DROPPORT_NO 0 +#define DROPPORT_REQUEST 1 +#define DROPPORT_RESPONSE 2 +/*% + * ns_client_dropport determines if certain requests / responses + * should be dropped based on the port number. + * + * Returns: + * \li 0: Don't drop. + * \li 1: Drop request. + * \li 2: Drop (error) response. + */ +static int +ns_client_dropport(in_port_t port) { + switch (port) { + case 7: /* echo */ + case 13: /* daytime */ + case 19: /* chargen */ + case 37: /* time */ + return (DROPPORT_REQUEST); + case 464: /* kpasswd */ + return (DROPPORT_RESPONSE); + } + return (DROPPORT_NO); +} +#endif + void ns_client_error(ns_client_t *client, isc_result_t result) { dns_rcode_t rcode; @@ -984,6 +1027,28 @@ ns_client_error(ns_client_t *client, isc_result_t result) { message = client->message; rcode = dns_result_torcode(result); +#if NS_CLIENT_DROPPORT + /* + * Don't send FORMERR to ports on the drop port list. + */ + if (rcode == dns_rcode_formerr && + ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) != + DROPPORT_NO) { + char buf[64]; + isc_buffer_t b; + + isc_buffer_init(&b, buf, sizeof(buf) - 1); + if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS) + isc_buffer_putstr(&b, "UNKNOWN RCODE"); + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10), + "dropped error (%.*s) response: suspicious port", + (int)isc_buffer_usedlength(&b), buf); + ns_client_next(client, ISC_R_SUCCESS); + return; + } +#endif + /* * Message may be an in-progress reply that we had trouble * with, in which case QR will be set. We need to clear QR before @@ -1208,6 +1273,17 @@ client_request(isc_task_t *task, isc_event_t *event) { isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); +#if NS_CLIENT_DROPPORT + if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) == + DROPPORT_REQUEST) { + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10), + "dropped request: suspicious port"); + ns_client_next(client, ISC_R_SUCCESS); + goto cleanup; + } +#endif + ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "%s request", @@ -1242,6 +1318,7 @@ client_request(isc_task_t *task, isc_event_t *event) { NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2), "dropping multicast request"); ns_client_next(client, DNS_R_REFUSED); + goto cleanup; } result = dns_message_peekheader(buffer, &id, &flags); @@ -1532,12 +1609,15 @@ client_request(isc_task_t *task, isc_event_t *event) { * Decide whether recursive service is available to this client. * We do this here rather than in the query code so that we can * set the RA bit correctly on all kinds of responses, not just - * responses to ordinary queries. + * responses to ordinary queries. Note if you can't query the + * cache there is no point in setting RA. */ ra = ISC_FALSE; if (client->view->resolver != NULL && client->view->recursion == ISC_TRUE && ns_client_checkaclsilent(client, client->view->recursionacl, + ISC_TRUE) == ISC_R_SUCCESS && + ns_client_checkaclsilent(client, client->view->queryacl, ISC_TRUE) == ISC_R_SUCCESS) ra = ISC_TRUE; @@ -2364,3 +2444,20 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { } UNLOCK(&manager->lock); } + +void +ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) { + + if (client->manager != NULL) + LOCK(&client->manager->lock); + if (client->query.restarts > 0) { + /* + * client->query.qname was dynamically allocated. + */ + dns_message_puttempname(client->message, + &client->query.qname); + } + client->query.qname = name; + if (client->manager != NULL) + UNLOCK(&client->manager->lock); +} diff --git a/contrib/bind9/bin/named/config.c b/contrib/bind9/bin/named/config.c index 99e5ffa..7b5b99e 100644 --- a/contrib/bind9/bin/named/config.c +++ b/contrib/bind9/bin/named/config.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.11.2.4.8.29 2004/10/05 02:52:26 marka Exp $ */ +/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */ #include @@ -196,7 +196,7 @@ ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) { } isc_result_t -ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) { +ns_config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { int i; for (i = 0;; i++) { @@ -208,11 +208,13 @@ ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) { } isc_result_t -ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) { - cfg_listelt_t *element; - cfg_obj_t *checknames; - cfg_obj_t *type; - cfg_obj_t *value; +ns_checknames_get(const cfg_obj_t **maps, const char *which, + const cfg_obj_t **obj) +{ + const cfg_listelt_t *element; + const cfg_obj_t *checknames; + const cfg_obj_t *type; + const cfg_obj_t *value; int i; for (i = 0;; i++) { @@ -243,8 +245,8 @@ ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) { } int -ns_config_listcount(cfg_obj_t *list) { - cfg_listelt_t *e; +ns_config_listcount(const cfg_obj_t *list) { + const cfg_listelt_t *e; int i = 0; for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e)) @@ -254,9 +256,9 @@ ns_config_listcount(cfg_obj_t *list) { } isc_result_t -ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, +ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, dns_rdataclass_t *classp) { - char *str; + const char *str; isc_textregion_t r; isc_result_t result; @@ -265,7 +267,7 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, return (ISC_R_SUCCESS); } str = cfg_obj_asstring(classobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdataclass_fromtext(classp, &r); if (result != ISC_R_SUCCESS) @@ -275,9 +277,9 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, } isc_result_t -ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, +ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, dns_rdatatype_t *typep) { - char *str; + const char *str; isc_textregion_t r; isc_result_t result; @@ -286,7 +288,7 @@ ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, return (ISC_R_SUCCESS); } str = cfg_obj_asstring(typeobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdatatype_fromtext(typep, &r); if (result != ISC_R_SUCCESS) @@ -296,9 +298,9 @@ ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, } dns_zonetype_t -ns_config_getzonetype(cfg_obj_t *zonetypeobj) { +ns_config_getzonetype(const cfg_obj_t *zonetypeobj) { dns_zonetype_t ztype = dns_zone_none; - char *str; + const char *str; str = cfg_obj_asstring(zonetypeobj); if (strcasecmp(str, "master") == 0) @@ -313,14 +315,14 @@ ns_config_getzonetype(cfg_obj_t *zonetypeobj) { } isc_result_t -ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list, +ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list, in_port_t defport, isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t *countp) { int count, i = 0; - cfg_obj_t *addrlist; - cfg_obj_t *portobj; - cfg_listelt_t *element; + const cfg_obj_t *addrlist; + const cfg_obj_t *portobj; + const cfg_listelt_t *element; isc_sockaddr_t *addrs; in_port_t port; isc_result_t result; @@ -380,10 +382,12 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } static isc_result_t -get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { +get_masters_def(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret) +{ isc_result_t result; - cfg_obj_t *masters = NULL; - cfg_listelt_t *elt; + const cfg_obj_t *masters = NULL; + const cfg_listelt_t *elt; result = cfg_map_get(cctx, "masters", &masters); if (result != ISC_R_SUCCESS) @@ -391,7 +395,7 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { for (elt = cfg_list_first(masters); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *list; + const cfg_obj_t *list; const char *listname; list = cfg_listelt_value(elt); @@ -406,24 +410,24 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { } isc_result_t -ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, - isc_sockaddr_t **addrsp, dns_name_t ***keysp, - isc_uint32_t *countp) +ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, + isc_mem_t *mctx, isc_sockaddr_t **addrsp, + dns_name_t ***keysp, isc_uint32_t *countp) { isc_uint32_t addrcount = 0, keycount = 0, i = 0; isc_uint32_t listcount = 0, l = 0, j; isc_uint32_t stackcount = 0, pushed = 0; isc_result_t result; - cfg_listelt_t *element; - cfg_obj_t *addrlist; - cfg_obj_t *portobj; + const cfg_listelt_t *element; + const cfg_obj_t *addrlist; + const cfg_obj_t *portobj; in_port_t port; dns_fixedname_t fname; isc_sockaddr_t *addrs = NULL; dns_name_t **keys = NULL; - char **lists = NULL; + const char **lists = NULL; struct { - cfg_listelt_t *element; + const cfg_listelt_t *element; in_port_t port; } *stack = NULL; @@ -439,13 +443,14 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (val > ISC_UINT16_MAX) { cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR, "port '%u' out of range", val); - return (ISC_R_RANGE); + result = ISC_R_RANGE; + goto cleanup; } port = (in_port_t) val; } else { result = ns_config_getport(config, &port); if (result != ISC_R_SUCCESS) - return (result); + goto cleanup; } result = ISC_R_NOMEMORY; @@ -456,9 +461,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *addr; - cfg_obj_t *key; - char *keystr; + const cfg_obj_t *addr; + const cfg_obj_t *key; + const char *keystr; isc_buffer_t b; addr = cfg_tuple_get(cfg_listelt_value(element), @@ -466,7 +471,7 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, key = cfg_tuple_get(cfg_listelt_value(element), "key"); if (!cfg_obj_issockaddr(addr)) { - char *listname = cfg_obj_asstring(addr); + const char *listname = cfg_obj_asstring(addr); isc_result_t tresult; /* Grow lists? */ @@ -606,9 +611,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (new == NULL) goto cleanup; memcpy(new, addrs, newsize); - isc_mem_put(mctx, addrs, oldsize); } else new = NULL; + isc_mem_put(mctx, addrs, oldsize); addrs = new; addrcount = i; @@ -619,9 +624,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (new == NULL) goto cleanup; memcpy(new, keys, newsize); - isc_mem_put(mctx, keys, oldsize); } else new = NULL; + isc_mem_put(mctx, keys, oldsize); keys = new; keycount = i; } @@ -682,10 +687,10 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } isc_result_t -ns_config_getport(cfg_obj_t *config, in_port_t *portp) { - cfg_obj_t *maps[3]; - cfg_obj_t *options = NULL; - cfg_obj_t *portobj = NULL; +ns_config_getport(const cfg_obj_t *config, in_port_t *portp) { + const cfg_obj_t *maps[3]; + const cfg_obj_t *options = NULL; + const cfg_obj_t *portobj = NULL; isc_result_t result; int i; diff --git a/contrib/bind9/bin/named/controlconf.c b/contrib/bind9/bin/named/controlconf.c index 5b87fb9..b6bcc16 100644 --- a/contrib/bind9/bin/named/controlconf.c +++ b/contrib/bind9/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.9.2.6 2004/03/08 09:04:14 marka Exp $ */ +/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */ #include @@ -356,6 +356,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { { ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); + if (secret.rstart != NULL) + isc_mem_put(listener->mctx, secret.rstart, + REGION_SIZE(secret)); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; @@ -371,8 +374,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { */ if (request != NULL) isccc_sexpr_free(&request); - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); } else { log_invalid(&conn->ccmsg, result); goto cleanup; @@ -649,10 +650,12 @@ ns_controls_shutdown(ns_controls_t *controls) { } static isc_result_t -cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) { - cfg_listelt_t *element; +cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, + const cfg_obj_t **objp) +{ + const cfg_listelt_t *element; const char *str; - cfg_obj_t *obj; + const cfg_obj_t *obj; for (element = cfg_list_first(keylist); element != NULL; @@ -671,13 +674,13 @@ cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) { } static isc_result_t -controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx, +controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, controlkeylist_t *keyids) { - cfg_listelt_t *element; + const cfg_listelt_t *element; char *newstr = NULL; const char *str; - cfg_obj_t *obj; + const cfg_obj_t *obj; controlkey_t *key = NULL; for (element = cfg_list_first(keylist); @@ -712,11 +715,11 @@ controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx, } static void -register_keys(cfg_obj_t *control, cfg_obj_t *keylist, +register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) { controlkey_t *keyid, *next; - cfg_obj_t *keydef; + const cfg_obj_t *keydef; char secret[1024]; isc_buffer_t b; isc_result_t result; @@ -736,10 +739,10 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist, ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); } else { - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; - char *algstr = NULL; - char *secretstr = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; + const char *algstr = NULL; + const char *secretstr = NULL; (void)cfg_map_get(keydef, "algorithm", &algobj); (void)cfg_map_get(keydef, "secret", &secretobj); @@ -805,11 +808,11 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; cfg_parser_t *pctx = NULL; cfg_obj_t *config = NULL; - cfg_obj_t *key = NULL; - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; - char *algstr = NULL; - char *secretstr = NULL; + const cfg_obj_t *key = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; + const char *algstr = NULL; + const char *secretstr = NULL; controlkey_t *keyid = NULL; char secret[1024]; isc_buffer_t b; @@ -888,12 +891,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { * valid or both are NULL. */ static void -get_key_info(cfg_obj_t *config, cfg_obj_t *control, - cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp) +get_key_info(const cfg_obj_t *config, const cfg_obj_t *control, + const cfg_obj_t **global_keylistp, + const cfg_obj_t **control_keylistp) { isc_result_t result; - cfg_obj_t *control_keylist = NULL; - cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *global_keylist = NULL; REQUIRE(global_keylistp != NULL && *global_keylistp == NULL); REQUIRE(control_keylistp != NULL && *control_keylistp == NULL); @@ -912,15 +916,15 @@ get_key_info(cfg_obj_t *config, cfg_obj_t *control, } static void -update_listener(ns_controls_t *cp, - controllistener_t **listenerp, cfg_obj_t *control, - cfg_obj_t *config, isc_sockaddr_t *addr, - ns_aclconfctx_t *aclconfctx, const char *socktext) +update_listener(ns_controls_t *cp, controllistener_t **listenerp, + const cfg_obj_t *control, const cfg_obj_t *config, + isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, + const char *socktext) { controllistener_t *listener; - cfg_obj_t *allow; - cfg_obj_t *global_keylist = NULL; - cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *allow; + const cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; dns_acl_t *new_acl = NULL; controlkeylist_t keys; isc_result_t result = ISC_R_SUCCESS; @@ -977,18 +981,25 @@ update_listener(ns_controls_t *cp, result = get_rndckey(listener->mctx, &listener->keys); } - if (result != ISC_R_SUCCESS && global_keylist != NULL) + if (result != ISC_R_SUCCESS && global_keylist != NULL) { /* * This message might be a little misleading since the * "new keys" might in fact be identical to the old ones, * but tracking whether they are identical just for the * sake of avoiding this message would be too much trouble. */ - cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, - "couldn't install new keys for " - "command channel %s: %s", - socktext, isc_result_totext(result)); - + if (control != NULL) + cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, + "couldn't install new keys for " + "command channel %s: %s", + socktext, isc_result_totext(result)); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, + "couldn't install new keys for " + "command channel %s: %s", + socktext, isc_result_totext(result)); + } /* * Now, keep the old access list unless a new one can be made. @@ -1005,26 +1016,33 @@ update_listener(ns_controls_t *cp, dns_acl_detach(&listener->acl); dns_acl_attach(new_acl, &listener->acl); dns_acl_detach(&new_acl); - } else /* XXXDCL say the old acl is still used? */ + } else if (control != NULL) cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, "couldn't install new acl for " "command channel %s: %s", socktext, isc_result_totext(result)); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, + "couldn't install new acl for " + "command channel %s: %s", + socktext, isc_result_totext(result)); *listenerp = listener; } static void add_listener(ns_controls_t *cp, controllistener_t **listenerp, - cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr, - ns_aclconfctx_t *aclconfctx, const char *socktext) + const cfg_obj_t *control, const cfg_obj_t *config, + isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, + const char *socktext) { isc_mem_t *mctx = cp->server->mctx; controllistener_t *listener; - cfg_obj_t *allow; - cfg_obj_t *global_keylist = NULL; - cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *allow; + const cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; dns_acl_t *new_acl = NULL; isc_result_t result = ISC_R_SUCCESS; @@ -1135,13 +1153,13 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, } isc_result_t -ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, +ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, ns_aclconfctx_t *aclconfctx) { controllistener_t *listener; controllistenerlist_t new_listeners; - cfg_obj_t *controlslist = NULL; - cfg_listelt_t *element, *element2; + const cfg_obj_t *controlslist = NULL; + const cfg_listelt_t *element, *element2; char socktext[ISC_SOCKADDR_FORMATSIZE]; ISC_LIST_INIT(new_listeners); @@ -1163,8 +1181,8 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, for (element = cfg_list_first(controlslist); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *controls; - cfg_obj_t *inetcontrols = NULL; + const cfg_obj_t *controls; + const cfg_obj_t *inetcontrols = NULL; controls = cfg_listelt_value(element); (void)cfg_map_get(controls, "inet", &inetcontrols); @@ -1174,9 +1192,9 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, for (element2 = cfg_list_first(inetcontrols); element2 != NULL; element2 = cfg_list_next(element2)) { - cfg_obj_t *control; - cfg_obj_t *obj; - isc_sockaddr_t *addr; + const cfg_obj_t *control; + const cfg_obj_t *obj; + isc_sockaddr_t addr; /* * The parser handles BIND 8 configuration file @@ -1189,12 +1207,12 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, control = cfg_listelt_value(element2); obj = cfg_tuple_get(control, "address"); - addr = cfg_obj_assockaddr(obj); - if (isc_sockaddr_getport(addr) == 0) - isc_sockaddr_setport(addr, + addr = *cfg_obj_assockaddr(obj); + if (isc_sockaddr_getport(&addr) == 0) + isc_sockaddr_setport(&addr, NS_CONTROL_PORT); - isc_sockaddr_format(addr, socktext, + isc_sockaddr_format(&addr, socktext, sizeof(socktext)); isc_log_write(ns_g_lctx, @@ -1205,7 +1223,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, socktext); update_listener(cp, &listener, control, config, - addr, aclconfctx, socktext); + &addr, aclconfctx, socktext); if (listener != NULL) /* @@ -1219,7 +1237,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, * This is a new listener. */ add_listener(cp, &listener, control, - config, addr, aclconfctx, + config, &addr, aclconfctx, socktext); if (listener != NULL) diff --git a/contrib/bind9/bin/named/include/named/aclconf.h b/contrib/bind9/bin/named/include/named/aclconf.h index 8126572..a5b333a 100644 --- a/contrib/bind9/bin/named/include/named/aclconf.h +++ b/contrib/bind9/bin/named/include/named/aclconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.h,v 1.12.208.1 2004/03/06 10:21:23 marka Exp $ */ +/* $Id: aclconf.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_ACLCONF_H #define NS_ACLCONF_H 1 @@ -49,8 +49,8 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx); */ isc_result_t -ns_acl_fromconfig(cfg_obj_t *caml, - cfg_obj_t *cctx, +ns_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target); diff --git a/contrib/bind9/bin/named/include/named/client.h b/contrib/bind9/bin/named/include/named/client.h index 7097a3b..f602be8 100644 --- a/contrib/bind9/bin/named/include/named/client.h +++ b/contrib/bind9/bin/named/include/named/client.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */ +/* $Id: client.h,v 1.60.2.2.10.12 2006/06/06 00:11:40 marka Exp $ */ #ifndef NAMED_CLIENT_H #define NAMED_CLIENT_H 1 @@ -198,6 +198,12 @@ ns_client_next(ns_client_t *client, isc_result_t result); * return no response to the client. */ +void +ns_client_qnamereplace(ns_client_t *client, dns_name_t *name); +/*% + * Replace the qname. + */ + isc_boolean_t ns_client_shuttingdown(ns_client_t *client); /* diff --git a/contrib/bind9/bin/named/include/named/config.h b/contrib/bind9/bin/named/include/named/config.h index b3b4f12..8e5b94a 100644 --- a/contrib/bind9/bin/named/include/named/config.h +++ b/contrib/bind9/bin/named/include/named/config.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h,v 1.4.12.4 2004/04/20 14:12:10 marka Exp $ */ +/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_CONFIG_H #define NAMED_CONFIG_H 1 @@ -29,27 +29,28 @@ isc_result_t ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf); isc_result_t -ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj); +ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj); isc_result_t -ns_checknames_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj); +ns_checknames_get(const cfg_obj_t **maps, const char* name, + const cfg_obj_t **obj); int -ns_config_listcount(cfg_obj_t *list); +ns_config_listcount(const cfg_obj_t *list); isc_result_t -ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, +ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, dns_rdataclass_t *classp); isc_result_t -ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, +ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, dns_rdatatype_t *typep); dns_zonetype_t -ns_config_getzonetype(cfg_obj_t *zonetypeobj); +ns_config_getzonetype(const cfg_obj_t *zonetypeobj); isc_result_t -ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list, +ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list, in_port_t defport, isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t *countp); @@ -58,16 +59,16 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t count); isc_result_t -ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, - isc_sockaddr_t **addrsp, dns_name_t ***keys, - isc_uint32_t *countp); +ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, + isc_mem_t *mctx, isc_sockaddr_t **addrsp, + dns_name_t ***keys, isc_uint32_t *countp); void ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, dns_name_t ***keys, isc_uint32_t count); isc_result_t -ns_config_getport(cfg_obj_t *config, in_port_t *portp); +ns_config_getport(const cfg_obj_t *config, in_port_t *portp); isc_result_t ns_config_getkeyalgorithm(const char *str, dns_name_t **name); diff --git a/contrib/bind9/bin/named/include/named/control.h b/contrib/bind9/bin/named/include/named/control.h index bbb7d36..bdb706e 100644 --- a/contrib/bind9/bin/named/include/named/control.h +++ b/contrib/bind9/bin/named/include/named/control.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.h,v 1.6.2.2.2.7 2004/09/03 03:43:32 marka Exp $ */ +/* $Id: control.h,v 1.6.2.2.2.9 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_CONTROL_H #define NAMED_CONTROL_H 1 @@ -67,7 +67,7 @@ ns_controls_destroy(ns_controls_t **ctrlsp); */ isc_result_t -ns_controls_configure(ns_controls_t *controls, cfg_obj_t *config, +ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config, ns_aclconfctx_t *aclconfctx); /* * Configure zero or more command channels into 'controls' diff --git a/contrib/bind9/bin/named/include/named/globals.h b/contrib/bind9/bin/named/include/named/globals.h index 2cc8548..b8137e8 100644 --- a/contrib/bind9/bin/named/include/named/globals.h +++ b/contrib/bind9/bin/named/include/named/globals.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.59.68.5 2004/03/08 04:04:20 marka Exp $ */ +/* $Id: globals.h,v 1.59.68.7 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -75,7 +75,7 @@ EXTERN unsigned int ns_g_debuglevel INIT(0); * Current configuration information. */ EXTERN cfg_obj_t * ns_g_config INIT(NULL); -EXTERN cfg_obj_t * ns_g_defaults INIT(NULL); +EXTERN const cfg_obj_t * ns_g_defaults INIT(NULL); EXTERN const char * ns_g_conffile INIT(NS_SYSCONFDIR "/named.conf"); EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR diff --git a/contrib/bind9/bin/named/include/named/logconf.h b/contrib/bind9/bin/named/include/named/logconf.h index a6f7450..b92ad31 100644 --- a/contrib/bind9/bin/named/include/named/logconf.h +++ b/contrib/bind9/bin/named/include/named/logconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */ +/* $Id: logconf.h,v 1.10.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_LOGCONF_H #define NAMED_LOGCONF_H 1 @@ -23,7 +23,7 @@ #include isc_result_t -ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt); +ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt); /* * Set up the logging configuration in '*logconf' according to * the named.conf data in 'logstmt'. diff --git a/contrib/bind9/bin/named/include/named/lwresd.h b/contrib/bind9/bin/named/include/named/lwresd.h index 7ba857c..2aa1d55 100644 --- a/contrib/bind9/bin/named/include/named/lwresd.h +++ b/contrib/bind9/bin/named/include/named/lwresd.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.h,v 1.12.208.1 2004/03/06 10:21:25 marka Exp $ */ +/* $Id: lwresd.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_LWRESD_H #define NAMED_LWRESD_H 1 @@ -56,7 +56,7 @@ struct ns_lwreslistener { * Configure lwresd. */ isc_result_t -ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config); +ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config); isc_result_t ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, @@ -72,7 +72,8 @@ ns_lwresd_shutdown(void); * Manager functions */ isc_result_t -ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwresd_t **lwresdp); +ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, + ns_lwresd_t **lwresdp); void ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp); diff --git a/contrib/bind9/bin/named/include/named/server.h b/contrib/bind9/bin/named/include/named/server.h index 97eb2ef..37526c0 100644 --- a/contrib/bind9/bin/named/include/named/server.h +++ b/contrib/bind9/bin/named/include/named/server.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.58.2.1.10.11 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: server.h,v 1.58.2.1.10.13 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 @@ -208,6 +208,6 @@ ns_server_dumprecursing(ns_server_t *server); * Maintain a list of dispatches that require reserved ports. */ void -ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr); +ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr); #endif /* NAMED_SERVER_H */ diff --git a/contrib/bind9/bin/named/include/named/sortlist.h b/contrib/bind9/bin/named/include/named/sortlist.h index 88a1493..9966686 100644 --- a/contrib/bind9/bin/named/include/named/sortlist.h +++ b/contrib/bind9/bin/named/include/named/sortlist.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.h,v 1.4.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: sortlist.h,v 1.4.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_SORTLIST_H #define NAMED_SORTLIST_H 1 @@ -28,7 +28,7 @@ * Type for callback functions that rank addresses. */ typedef int -(*dns_addressorderfunc_t)(isc_netaddr_t *address, void *arg); +(*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg); /* * Return value type for setup_sortlist. @@ -40,7 +40,8 @@ typedef enum { } ns_sortlisttype_t; ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp); +ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, + const void **argp); /* * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * @@ -55,14 +56,14 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp); */ int -ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg); +ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg); /* * Find the sort order of 'addr' in 'arg', the matching element * of a 1-element top-level sortlist statement. */ int -ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg); +ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg); /* * Find the sort order of 'addr' in 'arg', a topology-like * ACL forming the second element in a 2-element top-level @@ -72,7 +73,7 @@ ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg); void ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr, dns_addressorderfunc_t *orderp, - void **argp); + const void **argp); /* * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * If a sortlist statement applies, return in '*orderp' a pointer to a function diff --git a/contrib/bind9/bin/named/include/named/tkeyconf.h b/contrib/bind9/bin/named/include/named/tkeyconf.h index e3710ea..ac72f3e 100644 --- a/contrib/bind9/bin/named/include/named/tkeyconf.h +++ b/contrib/bind9/bin/named/include/named/tkeyconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: tkeyconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_TKEYCONF_H #define NS_TKEYCONF_H 1 @@ -28,8 +28,8 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx, - dns_tkeyctx_t **tctxp); +ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, + isc_entropy_t *ectx, dns_tkeyctx_t **tctxp); /* * Create a TKEY context and configure it, including the default DH key * and default domain, according to 'options'. diff --git a/contrib/bind9/bin/named/include/named/tsigconf.h b/contrib/bind9/bin/named/include/named/tsigconf.h index ef4161d..fcb415e 100644 --- a/contrib/bind9/bin/named/include/named/tsigconf.h +++ b/contrib/bind9/bin/named/include/named/tsigconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: tsigconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_TSIGCONF_H #define NS_TSIGCONF_H 1 @@ -26,7 +26,7 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig, +ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_tsig_keyring_t **ringp); /* * Create a TSIG key ring and configure it according to the 'key' diff --git a/contrib/bind9/bin/named/include/named/zoneconf.h b/contrib/bind9/bin/named/include/named/zoneconf.h index 3b8f200..3e63053 100644 --- a/contrib/bind9/bin/named/include/named/zoneconf.h +++ b/contrib/bind9/bin/named/include/named/zoneconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.h,v 1.16.2.2.8.1 2004/03/06 10:21:27 marka Exp $ */ +/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_ZONECONF_H #define NS_ZONECONF_H 1 @@ -30,8 +30,9 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, - ns_aclconfctx_t *ac, dns_zone_t *zone); +ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, + const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + dns_zone_t *zone); /* * Configure or reconfigure a zone according to the named.conf * data in 'cctx' and 'czone'. @@ -48,7 +49,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, */ isc_boolean_t -ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig); +ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig); /* * If 'zone' can be safely reconfigured according to the configuration * data in 'zconfig', return ISC_TRUE. If the configuration data is so diff --git a/contrib/bind9/bin/named/interfacemgr.c b/contrib/bind9/bin/named/interfacemgr.c index b212892..a341056 100644 --- a/contrib/bind9/bin/named/interfacemgr.c +++ b/contrib/bind9/bin/named/interfacemgr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.59.2.5.8.15 2004/08/10 04:56:23 jinmei Exp $ */ +/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */ #include @@ -182,6 +182,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, ifp->mgr = NULL; ifp->generation = mgr->generation; ifp->addr = *addr; + ifp->flags = 0; strncpy(ifp->name, name, sizeof(ifp->name)); ifp->name[sizeof(ifp->name)-1] = '\0'; ifp->clientmgr = NULL; @@ -717,9 +718,8 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, * See if the address matches the listen-on statement; * if not, ignore the interface. */ - result = dns_acl_match(&listen_netaddr, NULL, - le->acl, &mgr->aclenv, - &match, NULL); + (void)dns_acl_match(&listen_netaddr, NULL, le->acl, + &mgr->aclenv, &match, NULL); if (match <= 0) continue; @@ -745,9 +745,9 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, for (ele = ISC_LIST_HEAD(ext_listen->elts); ele != NULL; ele = ISC_LIST_NEXT(ele, link)) { - dns_acl_match(&listen_netaddr, NULL, - ele->acl, NULL, - &match, NULL); + (void)dns_acl_match(&listen_netaddr, + NULL, ele->acl, + NULL, &match, NULL); if (match > 0 && ele->port == le->port) break; else diff --git a/contrib/bind9/bin/named/logconf.c b/contrib/bind9/bin/named/logconf.c index 596d401..1bf3b55 100644 --- a/contrib/bind9/bin/named/logconf.c +++ b/contrib/bind9/bin/named/logconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.30.2.3.10.2 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */ #include @@ -41,13 +41,13 @@ * in 'ccat' and add it to 'lctx'. */ static isc_result_t -category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { +category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { isc_result_t result; const char *catname; isc_logcategory_t *category; isc_logmodule_t *module; - cfg_obj_t *destinations = NULL; - cfg_listelt_t *element = NULL; + const cfg_obj_t *destinations = NULL; + const cfg_listelt_t *element = NULL; catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name")); category = isc_log_categorybyname(ns_g_lctx, catname); @@ -68,8 +68,8 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *channel = cfg_listelt_value(element); - char *channelname = cfg_obj_asstring(channel); + const cfg_obj_t *channel = cfg_listelt_value(element); + const char *channelname = cfg_obj_asstring(channel); result = isc_log_usechannel(lctx, channelname, category, module); @@ -89,18 +89,18 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { * in 'cchan' and add it to 'lctx'. */ static isc_result_t -channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { +channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { isc_result_t result; isc_logdestination_t dest; unsigned int type; unsigned int flags = 0; int level; const char *channelname; - cfg_obj_t *fileobj = NULL; - cfg_obj_t *syslogobj = NULL; - cfg_obj_t *nullobj = NULL; - cfg_obj_t *stderrobj = NULL; - cfg_obj_t *severity = NULL; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *syslogobj = NULL; + const cfg_obj_t *nullobj = NULL; + const cfg_obj_t *stderrobj = NULL; + const cfg_obj_t *severity = NULL; int i; channelname = cfg_obj_asstring(cfg_map_getname(channel)); @@ -130,9 +130,10 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { type = ISC_LOG_TONULL; if (fileobj != NULL) { - cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file"); - cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size"); - cfg_obj_t *versionsobj = cfg_tuple_get(fileobj, "versions"); + const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file"); + const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size"); + const cfg_obj_t *versionsobj = + cfg_tuple_get(fileobj, "versions"); isc_int32_t versions = ISC_LOG_ROLLNEVER; isc_offset_t size = 0; @@ -157,7 +158,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { type = ISC_LOG_TOSYSLOG; if (cfg_obj_isstring(syslogobj)) { - char *facilitystr = cfg_obj_asstring(syslogobj); + const char *facilitystr = cfg_obj_asstring(syslogobj); (void)isc_syslog_facilityfromstring(facilitystr, &facility); } @@ -174,9 +175,9 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { * Munge flags. */ { - cfg_obj_t *printcat = NULL; - cfg_obj_t *printsev = NULL; - cfg_obj_t *printtime = NULL; + const cfg_obj_t *printcat = NULL; + const cfg_obj_t *printsev = NULL; + const cfg_obj_t *printtime = NULL; (void)cfg_map_get(channel, "print-category", &printcat); (void)cfg_map_get(channel, "print-severity", &printsev); @@ -193,7 +194,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { level = ISC_LOG_INFO; if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) { if (cfg_obj_isstring(severity)) { - char *str = cfg_obj_asstring(severity); + const char *str = cfg_obj_asstring(severity); if (strcasecmp(str, "critical") == 0) level = ISC_LOG_CRITICAL; else if (strcasecmp(str, "error") == 0) @@ -242,13 +243,14 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { } isc_result_t -ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { +ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { isc_result_t result; - cfg_obj_t *channels = NULL; - cfg_obj_t *categories = NULL; - cfg_listelt_t *element; + const cfg_obj_t *channels = NULL; + const cfg_obj_t *categories = NULL; + const cfg_listelt_t *element; isc_boolean_t default_set = ISC_FALSE; isc_boolean_t unmatched_set = ISC_FALSE; + const cfg_obj_t *catname; CHECK(ns_log_setdefaultchannels(logconf)); @@ -257,7 +259,7 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *channel = cfg_listelt_value(element); + const cfg_obj_t *channel = cfg_listelt_value(element); CHECK(channel_fromconf(channel, logconf)); } @@ -266,15 +268,15 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *category = cfg_listelt_value(element); + const cfg_obj_t *category = cfg_listelt_value(element); CHECK(category_fromconf(category, logconf)); if (!default_set) { - cfg_obj_t *catname = cfg_tuple_get(category, "name"); + catname = cfg_tuple_get(category, "name"); if (strcmp(cfg_obj_asstring(catname), "default") == 0) default_set = ISC_TRUE; } if (!unmatched_set) { - cfg_obj_t *catname = cfg_tuple_get(category, "name"); + catname = cfg_tuple_get(category, "name"); if (strcmp(cfg_obj_asstring(catname), "unmatched") == 0) unmatched_set = ISC_TRUE; } diff --git a/contrib/bind9/bin/named/lwdgabn.c b/contrib/bind9/bin/named/lwdgabn.c index 030a77a..539c25b 100644 --- a/contrib/bind9/bin/named/lwdgabn.c +++ b/contrib/bind9/bin/named/lwdgabn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgabn.c,v 1.13.12.3 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */ #include @@ -120,7 +120,7 @@ sort_addresses(ns_lwdclient_t *client) { rankedaddress *addrs; isc_netaddr_t remote; dns_addressorderfunc_t order; - void *arg; + const void *arg; ns_lwresd_t *lwresd = client->clientmgr->listener->manager; unsigned int i; isc_result_t result; diff --git a/contrib/bind9/bin/named/lwdgrbn.c b/contrib/bind9/bin/named/lwdgrbn.c index 6652265..3ad9e9e 100644 --- a/contrib/bind9/bin/named/lwdgrbn.c +++ b/contrib/bind9/bin/named/lwdgrbn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.11.208.3 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */ #include @@ -358,7 +358,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) { client->sendlength = r.length; result = ns_lwdclient_sendreply(client, &r); if (result != ISC_R_SUCCESS) - goto out; + goto out2; NS_LWDCLIENT_SETSEND(client); @@ -378,7 +378,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) { if (grbn->siglen != NULL) isc_mem_put(cm->mctx, grbn->siglen, grbn->nsigs * sizeof(lwres_uint16_t)); - + out2: if (client->lookup != NULL) dns_lookup_destroy(&client->lookup); if (lwb.base != NULL) diff --git a/contrib/bind9/bin/named/lwresd.8 b/contrib/bind9/bin/named/lwresd.8 index 58f24b0..1333a5d 100644 --- a/contrib/bind9/bin/named/lwresd.8 +++ b/contrib/bind9/bin/named/lwresd.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $ +.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwresd +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -57,41 +60,41 @@ entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" -.TP +.TP 3n \-C \fIconfig\-file\fR Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -.TP +.TP 3n \-d \fIdebug\-level\fR Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases. -.TP +.TP 3n \-f Run the server in the foreground (i.e. do not daemonize). -.TP +.TP 3n \-g Run the server in the foreground and force all logging to \fIstderr\fR. -.TP +.TP 3n \-n \fI#cpus\fR Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP +.TP 3n \-P \fIport\fR Listen for lightweight resolver queries on port \fIport\fR. If not specified, the default is port 921. -.TP +.TP 3n \-p \fIport\fR Send DNS lookups to port \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. -.TP +.TP 3n \-s Write memory usage statistics to \fIstdout\fR @@ -100,7 +103,7 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP +.TP 3n \-t \fIdirectory\fR \fBchroot()\fR to @@ -114,20 +117,20 @@ option, as chrooting a process running as root doesn't enhance security on most \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP +.TP 3n \-u \fIuser\fR \fBsetuid()\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. -.TP +.TP 3n \-v Report the version number and exit. .SH "FILES" -.TP +.TP 3n \fI/etc/resolv.conf\fR The default configuration file. -.TP +.TP 3n \fI/var/run/lwresd.pid\fR The default process\-id file. .SH "SEE ALSO" @@ -138,3 +141,5 @@ The default process\-id file. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/lwresd.c b/contrib/bind9/bin/named/lwresd.c index 9da4168..e48822f 100644 --- a/contrib/bind9/bin/named/lwresd.c +++ b/contrib/bind9/bin/named/lwresd.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.37.2.2.2.5 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwresd.c,v 1.37.2.2.2.8 2006/02/28 06:32:53 marka Exp $ */ /* * Main program for the Lightweight Resolver Daemon. @@ -285,14 +285,14 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, * Handle lwresd manager objects */ isc_result_t -ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, +ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, ns_lwresd_t **lwresdp) { ns_lwresd_t *lwresd; const char *vname; dns_rdataclass_t vclass; - cfg_obj_t *obj, *viewobj, *searchobj; - cfg_listelt_t *element; + const cfg_obj_t *obj, *viewobj, *searchobj; + const cfg_listelt_t *element; isc_result_t result; INSIST(lwresdp != NULL && *lwresdp == NULL); @@ -356,8 +356,8 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *search; - char *searchstr; + const cfg_obj_t *search; + const char *searchstr; isc_buffer_t namebuf; dns_fixedname_t fname; dns_name_t *name; @@ -407,6 +407,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwsearchlist_detach(&lwresd->search); if (lwresd->mctx != NULL) isc_mem_detach(&lwresd->mctx); + isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t)); return (result); } @@ -744,11 +745,11 @@ configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd, } isc_result_t -ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) { - cfg_obj_t *lwreslist = NULL; - cfg_obj_t *lwres = NULL; - cfg_obj_t *listenerslist = NULL; - cfg_listelt_t *element = NULL; +ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) { + const cfg_obj_t *lwreslist = NULL; + const cfg_obj_t *lwres = NULL; + const cfg_obj_t *listenerslist = NULL; + const cfg_listelt_t *element = NULL; ns_lwreslistener_t *listener; ns_lwreslistenerlist_t newlisteners; isc_result_t result; diff --git a/contrib/bind9/bin/named/lwresd.html b/contrib/bind9/bin/named/lwresd.html index 439153a..6ab7824 100644 --- a/contrib/bind9/bin/named/lwresd.html +++ b/contrib/bind9/bin/named/lwresd.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwresd - +
-
+

Name

lwresd — lightweight resolver daemon

@@ -32,7 +32,7 @@

lwresd [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v]

-

DESCRIPTION

+

DESCRIPTION

lwresd is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@

-

OPTIONS

+

OPTIONS

-C config-file

@@ -159,7 +159,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -172,7 +172,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), lwres(3), @@ -180,7 +180,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/main.c b/contrib/bind9/bin/named/main.c index c155291..960de2a 100644 --- a/contrib/bind9/bin/named/main.c +++ b/contrib/bind9/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.119.2.3.2.22 2005/04/29 01:04:47 marka Exp $ */ +/* $Id: main.c,v 1.119.2.3.2.25 2006/11/10 18:51:06 marka Exp $ */ #include @@ -473,7 +473,7 @@ create_managers(void) { result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, - "ns_taskmgr_create() failed: %s", + "isc_taskmgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } @@ -481,7 +481,7 @@ create_managers(void) { result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, - "ns_timermgr_create() failed: %s", + "isc_timermgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } @@ -856,7 +856,7 @@ main(int argc, char *argv[]) { if (result == ISC_R_SUCCESS && instance != NULL) { if (smf_disable_instance(instance, 0) != 0) UNEXPECTED_ERROR(__FILE__, __LINE__, - "smf_disable_instance() ", + "smf_disable_instance() " "failed for %s : %s", instance, scf_strerror(scf_error())); diff --git a/contrib/bind9/bin/named/named.8 b/contrib/bind9/bin/named/named.8 index e072c16..7172393 100644 --- a/contrib/bind9/bin/named/named.8 +++ b/contrib/bind9/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.6 2005/10/13 02:33:46 marka Exp $ +.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -41,21 +44,21 @@ When invoked without arguments, will read the default configuration file \fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" -.TP +.TP 3n \-4 Use IPv4 only even if the host machine is capable of IPv6. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP +.TP 3n \-6 Use IPv6 only even if the host machine is capable of IPv4. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP +.TP 3n \-c \fIconfig\-file\fR Use \fIconfig\-file\fR @@ -65,31 +68,31 @@ as the configuration file instead of the default, option in the configuration file, \fIconfig\-file\fR should be an absolute pathname. -.TP +.TP 3n \-d \fIdebug\-level\fR Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBnamed\fR become more verbose as the debug level increases. -.TP +.TP 3n \-f Run the server in the foreground (i.e. do not daemonize). -.TP +.TP 3n \-g Run the server in the foreground and force all logging to \fIstderr\fR. -.TP +.TP 3n \-n \fI#cpus\fR Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP +.TP 3n \-p \fIport\fR Listen for queries on port \fIport\fR. If not specified, the default is port 53. -.TP +.TP 3n \-s Write memory usage statistics to \fIstdout\fR @@ -98,7 +101,7 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP +.TP 3n \-t \fIdirectory\fR \fBchroot()\fR to @@ -112,7 +115,7 @@ option, as chrooting a process running as root doesn't enhance security on most \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP +.TP 3n \-u \fIuser\fR \fBsetuid()\fR to @@ -131,10 +134,10 @@ option only works when is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after \fBsetuid()\fR. .RE -.TP +.TP 3n \-v Report the version number and exit. -.TP +.TP 3n \-x \fIcache\-file\fR Load data from \fIcache\-file\fR @@ -148,10 +151,10 @@ This option must not be used. It is only of interest to BIND 9 developers and ma In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead. -.TP +.TP 3n SIGHUP Force a reload of the server. -.TP +.TP 3n SIGINT, SIGTERM Shut down the server. .PP @@ -163,10 +166,10 @@ The configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Reference Manual. .SH "FILES" -.TP +.TP 3n \fI/etc/named.conf\fR The default configuration file. -.TP +.TP 3n \fI/var/run/named.pid\fR The default process\-id file. .SH "SEE ALSO" @@ -176,7 +179,10 @@ RFC 1034, RFC 1035, \fBrndc\fR(8), \fBlwresd\fR(8), +\fBnamed.conf\fR(5), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/named.conf.5 b/contrib/bind9/bin/named/named.conf.5 index d0b690b..1ace4da 100644 --- a/contrib/bind9/bin/named/named.conf.5 +++ b/contrib/bind9/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,15 +12,18 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $ +.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9" +.\" Title: \fInamed.conf\fR +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Aug 13, 2004 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -43,27 +46,34 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp +.RS 3n .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi +.RE .SH "KEY" .sp +.RS 3n .nf key \fIdomain_name\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi +.RE .SH "MASTERS" .sp +.RS 3n .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... }; .fi +.RE .SH "SERVER" .sp +.RS 3n .nf server ( \fIipv4_address\fR | \fIipv6_address\fR ) { bogus \fIboolean\fR; @@ -80,15 +90,19 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { support\-ixfr \fIboolean\fR; // obsolete }; .fi +.RE .SH "TRUSTED\-KEYS" .sp +.RS 3n .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... }; .fi +.RE .SH "CONTROLS" .sp +.RS 3n .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) @@ -98,8 +112,10 @@ controls { unix \fIunsupported\fR; // not implemented }; .fi +.RE .SH "LOGGING" .sp +.RS 3n .nf logging { channel \fIstring\fR { @@ -115,8 +131,10 @@ logging { category \fIstring\fR { \fIstring\fR; ... }; }; .fi +.RE .SH "LWRES" .sp +.RS 3n .nf lwres { listen\-on [ port \fIinteger\fR ] { @@ -127,8 +145,10 @@ lwres { ndots \fIinteger\fR; }; .fi +.RE .SH "OPTIONS" .sp +.RS 3n .nf options { avoid\-v4\-udp\-ports { \fIport\fR; ... }; @@ -137,6 +157,7 @@ options { coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; + cache\-file \fIquoted_string\fR; // test option dump\-file \fIquoted_string\fR; files \fIsize\fR; heartbeat\-interval \fIinteger\fR; @@ -184,8 +205,8 @@ options { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source \fIquerysource4\fR; - query\-source\-v6 \fIquerysource6\fR; + query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; @@ -260,8 +281,10 @@ options { use\-id\-pool \fIboolean\fR; // obsolete }; .fi +.RE .SH "VIEW" .sp +.RS 3n .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; ... }; @@ -295,8 +318,8 @@ view \fIstring\fR \fIoptional_class\fR { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source \fIquerysource4\fR; - query\-source\-v6 \fIquerysource6\fR; + query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; @@ -363,8 +386,10 @@ view \fIstring\fR \fIoptional_class\fR { max\-ixfr\-log\-size \fIsize\fR; // obsolete }; .fi +.RE .SH "ZONE" .sp +.RS 3n .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -428,6 +453,7 @@ zone \fIstring\fR \fIoptional_class\fR { pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete }; .fi +.RE .SH "FILES" .PP \fI/etc/named.conf\fR @@ -435,4 +461,6 @@ zone \fIstring\fR \fIoptional_class\fR { .PP \fBnamed\fR(8), \fBrndc\fR(8), -\fBBIND 9 Adminstrators Reference Manual\fR(). +\fBBIND 9 Administrator Reference Manual\fR(). +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/named.conf.docbook b/contrib/bind9/bin/named/named.conf.docbook index 4ba1084..fb8a5ef 100644 --- a/contrib/bind9/bin/named/named.conf.docbook +++ b/contrib/bind9/bin/named/named.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -34,6 +34,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -183,6 +184,7 @@ options { coresize size; datasize size; directory quoted_string; + cache-file quoted_string; // test option dump-file quoted_string; files size; heartbeat-interval integer; @@ -230,8 +232,8 @@ options { rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; - query-source querysource4; - query-source-v6 querysource6; + query-source address ( ipv4_address | * ) port ( integer | * ) ; + query-source-v6 address ( ipv6_address | * ) port ( integer | * ) ; cleaning-interval integer; min-roots integer; // not implemented lame-ttl integer; @@ -357,8 +359,8 @@ view string optional_class rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; - query-source querysource4; - query-source-v6 querysource6; + query-source address ( ipv4_address | * ) port ( integer | * ) ; + query-source-v6 address ( ipv6_address | * ) port ( integer | * ) ; cleaning-interval integer; min-roots integer; // not implemented lame-ttl integer; @@ -530,7 +532,7 @@ zone string optional_class rndc8 , -BIND 9 Adminstrators Reference Manual +BIND 9 Administrator Reference Manual . diff --git a/contrib/bind9/bin/named/named.conf.html b/contrib/bind9/bin/named/named.conf.html index 8b3b517..b43ee7f 100644 --- a/contrib/bind9/bin/named/named.conf.html +++ b/contrib/bind9/bin/named/named.conf.html @@ -1,5 +1,5 @@ - + named.conf - +
-
+

Name

named.conf — configuration file for named

@@ -31,7 +31,7 @@

named.conf

-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed @@ -50,14 +50,14 @@

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -66,7 +66,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
masters | ipv4_address [port integer] |
@@ -75,7 +75,7 @@ masters

-

SERVER

+

SERVER


server ( ipv4_address | ipv6_address ) {
bogus boolean;
@@ -95,7 +95,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ... 
@@ -103,7 +103,7 @@ trusted-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -115,7 +115,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -133,7 +133,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -146,7 +146,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -155,6 +155,7 @@ options coresize size;
datasize size;
directory quoted_string;
+ cache-file quoted_string; // test option
dump-file quoted_string;
files size;
heartbeat-interval integer;
@@ -202,8 +203,8 @@ options rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source querysource4;
- query-source-v6 querysource6;
+ query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+ query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
@@ -289,7 +290,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -328,8 +329,8 @@ view rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source querysource4;
- query-source-v6 querysource6;
+ query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+ query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
@@ -407,7 +408,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint |
@@ -483,17 +484,17 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

named(8), rndc(8), -BIND 9 Adminstrators Reference Manual. +BIND 9 Administrator Reference Manual.

diff --git a/contrib/bind9/bin/named/named.docbook b/contrib/bind9/bin/named/named.docbook index 47ccf54..f7cae12 100644 --- a/contrib/bind9/bin/named/named.docbook +++ b/contrib/bind9/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -35,6 +35,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -365,6 +366,10 @@ lwresd 8 , + + named.conf + 5 + , BIND 9 Administrator Reference Manual. diff --git a/contrib/bind9/bin/named/named.html b/contrib/bind9/bin/named/named.html index f266e70..6e77e5b 100644 --- a/contrib/bind9/bin/named/named.html +++ b/contrib/bind9/bin/named/named.html @@ -1,5 +1,5 @@ - + named - +
-
+

Name

named — Internet domain name server

@@ -32,7 +32,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -177,7 +177,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -198,7 +198,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is @@ -207,7 +207,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -220,18 +220,19 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, rndc(8), lwresd(8), + named.conf(5), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/query.c b/contrib/bind9/bin/named/query.c index 6533ce4..c0a76a8 100644 --- a/contrib/bind9/bin/named/query.c +++ b/contrib/bind9/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.13.4.36.6.2 2006/10/04 07:06:01 marka Exp $ */ +/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */ #include @@ -149,18 +149,6 @@ query_next(ns_client_t *client, isc_result_t result) { } static inline void -query_maybeputqname(ns_client_t *client) { - if (client->query.restarts > 0) { - /* - * client->query.qname was dynamically allocated. - */ - dns_message_puttempname(client->message, - &client->query.qname); - client->query.qname = NULL; - } -} - -static inline void query_freefreeversions(ns_client_t *client, isc_boolean_t everything) { ns_dbversion_t *dbversion, *dbversion_next; unsigned int i; @@ -240,8 +228,14 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { } } - query_maybeputqname(client); - + if (client->query.restarts > 0) { + /* + * client->query.qname was dynamically allocated. + */ + dns_message_puttempname(client->message, + &client->query.qname); + } + client->query.qname = NULL; client->query.attributes = (NS_QUERYATTR_RECURSIONOK | NS_QUERYATTR_CACHEOK | NS_QUERYATTR_SECURE); @@ -2091,17 +2085,31 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, result = isc_quota_attach(&ns_g_server->recursionquota, &client->recursionquota); if (result == ISC_R_SOFTQUOTA) { - ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_QUERY, ISC_LOG_WARNING, - "recursive-clients soft limit exceeded, " - "aborting oldest query"); + static isc_stdtime_t last = 0; + isc_stdtime_t now; + isc_stdtime_get(&now); + if (now != last) { + last = now; + ns_client_log(client, NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "recursive-clients soft limit " + "exceeded, aborting oldest query"); + } ns_client_killoldestquery(client); result = ISC_R_SUCCESS; } else if (result == ISC_R_QUOTA) { - ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_QUERY, ISC_LOG_WARNING, - "no more recursive clients: %s", - isc_result_totext(result)); + static isc_stdtime_t last = 0; + isc_stdtime_t now; + isc_stdtime_get(&now); + if (now != last) { + last = now; + ns_client_log(client, NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "no more recursive clients: %s", + isc_result_totext(result)); + } ns_client_killoldestquery(client); } if (result == ISC_R_SUCCESS && !client->mortal && @@ -2182,7 +2190,7 @@ do { \ * ISC_R_NOTIMPLEMENTED The rdata is not a known address type. */ static isc_result_t -rdata_tonetaddr(dns_rdata_t *rdata, isc_netaddr_t *netaddr) { +rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { struct in_addr ina; struct in6_addr in6a; @@ -2208,7 +2216,7 @@ rdata_tonetaddr(dns_rdata_t *rdata, isc_netaddr_t *netaddr) { * sortlist statement. */ static int -query_sortlist_order_2element(dns_rdata_t *rdata, void *arg) { +query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) { isc_netaddr_t netaddr; if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) @@ -2221,7 +2229,7 @@ query_sortlist_order_2element(dns_rdata_t *rdata, void *arg) { * of a 1-element top-level sortlist statement. */ static int -query_sortlist_order_1element(dns_rdata_t *rdata, void *arg) { +query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) { isc_netaddr_t netaddr; if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) @@ -2237,7 +2245,7 @@ static void setup_query_sortlist(ns_client_t *client) { isc_netaddr_t netaddr; dns_rdatasetorderfunc_t order = NULL; - void *order_arg = NULL; + const void *order_arg = NULL; isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (ns_sortlist_setup(client->view->sortlist, @@ -2469,7 +2477,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * First we must find the right database. */ - options = 0; + options &= DNS_GETDB_NOLOG; /* Preserve DNS_GETDB_NOLOG. */ if (dns_rdatatype_atparent(qtype) && !dns_name_equal(client->query.qname, dns_rootname)) options |= DNS_GETDB_NOEXACT; @@ -2509,9 +2517,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } } if (result != ISC_R_SUCCESS) { - if (result == DNS_R_REFUSED) - QUERY_ERROR(DNS_R_REFUSED); - else + if (result == DNS_R_REFUSED) { + if (!PARTIALANSWER(client)) + QUERY_ERROR(DNS_R_REFUSED); + } else QUERY_ERROR(DNS_R_SERVFAIL); goto cleanup; } @@ -2995,9 +3004,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto cleanup; } dns_rdata_freestruct(&cname); - query_maybeputqname(client); - client->query.qname = tname; + ns_client_qnamereplace(client, tname); want_restart = ISC_TRUE; + if (!WANTRECURSION(client)) + options |= DNS_GETDB_NOLOG; goto addauth; case DNS_R_DNAME: /* @@ -3111,10 +3121,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Switch to the new qname and restart. */ - query_maybeputqname(client); - client->query.qname = fname; + ns_client_qnamereplace(client, fname); fname = NULL; want_restart = ISC_TRUE; + if (!WANTRECURSION(client)) + options |= DNS_GETDB_NOLOG; goto addauth; default: /* diff --git a/contrib/bind9/bin/named/server.c b/contrib/bind9/bin/named/server.c index b9d30d0..f29321e 100644 --- a/contrib/bind9/bin/named/server.c +++ b/contrib/bind9/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.15.2.65 2005/07/27 02:53:15 marka Exp $ */ +/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */ #include @@ -167,25 +167,25 @@ static void ns_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t -ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config, +ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target); static isc_result_t -ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, +ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target); static isc_result_t -configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, - cfg_obj_t *forwarders, cfg_obj_t *forwardtype); +configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, + const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype); static isc_result_t -configure_alternates(cfg_obj_t *config, dns_view_t *view, - cfg_obj_t *alternates); +configure_alternates(const cfg_obj_t *config, dns_view_t *view, + const cfg_obj_t *alternates); static isc_result_t -configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, - isc_mem_t *mctx, dns_view_t *view, +configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, + const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, ns_aclconfctx_t *aclconf); static void @@ -197,13 +197,13 @@ end_reserved_dispatches(ns_server_t *server, isc_boolean_t all); * (for a global default). */ static isc_result_t -configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, +configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config, const char *aclname, ns_aclconfctx_t *actx, isc_mem_t *mctx, dns_acl_t **aclp) { isc_result_t result; - cfg_obj_t *maps[3]; - cfg_obj_t *aclobj = NULL; + const cfg_obj_t *maps[3]; + const cfg_obj_t *aclobj = NULL; int i = 0; if (*aclp != NULL) @@ -211,14 +211,14 @@ configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, if (vconfig != NULL) maps[i++] = cfg_tuple_get(vconfig, "options"); if (config != NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) maps[i++] = options; } maps[i] = NULL; - result = ns_config_get(maps, aclname, &aclobj); + (void)ns_config_get(maps, aclname, &aclobj); if (aclobj == NULL) /* * No value available. *aclp == NULL. @@ -231,13 +231,13 @@ configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, } static isc_result_t -configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, +configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, dns_keytable_t *keytable, isc_mem_t *mctx) { dns_rdataclass_t viewclass; dns_rdata_dnskey_t keystruct; isc_uint32_t flags, proto, alg; - char *keystr, *keynamestr; + const char *keystr, *keynamestr; unsigned char keydata[4096]; isc_buffer_t keydatabuf; unsigned char rrdata[4096]; @@ -258,7 +258,7 @@ configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, if (vconfig == NULL) viewclass = dns_rdataclass_in; else { - cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class"); + const cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class"); CHECK(ns_config_getclass(classobj, dns_rdataclass_in, &viewclass)); } @@ -334,15 +334,15 @@ configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, * from 'vconfig' and 'config'. The variable to be configured is '*target'. */ static isc_result_t -configure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config, +configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, isc_mem_t *mctx, dns_keytable_t **target) { isc_result_t result; - cfg_obj_t *keys = NULL; - cfg_obj_t *voptions = NULL; - cfg_listelt_t *element, *element2; - cfg_obj_t *keylist; - cfg_obj_t *key; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *voptions = NULL; + const cfg_listelt_t *element, *element2; + const cfg_obj_t *keylist; + const cfg_obj_t *key; dns_keytable_t *keytable = NULL; CHECK(dns_keytable_create(mctx, &keytable)); @@ -381,10 +381,10 @@ configure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config, } static isc_result_t -mustbesecure(cfg_obj_t *mbs, dns_resolver_t *resolver) +mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) { - cfg_listelt_t *element; - cfg_obj_t *obj; + const cfg_listelt_t *element; + const cfg_obj_t *obj; const char *str; dns_fixedname_t fixed; dns_name_t *name; @@ -418,14 +418,14 @@ mustbesecure(cfg_obj_t *mbs, dns_resolver_t *resolver) * Get a dispatch appropriate for the resolver of a given view. */ static isc_result_t -get_view_querysource_dispatch(cfg_obj_t **maps, +get_view_querysource_dispatch(const cfg_obj_t **maps, int af, dns_dispatch_t **dispatchp) { isc_result_t result; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; - cfg_obj_t *obj = NULL; + const cfg_obj_t *obj = NULL; /* * Make compiler happy. @@ -436,7 +436,6 @@ get_view_querysource_dispatch(cfg_obj_t **maps, case AF_INET: result = ns_config_get(maps, "query-source", &obj); INSIST(result == ISC_R_SUCCESS); - break; case AF_INET6: result = ns_config_get(maps, "query-source-v6", &obj); @@ -517,10 +516,10 @@ get_view_querysource_dispatch(cfg_obj_t **maps, } static isc_result_t -configure_order(dns_order_t *order, cfg_obj_t *ent) { +configure_order(dns_order_t *order, const cfg_obj_t *ent) { dns_rdataclass_t rdclass; dns_rdatatype_t rdtype; - cfg_obj_t *obj; + const cfg_obj_t *obj; dns_fixedname_t fixed; unsigned int mode = 0; const char *str; @@ -567,7 +566,7 @@ configure_order(dns_order_t *order, cfg_obj_t *ent) { /* * "*" should match everything including the root (BIND 8 compat). * As dns_name_matcheswildcard(".", "*.") returns FALSE add a - * explict entry for "." when the name is "*". + * explicit entry for "." when the name is "*". */ if (addroot) { result = dns_order_add(order, dns_rootname, @@ -581,12 +580,12 @@ configure_order(dns_order_t *order, cfg_obj_t *ent) { } static isc_result_t -configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { - isc_sockaddr_t *sa; +configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { + const isc_sockaddr_t *sa; isc_netaddr_t na; dns_peer_t *peer; - cfg_obj_t *obj; - char *str; + const cfg_obj_t *obj; + const char *str; isc_result_t result; sa = cfg_obj_assockaddr(cfg_map_getname(cpeer)); @@ -664,10 +663,10 @@ configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { } static isc_result_t -disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { +disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_result_t result; - cfg_obj_t *algorithms; - cfg_listelt_t *element; + const cfg_obj_t *algorithms; + const cfg_listelt_t *element; const char *str; dns_fixedname_t fixed; dns_name_t *name; @@ -688,7 +687,7 @@ disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_textregion_t r; dns_secalg_t alg; - r.base = cfg_obj_asstring(cfg_listelt_value(element)); + DE_CONST(cfg_obj_asstring(cfg_listelt_value(element)), r.base); r.length = strlen(r.base); result = dns_secalg_fromtext(&alg, &r); @@ -717,21 +716,21 @@ disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { * global defaults in 'config' used exclusively. */ static isc_result_t -configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, - isc_mem_t *mctx, ns_aclconfctx_t *actx, +configure_view(dns_view_t *view, const cfg_obj_t *config, + const cfg_obj_t *vconfig, isc_mem_t *mctx, ns_aclconfctx_t *actx, isc_boolean_t need_hints) { - cfg_obj_t *maps[4]; - cfg_obj_t *cfgmaps[3]; - cfg_obj_t *options = NULL; - cfg_obj_t *voptions = NULL; - cfg_obj_t *forwardtype; - cfg_obj_t *forwarders; - cfg_obj_t *alternates; - cfg_obj_t *zonelist; - cfg_obj_t *disabled; - cfg_obj_t *obj; - cfg_listelt_t *element; + const cfg_obj_t *maps[4]; + const cfg_obj_t *cfgmaps[3]; + const cfg_obj_t *options = NULL; + const cfg_obj_t *voptions = NULL; + const cfg_obj_t *forwardtype; + const cfg_obj_t *forwarders; + const cfg_obj_t *alternates; + const cfg_obj_t *zonelist; + const cfg_obj_t *disabled; + const cfg_obj_t *obj; + const cfg_listelt_t *element; in_port_t port; dns_cache_t *cache = NULL; isc_result_t result; @@ -792,7 +791,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *zconfig = cfg_listelt_value(element); + const cfg_obj_t *zconfig = cfg_listelt_value(element); CHECK(configure_zone(config, zconfig, vconfig, mctx, view, actx)); } @@ -1018,8 +1017,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the view's peer list. */ { - cfg_obj_t *peers = NULL; - cfg_listelt_t *element; + const cfg_obj_t *peers = NULL; + const cfg_listelt_t *element; dns_peerlist_t *newpeers = NULL; (void)ns_config_get(cfgmaps, "server", &peers); @@ -1028,7 +1027,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *cpeer = cfg_listelt_value(element); + const cfg_obj_t *cpeer = cfg_listelt_value(element); dns_peer_t *peer; CHECK(configure_peer(cpeer, mctx, &peer)); @@ -1043,8 +1042,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the views rrset-order. */ { - cfg_obj_t *rrsetorder = NULL; - cfg_listelt_t *element; + const cfg_obj_t *rrsetorder = NULL; + const cfg_listelt_t *element; (void)ns_config_get(maps, "rrset-order", &rrsetorder); CHECK(dns_order_create(mctx, &order)); @@ -1052,7 +1051,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *ent = cfg_listelt_value(element); + const cfg_obj_t *ent = cfg_listelt_value(element); CHECK(configure_order(order, ent)); } @@ -1078,7 +1077,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the "match-recursive-only" option. */ obj = NULL; - (void) ns_config_get(maps, "match-recursive-only", &obj); + (void)ns_config_get(maps, "match-recursive-only", &obj); if (obj != NULL && cfg_obj_asboolean(obj)) view->matchrecursiveonly = ISC_TRUE; else @@ -1275,8 +1274,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, dns_fixedname_t fixed; dns_name_t *name; isc_buffer_t b; - char *str; - cfg_obj_t *exclude; + const char *str; + const cfg_obj_t *exclude; dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -1330,12 +1329,12 @@ configure_hints(dns_view_t *view, const char *filename) { } static isc_result_t -configure_alternates(cfg_obj_t *config, dns_view_t *view, - cfg_obj_t *alternates) +configure_alternates(const cfg_obj_t *config, dns_view_t *view, + const cfg_obj_t *alternates) { - cfg_obj_t *portobj; - cfg_obj_t *addresses; - cfg_listelt_t *element; + const cfg_obj_t *portobj; + const cfg_obj_t *addresses; + const cfg_listelt_t *element; isc_result_t result = ISC_R_SUCCESS; in_port_t port; @@ -1368,14 +1367,14 @@ configure_alternates(cfg_obj_t *config, dns_view_t *view, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *alternate = cfg_listelt_value(element); + const cfg_obj_t *alternate = cfg_listelt_value(element); isc_sockaddr_t sa; if (!cfg_obj_issockaddr(alternate)) { dns_fixedname_t fixed; dns_name_t *name; - char *str = cfg_obj_asstring(cfg_tuple_get(alternate, - "name")); + const char *str = cfg_obj_asstring(cfg_tuple_get( + alternate, "name")); isc_buffer_t buffer; in_port_t myport = port; @@ -1415,12 +1414,12 @@ configure_alternates(cfg_obj_t *config, dns_view_t *view, } static isc_result_t -configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, - cfg_obj_t *forwarders, cfg_obj_t *forwardtype) +configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, + const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype) { - cfg_obj_t *portobj; - cfg_obj_t *faddresses; - cfg_listelt_t *element; + const cfg_obj_t *portobj; + const cfg_obj_t *faddresses; + const cfg_listelt_t *element; dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none; isc_sockaddrlist_t addresses; isc_sockaddr_t *sa; @@ -1458,7 +1457,7 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *forwarder = cfg_listelt_value(element); + const cfg_obj_t *forwarder = cfg_listelt_value(element); sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t)); if (sa == NULL) { result = ISC_R_NOMEMORY; @@ -1481,7 +1480,7 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, if (forwardtype == NULL) fwdpolicy = dns_fwdpolicy_first; else { - char *forwardstr = cfg_obj_asstring(forwardtype); + const char *forwardstr = cfg_obj_asstring(forwardtype); if (strcasecmp(forwardstr, "first") == 0) fwdpolicy = dns_fwdpolicy_first; else if (strcasecmp(forwardstr, "only") == 0) @@ -1523,14 +1522,16 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, * The view created is attached to '*viewp'. */ static isc_result_t -create_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) { +create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, + dns_view_t **viewp) +{ isc_result_t result; const char *viewname; dns_rdataclass_t viewclass; dns_view_t *view = NULL; if (vconfig != NULL) { - cfg_obj_t *classobj = NULL; + const cfg_obj_t *classobj = NULL; viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); classobj = cfg_tuple_get(vconfig, "class"); @@ -1560,19 +1561,19 @@ create_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) { * Configure or reconfigure a zone. */ static isc_result_t -configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, - isc_mem_t *mctx, dns_view_t *view, +configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, + const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, ns_aclconfctx_t *aclconf) { dns_view_t *pview = NULL; /* Production view */ dns_zone_t *zone = NULL; /* New or reused zone */ dns_zone_t *dupzone = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *typeobj = NULL; - cfg_obj_t *forwarders = NULL; - cfg_obj_t *forwardtype = NULL; - cfg_obj_t *only = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *typeobj = NULL; + const cfg_obj_t *forwarders = NULL; + const cfg_obj_t *forwardtype = NULL; + const cfg_obj_t *only = NULL; isc_result_t result; isc_result_t tresult; isc_buffer_t buffer; @@ -1629,7 +1630,7 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, * configure it and return. */ if (strcasecmp(ztypestr, "hint") == 0) { - cfg_obj_t *fileobj = NULL; + const cfg_obj_t *fileobj = NULL; if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, @@ -1639,7 +1640,7 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, goto cleanup; } if (dns_name_equal(origin, dns_rootname)) { - char *hintsfile = cfg_obj_asstring(fileobj); + const char *hintsfile = cfg_obj_asstring(fileobj); result = configure_hints(view, hintsfile); if (result != ISC_R_SUCCESS) { @@ -1795,9 +1796,10 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, * Configure a single server quota. */ static void -configure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota) +configure_server_quota(const cfg_obj_t **maps, const char *name, + isc_quota_t *quota) { - cfg_obj_t *obj = NULL; + const cfg_obj_t *obj = NULL; isc_result_t result; result = ns_config_get(maps, name, &obj); @@ -1810,9 +1812,9 @@ configure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota) * parsed. This can be extended to support other options if necessary. */ static isc_result_t -directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { +directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { isc_result_t result; - char *directory; + const char *directory; REQUIRE(strcasecmp("directory", clausename) == 0); @@ -1891,8 +1893,7 @@ add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) { clean: INSIST(lelt == NULL); - if (src_acl != NULL) - dns_acl_detach(&src_acl); + dns_acl_detach(&src_acl); return (result); } @@ -2049,7 +2050,7 @@ setstring(ns_server_t *server, char **field, const char *value) { * or NULL if whether 'obj' is a string or void value, respectively. */ static isc_result_t -setoptstring(ns_server_t *server, char **field, cfg_obj_t *obj) { +setoptstring(ns_server_t *server, char **field, const cfg_obj_t *obj) { if (cfg_obj_isvoid(obj)) return (setstring(server, field, NULL)); else @@ -2057,11 +2058,12 @@ setoptstring(ns_server_t *server, char **field, cfg_obj_t *obj) { } static void -set_limit(cfg_obj_t **maps, const char *configname, const char *description, - isc_resource_t resourceid, isc_resourcevalue_t defaultvalue) +set_limit(const cfg_obj_t **maps, const char *configname, + const char *description, isc_resource_t resourceid, + isc_resourcevalue_t defaultvalue) { - cfg_obj_t *obj = NULL; - char *resource; + const cfg_obj_t *obj = NULL; + const char *resource; isc_resourcevalue_t value; isc_result_t result; @@ -2092,7 +2094,7 @@ set_limit(cfg_obj_t **maps, const char *configname, const char *description, ns_g_init ## resource) static void -set_limits(cfg_obj_t **maps) { +set_limits(const cfg_obj_t **maps) { SETLIMIT("stacksize", stacksize, "stack size"); SETLIMIT("datasize", datasize, "data size"); SETLIMIT("coresize", coresize, "core size"); @@ -2101,15 +2103,15 @@ set_limits(cfg_obj_t **maps) { static isc_result_t portlist_fromconf(dns_portlist_t *portlist, unsigned int family, - cfg_obj_t *ports) + const cfg_obj_t *ports) { - cfg_listelt_t *element; + const cfg_listelt_t *element; isc_result_t result = ISC_R_SUCCESS; for (element = cfg_list_first(ports); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *obj = cfg_listelt_value(element); + const cfg_obj_t *obj = cfg_listelt_value(element); in_port_t port = (in_port_t)cfg_obj_asuint32(obj); result = dns_portlist_add(portlist, family, port); @@ -2126,13 +2128,13 @@ load_configuration(const char *filename, ns_server_t *server, isc_result_t result; cfg_parser_t *parser = NULL; cfg_obj_t *config; - cfg_obj_t *options; - cfg_obj_t *views; - cfg_obj_t *obj; - cfg_obj_t *v4ports, *v6ports; - cfg_obj_t *maps[3]; - cfg_obj_t *builtin_views; - cfg_listelt_t *element; + const cfg_obj_t *options; + const cfg_obj_t *views; + const cfg_obj_t *obj; + const cfg_obj_t *v4ports, *v6ports; + const cfg_obj_t *maps[3]; + const cfg_obj_t *builtin_views; + const cfg_listelt_t *element; dns_view_t *view = NULL; dns_view_t *view_next; dns_viewlist_t viewlist; @@ -2319,7 +2321,7 @@ load_configuration(const char *filename, ns_server_t *server, * statement. */ { - cfg_obj_t *clistenon = NULL; + const cfg_obj_t *clistenon = NULL; ns_listenlist_t *listenon = NULL; clistenon = NULL; @@ -2353,7 +2355,7 @@ load_configuration(const char *filename, ns_server_t *server, * Ditto for IPv6. */ { - cfg_obj_t *clistenon = NULL; + const cfg_obj_t *clistenon = NULL; ns_listenlist_t *listenon = NULL; if (options != NULL) @@ -2438,7 +2440,7 @@ load_configuration(const char *filename, ns_server_t *server, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *vconfig = cfg_listelt_value(element); + const cfg_obj_t *vconfig = cfg_listelt_value(element); view = NULL; CHECK(create_view(vconfig, &viewlist, &view)); @@ -2478,7 +2480,7 @@ load_configuration(const char *filename, ns_server_t *server, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *vconfig = cfg_listelt_value(element); + const cfg_obj_t *vconfig = cfg_listelt_value(element); CHECK(create_view(vconfig, &viewlist, &view)); CHECK(configure_view(view, config, vconfig, ns_g_mctx, &aclconfctx, ISC_FALSE)); @@ -2582,7 +2584,7 @@ load_configuration(const char *filename, ns_server_t *server, "ignoring config file logging " "statement due to -g option"); } else { - cfg_obj_t *logobj = NULL; + const cfg_obj_t *logobj = NULL; isc_logconfig_t *logc = NULL; CHECKM(isc_logconfig_create(ns_g_lctx, &logc), @@ -2621,8 +2623,8 @@ load_configuration(const char *filename, ns_server_t *server, * compatibility. */ if (first_time) { - cfg_obj_t *logobj = NULL; - cfg_obj_t *categories = NULL; + const cfg_obj_t *logobj = NULL; + const cfg_obj_t *categories = NULL; obj = NULL; if (ns_config_get(maps, "querylog", &obj) == ISC_R_SUCCESS) { @@ -2634,13 +2636,13 @@ load_configuration(const char *filename, ns_server_t *server, (void)cfg_map_get(logobj, "category", &categories); if (categories != NULL) { - cfg_listelt_t *element; + const cfg_listelt_t *element; for (element = cfg_list_first(categories); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *catobj; - char *str; + const cfg_obj_t *catobj; + const char *str; obj = cfg_listelt_value(element); catobj = cfg_tuple_get(obj, "name"); @@ -3133,7 +3135,7 @@ end_reserved_dispatches(ns_server_t *server, isc_boolean_t all) { } void -ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr) { +ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { ns_dispatch_t *dispatch; in_port_t port; char addrbuf[ISC_SOCKADDR_FORMATSIZE]; @@ -3458,20 +3460,29 @@ isc_result_t ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_result_t result; dns_zone_t *zone = NULL; - const unsigned char msg[] = "zone refresh queued"; + const unsigned char msg1[] = "zone refresh queued"; + const unsigned char msg2[] = "not a slave or stub zone"; + dns_zonetype_t type; result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) return (ISC_R_UNEXPECTEDEND); - - dns_zone_refresh(zone); - dns_zone_detach(&zone); - if (sizeof(msg) <= isc_buffer_availablelength(text)) - isc_buffer_putmem(text, msg, sizeof(msg)); - return (ISC_R_SUCCESS); + type = dns_zone_gettype(zone); + if (type == dns_zone_slave || type == dns_zone_stub) { + dns_zone_refresh(zone); + dns_zone_detach(&zone); + if (sizeof(msg1) <= isc_buffer_availablelength(text)) + isc_buffer_putmem(text, msg1, sizeof(msg1)); + return (ISC_R_SUCCESS); + } + + dns_zone_detach(&zone); + if (sizeof(msg2) <= isc_buffer_availablelength(text)) + isc_buffer_putmem(text, msg2, sizeof(msg2)); + return (ISC_R_FAILURE); } isc_result_t @@ -3486,12 +3497,12 @@ ns_server_togglequerylog(ns_server_t *server) { } static isc_result_t -ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, +ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target) { isc_result_t result; - cfg_listelt_t *element; + const cfg_listelt_t *element; ns_listenlist_t *dlist = NULL; REQUIRE(target != NULL && *target == NULL); @@ -3505,7 +3516,7 @@ ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, element = cfg_list_next(element)) { ns_listenelt_t *delt = NULL; - cfg_obj_t *listener = cfg_listelt_value(element); + const cfg_obj_t *listener = cfg_listelt_value(element); result = ns_listenelt_fromconfig(listener, config, actx, mctx, &delt); if (result != ISC_R_SUCCESS) @@ -3525,12 +3536,12 @@ ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, * data structure. */ static isc_result_t -ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config, +ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target) { isc_result_t result; - cfg_obj_t *portobj; + const cfg_obj_t *portobj; in_port_t port; ns_listenelt_t *delt = NULL; REQUIRE(target != NULL && *target == NULL); @@ -3823,6 +3834,11 @@ ns_server_dumpdb(ns_server_t *server, char *args) { char *ptr; const char *sep; + /* Skip the command name. */ + ptr = next_token(&args, " \t"); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + dctx = isc_mem_get(server->mctx, sizeof(*dctx)); if (dctx == NULL) return (ISC_R_NOMEMORY); @@ -3845,11 +3861,6 @@ ns_server_dumpdb(ns_server_t *server, char *args) { CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp), "could not open dump file", server->dumpfile); - /* Skip the command name. */ - ptr = next_token(&args, " \t"); - if (ptr == NULL) - return (ISC_R_UNEXPECTEDEND); - sep = (args == NULL) ? "" : ": "; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, diff --git a/contrib/bind9/bin/named/sortlist.c b/contrib/bind9/bin/named/sortlist.c index 0098fe7..0feba3b 100644 --- a/contrib/bind9/bin/named/sortlist.c +++ b/contrib/bind9/bin/named/sortlist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.c,v 1.5.12.4 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: sortlist.c,v 1.5.12.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -30,7 +30,9 @@ #include ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { +ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, + const void **argp) +{ unsigned int i; if (acl == NULL) @@ -44,7 +46,7 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { dns_aclelement_t *e = &acl->elements[i]; dns_aclelement_t *try_elt; dns_aclelement_t *order_elt = NULL; - dns_aclelement_t *matched_elt = NULL; + const dns_aclelement_t *matched_elt = NULL; if (e->type == dns_aclelementtype_nestedacl) { dns_acl_t *inner = e->u.nestedacl; @@ -106,8 +108,8 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { } int -ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg) { - dns_acl_t *sortacl = (dns_acl_t *) arg; +ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg) { + const dns_acl_t *sortacl = (const dns_acl_t *) arg; int match; (void)dns_acl_match(addr, NULL, sortacl, @@ -122,8 +124,8 @@ ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg) { } int -ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg) { - dns_aclelement_t *matchelt = (dns_aclelement_t *) arg; +ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg) { + const dns_aclelement_t *matchelt = (const dns_aclelement_t *) arg; if (dns_aclelement_match(addr, NULL, matchelt, &ns_g_server->aclenv, NULL)) { @@ -136,7 +138,7 @@ ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg) { void ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr, dns_addressorderfunc_t *orderp, - void **argp) + const void **argp) { ns_sortlisttype_t sortlisttype; diff --git a/contrib/bind9/bin/named/tkeyconf.c b/contrib/bind9/bin/named/tkeyconf.c index 7fc13f3..f23c1db 100644 --- a/contrib/bind9/bin/named/tkeyconf.c +++ b/contrib/bind9/bin/named/tkeyconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.c,v 1.19.208.2 2004/06/11 00:30:51 marka Exp $ */ +/* $Id: tkeyconf.c,v 1.19.208.4 2006/03/02 00:37:20 marka Exp $ */ #include @@ -42,17 +42,17 @@ isc_result_t -ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx, - dns_tkeyctx_t **tctxp) +ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, + isc_entropy_t *ectx, dns_tkeyctx_t **tctxp) { isc_result_t result; dns_tkeyctx_t *tctx = NULL; - char *s; + const char *s; isc_uint32_t n; dns_fixedname_t fname; dns_name_t *name; isc_buffer_t b; - cfg_obj_t *obj; + const cfg_obj_t *obj; int type; result = dns_tkeyctx_create(mctx, ectx, &tctx); diff --git a/contrib/bind9/bin/named/tsigconf.c b/contrib/bind9/bin/named/tsigconf.c index 38524c3..a90438d 100644 --- a/contrib/bind9/bin/named/tsigconf.c +++ b/contrib/bind9/bin/named/tsigconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.21.208.4 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: tsigconf.c,v 1.21.208.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -35,10 +35,12 @@ #include static isc_result_t -add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *key = NULL; - char *keyid = NULL; +add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, + isc_mem_t *mctx) +{ + const cfg_listelt_t *element; + const cfg_obj_t *key = NULL; + const char *keyid = NULL; unsigned char *secret = NULL; int secretalloc = 0; int secretlen = 0; @@ -49,14 +51,14 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; dns_name_t keyname; dns_name_t *alg; - char *algstr; + const char *algstr; char keynamedata[1024]; isc_buffer_t keynamesrc, keynamebuf; - char *secretstr; + const char *secretstr; isc_buffer_t secretbuf; key = cfg_listelt_value(element); @@ -129,11 +131,11 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { } isc_result_t -ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig, +ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { - cfg_obj_t *maps[3]; - cfg_obj_t *keylist; + const cfg_obj_t *maps[3]; + const cfg_obj_t *keylist; dns_tsig_keyring_t *ring = NULL; isc_result_t result; int i; diff --git a/contrib/bind9/bin/named/unix/os.c b/contrib/bind9/bin/named/unix/os.c index f306f14..361d1b6 100644 --- a/contrib/bind9/bin/named/unix/os.c +++ b/contrib/bind9/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.46.2.4.8.22 2005/05/20 01:37:19 marka Exp $ */ +/* $Id: os.c,v 1.46.2.4.8.24 2006/02/03 23:51:37 marka Exp $ */ #include #include @@ -497,6 +497,13 @@ ns_os_changeuser(void) { #if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) linux_minprivs(); #endif +#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) + /* + * Restore the ability of named to drop core after the setuid() + * call has disabled it. + */ + prctl(PR_SET_DUMPABLE,1,0,0,0); +#endif } void diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index 6c2d759..fa0ddb0 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.27 2005/10/08 00:21:06 marka Exp $ */ +/* $Id: update.c,v 1.88.2.5.2.29 2006/01/06 00:01:42 marka Exp $ */ #include @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -1517,7 +1518,8 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, */ static isc_result_t add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, - dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff) + dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl, + dns_diff_t *diff) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -1552,8 +1554,7 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, * Add the new NSEC and record the change. */ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, - 3600, /* XXXRTH */ - &rdata, &tuple)); + nsecttl, &rdata, &tuple)); CHECK(do_one_tuple(&tuple, db, ver, diff)); INSIST(tuple == NULL); @@ -1678,6 +1679,11 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, unsigned int nkeys = 0; unsigned int i; isc_stdtime_t now, inception, expire; + dns_ttl_t nsecttl; + dns_rdata_soa_t soa; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdataset_t rdataset; + dns_dbnode_t *node = NULL; dns_diff_init(client->mctx, &diffnames); dns_diff_init(client->mctx, &affected); @@ -1699,6 +1705,20 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, expire = now + sigvalidityinterval; /* + * Get the NSEC's TTL from the SOA MINIMUM field. + */ + CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); + dns_rdataset_init(&rdataset); + CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0, + (isc_stdtime_t) 0, &rdataset, NULL)); + CHECK(dns_rdataset_first(&rdataset)); + dns_rdataset_current(&rdataset, &rdata); + CHECK(dns_rdata_tostruct(&rdata, &soa, NULL)); + nsecttl = soa.minimum; + dns_rdataset_disassociate(&rdataset); + dns_db_detachnode(db, &node); + + /* * Find all RRsets directly affected by the update, and * update their RRSIGs. Also build a list of names affected * by the update in "diffnames". @@ -1901,8 +1921,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, * there is other data, and if there is other data, * there are other RRSIGs. */ - CHECK(add_nsec(client, zone, db, newver, - &t->name, &nsec_diff)); + CHECK(add_nsec(client, zone, db, newver, &t->name, + nsecttl, &nsec_diff)); } } diff --git a/contrib/bind9/bin/named/zoneconf.c b/contrib/bind9/bin/named/zoneconf.c index 41ce69d..66ef905 100644 --- a/contrib/bind9/bin/named/zoneconf.c +++ b/contrib/bind9/bin/named/zoneconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.87.2.4.10.15 2005/09/06 02:12:39 marka Exp $ */ +/* $Id: zoneconf.c,v 1.87.2.4.10.19 2006/02/28 06:32:53 marka Exp $ */ #include @@ -55,15 +55,15 @@ * Convenience function for configuring a single zone ACL. */ static isc_result_t -configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, - const char *aclname, ns_aclconfctx_t *actx, - dns_zone_t *zone, +configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, + const cfg_obj_t *config, const char *aclname, + ns_aclconfctx_t *actx, dns_zone_t *zone, void (*setzacl)(dns_zone_t *, dns_acl_t *), void (*clearzacl)(dns_zone_t *)) { isc_result_t result; - cfg_obj_t *maps[4]; - cfg_obj_t *aclobj = NULL; + const cfg_obj_t *maps[4]; + const cfg_obj_t *aclobj = NULL; int i = 0; dns_acl_t *dacl = NULL; @@ -72,7 +72,7 @@ configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, if (vconfig != NULL) maps[i++] = cfg_tuple_get(vconfig, "options"); if (config != NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) maps[i++] = options; @@ -98,16 +98,18 @@ configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, * Parse the zone update-policy statement. */ static isc_result_t -configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { - cfg_obj_t *updatepolicy = NULL; - cfg_listelt_t *element, *element2; +configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) { + const cfg_obj_t *updatepolicy = NULL; + const cfg_listelt_t *element, *element2; dns_ssutable_t *table = NULL; isc_mem_t *mctx = dns_zone_getmctx(zone); isc_result_t result; (void)cfg_map_get(zconfig, "update-policy", &updatepolicy); - if (updatepolicy == NULL) + if (updatepolicy == NULL) { + dns_zone_setssutable(zone, NULL); return (ISC_R_SUCCESS); + } result = dns_ssutable_create(mctx, &table); if (result != ISC_R_SUCCESS) @@ -117,13 +119,13 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *stmt = cfg_listelt_value(element); - cfg_obj_t *mode = cfg_tuple_get(stmt, "mode"); - cfg_obj_t *identity = cfg_tuple_get(stmt, "identity"); - cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype"); - cfg_obj_t *dname = cfg_tuple_get(stmt, "name"); - cfg_obj_t *typelist = cfg_tuple_get(stmt, "types"); - char *str; + const cfg_obj_t *stmt = cfg_listelt_value(element); + const cfg_obj_t *mode = cfg_tuple_get(stmt, "mode"); + const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity"); + const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype"); + const cfg_obj_t *dname = cfg_tuple_get(stmt, "name"); + const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types"); + const char *str; isc_boolean_t grant = ISC_FALSE; unsigned int mtype = DNS_SSUMATCHTYPE_NAME; dns_fixedname_t fname, fident; @@ -191,14 +193,14 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { element2 != NULL; element2 = cfg_list_next(element2)) { - cfg_obj_t *typeobj; + const cfg_obj_t *typeobj; isc_textregion_t r; INSIST(i < n); typeobj = cfg_listelt_value(element2); str = cfg_obj_asstring(typeobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdatatype_fromtext(&types[i++], &r); @@ -237,8 +239,8 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { * Convert a config file zone type into a server zone type. */ static inline dns_zonetype_t -zonetype_fromconfig(cfg_obj_t *map) { - cfg_obj_t *obj = NULL; +zonetype_fromconfig(const cfg_obj_t *map) { + const cfg_obj_t *obj = NULL; isc_result_t result; result = cfg_map_get(map, "type", &obj); @@ -293,7 +295,9 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) { } static void -checknames(dns_zonetype_t ztype, cfg_obj_t **maps, cfg_obj_t **objp) { +checknames(dns_zonetype_t ztype, const cfg_obj_t **maps, + const cfg_obj_t **objp) +{ const char *zone = NULL; isc_result_t result; @@ -308,17 +312,18 @@ checknames(dns_zonetype_t ztype, cfg_obj_t **maps, cfg_obj_t **objp) { } isc_result_t -ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, - ns_aclconfctx_t *ac, dns_zone_t *zone) +ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, + const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + dns_zone_t *zone) { isc_result_t result; - char *zname; + const char *zname; dns_rdataclass_t zclass; dns_rdataclass_t vclass; - cfg_obj_t *maps[5]; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *obj; + const cfg_obj_t *maps[5]; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *obj; const char *filename = NULL; dns_notifytype_t notifytype = dns_notifytype_yes; isc_sockaddr_t *addrs; @@ -428,7 +433,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, else dialup = dns_dialuptype_no; } else { - char *dialupstr = cfg_obj_asstring(obj); + const char *dialupstr = cfg_obj_asstring(obj); if (strcasecmp(dialupstr, "notify") == 0) dialup = dns_dialuptype_notify; else if (strcasecmp(dialupstr, "notify-passive") == 0) @@ -462,7 +467,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, else notifytype = dns_notifytype_no; } else { - char *notifystr = cfg_obj_asstring(obj); + const char *notifystr = cfg_obj_asstring(obj); if (strcasecmp(notifystr, "explicit") == 0) notifytype = dns_notifytype_explicit; else @@ -612,6 +617,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, switch (ztype) { case dns_zone_slave: case dns_zone_stub: + count = 0; obj = NULL; result = cfg_map_get(zoptions, "masters", &obj); if (obj != NULL) { @@ -715,9 +721,9 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, } isc_boolean_t -ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig) { - cfg_obj_t *zoptions = NULL; - cfg_obj_t *obj = NULL; +ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) { + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *obj = NULL; const char *cfilename; const char *zfilename; diff --git a/contrib/bind9/bin/nsupdate/nsupdate.8 b/contrib/bind9/bin/nsupdate/nsupdate.8 index 602a55b..7e254e0 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.8 +++ b/contrib/bind9/bin/nsupdate/nsupdate.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.8 2005/10/13 02:33:48 marka Exp $ +.\" $Id: nsupdate.8,v 1.24.2.2.2.9 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: nsupdate +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -30,7 +33,7 @@ nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] .SH "DESCRIPTION" .PP \fBnsupdate\fR @@ -79,7 +82,8 @@ reads the shared secret from the file must also be present. When the \fB\-y\fR option is used, a signature is generated from -\fIkeyname:secret.\fR\fIkeyname\fR +\fIkeyname:secret.\fR +\fIkeyname\fR is the name of the key, and \fIsecret\fR is the base64 encoded shared secret. Use of the @@ -123,7 +127,7 @@ Every update request consists of zero or more prerequisites and zero or more upd command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP The command formats and their meaning are as follows: -.TP +.TP 3n .HP 7 \fBserver\fR {servername} [port] Sends all dynamic update requests to the name server \fIservername\fR. When no server statement is provided, @@ -133,7 +137,7 @@ will send updates to the master server of the correct zone. The MNAME field of t is the port number on \fIservername\fR where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. -.TP +.TP 3n .HP 6 \fBlocal\fR {address} [port] Sends all dynamic update requests using the local \fIaddress\fR. When no local statement is provided, @@ -141,7 +145,7 @@ Sends all dynamic update requests using the local will send updates using an address and port chosen by the system. \fIport\fR can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. -.TP +.TP 3n .HP 5 \fBzone\fR {zonename} Specifies that all updates are to be made to the zone \fIzonename\fR. If no @@ -149,32 +153,33 @@ Specifies that all updates are to be made to the zone statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input. -.TP +.TP 3n .HP 6 \fBclass\fR {classname} Specify the default class. If no \fIclass\fR is specified the default class is \fIIN\fR. -.TP +.TP 3n .HP 4 \fBkey\fR {name} {secret} Specifies that all updates are to be TSIG signed using the -\fIkeyname\fR\fIkeysecret\fR +\fIkeyname\fR +\fIkeysecret\fR pair. The \fBkey\fR command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR. -.TP +.TP 3n .HP 16 \fBprereq nxdomain\fR {domain\-name} Requires that no resource record of any type exists with name \fIdomain\-name\fR. -.TP +.TP 3n .HP 16 \fBprereq yxdomain\fR {domain\-name} Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type). -.TP +.TP 3n .HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} Requires that no resource record exists of the specified \fItype\fR, @@ -183,7 +188,7 @@ and \fIdomain\-name\fR. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP +.TP 3n .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} This requires that a resource record of the specified \fItype\fR, @@ -193,7 +198,7 @@ and must exist. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP +.TP 3n .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} The \fIdata\fR @@ -207,7 +212,7 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of \fIdomain\-name\fR. The \fIdata\fR are written in the standard text representation of the resource record's RDATA. -.TP +.TP 3n .HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] Deletes any resource records named \fIdomain\-name\fR. If @@ -219,20 +224,20 @@ is provided, only matching resource records will be removed. The internet class is not supplied. The \fIttl\fR is ignored, and is only allowed for compatibility. -.TP +.TP 3n .HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR. -.TP +.TP 3n .HP 5 \fBshow\fR Displays the current message, containing all of the prerequisites and updates specified since the last send. -.TP +.TP 3n .HP 5 \fBsend\fR Sends the current message. This is equivalent to entering a blank line. -.TP +.TP 3n .HP 7 \fBanswer\fR Displays the answer. .PP @@ -246,12 +251,14 @@ could be used to insert and delete resource records from the zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample.com\fR. .sp +.RS 3n .nf # nsupdate > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send .fi +.RE .sp .PP Any A records for @@ -260,25 +267,27 @@ are deleted. and an A record for \fBnewhost.example.com\fR it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) .sp +.RS 3n .nf # nsupdate > prereq nxdomain nickname.example.com > update add nickname.example.com 86400 CNAME somehost.example.com > send .fi +.RE .sp .PP The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.) .SH "FILES" -.TP +.TP 3n \fB/etc/resolv.conf\fR used to identify default name server -.TP +.TP 3n \fBK{name}.+157.+{random}.key\fR base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). -.TP +.TP 3n \fBK{name}.+157.+{random}.private\fR base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). @@ -296,3 +305,5 @@ base\-64 encoding of HMAC\-MD5 key created by .SH "BUGS" .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/nsupdate/nsupdate.c b/contrib/bind9/bin/nsupdate/nsupdate.c index 7c728b6..107d85f 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.c +++ b/contrib/bind9/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.103.2.15.2.20 2005/03/17 03:58:26 marka Exp $ */ +/* $Id: nsupdate.c,v 1.103.2.15.2.23 2006/06/09 07:29:24 marka Exp $ */ #include @@ -1343,8 +1343,10 @@ get_next_command(void) { char *word; ddebug("get_next_command()"); - if (interactive) + if (interactive) { fprintf(stdout, "> "); + fflush(stdout); + } isc_app_block(); cmdline = fgets(cmdlinebuf, MAXCMD, input); isc_app_unblock(); @@ -1665,7 +1667,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { result = dns_request_createvia3(requestmgr, soaquery, localaddr, addr, 0, NULL, FIND_TIMEOUT * 20, - FIND_TIMEOUT * 20, 3, + FIND_TIMEOUT, 3, global_task, recvsoa, reqinfo, &request); check_result(result, "dns_request_createvia"); diff --git a/contrib/bind9/bin/nsupdate/nsupdate.html b/contrib/bind9/bin/nsupdate/nsupdate.html index 74ba2fb..4df8280 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.html +++ b/contrib/bind9/bin/nsupdate/nsupdate.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + nsupdate - +
-
+

Name

nsupdate — Dynamic DNS update utility

@@ -32,7 +32,7 @@

nsupdate [-d] [[-y keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-v] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -160,7 +160,7 @@ and number of UDP retries.

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from @@ -317,7 +317,7 @@ are written in the standard text representation of the resource record's RDATA.

-

update delete {domain-name} [ttl] [class] [type [data...]]

+

update delete {domain-name} [ttl] [class] [type [data...]]

Deletes any resource records named @@ -370,7 +370,7 @@ Lines beginning with a semicolon are comments and are ignored.

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -423,7 +423,7 @@ RRSIG, DNSKEY and NSEC records.)

-

FILES

+

FILES

/etc/resolv.conf

@@ -442,7 +442,7 @@ base-64 encoding of HMAC-MD5 key created by

-

SEE ALSO

+

SEE ALSO

RFC2136, RFC3007, @@ -456,7 +456,7 @@ base-64 encoding of HMAC-MD5 key created by

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/contrib/bind9/bin/rndc/rndc-confgen.8 b/contrib/bind9/bin/rndc/rndc-confgen.8 index b29f009..c6a4218 100644 --- a/contrib/bind9/bin/rndc/rndc-confgen.8 +++ b/contrib/bind9/bin/rndc/rndc-confgen.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.5.2.7 2005/10/13 02:33:50 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: rndc\-confgen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Aug 27, 2001 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -53,7 +56,7 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP +.TP 3n \-a Do automatic \fBrndc\fR @@ -97,30 +100,30 @@ option and set up a and \fInamed.conf\fR as directed. -.TP +.TP 3n \-b \fIkeysize\fR Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP +.TP 3n \-c \fIkeyfile\fR Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP +.TP 3n \-k \fIkeyname\fR Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP +.TP 3n \-p \fIport\fR Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP +.TP 3n \-r \fIrandomfile\fR Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR @@ -129,13 +132,13 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-s \fIaddress\fR Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP +.TP 3n \-t \fIchrootdir\fR Used with the \fB\-a\fR @@ -145,7 +148,7 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP +.TP 3n \-u \fIuser\fR Used with the \fB\-a\fR @@ -181,3 +184,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc-confgen.html b/contrib/bind9/bin/rndc/rndc-confgen.html index ca75400..058cd56 100644 --- a/contrib/bind9/bin/rndc/rndc-confgen.html +++ b/contrib/bind9/bin/rndc/rndc-confgen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc-confgen - +

-
+

Name

rndc-confgen — rndc key generation tool

@@ -32,7 +32,7 @@

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -48,7 +48,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -57,7 +57,7 @@ This creates a file rndc.key in /etc (or whatever sysconfdir - was specified as when BIND was built) + was specified as when BIND was built) that is read by both rndc and named on startup. The rndc.key file defines a default @@ -148,7 +148,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -167,7 +167,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), @@ -176,7 +176,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/rndc/rndc.8 b/contrib/bind9/bin/rndc/rndc.8 index fba5529..04bd133 100644 --- a/contrib/bind9/bin/rndc/rndc.8 +++ b/contrib/bind9/bin/rndc/rndc.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.206.5 2005/10/13 02:33:49 marka Exp $ +.\" $Id: rndc.8,v 1.24.206.6 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: rndc +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -50,13 +53,13 @@ named the only supported authentication algorithm is HMAC\-MD5, which uses a sha \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" -.TP +.TP 3n \-c \fIconfig\-file\fR Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc.conf\fR. -.TP +.TP 3n \-k \fIkey\-file\fR Use \fIkey\-file\fR @@ -66,20 +69,20 @@ as the key file instead of the default, will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist. -.TP +.TP 3n \-s \fIserver\fR \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for \fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. -.TP +.TP 3n \-p \fIport\fR Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953. -.TP +.TP 3n \-V Enable verbose logging. -.TP +.TP 3n \-y \fIkeyid\fR Use the key \fIkeyid\fR @@ -111,8 +114,11 @@ Several error messages could be clearer. .PP \fBrndc.conf\fR(5), \fBnamed\fR(8), -\fBnamed.conf\fR(5)\fBndc\fR(8), +\fBnamed.conf\fR(5) +\fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc.c b/contrib/bind9/bin/rndc/rndc.c index 63e8f23..a5e912d 100644 --- a/contrib/bind9/bin/rndc/rndc.c +++ b/contrib/bind9/bin/rndc/rndc.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.77.2.5.2.15 2005/03/17 03:58:27 marka Exp $ */ +/* $Id: rndc.c,v 1.77.2.5.2.19 2006/08/04 03:03:08 marka Exp $ */ /* * Principal Author: DCL @@ -154,6 +154,11 @@ rndc_senddone(isc_task_t *task, isc_event_t *event) { if (sevent->result != ISC_R_SUCCESS) fatal("send failed: %s", isc_result_totext(sevent->result)); isc_event_free(&event); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } } static void @@ -204,9 +209,11 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); isccc_sexpr_free(&response); - isc_socket_detach(&sock); - isc_task_shutdown(task); - RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } } static void @@ -288,6 +295,7 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { static void rndc_connected(isc_task_t *task, isc_event_t *event) { + char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_socketevent_t *sevent = (isc_socketevent_t *)event; isccc_sexpr_t *request = NULL; isccc_sexpr_t *data; @@ -301,17 +309,19 @@ rndc_connected(isc_task_t *task, isc_event_t *event) { connects--; if (sevent->result != ISC_R_SUCCESS) { + isc_sockaddr_format(&serveraddrs[currentaddr], socktext, + sizeof(socktext)); if (sevent->result != ISC_R_CANCELED && - currentaddr < nserveraddrs) + ++currentaddr < nserveraddrs) { - notify("connection failed: %s", + notify("connection failed: %s: %s", socktext, isc_result_totext(sevent->result)); isc_socket_detach(&sock); isc_event_free(&event); - rndc_startconnect(&serveraddrs[currentaddr++], task); + rndc_startconnect(&serveraddrs[currentaddr], task); return; } else - fatal("connect failed: %s", + fatal("connect failed: %s: %s", socktext, isc_result_totext(sevent->result)); } @@ -369,7 +379,7 @@ rndc_start(isc_task_t *task, isc_event_t *event) { get_addresses(servername, (in_port_t) remoteport); currentaddr = 0; - rndc_startconnect(&serveraddrs[currentaddr++], task); + rndc_startconnect(&serveraddrs[currentaddr], task); } static void @@ -378,17 +388,17 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, { isc_result_t result; const char *conffile = admin_conffile; - cfg_obj_t *defkey = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *servers = NULL; - cfg_obj_t *server = NULL; - cfg_obj_t *keys = NULL; - cfg_obj_t *key = NULL; - cfg_obj_t *defport = NULL; - cfg_obj_t *secretobj = NULL; - cfg_obj_t *algorithmobj = NULL; + const cfg_obj_t *defkey = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *servers = NULL; + const cfg_obj_t *server = NULL; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *key = NULL; + const cfg_obj_t *defport = NULL; + const cfg_obj_t *secretobj = NULL; + const cfg_obj_t *algorithmobj = NULL; cfg_obj_t *config = NULL; - cfg_listelt_t *elt; + const cfg_listelt_t *elt; const char *secretstr; const char *algorithm; static char secretarray[1024]; @@ -420,7 +430,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, if (key_only && servername == NULL) servername = "127.0.0.1"; else if (servername == NULL && options != NULL) { - cfg_obj_t *defserverobj = NULL; + const cfg_obj_t *defserverobj = NULL; (void)cfg_map_get(options, "default-server", &defserverobj); if (defserverobj != NULL) servername = cfg_obj_asstring(defserverobj); diff --git a/contrib/bind9/bin/rndc/rndc.conf.5 b/contrib/bind9/bin/rndc/rndc.conf.5 index 1c21e36..3a06a44 100644 --- a/contrib/bind9/bin/rndc/rndc.conf.5 +++ b/contrib/bind9/bin/rndc/rndc.conf.5 @@ -13,15 +13,18 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.206.5 2005/10/13 02:33:50 marka Exp $ +.\" $Id: rndc.conf.5,v 1.21.206.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "\\FIRNDC.CONF\\FR" "5" "June 30, 2000" "BIND9" "BIND9" +.\" Title: \fIrndc.conf\fR +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -98,6 +101,7 @@ program, also known as does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" .sp +.RS 3n .nf options { default\-server localhost; @@ -111,6 +115,7 @@ does not ship with BIND 9 but is available on many systems. See the EXAMPLE sect secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; .fi +.RE .PP In the above example, \fBrndc\fR @@ -152,3 +157,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc.conf.html b/contrib/bind9/bin/rndc/rndc.conf.html index 05db0ec..fefe616 100644 --- a/contrib/bind9/bin/rndc/rndc.conf.html +++ b/contrib/bind9/bin/rndc/rndc.conf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc.conf - +
-
+

Name

rndc.conf — rndc configuration file

@@ -32,7 +32,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control @@ -105,7 +105,7 @@

-

EXAMPLE

+

EXAMPLE

     options {
         default-server  localhost;
@@ -151,7 +151,7 @@
     

-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -161,7 +161,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), @@ -170,7 +170,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/rndc/rndc.html b/contrib/bind9/bin/rndc/rndc.html index d23f468..4dfd318 100644 --- a/contrib/bind9/bin/rndc/rndc.html +++ b/contrib/bind9/bin/rndc/rndc.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc - +
-
+

Name

rndc — name server control utility

@@ -32,7 +32,7 @@

rndc [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-c config-file

@@ -123,7 +123,7 @@

-

LIMITATIONS

+

LIMITATIONS

rndc does not yet support all the commands of the BIND 8 ndc utility. @@ -137,7 +137,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), named(8), @@ -147,7 +147,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/config.threads.in b/contrib/bind9/config.threads.in index f2816c4..c1c113b 100644 --- a/contrib/bind9/config.threads.in +++ b/contrib/bind9/config.threads.in @@ -140,6 +140,31 @@ then fi fi ;; + *-freebsd*) + # We don't want to set -lpthread as that break + # the ability to choose threads library at final + # link time and is not valid for all architectures. + + PTHREAD= + if test "X$GCC" = "Xyes"; then + saved_cc="$CC" + CC="$CC -pthread" + AC_MSG_CHECKING(for gcc -pthread support); + AC_TRY_LINK([#include ], + [printf("%x\n", pthread_create);], + PTHREAD="yes" + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no)) + CC="$saved_cc" + fi + if test "X$PTHREAD" != "Xyes"; then + AC_CHECK_LIB(pthread, pthread_create,, + AC_CHECK_LIB(thr, thread_create,, + AC_CHECK_LIB(c_r, pthread_create,, + AC_CHECK_LIB(c, pthread_create,, + AC_MSG_ERROR("could not find thread libraries"))))) + fi + ;; *) AC_CHECK_LIB(pthread, pthread_create,, AC_CHECK_LIB(pthread, __pthread_create,, diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in index cf7517b..050a272 100644 --- a/contrib/bind9/configure.in +++ b/contrib/bind9/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.294.2.23.2.51.4.3 $) +AC_REVISION($Revision: 1.294.2.23.2.73 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.13) @@ -364,7 +364,7 @@ AC_ARG_WITH(openssl, (Required for DNSSEC)], use_openssl="$withval", use_openssl="auto") -openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg" +openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" if test "$use_openssl" = "auto" then for d in $openssldirs @@ -417,6 +417,9 @@ case "$use_openssl" in *-solaris*) DNS_OPENSSL_LIBS="-L$use_openssl/lib -R$use_openssl/lib -lcrypto" ;; + *-hp-hpux*) + DNS_OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto" + ;; *) DNS_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" ;; @@ -463,9 +466,19 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)], [AC_MSG_RESULT(assuming it does work on target platform)] ) + AC_CHECK_FUNC(DH_generate_parameters, + AC_DEFINE(HAVE_DH_GENERATE_PARAMETERS, 1, + [Define if libcrypto has DH_generate_parameters])) + AC_CHECK_FUNC(RSA_generate_key, + AC_DEFINE(HAVE_RSA_GENERATE_KEY, 1, + [Define if libcrypto has RSA_generate_key])) + AC_CHECK_FUNC(DSA_generate_parameters, + AC_DEFINE(HAVE_DSA_GENERATE_PARAMETERS, 1, + [Define if libcrypto has DSA_generate_parameters])) + AC_ARG_ENABLE(openssl-version-check, [AC_HELP_STRING([--enable-openssl-version-check], - [Check OpenSSL Version @<:@default=yes@:>@])]) + [Check OpenSSL Version @<:@default=yes@:>@])]) case "$enable_openssl_version_check" in yes|'') AC_MSG_CHECKING(OpenSSL library version) @@ -473,9 +486,9 @@ yes|'') #include #include int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && - OPENSSL_VERSION_NUMBER < 0x009080000L) || - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && + OPENSSL_VERSION_NUMBER < 0x00908000L) || + OPENSSL_VERSION_NUMBER >= 0x0090804fL) return (0); printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", OPENSSL_VERSION_NUMBER); @@ -601,16 +614,61 @@ sinclude(config.threads.in)dnl if $use_threads then + if test "X$GCC" = "Xyes"; then + case "$host" in + *-freebsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-openbsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + LIBS="$LIBS -lthread" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + esac + else + case $host in + *-dec-osf*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + CC="$CC -mt" + CCOPT="$CCOPT -mt" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-sco-sysv*uw*|*-*-sysv*UnixWare*) + CC="$CC -Kthread" + CCOPT="$CCOPT -Kthread" + ;; + *-*-sysv*OpenUNIX*) + CC="$CC -Kpthread" + CCOPT="$CCOPT -Kpthread" + ;; + esac + fi + ALWAYS_DEFINES="-D_REENTRANT" + ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1" + thread_dir=pthreads # # We'd like to use sigwait() too # - AC_CHECK_LIB(c, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, _Psigwait, - AC_DEFINE(HAVE_SIGWAIT),)) - ) + AC_CHECK_FUNC(sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(c, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, _Psigwait, + AC_DEFINE(HAVE_SIGWAIT),)))) AC_CHECK_FUNC(pthread_attr_getstacksize, AC_DEFINE(HAVE_PTHREAD_ATTR_GETSTACKSIZE),) @@ -674,50 +732,6 @@ then # AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF),) - if test "X$GCC" = "Xyes"; then - case "$host" in - *-freebsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-openbsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - LIBS="$LIBS -lthread" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - esac - else - case $host in - *-dec-osf*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - CC="$CC -mt" - CCOPT="$CCOPT -mt" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-sco-sysv*uw*|*-*-sysv*UnixWare*) - CC="$CC -Kthread" - CCOPT="$CCOPT -Kthread" - ;; - *-*-sysv*OpenUNIX*) - CC="$CC -Kpthread" - CCOPT="$CCOPT -Kpthread" - ;; - esac - fi - ALWAYS_DEFINES="-D_REENTRANT" - ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1" - thread_dir=pthreads else ISC_PLATFORM_USETHREADS="#undef ISC_PLATFORM_USETHREADS" thread_dir=nothreads @@ -777,7 +791,18 @@ MKDEPCFLAGS="-M" IRIX_DNSSEC_WARNINGS_HACK="" if test "X$GCC" = "Xyes"; then - STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat" + AC_MSG_CHECKING(if "$CC" supports -fno-strict-aliasing) + SAVE_CFLAGS=$CFLAGS + CFLAGS=-fno-strict-aliasing + AC_TRY_COMPILE(,, [FNOSTRICTALIASING=yes],[FNOSTRICTALIASING=no]) + CFLAGS=$SAVE_CFLAGS + if test "$FNOSTRICTALIASING" = "yes"; then + AC_MSG_RESULT(yes) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing" + else + AC_MSG_RESULT(no) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith" + fi case "$host" in *-hp-hpux*) LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS" @@ -1555,11 +1580,11 @@ AC_SUBST(ISC_PLATFORM_NEEDMEMMOVE) AC_CHECK_FUNC(strtoul, [ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL" - LWRES_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL" + LWRES_PLATFORM_NEEDSTRTOUL="#undef LWRES_PLATFORM_NEEDSTRTOUL" GENRANDOMLIB=""], [ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1" - LWRES_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1" - "GENRANDOMLIB=${ISCLIBS}"]) + LWRES_PLATFORM_NEEDSTRTOUL="#define LWRES_PLATFORM_NEEDSTRTOUL 1" + GENRANDOMLIB='${ISCLIBS}']) AC_SUBST(ISC_PLATFORM_NEEDSTRTOUL) AC_SUBST(LWRES_PLATFORM_NEEDSTRTOUL) AC_SUBST(GENRANDOMLIB) @@ -1674,6 +1699,7 @@ AC_TRY_COMPILE([ [optarg = 0;], [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no) +GEN_NEED_OPTARG="-DNEED_OPTARG=1" AC_DEFINE(NEED_OPTARG, 1, [Defined if extern char *optarg is not declared.])]) # @@ -1737,6 +1763,17 @@ case "$host" in esac # +# Some hosts need msg_namelen to match the size of the socket structure. +# Some hosts don't set msg_namelen appropriately on return from recvmsg(). +# +case $host in +*os2*|*hp-mpeix*) + AC_DEFINE(BROKEN_RECVMSG, 1, + [Define if recvmsg() does not meet all of the BSD socket API specifications.]) + ;; +esac + +# # Microsoft has their own way of handling shared libraries that requires # additional qualifiers on extern variables. Unix systems don't need it. # @@ -1753,7 +1790,7 @@ AC_SUBST(ISC_PLATFORM_BRACEPTHREADONCEINIT) ISC_PLATFORM_BRACEPTHREADONCEINIT="#undef ISC_PLATFORM_BRACEPTHREADONCEINIT" case "$host" in - *-aix5.1.*) + *-aix5.[[123]].*) hack_shutup_pthreadonceinit=yes ;; *-bsdi3.1*) @@ -1769,6 +1806,9 @@ case "$host" in [*-solaris2.[89]]) hack_shutup_pthreadonceinit=yes ;; + *-solaris2.10) + hack_shutup_pthreadonceinit=yes + ;; esac case "$hack_shutup_pthreadonceinit" in @@ -1849,6 +1889,16 @@ case "$host" in ;; esac # +# Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. +# This prevents the source address being set. +# +case "$host" in +*-solaris2.[[012345]]|*-solaris2.5.1) + AC_DEFINE(BROKEN_TCP_BIND_BEFORE_CONNECT, 1, + [Define if you cannot bind() before connect() for TCP sockets.]) + ;; +esac +# # The following sections deal with tools used for formatting # the documentation. They are all optional, unless you are # a developer editing the documentation source. @@ -2024,6 +2074,28 @@ LIBBIND9_API=$srcdir/lib/bind9/api AC_SUBST_FILE(LIBLWRES_API) LIBLWRES_API=$srcdir/lib/lwres/api +if test "$cross_compiling" = "yes"; then + if test -z "$BUILD_CC"; then + AC_ERROR([BUILD_CC not set]) + fi + BUILD_CFLAGS="$BUILD_CFLAGS" + BUILD_CPPFLAGS="$BUILD_CPPFLAGS" + BUILD_LDFLAGS="$BUILD_LDFLAGS" + BUILD_LIBS="$BUILD_LIBS" +else + BUILD_CC="$CC" + BUILD_CFLAGS="$CFLAGS" + BUILD_CPPFLAGS="$CPPFLAGS $GEN_NEED_OPTARG" + BUILD_LDFLAGS="$LDFLAGS" + BUILD_LIBS="$LIBS" +fi + +AC_SUBST(BUILD_CC) +AC_SUBST(BUILD_CFLAGS) +AC_SUBST(BUILD_CPPFLAGS) +AC_SUBST(BUILD_LDFLAGS) +AC_SUBST(BUILD_LIBS) + AC_OUTPUT( make/rules make/includes diff --git a/contrib/bind9/doc/arm/Bv9ARM-book.xml b/contrib/bind9/doc/arm/Bv9ARM-book.xml index 28ccb36..bccb088 100644 --- a/contrib/bind9/doc/arm/Bv9ARM-book.xml +++ b/contrib/bind9/doc/arm/Bv9ARM-book.xml @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + BIND 9 Administrator Reference Manual @@ -27,6 +27,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -50,7 +51,7 @@ Scope of Document - The Berkeley Internet Name Domain (BIND) implements an + The Berkeley Internet Name Domain (BIND) implements a domain name server for a number of operating systems. This document provides basic information about the installation and care of the Internet Software Consortium (ISC) @@ -334,7 +335,7 @@ caching are intimately connected, the terms caching server are often used synonymously. The length of time for which a record may be retained in -in the cache of a caching name server is controlled by the +the cache of a caching name server is controlled by the Time To Live (TTL) field associated with each resource record. @@ -729,7 +730,7 @@ of a server. command command - command is one of the following: + The command is one of the following: @@ -758,7 +759,7 @@ of a server. freeze zone class view - Suspend updates to a dynamic zone. If no zone is specified + Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master @@ -770,17 +771,12 @@ of a server. class view Enable updates to a frozen dynamic zone. If no zone is - specified then all frozen zones are enabled. This causes + specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused. - notify zone - class - view - Resend NOTIFY messages for the zone - reconfig Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. @@ -803,19 +799,22 @@ of a server. dumpdb -all|-cache|-zone view ... Dump the server's caches (default) and / or zones to the - dump file for the specified views. If no view is specified all + dump file for the specified views. If no view is specified, all views are dumped. stop -p Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files - of the updated zones. If -p is specified named's process id is returned. + of the updated zones. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed stopping. halt -p Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server - is restarted. If -p is specified named's process id is returned. + is restarted. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed + stopping. trace Increment the servers debugging level by one. @@ -835,8 +834,8 @@ of a server. status Display status of the server. -Note the number of zones includes the internal bind/CH zone -and the default ./IN hint zone if there is not a +Note that the number of zones includes the internal bind/CH zone +and the default ./IN hint zone if there is not an explicit root zone configured. recursing @@ -893,7 +892,7 @@ the name of a key as its argument, as defined by a key statem port is given on the command line or in a server statement. -The key statement defines an key to be used +The key statement defines a key to be used by rndc when authenticating with named. Its syntax is identical to the key statement in named.conf. @@ -1063,7 +1062,7 @@ protocol is specified in RFC 1996. The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent - dynamic changes - those are only in the journal file. + dynamic changes — those are only in the journal file. The only way to ensure that the zone file of a dynamic zone is up to date is to run rndc stop. @@ -1073,7 +1072,7 @@ protocol is specified in RFC 1996. rndc freeze zone. This will also remove the zone's .jnl file and update the master file. Edit the zone file. Run - rndc unfreeze zone + rndc thaw zone to reload the changed zone and re-enable dynamic updates. @@ -1184,7 +1183,7 @@ internal clients will now be able to: Look up any hostnames on the Internet. - Exchange mail with internal AND external people. + Exchange mail with both internal AND external people. Hosts on the Internet will be able to: Look up any hostnames in the site1 and @@ -1196,7 +1195,7 @@ internal clients will now be able to: Here is an example configuration for the setup we just described above. Note that this is only configuration information; for information on how to configure your zone files, see + linkend="sample_configuration"/>. Internal DNS server config: @@ -1318,11 +1317,11 @@ for TSIG. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts. Automatic Generation -The following command will generate a 128 bit (16 byte) HMAC-MD5 +The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; -keys longer than that will be digested with MD5 to produce a 128 -bit key. +keys longer than that will be digested with MD5 to produce a +128-bit key. dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2. The key is in the file Khost1-host2.+157+00000.private. Nothing directly uses this file, but the base-64 encoded string @@ -1402,11 +1401,12 @@ allow-update { key host1-host2. ;}; Errors The processing of TSIG signed messages can result in - several errors. If a signed message is sent to a non-TSIG aware - server, a FORMERR will be returned, since the server will not - understand the record. This is a result of misconfiguration, - since the server must be explicitly configured to send a TSIG - signed message to a specific server. + several errors. If a signed message is sent to a non-TSIG + aware server, a FORMERR (format error) will be returned, since + the server will not understand the record. This is a result + of misconfiguration, since the server must be explicitly + configured to send a TSIG signed message to a specific + server. If a TSIG aware server receives a message signed by an unknown key, the response will be unsigned with the TSIG @@ -1418,7 +1418,7 @@ allow-update { key host1-host2. ;}; the TSIG extended error code set to BADTIME, and the time values will be adjusted so that the response can be successfully verified. In any of these cases, the message's rcode is set to - NOTAUTH. + NOTAUTH (not authenticated). @@ -1462,7 +1462,7 @@ allow-update { key host1-host2. ;}; When a SIG(0) signed message is received, it will only be verified if the key is known and trusted by the server; the server - will not attempt to locate and/or validate the key. + will not attempt to locate and / or validate the key. SIG(0) signing of multiple-message TCP streams is not supported. @@ -1475,9 +1475,10 @@ allow-update { key host1-host2. ;}; DNSSEC Cryptographic authentication of DNS information is possible - through the DNS Security (DNSSEC-bis) extensions, - defined in RFC <TBA>. This section describes the creation and use - of DNSSEC signed zones. + through the DNS Security (DNSSEC-bis) + extensions, defined in RFC 4033, RFC4034 and RFC4035. This + section describes the creation and use of DNSSEC signed + zones. In order to set up a DNSSEC secure zone, there are a series of steps which must be followed. BIND 9 ships @@ -1493,7 +1494,7 @@ allow-update { key host1-host2. ;}; There must also be communication with the administrators of the parent and/or child zone to transmit keys. A zone's security status must be indicated by the parent zone for a DNSSEC capable - resolver to trust its data. This is done through the presense + resolver to trust its data. This is done through the presence or absence of a DS record at the delegation point. @@ -1516,7 +1517,7 @@ allow-update { key host1-host2. ;}; designated as "mandatory to implement" by the IETF; currently the only one is RSASHA1. - The following command will generate a 768 bit RSASHA1 key for + The following command will generate a 768-bit RSASHA1 key for the child.example zone: dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example. @@ -1552,7 +1553,7 @@ allow-update { key host1-host2. ;}; generate NSEC and RRSIG records for the zone, as well as DS for the child zones if '-d' is specified. - If '-d' is not specified then DS RRsets for + If '-d' is not specified, then DS RRsets for the secure child zones need to be added manually. The following command signs the zone, assuming it is in a @@ -1577,14 +1578,93 @@ allow-update { key host1-host2. ;}; Configuring Servers -Unlike BIND 8, -BIND 9 does not verify signatures on load, -so zone keys for authoritative zones do not need to be specified -in the configuration file. + + To enable named to respond appropriately + to DNS requests from DNSSEC aware clients, + dnssec-enable must be set to yes. + + + + To enable named to validate answers from + other servers dnssec-enable and + some trusted-keys must be configured + into named.conf. + + + + trusted-keys are copies of DNSKEY RRs + for zones that are used to form the first link in the + cryptographic chain of trust. All keys listed in + trusted-keys (and corresponding zones) + are deemed to exist and only the listed keys will be used + to validated the DNSKEY RRset that they are from. + + + + trusted-keys are described in more detail + later in this document. + + + + Unlike BIND 8, BIND + 9 does not verify signatures on load, so zone keys for + authoritative zones do not need to be specified in the + configuration file. + + + + After DNSSEC gets established, a typical DNSSEC configuration + will look something like the following. It has a one or + more public keys for the root. This allows answers from + outside the organization to be validated. It will also + have several keys for parts of the namespace the organization + controls. These are here to ensure that named is immune + to compromises in the DNSSEC components of the security + of parent zones. + + + +trusted-keys { + + /* Root Key */ +"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/ + E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3 + zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz + MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M + /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M + iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI + Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3"; + +/* Key for our organization's forward zone */ +example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe + 3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb + OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC + lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt + 8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b + iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn + SCThlHf3xiYleDbt/o1OTQ09A0="; + +/* Key for our reverse zone. */ +2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA + VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0 + tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0 + yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ + 4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06 + zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL + 7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD + 52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib"; +}; + +options { + ... + dnssec-enable yes; +}; + -The public key for any security root must be present in -the configuration file's trusted-keys -statement, as described later in this document. + + None of the keys listed in this example are valid. In particular, + the root key is not valid. + @@ -1779,7 +1859,7 @@ ambiguity, and need to be disambiguated. An IP port number. number is limited to 0 through 65535, with values below 1024 typically restricted to use by processes running as root. -In some cases an asterisk (`*') character can be used as a placeholder to +In some cases, an asterisk (`*') character can be used as a placeholder to select a random high-numbered port. @@ -1803,7 +1883,7 @@ separated by semicolons and ending with a semicolon. number -A non-negative 32 bit integer +A non-negative 32-bit integer (i.e., a number between 0 and 4294967295, inclusive). Its acceptable value might further be limited by the context in which it is used. @@ -1930,7 +2010,7 @@ in the C, C++, or shell/perl style. Definition and Usage -Comments may appear anywhere that whitespace may appear in +Comments may appear anywhere that white space may appear in a BIND configuration file. C-style comments start with the two characters /* (slash, star) and end with */ (star, slash). Because they are completely @@ -2018,7 +2098,7 @@ the log messages are sent. lwres configures named to -also act as a light weight resolver daemon (lwresd). +also act as a light-weight resolver daemon (lwresd). masters @@ -2132,7 +2212,7 @@ IPv6 addresses, just like localhost. ip_port on the specified ip_addr, which can be an IPv4 or IPv6 address. An ip_addr - of * is interpreted as the IPv4 wildcard + of * (asterisk) is interpreted as the IPv4 wildcard address; connections will be accepted on any of the system's IPv4 addresses. To listen on the IPv6 wildcard address, use an ip_addr of ::. @@ -2144,7 +2224,7 @@ IPv6 addresses, just like localhost. If no port is specified, port 953 - is used. "*" cannot be used for + is used. The asterisk "*" cannot be used for ip_port. The ability to issue commands over the control channel is @@ -2206,13 +2286,14 @@ installed. permissions set such that only the owner of the file (the user that named is running as) can access it. If you desire greater flexibility in allowing other users to access - rndc commands then you need to create an - rndc.conf and make it group readable by a group + rndc commands, then you need to create a + rndc.conf file and make it group readable by a group that contains the users who should have access. The UNIX control channel type of BIND 8 is not supported - in BIND 9, and is not expected to be added in future - releases. If it is present in the controls statement from a + in BIND 9.0, BIND 9.1, + BIND 9.2 and BIND 9.3. + If it is present in the controls statement from a BIND 8 configuration file, it is ignored and a warning is logged. @@ -2359,8 +2440,8 @@ of the file will be saved each time the file is opened. If you use the versions log file option, then named will retain that many backup versions of the file by -renaming them when opening. For example, if you choose to keep 3 old versions -of the file lamers.log then just before it is opened +renaming them when opening. For example, if you choose to keep three old versions +of the file lamers.log, then just before it is opened lamers.log.1 is renamed to lamers.log.2, lamers.log.0 is renamed to lamers.log.1, and lamers.log is @@ -2436,7 +2517,7 @@ level is set either by starting the named server with the flag followed by a positive integer, or by running rndc trace. The global debug level -can be set to zero, and debugging mode turned off, by running ndc +can be set to zero, and debugging mode turned off, by running rndc notrace. All debugging messages in the server have a debug level, and higher debug levels give more detailed output. Channels that specify a specific debug severity, for example: @@ -2499,7 +2580,7 @@ channel null { The default_debug channel has the special property that it only produces output when the server's debug level is -nonzero. It normally writes to a file named.run +nonzero. It normally writes to a file called named.run in the server's working directory. For security reasons, when the "" @@ -2619,12 +2700,12 @@ the null channel. queries Specify where queries should be logged to. -At startup, specifing the category queries will also +At startup, specifying the category queries will also enable query logging unless querylog option has been specified. -The query log entry reports the client's IP address and port number. The +The query log entry reports the client's IP address and port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, - if not set), EDNS was in use (E) or if the query was signed (S). @@ -2683,8 +2764,8 @@ statement in the named.conf file: <command>lwres</command> Statement Definition and Usage The lwres statement configures the name -server to also act as a lightweight resolver server, see -. There may be be multiple +server to also act as a lightweight resolver server. (See +.) There may be be multiple lwres statements configuring lightweight resolver servers with different properties. @@ -2737,6 +2818,7 @@ statement in the named.conf file: named-xfer path_name; tkey-domain domainname; tkey-dhkey key_name key_tag; + cache-file path_name; dump-file path_name; memstatistics-file path_name; pid-file path_name; @@ -2897,6 +2979,15 @@ public and private keys from files in the working directory. In most cases, the keyname should be the server's host name. + + cache-file + + + This is for testing only. Do not use. + + + + dump-file The pathname of the file the server dumps the database to when instructed to do so with @@ -2925,7 +3016,7 @@ double quotes. to when instructed to do so using rndc stats. If not specified, the default is named.stats in the server's current directory. The format of the file is described -in +in . port @@ -2954,19 +3045,19 @@ is ignored on subsequent reloads. preferred-glue -If specified the listed type (A or AAAA) will be emitted before other glue +If specified, the listed type (A or AAAA) will be emitted before other glue in the additional section of a query response. -The default is not to preference any type (NONE). +The default is not to prefer any type (NONE). root-delegation-only -Turn on enforcement of delegation-only in TLDs and root zones with an optional -exclude list. +Turn on enforcement of delegation-only in TLDs (top level domains) +and root zones with an optional exclude list. -Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US" and "MUSEUM"). +Note some TLDs are not delegation only (e.g. "DE", "LV", "US" and "MUSEUM"). options { @@ -2984,7 +3075,7 @@ Only the most specific will be applied. dnssec-lookaside -When set dnssec-lookaside provides the +When set, dnssec-lookaside provides the validator with an alternate method to validate DNSKEY records at the top of a zone. When a DNSKEY is at or below a domain specified by the deepest dnssec-lookaside, and the normal dnssec validation @@ -2996,10 +3087,10 @@ record does) the DNSKEY RRset is deemed to be trusted. dnssec-must-be-secure -Specify heirarchies which must / may not be secure (signed and validated). -If yes then named will only accept answers if they +Specify heirarchies which must be or may not be secure (signed and validated). +If yes, then named will only accept answers if they are secure. -If no then normal dnssec validation applies +If no, then normal dnssec validation applies allowing for insecure answers to be accepted. The specified domain must be under a trusted-key or dnssec-lookaside must be active. @@ -3026,7 +3117,7 @@ the checks. dialup If yes, then the server treats all zones as if they are doing zone transfers across -a dial on demand dialup link, which can be brought up by traffic +a dial-on-demand dialup link, which can be brought up by traffic originating from this server. This has different effects according to zone type and concentrates the zone maintenance so that it all happens in a short interval, once every heartbeat-interval and @@ -3037,7 +3128,7 @@ may also be specified in the view and zone statements, in which case it overrides the global dialup option. -If the zone is a master zone then the server will send out a NOTIFY +If the zone is a master zone, then the server will send out a NOTIFY request to all the slaves (default). This should trigger the zone serial number check in the slave (providing it supports NOTIFY) allowing the slave to verify the zone while the connection is active. @@ -3129,7 +3220,7 @@ and BIND 9 never does it. flush-zones-on-shutdown When the nameserver exits due receiving SIGTERM, -flush / do not flush any pending zone writes. The default is +flush or do not flush any pending zone writes. The default is flush-zones-on-shutdown no. @@ -3238,7 +3329,7 @@ in . See also See the description of provide-ixfr in - +. request-ixfr @@ -3246,7 +3337,7 @@ See the description of See the description of request-ixfr in - +. treat-cr-as-space @@ -3338,7 +3429,7 @@ The use of this option for any other purpose is discouraged. ixfr-from-differences -When 'yes' and the server loads a new version of a master +When yes and the server loads a new version of a master zone from its zone file or receives a new version of a slave file by a non-incremental zone transfer, it will compare the new version to the previous one and calculate a set @@ -3361,7 +3452,7 @@ difference set. This should be set when you have multiple masters for a zone and the -addresses refer to different machines. If 'yes' named will not log +addresses refer to different machines. If yes, named will not log when the serial number on the master is less than what named currently has. The default is no. @@ -3369,7 +3460,7 @@ has. The default is no. dnssec-enable -Enable DNSSEC support in named. Unless set to yes +Enable DNSSEC support in named. Unless set to yes, named behaves as if it does not support DNSSEC. The default is no. @@ -3377,8 +3468,8 @@ The default is no. querylog -Specify whether query logging should be started when named start. -If querylog is not specified then the query logging +Specify whether query logging should be started when named starts. +If querylog is not specified, then the query logging is determined by the presence of the logging category queries. @@ -3390,10 +3481,10 @@ certain domain names in master files and/or DNS responses received from the network. The default varies according to usage area. For master zones the default is fail. For slave zones the default is warn. -For answer received from the network (response) +For answers received from the network (response) the default is ignore. -The rules for legal hostnames / mail domains are derived from RFC 952 +The rules for legal hostnames and mail domains are derived from RFC 952 and RFC 821 as modified by RFC 1123. check-names applies to the owner names of A, AAA and @@ -3421,8 +3512,8 @@ its cache. forward This option is only meaningful if the forwarders list is not empty. A value of first, -the default, causes the server to query the forwarders first, and -if that doesn't answer the question the server will then look for +the default, causes the server to query the forwarders first — and +if that doesn't answer the question, the server will then look for the answer itself. If only is specified, the server will only query the forwarders. @@ -3448,10 +3539,10 @@ on the host machine. dual-stack-servers -Specifies host names / addresses of machines with access to -both IPv4 and IPv6 transports. If a hostname is used the server must be able +Specifies host names or addresses of machines with access to +both IPv4 and IPv6 transports. If a hostname is used, the server must be able to resolve the name using only the transport it has. If the machine is dual -stacked then the dual-stack-servers have no effect unless +stacked, then the dual-stack-servers have no effect unless access to a transport has been disabled on the command line (e.g. named -4). @@ -3600,12 +3691,12 @@ the server will not listen on any IPv6 address. query other name servers. query-source specifies the address and port used for such queries. For queries sent over IPv6, there is a separate query-source-v6 option. -If address is * or is omitted, +If address is * (asterisk) or is omitted, a wildcard IP address (INADDR_ANY) will be used. If port is * or is omitted, -a random unprivileged port will be used, avoid-v4-udp-ports -and avoid-v6-udp-ports can be used to prevent named -from selecting certain ports. The defaults are +a random unprivileged port will be used. The avoid-v4-udp-ports +and avoid-v6-udp-ports options can be used to prevent named +from selecting certain ports. The defaults are: query-source address * port *; query-source-v6 address * port *; @@ -3617,6 +3708,12 @@ unprivileged port. See also transfer-source and notify-source. + + + Solaris 2.5.1 and earlier does not support setting the source + address for TCP sockets. + + Zone Transfers @@ -3699,7 +3796,8 @@ resource record transferred. possible into a message. many-answers is more efficient, but is only supported by relatively new slave servers, such as BIND 9, BIND 8.x and patched -versions of BIND 4.9.5. The default is +versions of BIND 4.9.5. The many-answers +format is also supported by recent Microsoft Windows nameservers. The default is many-answers. transfer-format may be overridden on a per-server basis by using the server statement. @@ -3763,7 +3861,7 @@ except zone transfers are performed using IPv6. If you do not wish the alternate transfer source - to be used you should set + to be used, you should set use-alt-transfer-source appropriately and you should not depend upon getting a answer back to the first refresh @@ -3791,9 +3889,15 @@ send NOTIFY messages. This address must appear in the slave server's masters zone clause or in an allow-notify clause. This statement sets the notify-source for all zones, -but can be overridden on a per-zone / per-view basis by including a +but can be overridden on a per-zone or per-view basis by including a notify-source statement within the zone or view block in the configuration file. + + + Solaris 2.5.1 and earlier does not support setting the + source address for TCP sockets. + + notify-source-v6 @@ -3827,8 +3931,8 @@ example, 1G can be used instead of 1073741824 to specify a limit of one gigabyte. unlimited requests unlimited use, or the maximum available amount. default uses the limit -that was in force when the server was started. See the description of -size_spec in size_spec in . The following options set operating system resource limits for @@ -3894,14 +3998,14 @@ function in BIND 8. max-journal-size Sets a maximum size for each journal file -(). When the journal file approaches +(see ). When the journal file approaches the specified size, some of the oldest transactions in the journal will be automatically removed. The default is unlimited. host-statistics-max -In BIND 8, specifies the maximum number of host statistic +In BIND 8, specifies the maximum number of host statistics entries to be kept. Not implemented in BIND 9. @@ -3954,7 +4058,7 @@ silently raised. The server will remove expired resource records from the cache every cleaning-interval minutes. The default is 60 minutes. The maximum value is 28 days (40320 minutes). -If set to 0, no periodic cleaning will occur. +If set to 0, no periodic cleaning will occur. heartbeat-interval @@ -4033,7 +4137,7 @@ statement in ). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. -When a client is using a local server the sorting can be performed +When a client is using a local server, the sorting can be performed in the server, based on the client's address. This only requires configuring the name servers, not all the clients. @@ -4113,7 +4217,7 @@ See also the sortlist statement, If no class is specified, the default is ANY. If no type is specified, the default is ANY. -If no name is specified, the default is "*". +If no name is specified, the default is "*" (asterisk). The legal values for ordering are: @@ -4163,13 +4267,13 @@ BIND 9 currently does not support "fixed" ordering. Sets the number of seconds to cache a lame server indication. 0 disables caching. (This is NOT recommended.) -Default is 600 (10 minutes). Maximum value is +The default is 600 (10 minutes) and the maximum value is 1800 (30 minutes). max-ncache-ttl -To reduce network traffic and increase performance +To reduce network traffic and increase performance, the server stores negative answers. max-ncache-ttl is used to set a maximum retention time for these answers in the server in seconds. The default @@ -4179,17 +4283,17 @@ be silently truncated to 7 days if set to a greater value. max-cache-ttl -max-cache-ttl sets +Sets the maximum time for which the server will cache ordinary (positive) answers. The default is one week (7 days). min-roots The minimum number of root servers that -is required for a request for the root servers to be accepted. Default +is required for a request for the root servers to be accepted. The default is 2. -Not implemented in BIND9. +Not implemented in BIND 9. sig-validity-interval @@ -4224,9 +4328,9 @@ and clamp the SOA refresh and retry times to the specified values. edns-udp-size edns-udp-size sets the advertised EDNS UDP buffer -size. Valid values are 512 to 4096 (values outside this range will be +size in bytes. Valid values are 512 to 4096 bytes (values outside this range will be silently adjusted). The default value is 4096. The usual reason for -setting edns-udp-size to a non default value it to get UDP answers to +setting edns-udp-size to a non-default value it to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes. @@ -4266,7 +4370,7 @@ disables processing of the queries. the name hostname.bind with type TXT, class CHAOS. This defaults to the hostname of the machine hosting the name server as -found by gethostname(). The primary purpose of such queries is to +found by the gethostname() function. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. Specifying hostname none; disables processing of the queries. @@ -4281,7 +4385,7 @@ identify which of a group of anycast servers is actually answering your queries. Specifying server-id none; disables processing of the queries. Specifying server-id hostname; will cause named to -use the hostname as found by gethostname(). +use the hostname as found by the gethostname() function. The default server-id is none. @@ -4297,16 +4401,25 @@ The default server-id is none. is similar, but not identical, to that generated by BIND 8. -The statistics dump begins with the line +++ Statistics Dump -+++ (973798949), where the number in parentheses is a standard +The statistics dump begins with a line, like: + + +++ Statistics Dump +++ (973798949) + + The numberr in parentheses is a standard Unix-style timestamp, measured as seconds since January 1, 1970. Following that line are a series of lines containing a counter type, the value of the counter, optionally a zone name, and optionally a view name. The lines without view and zone listed are global statistics for the entire server. Lines with a zone and view name for the given view and zone (the view name is -omitted for the default view). The statistics dump ends -with the line --- Statistics Dump --- (973798949), where the -number is identical to the number in the beginning line. +omitted for the default view). + + +The statistics dump ends with the line where the +number is identical to the number in the beginning line; for example: + + +--- Statistics Dump --- (973798949) + The following statistics counters are maintained: transfer-source can be specified. Similarly, for an IPv6 remote server, only transfer-source-v6 can be specified. -Form more details, see the description of +For more details, see the description of transfer-source and transfer-source-v6 in . @@ -4479,19 +4592,37 @@ Form more details, see the description of }; -<command>trusted-keys</command> Statement Definition -and Usage -The trusted-keys statement defines DNSSEC -security roots. DNSSEC is described in . A security root is defined when the public key for a non-authoritative -zone is known, but cannot be securely obtained through DNS, either -because it is the DNS root zone or because its parent zone is unsigned. -Once a key has been configured as a trusted key, it is treated as -if it had been validated and proven secure. The resolver attempts -DNSSEC validation on all DNS data in subdomains of a security root. -The trusted-keys statement can contain -multiple key entries, each consisting of the key's domain name, -flags, protocol, algorithm, and the base-64 representation of the -key data. + + + <command>trusted-keys</command> Statement Definition + and Usage + + The trusted-keys statement defines + DNSSEC security roots. DNSSEC is described in . A security root is defined when the + public key for a non-authoritative zone is known, but + cannot be securely obtained through DNS, either because + it is the DNS root zone or because its parent zone is + unsigned. Once a key has been configured as a trusted + key, it is treated as if it had been validated and + proven secure. The resolver attempts DNSSEC validation + on all DNS data in subdomains of a security root. + + + All keys (and corresponding zones) listed in + trusted-keys are deemed to exist regardless + of what parent zones say. Similarly for all keys listed in + trusted-keys only those keys are + used to validate the DNSKEY RRset. The parent's DS RRset + will not be used. + + + The trusted-keys statement can contain + multiple key entries, each consisting of the key's + domain name, flags, protocol, algorithm, and the Base-64 + representation of the key data. + + <command>view</command> Statement Grammar @@ -4557,7 +4688,7 @@ statements are present, all zone statements must occur inside view statements. Here is an example of a typical split DNS setup implemented -using view statements. +using view statements: view "internal" { // This should match our internal networks. match-clients { 10.0.0.0/8; }; @@ -4591,18 +4722,47 @@ view "external" { <command>zone</command> Statement Grammar - zone zone_name class { - type ( master | slave | hint | stub | forward | delegation-only ) ; - allow-notify { address_match_list } ; +zone zone_name class { + type master; allow-query { address_match_list } ; allow-transfer { address_match_list } ; allow-update { address_match_list } ; update-policy { update_policy_rule ... } ; + also-notify { ip_addr port ip_port ; ip_addr port ip_port ; ... }; + check-names (warn|fail|ignore) ; + dialup dialup_option ; + file string ; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + ixfr-base string ; + ixfr-tmp-file string ; + maintain-ixfr-base yes_or_no ; + max-ixfr-log-size number ; + max-transfer-idle-out number ; + max-transfer-time-out number ; + notify yes_or_no | explicit ; + pubkey number number number string ; + notify-source (ip4_addr | *) port ip_port ; + notify-source-v6 (ip6_addr | *) port ip_port ; + zone-statistics yes_or_no ; + sig-validity-interval number ; + database string ; + min-refresh-time number ; + max-refresh-time number ; + min-retry-time number ; + max-retry-time number ; + key-directory path_name; +}; + +zone zone_name class { + type slave; + allow-notify { address_match_list } ; + allow-query { address_match_list } ; + allow-transfer { address_match_list } ; allow-update-forwarding { address_match_list } ; also-notify { ip_addr port ip_port ; ip_addr port ip_port ; ... }; check-names (warn|fail|ignore) ; dialup dialup_option ; - delegation-only yes_or_no ; file string ; forward (only|first) ; forwarders { ip_addr port ip_port ; ... }; @@ -4625,6 +4785,40 @@ Statement Grammar notify-source (ip4_addr | *) port ip_port ; notify-source-v6 (ip6_addr | *) port ip_port ; zone-statistics yes_or_no ; + database string ; + min-refresh-time number ; + max-refresh-time number ; + min-retry-time number ; + max-retry-time number ; + multi-master yes_or_no ; +}; + +zone zone_name class { + type hint; + file string ; + delegation-only yes_or_no ; + check-names (warn|fail|ignore) ; // Not Implemented. +}; + +zone zone_name class { + type stub; + allow-query { address_match_list } ; + check-names (warn|fail|ignore) ; + dialup dialup_option ; + delegation-only yes_or_no ; + file string ; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + masters port ip_port { ( masters_list | ip_addr port ip_port key key ) ; ... } ; + max-transfer-idle-in number ; + max-transfer-time-in number ; + pubkey number number number string ; + transfer-source (ip4_addr | *) port ip_port ; + transfer-source-v6 (ip6_addr | *) port ip_port ; + alt-transfer-source (ip4_addr | *) port ip_port ; + alt-transfer-source-v6 (ip6_addr | *) port ip_port ; + use-alt-transfer-source yes_or_no; + zone-statistics yes_or_no ; sig-validity-interval number ; database string ; min-refresh-time number ; @@ -4632,9 +4826,18 @@ Statement Grammar min-retry-time number ; max-retry-time number ; multi-master yes_or_no ; - key-directory path_name; +}; + +zone zone_name class { + type forward; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + delegation-only yes_or_no ; +}; -}; +zone zone_name class { + type delegation-only; +}; <command>zone</command> Statement Definition and Usage @@ -4664,10 +4867,10 @@ Authentication to the master can also be done with per-server TSIG keys. If a file is specified, then the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of a file is -recommended, since it often speeds server start-up and eliminates +recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to -use a two level naming scheme for zone file names. For example, +use a two-level naming scheme for zone file names. For example, a slave server for the zone example.com might place the zone contents into a file called ex/example.com where ex/ is @@ -4701,7 +4904,7 @@ configured. Stub zones can also be used as a way of forcing the resolution of a given domain to use a particular set of authoritative servers. For example, the caching name servers on a private network using -RFC1981 addressing may be configured with stub zones for +RFC1918 addressing may be configured with stub zones for 10.in-addr.arpa to use a set of internal name servers as the authoritative servers for that domain. @@ -4718,8 +4921,8 @@ an empty list for forwarders is given, then no forwarding will be done for the domain, canceling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change the behavior of the -global forward option (that is, "forward first -to", then "forward only", or vice versa, but want to use the same +global forward option (that is, "forward first" +to, then "forward only", or vice versa, but want to use the same servers as set globally) you need to re-specify the global forwarders. @@ -4734,11 +4937,11 @@ Classes other than IN have no built-in defaults hints. delegation-only -This is used to enforce the delegation only +This is used to enforce the delegation-only status of infrastructure zones (e.g. COM, NET, ORG). Any answer that -is received without a explicit or implicit delegation in the authority +is received without an explicit or implicit delegation in the authority section will be treated as NXDOMAIN. This does not apply to the zone -apex. This SHOULD NOT be applied to leaf zones. +apex. This should not be applied to leaf zones. delegation-only has no effect on answers received from forwarders. @@ -4765,12 +4968,12 @@ in the mid-1970s. Zone data for it can be specified with the CHAOSallow-notify See the description of -allow-notify in +allow-notify in . allow-query See the description of -allow-query in +allow-query in . allow-transfer @@ -4840,7 +5043,7 @@ with the distribution but none are linked in by default. delegation-only The flag only applies to hint and stub zones. If set -to yes then the zone will also be treated as if it +to yes, then the zone will also be treated as if it is also a delegation-only type zone. @@ -4855,7 +5058,7 @@ allow a normal lookup to be tried. forwarders Used to override the list of global forwarders. If it is not specified in a zone of type forward, -no forwarding is done for the zone; the global options are not used. +no forwarding is done for the zone and the global options are not used. ixfr-base @@ -4916,31 +5119,31 @@ information for this zone, which can be dumped to the transfer-source See the description of -transfer-source in +transfer-source in . transfer-source-v6 See the description of -transfer-source-v6 in +transfer-source-v6 in . alt-transfer-source See the description of -alt-transfer-source in +alt-transfer-source in . alt-transfer-source-v6 See the description of -alt-transfer-source-v6 in +alt-transfer-source-v6 in . use-alt-transfer-source See the description of -use-alt-transfer-source in +use-alt-transfer-source in . @@ -4973,7 +5176,7 @@ See the description in . key-directory See the description of -key-directory in +key-directory in . multi-master @@ -5113,19 +5316,19 @@ and implemented in the DNS. These are also included. type -an encoded 16 bit value that specifies +an encoded 16-bit value that specifies the type of the resource record. TTL -the time to live of the RR. This field -is a 32 bit integer in units of seconds, and is primarily used by +the time-to-live of the RR. This field +is a 32-bit integer in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. class -an encoded 16 bit value that identifies +an encoded 16-bit value that identifies a protocol family or instance of a protocol. @@ -5217,7 +5420,7 @@ Experimental. MX identifies a mail exchange for the domain. -a 16 bit preference value (lower is better) +A 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035. @@ -5409,10 +5612,10 @@ knowledge of the typical representation for the data. -The MX RRs have an RDATA section which consists of a 16 bit +The MX RRs have an RDATA section which consists of a 16-bit number followed by a domain name. The address RRs use a standard -IP address format to contain a 32 bit internet address. -This example shows six RRs, with two RRs at each of three +IP address format to contain a 32-bit internet address. +The above example shows six RRs, with two RRs at each of three domain names. Similarly we might see: any order), and if neither of those succeed, delivery to mail.backup.org will be attempted. Setting TTLs -The time to live of the RR field is a 32 bit integer represented +The time-to-live of the RR field is a 32-bit integer represented in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. The following three types of TTL are currently @@ -5647,13 +5850,14 @@ $GENERATE 1-127 $ CNAME $.0 range This can be one of two forms: start-stop -or start-stop/step. If the first form is used then step is set to +or start-stop/step. If the first form is used, then step is set to 1. All of start, stop and step must be positive. lhs lhs describes the -owner name of the resource records to be created. Any single $ symbols +owner name of the resource records to be created. Any single +$ (dollar sign) symbols within the lhs side are replaced by the iterator value. To get a $ in the output you need to escape the $ @@ -5662,20 +5866,20 @@ e.g. \$. The $ may optionally be followed by modifiers which change the offset from the iterator, field width and base. Modifiers are introduced by a { immediately following the $ as ${offset[,width[,base]]}. -e.g. ${-20,3,d} which subtracts 20 from the current value, -prints the result as a decimal in a zero padded field of with 3. Available +For example, ${-20,3,d} which subtracts 20 from the current value, +prints the result as a decimal in a zero-padded field of width 3. Available output forms are decimal (d), octal (o) and hexadecimal (x or X for uppercase). The default modifier is ${0,0,d}. If the lhs is not absolute, the current $ORIGIN is appended to the name. -For compatibility with earlier versions $$ is still -recognized a indicating a literal $ in the output. +For compatibility with earlier versions, $$ is still +recognized as indicating a literal $ in the output. ttl - ttl specifies the + Specifies the ttl of the generated records. If not specified this will be inherited using the normal ttl inheritance rules. class and ttl can be @@ -5683,7 +5887,7 @@ recognized a indicating a literal $ in the output. class - class specifies the + Specifies the class of the generated records. This must match the zone class if it is specified. class and ttl can be @@ -5696,7 +5900,7 @@ PTR, CNAME, DNAME, A, AAAA and NS. rhs - rhs is a domain name. It is processed + A domain name. It is processed similarly to lhs. @@ -5719,13 +5923,14 @@ your name server, without cluttering up your config files with huge lists of IP addresses. It is a good idea to use ACLs, and to control access to your server. Limiting access to your server by -outside parties can help prevent spoofing and DoS attacks against -your server. +outside parties can help prevent spoofing and denial of service (DoS) +attacks against your server. Here is an example of how to properly apply ACLs: // Set up an ACL named "bogusnets" that will block RFC1918 space, // which is commonly used in spoofing attacks. acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; }; + // Set up an ACL called our-nets. Replace this with the real IP numbers. acl our-nets { x.x.x.x/24; x.x.x.x/21; }; options { @@ -5737,6 +5942,7 @@ options { blackhole { bogusnets; }; ... }; + zone "example.com" { type master; file "m/example.com"; @@ -5751,20 +5957,20 @@ see the AUSCERT advisory at <command>chroot</command> and <command>setuid</command> (for UNIX servers) On UNIX servers, it is possible to run BIND in a chrooted environment -(chroot()) by specifying the "" +(using the chroot() function) by specifying the "" option. This can help improve system security by placing BIND in a "sandbox", which will limit the damage done if a server is compromised. Another useful feature in the UNIX version of BIND is the ability to run the daemon as an unprivileged user ( user ). We suggest running as an unprivileged user when using the chroot feature. -Here is an example command line to load BIND in a chroot() sandbox, +Here is an example command line to load BIND in a chroot sandbox, /var/named, and to run named setuid to user 202: /usr/local/bin/named -u 202 -t /var/named The <command>chroot</command> Environment -In order for a chroot() environment to +In order for a chroot environment to work properly in a particular directory (for example, /var/named), you will need to set up an environment that includes everything @@ -5782,7 +5988,7 @@ However, depending on your operating system, you may need to set up things like /dev/zero, /dev/random, -/dev/log, and/or +/dev/log, and /etc/localtime. @@ -5804,7 +6010,7 @@ server is reloaded. Access to the dynamic update facility should be strictly limited. In earlier versions of -BIND the only way to do this was based on the IP +BIND, the only way to do this was based on the IP address of the host requesting the update, by listing an IP address or network prefix in the allow-update zone option. This method is insecure since the source address of the update UDP packet @@ -5822,7 +6028,7 @@ list only TSIG key names, not IP addresses or network prefixes. Alternatively, the new update-policy option can be used. -Some sites choose to keep all dynamically updated DNS data +Some sites choose to keep all dynamically-updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses of public web and mail servers need not allow dynamic update at @@ -5901,7 +6107,7 @@ all. core of the new system was described in 1983 in RFCs 882 and 883. From 1984 to 1987, the ARPAnet (the precursor to today's Internet) became a testbed of experimentation for developing the - new naming/addressing scheme in an rapidly expanding, + new naming/addressing scheme in a rapidly expanding, operational network environment. New RFCs were written and published in 1987 that modified the original documents to incorporate improvements based on the working model. RFC 1034, @@ -5919,7 +6125,10 @@ Center (SRI-NIC). A DNS server for Unix machines, the Berkele Name Domain (BIND) package, was written soon after by a group of graduate students at the University of California at Berkeley under a grant from the US Defense Advanced Research Projects Administration -(DARPA). Versions of BIND through 4.8.3 were maintained by the Computer +(DARPA). + + +Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark Painter, David Riggle and Songnian Zhou made up the initial BIND project team. After that, additional work on the software package @@ -5931,12 +6140,12 @@ Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was handled by Mike Karels and O. Kure. BIND versions 4.9 and 4.9.1 were released by Digital Equipment Corporation (now Compaq Computer Corporation). Paul Vixie, then -a DEC employee, became BIND's primary caretaker. Paul was assisted +a DEC employee, became BIND's primary caretaker. He was assisted by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe Wolfhugel, and others. - BIND Version 4.9.2 was sponsored by Vixie Enterprises. Paul + BIND version 4.9.2 was sponsored by Vixie Enterprises. Paul Vixie became BIND's principal architect/programmer. BIND versions from 4.9.3 onward have been developed and maintained by the Internet Software Consortium with support being provided diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch01.html b/contrib/bind9/doc/arm/Bv9ARM.ch01.html index 37f1eec..3f3aebb 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch01.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch01.html @@ -1,5 +1,5 @@ - + Chapter 1. Introduction - + @@ -45,51 +45,51 @@ -

The Internet Domain Name System (DNS) consists of the syntax +

The Internet Domain Name System (DNS) consists of the syntax to specify the names of entities in the Internet in a hierarchical manner, the rules used for delegating authority over names, and the system implementation that actually maps names to Internet - addresses. DNS data is maintained in a group of distributed + addresses. DNS data is maintained in a group of distributed hierarchical databases.

-Scope of Document

-

The Berkeley Internet Name Domain (BIND) implements an +Scope of Document

+

The Berkeley Internet Name Domain (BIND) implements a domain name server for a number of operating systems. This document provides basic information about the installation and - care of the Internet Software Consortium (ISC) - BIND version 9 software package for system + care of the Internet Software Consortium (ISC) + BIND version 9 software package for system administrators.

This version of the manual corresponds to BIND version 9.3.

-Organization of This Document

+Organization of This Document

In this document, Section 1 introduces - the basic DNS and BIND concepts. Section 2 - describes resource requirements for running BIND in various + the basic DNS and BIND concepts. Section 2 + describes resource requirements for running BIND in various environments. Information in Section 3 is task-oriented in its presentation and is organized functionally, to aid in the process of installing the - BIND 9 software. The task-oriented section is followed by + BIND 9 software. The task-oriented section is followed by Section 4, which contains more advanced concepts that the system administrator may need for implementing certain options. Section 5 - describes the BIND 9 lightweight + describes the BIND 9 lightweight resolver. The contents of Section 6 are organized as in a reference manual to aid in the ongoing maintenance of the software. Section 7 @@ -98,12 +98,12 @@ main body of the document is followed by several Appendices which contain useful reference information, such as a Bibliography and - historic information related to BIND and the Domain Name + historic information related to BIND and the Domain Name System.

-Conventions Used in This Document

+Conventions Used in This Document

In this document, we use the following general typographic conventions:

@@ -140,7 +140,7 @@ input

The following conventions are used in descriptions of the -BIND configuration file:

+BIND configuration file:

@@ -169,15 +169,15 @@ describe:

-The Domain Name System (DNS)

+The Domain Name System (DNS)

The purpose of this document is to explain the installation -and upkeep of the BIND software package, and we +and upkeep of the BIND software package, and we begin by reviewing the fundamentals of the Domain Name System -(DNS) as they relate to BIND. +(DNS) as they relate to BIND.

-DNS Fundamentals

+DNS Fundamentals

The Domain Name System (DNS) is the hierarchical, distributed database. It stores information for mapping Internet host names to IP addresses and vice versa, mail routing information, and other data @@ -185,14 +185,14 @@ used by Internet applications.

Clients look up information in the DNS by calling a resolver library, which sends queries to one or more name servers and interprets the responses. -The BIND 9 software distribution contains a +The BIND 9 software distribution contains a name server, named, and two resolver libraries, liblwres and libbind.

-Domains and Domain Names

+Domains and Domain Names

The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, @@ -220,7 +220,7 @@ server, which answers queries about the zone using the DNS protocol.

The data associated with each domain name is stored in the -form of resource records (RRs). +form of resource records (RRs). Some of the supported resource record types are described in the section called “Types of Resource Records and When to Use Them”.

For more detailed information about the design of the DNS and @@ -229,12 +229,12 @@ the DNS protocol, please refer to the standards documents listed in

-Zones

+Zones

To properly operate a name server, it is important to understand the difference between a zone and a domain.

As we stated previously, a zone is a point of delegation in -the DNS tree. A zone consists of +the DNS tree. A zone consists of those contiguous parts of the domain tree for which a name server has complete information and over which it has authority. It contains all domain names from a certain point @@ -252,7 +252,7 @@ only delegations for the aaa.example.com and bbb.example.com zones. A zone can map exactly to a single domain, but could also include only part of a domain, the rest of which could be delegated to other -name servers. Every name in the DNS tree is a +name servers. Every name in the DNS tree is a domain, even if it is terminal, that is, has no subdomains. Every subdomain is a domain and @@ -260,7 +260,7 @@ every domain except the root is also a subdomain. The terminology is not intuitive and we suggest that you read RFCs 1033, 1034 and 1035 to gain a complete understanding of this difficult and subtle topic.

-

Though BIND is called a "domain name server", +

Though BIND is called a "domain name server", it deals primarily in terms of zones. The master and slave declarations in the named.conf file specify zones, not domains. When you ask some other site if it is willing to @@ -269,7 +269,7 @@ actually asking for slave service for some collection of zones.

-Authoritative Name Servers

+Authoritative Name Servers

Each zone is served by at least one authoritative name server, which contains the complete data for the zone. @@ -282,7 +282,7 @@ easy to identify when debugging DNS configurations using tools like dig (the section called “Diagnostic Tools”).

-The Primary Master

+The Primary Master

The authoritative server where the master copy of the zone data is maintained is called the primary master server, or simply the @@ -293,7 +293,7 @@ the zone file or <

-Slave Servers

+Slave Servers

The other authoritative servers, the slave servers (also known as secondary servers) load the zone contents from another server using a replication process @@ -304,7 +304,7 @@ may itself act as a master to a subordinate slave server.

-Stealth Servers

+Stealth Servers

Usually all of the zone's authoritative servers are listed in NS records in the parent zone. These NS records constitute a delegation of the zone from the parent. @@ -329,7 +329,7 @@ with the outside world.

-Caching Name Servers

+Caching Name Servers

The resolver libraries provided by most operating systems are stub resolvers, meaning that they are not capable of performing the full DNS resolution process by themselves by talking @@ -343,12 +343,12 @@ caching are intimately connected, the terms recursive server and caching server are often used synonymously.

The length of time for which a record may be retained in -in the cache of a caching name server is controlled by the +the cache of a caching name server is controlled by the Time To Live (TTL) field associated with each resource record.

-Forwarding

+Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries @@ -360,9 +360,9 @@ and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number -of internal DNS servers and an Internet firewall. Servers unable +of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server -that can do it, and that server would query the Internet DNS servers +that can do it, and that server would query the Internet DNS servers on the internal server's behalf. An added benefit of using the forwarding feature is that the central machine develops a much more complete cache of information that all the clients can take advantage @@ -371,8 +371,8 @@ of.

-Name Servers in Multiple Roles

-

The BIND name server can simultaneously act as +Name Servers in Multiple Roles

+

The BIND name server can simultaneously act as a master for some zones, a slave for other zones, and as a caching (recursive) server for a set of local clients.

However, since the functions of authoritative name service @@ -404,7 +404,7 @@ be placed inside a firewall.

- +
BIND 9 Administrator Reference Manual  Home Chapter 2. BIND Resource Requirements Chapter 2. BIND Resource Requirements
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch02.html b/contrib/bind9/doc/arm/Bv9ARM.ch02.html index d3e946a..d1e3445 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch02.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch02.html @@ -1,5 +1,5 @@ - + Chapter 2. BIND Resource Requirements - + @@ -28,7 +28,7 @@ -

When a resolver queries for these records, BIND will rotate +

When a resolver queries for these records, BIND will rotate them and respond to the query with the records in a different order. In the example above, clients will randomly receive records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients @@ -184,15 +184,15 @@ of the time:

options statement, see RRset Ordering. This substatement is not supported in - BIND 9, and only the ordering scheme described above is + BIND 9, and only the ordering scheme described above is available.

-Name Server Operations

+Name Server Operations

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

There are several indispensable diagnostic, administrative and monitoring tools available to the system administrator for controlling and debugging the name server daemon. We describe several in this @@ -237,7 +237,7 @@ and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.

-

nslookup [-option...] [[host-to-find] | [- [server]]]

+

nslookup [-option...] [[host-to-find] | [- [server]]]

Interactive mode is entered when no arguments are given (the default name server will be used) or when the first argument is a hyphen (`-') and the second argument is the host name or Internet address @@ -283,7 +283,7 @@ of a server.

If you run rndc without any options it will display a usage message as follows:

rndc [-c config] [-s server] [-p port] [-y key] command [command...]

-

command is one of the following:

+

The command is one of the following:

reload

Reload configuration file and zones.

@@ -302,7 +302,7 @@ of a server.

freeze [zone [class [view]]]
-

Suspend updates to a dynamic zone. If no zone is specified +

Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master @@ -312,14 +312,10 @@ of a server.

[class [view]]]

Enable updates to a frozen dynamic zone. If no zone is - specified then all frozen zones are enabled. This causes + specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused.

-
notify zone - [class - [view]]
-

Resend NOTIFY messages for the zone

reconfig

Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. @@ -337,17 +333,20 @@ of a server.

named.conf.

dumpdb [-all|-cache|-zone] [view ...]

Dump the server's caches (default) and / or zones to the - dump file for the specified views. If no view is specified all + dump file for the specified views. If no view is specified, all views are dumped.

stop [-p]

Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files - of the updated zones. If -p is specified named's process id is returned.

+ of the updated zones. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed stopping.

halt [-p]

Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server - is restarted. If -p is specified named's process id is returned.

+ is restarted. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed + stopping.

trace

Increment the servers debugging level by one.

trace level
@@ -361,15 +360,15 @@ of a server.

Flushes the given name from the server's cache.

status

Display status of the server. -Note the number of zones includes the internal bind/CH zone -and the default ./IN hint zone if there is not a +Note that the number of zones includes the internal bind/CH zone +and the default ./IN hint zone if there is not an explicit root zone configured.

recursing

Dump the list of queries named is currently recursing on.

-

In BIND 9.2, rndc +

In BIND 9.2, rndc supports all the commands of the BIND 8 ndc utility except ndc start and ndc restart, which were also @@ -386,7 +385,7 @@ option. If the configuration file is not found, rndc will also look in /etc/rndc.key (or whatever sysconfdir was defined when -the BIND build was configured). +the BIND build was configured). The rndc.key file is generated by running rndc-confgen -a as described in the section called “controls Statement Definition and Usage”.

@@ -412,7 +411,7 @@ the name of a key as its argument, as defined by a rndc should connect if no port is given on the command line or in a server statement.

-

The key statement defines an key to be used +

The key statement defines a key to be used by rndc when authenticating with named. Its syntax is identical to the key statement in named.conf. @@ -474,7 +473,7 @@ a rndc.key file and not modify

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can be sent using the kill command.

@@ -515,7 +514,7 @@ reload the database.

-Chapter 2. BIND Resource Requirements  +Chapter 2. BIND Resource Requirements  Home  Chapter 4. Advanced DNS Features diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch04.html b/contrib/bind9/doc/arm/Bv9ARM.ch04.html index 8165dbb..adf2036 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch04.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch04.html @@ -1,5 +1,5 @@ - + Chapter 4. Advanced DNS Features - + @@ -49,40 +49,40 @@
Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
+
Split DNS
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format

Notify

-

DNS NOTIFY is a mechanism that allows master +

DNS NOTIFY is a mechanism that allows master servers to notify their slave servers of changes to a zone's data. In response to a NOTIFY from a master server, the slave will check to see that its version of the zone is the current version and, if not, initiate a zone transfer.

-

DNS +

DNS For more information about NOTIFY, see the description of the notify option in the section called “Boolean Options” and @@ -130,7 +130,7 @@ protocol is specified in RFC 1996. journalled in a similar way.

The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent - dynamic changes - those are only in the journal file. + dynamic changes — those are only in the journal file. The only way to ensure that the zone file of a dynamic zone is up to date is to run rndc stop.

If you have to make changes to a dynamic zone @@ -139,7 +139,7 @@ protocol is specified in RFC 1996. rndc freeze zone. This will also remove the zone's .jnl file and update the master file. Edit the zone file. Run - rndc unfreeze zone + rndc thaw zone to reload the changed zone and re-enable dynamic updates.

@@ -150,7 +150,7 @@ protocol is specified in RFC 1996. slave servers to transfer only changed data, instead of having to transfer the entire zone. The IXFR protocol is specified in RFC 1995. See Proposed Standards.

-

When acting as a master, BIND 9 +

When acting as a master, BIND 9 supports IXFR for those zones where the necessary change history information is available. These include master zones maintained by dynamic update and slave zones @@ -160,7 +160,7 @@ transfer (AXFR), IXFR is supported only if the option ixfr-from-differences is set to yes.

-

When acting as a slave, BIND 9 will +

When acting as a slave, BIND 9 will attempt to use IXFR unless it is explicitly disabled. For more information about disabling IXFR, see the description of the request-ixfr clause @@ -168,7 +168,7 @@ of the server statement.

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization @@ -243,7 +243,7 @@ internal clients will now be able to:

  • Look up any hostnames in the site1.internal and site2.internal domains.
  • Look up any hostnames on the Internet.
  • -
  • Exchange mail with internal AND external people.
  • +
  • Exchange mail with both internal AND external people.
  • Hosts on the Internet will be able to:

      @@ -254,7 +254,7 @@ internal clients will now be able to:

    Here is an example configuration for the setup we just described above. Note that this is only configuration information; - for information on how to configure your zone files, see the section called “Sample Configurations”

    + for information on how to configure your zone files, see the section called “Sample Configurations”.

    Internal DNS server config:

     
    @@ -355,13 +355,13 @@ nameserver 172.16.72.4
     

    TSIG

    This is a short guide to setting up Transaction SIGnatures -(TSIG) based transaction security in BIND. It describes changes +(TSIG) based transaction security in BIND. It describes changes to the configuration file as well as what changes are required for different features, including the process of creating transaction -keys and using transaction signatures with BIND.

    -

    BIND primarily supports TSIG for server to server communication. +keys and using transaction signatures with BIND.

    +

    BIND primarily supports TSIG for server to server communication. This includes zone transfer, notify, and recursive query messages. -Resolvers based on newer versions of BIND 8 have limited support +Resolvers based on newer versions of BIND 8 have limited support for TSIG.

    TSIG might be most useful for dynamic update. A primary server for a dynamic zone should use access control to control @@ -372,18 +372,18 @@ for TSIG.

    -y command line options.

    -Generate Shared Keys for Each Pair of Hosts

    +Generate Shared Keys for Each Pair of Hosts

    A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts.

    -Automatic Generation

    -

    The following command will generate a 128 bit (16 byte) HMAC-MD5 +Automatic Generation

    +

    The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; -keys longer than that will be digested with MD5 to produce a 128 -bit key.

    +keys longer than that will be digested with MD5 to produce a +128-bit key.

    dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.

    The key is in the file Khost1-host2.+157+00000.private. Nothing directly uses this file, but the base-64 encoded string @@ -395,7 +395,7 @@ be used as the shared secret.

    -Manual Generation

    +Manual Generation

    The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming the length is a multiple of 4 and only valid characters are used), @@ -406,13 +406,13 @@ a similar program to generate base-64 encoded data.

    -Copying the Shared Secret to Both Machines

    +Copying the Shared Secret to Both Machines

    This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc.

    -Informing the Servers of the Key's Existence

    +Informing the Servers of the Key's Existence

    Imagine host1 and host 2 are both servers. The following is added to each server's named.conf file:

    @@ -421,7 +421,7 @@ key host1-host2. {
       secret "La/E5CjG9O+os1jq0a2jdA==";
     };
     
    -

    The algorithm, hmac-md5, is the only one supported by BIND. +

    The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable @@ -433,7 +433,7 @@ response is signed by the same key.

    -Instructing the Server to Use the Key

    +Instructing the Server to Use the Key

    Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file for host1, if the IP address of host2 is @@ -456,8 +456,8 @@ sign request messages to host1.

    -TSIG Key Based Access Control

    -

    BIND allows IP addresses and ranges to be specified in ACL +TSIG Key Based Access Control

    +

    BIND allows IP addresses and ranges to be specified in ACL definitions and allow-{ query | transfer | update } directives. This has been extended to allow TSIG keys also. The above key would @@ -474,13 +474,14 @@ allow-update { key host1-host2. ;};

    -Errors

    +Errors

    The processing of TSIG signed messages can result in - several errors. If a signed message is sent to a non-TSIG aware - server, a FORMERR will be returned, since the server will not - understand the record. This is a result of misconfiguration, - since the server must be explicitly configured to send a TSIG - signed message to a specific server.

    + several errors. If a signed message is sent to a non-TSIG + aware server, a FORMERR (format error) will be returned, since + the server will not understand the record. This is a result + of misconfiguration, since the server must be explicitly + configured to send a TSIG signed message to a specific + server.

    If a TSIG aware server receives a message signed by an unknown key, the response will be unsigned with the TSIG extended error code set to BADKEY. If a TSIG aware server @@ -491,16 +492,16 @@ allow-update { key host1-host2. ;}; the TSIG extended error code set to BADTIME, and the time values will be adjusted so that the response can be successfully verified. In any of these cases, the message's rcode is set to - NOTAUTH.

    + NOTAUTH (not authenticated).

    -TKEY

    +TKEY

    TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of TKEY that specify how the key is - generated or assigned. BIND 9 + generated or assigned. BIND 9 implements only one of these modes, the Diffie-Hellman key exchange. Both hosts are required to have a Diffie-Hellman KEY record (although this record is not required @@ -523,29 +524,30 @@ allow-update { key host1-host2. ;};

    -SIG(0)

    -

    BIND 9 partially supports DNSSEC SIG(0) +SIG(0)

    +

    BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. SIG(0) uses public/private keys to authenticate messages. Access control is performed in the same manner as TSIG keys; privileges can be granted or denied based on the key name.

    When a SIG(0) signed message is received, it will only be verified if the key is known and trusted by the server; the server - will not attempt to locate and/or validate the key.

    + will not attempt to locate and / or validate the key.

    SIG(0) signing of multiple-message TCP streams is not supported.

    -

    The only tool shipped with BIND 9 that +

    The only tool shipped with BIND 9 that generates SIG(0) signed messages is nsupdate.

    DNSSEC

    Cryptographic authentication of DNS information is possible - through the DNS Security (DNSSEC-bis) extensions, - defined in RFC <TBA>. This section describes the creation and use - of DNSSEC signed zones.

    + through the DNS Security (DNSSEC-bis) + extensions, defined in RFC 4033, RFC4034 and RFC4035. This + section describes the creation and use of DNSSEC signed + zones.

    In order to set up a DNSSEC secure zone, there are a series - of steps which must be followed. BIND 9 ships + of steps which must be followed. BIND 9 ships with several tools that are used in this process, which are explained in more detail below. In all cases, the -h option prints a @@ -557,7 +559,7 @@ allow-update { key host1-host2. ;};

    There must also be communication with the administrators of the parent and/or child zone to transmit keys. A zone's security status must be indicated by the parent zone for a DNSSEC capable - resolver to trust its data. This is done through the presense + resolver to trust its data. This is done through the presence or absence of a DS record at the delegation point.

    For other servers to trust data in this zone, they must @@ -565,7 +567,7 @@ allow-update { key host1-host2. ;}; zone key of another zone above this one in the DNS tree.

    -Generating Keys

    +Generating Keys

    The dnssec-keygen program is used to generate keys.

    A secure zone must contain one or more zone keys. The @@ -576,7 +578,7 @@ allow-update { key host1-host2. ;}; It is recommended that zone keys use a cryptographic algorithm designated as "mandatory to implement" by the IETF; currently the only one is RSASHA1.

    -

    The following command will generate a 768 bit RSASHA1 key for +

    The following command will generate a 768-bit RSASHA1 key for the child.example zone:

    dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.

    Two output files will be produced: @@ -598,7 +600,7 @@ allow-update { key host1-host2. ;};

    -Signing the Zone

    +Signing the Zone

    The dnssec-signzone program is used to sign a zone.

    Any keyset files corresponding @@ -606,7 +608,7 @@ allow-update { key host1-host2. ;}; generate NSEC and RRSIG records for the zone, as well as DS for the child zones if '-d' is specified. - If '-d' is not specified then DS RRsets for + If '-d' is not specified, then DS RRsets for the secure child zones need to be added manually.

    The following command signs the zone, assuming it is in a file called zone.child.example. By @@ -625,48 +627,122 @@ allow-update { key host1-host2. ;};

    -Configuring Servers

    -

    Unlike BIND 8, -BIND 9 does not verify signatures on load, -so zone keys for authoritative zones do not need to be specified -in the configuration file.

    -

    The public key for any security root must be present in -the configuration file's trusted-keys -statement, as described later in this document.

    +Configuring Servers
    +

    + To enable named to respond appropriately + to DNS requests from DNSSEC aware clients, + dnssec-enable must be set to yes. +

    +

    + To enable named to validate answers from + other servers dnssec-enable and + some trusted-keys must be configured + into named.conf. +

    +

    + trusted-keys are copies of DNSKEY RRs + for zones that are used to form the first link in the + cryptographic chain of trust. All keys listed in + trusted-keys (and corresponding zones) + are deemed to exist and only the listed keys will be used + to validated the DNSKEY RRset that they are from. +

    +

    + trusted-keys are described in more detail + later in this document. +

    +

    + Unlike BIND 8, BIND + 9 does not verify signatures on load, so zone keys for + authoritative zones do not need to be specified in the + configuration file. +

    +

    + After DNSSEC gets established, a typical DNSSEC configuration + will look something like the following. It has a one or + more public keys for the root. This allows answers from + outside the organization to be validated. It will also + have several keys for parts of the namespace the organization + controls. These are here to ensure that named is immune + to compromises in the DNSSEC components of the security + of parent zones. +

    +
    +trusted-keys {
    +
    +	/* Root Key */
    +"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
    +	     E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
    +	     zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
    +	     MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
    +	     /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
    +	     iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
    +	     Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
    +
    +/* Key for our organization's forward zone */
    +example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
    +                      3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
    +	              OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
    +		      lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
    +		      8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
    +		      iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
    +		      SCThlHf3xiYleDbt/o1OTQ09A0=";
    +
    +/* Key for our reverse zone. */
    +2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
    +                                VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
    +				tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
    +				yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
    +				4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
    +			        zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
    +				7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
    +				52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
    +};
    +
    +options {
    +	...
    +	dnssec-enable yes;
    +};
    +
    +
    +

    Note

    + None of the keys listed in this example are valid. In particular, + the root key is not valid. +

    -IPv6 Support in BIND 9

    -

    BIND 9 fully supports all currently defined forms of IPv6 +IPv6 Support in BIND 9

    +

    BIND 9 fully supports all currently defined forms of IPv6 name to address and address to name lookups. It will also use IPv6 addresses to make queries when running on an IPv6 capable system.

    -

    For forward lookups, BIND 9 supports only AAAA +

    For forward lookups, BIND 9 supports only AAAA records. The use of A6 records is deprecated by RFC 3363, and the - support for forward lookups in BIND 9 is + support for forward lookups in BIND 9 is removed accordingly. - However, authoritative BIND 9 name servers still + However, authoritative BIND 9 name servers still load zone files containing A6 records correctly, answer queries for A6 records, and accept zone transfer for a zone containing A6 records.

    -

    For IPv6 reverse lookups, BIND 9 supports +

    For IPv6 reverse lookups, BIND 9 supports the traditional "nibble" format used in the ip6.arpa domain, as well as the older, deprecated ip6.int domain. - BIND 9 formerly + BIND 9 formerly supported the "binary label" (also known as "bitstring") format. The support of binary labels, however, is now completely removed according to the changes in RFC 3363. - Any applications in BIND 9 do not understand + Any applications in BIND 9 do not understand the format any more, and will return an error if given. - In particular, an authoritative BIND 9 name + In particular, an authoritative BIND 9 name server rejects to load a zone file containing binary labels.

    For an overview of the format and structure of IPv6 addresses, see the section called “IPv6 addresses (AAAA)”.

    -Address Lookups Using AAAA Records

    +Address Lookups Using AAAA Records

    The AAAA record is a parallel to the IPv4 A record. It specifies the entire address in a single record. For example,

    @@ -681,7 +757,7 @@ host 3600 IN AAAA 2001:db8::1

    -Address to Name Lookups Using Nibble Format

    +Address to Name Lookups Using Nibble Format

    When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and ip6.arpa. is appended to the resulting name. @@ -708,7 +784,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. Chapter 3. Name Server Configuration  Home - Chapter 5. The BIND 9 Lightweight Resolver + Chapter 5. The BIND 9 Lightweight Resolver diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch05.html b/contrib/bind9/doc/arm/Bv9ARM.ch05.html index 1720660..51abc58 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch05.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch05.html @@ -1,5 +1,5 @@ - + Chapter 5. The BIND 9 Lightweight Resolver - + @@ -28,7 +28,7 @@

    diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch06.html b/contrib/bind9/doc/arm/Bv9ARM.ch06.html index 4b53000..1474685 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch06.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch06.html @@ -1,5 +1,5 @@ - + Chapter 6. BIND 9 Configuration Reference - + @@ -28,7 +28,7 @@ diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch07.html b/contrib/bind9/doc/arm/Bv9ARM.ch07.html index 86c2b6a..f4e26f06 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch07.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch07.html @@ -1,5 +1,5 @@ - + Chapter 7. BIND 9 Security Considerations - + @@ -28,7 +28,7 @@
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_conf_init() creates an empty @@ -125,7 +159,7 @@ to the

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_conf_parse() returns @@ -150,14 +184,14 @@ If this happens, the function returns

    -

    SEE ALSO

    +

    SEE ALSO

    stdio(3), resolver(5).

    -

    FILES

    +

    FILES

    /etc/resolv.conf

    diff --git a/contrib/bind9/lib/lwres/man/lwres_context.3 b/contrib/bind9/lib/lwres/man/lwres_context.3 index be8cd38..ba68e40 100644 --- a/contrib/bind9/lib/lwres/man/lwres_context.3 +++ b/contrib/bind9/lib/lwres/man/lwres_context.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_context.3,v 1.13.2.2.2.6 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_context.3,v 1.13.2.2.2.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_context +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_CONTEXT" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,19 +36,19 @@ lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_con #include .fi .HP 36 -\fBlwres_result_t\ \fBlwres_context_create\fR\fR\fB(\fR\fBlwres_context_t\ **contextp\fR\fB, \fR\fBvoid\ *arg\fR\fB, \fR\fBlwres_malloc_t\ malloc_function\fR\fB, \fR\fBlwres_free_t\ free_function\fR\fB);\fR +.BI "lwres_result_t lwres_context_create(lwres_context_t\ **contextp, void\ *arg, lwres_malloc_t\ malloc_function, lwres_free_t\ free_function);" .HP 37 -\fBlwres_result_t\ \fBlwres_context_destroy\fR\fR\fB(\fR\fBlwres_context_t\ **contextp\fR\fB);\fR +.BI "lwres_result_t lwres_context_destroy(lwres_context_t\ **contextp);" .HP 30 -\fBvoid\ \fBlwres_context_initserial\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_uint32_t\ serial\fR\fB);\fR +.BI "void lwres_context_initserial(lwres_context_t\ *ctx, lwres_uint32_t\ serial);" .HP 40 -\fBlwres_uint32_t\ \fBlwres_context_nextserial\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB);\fR +.BI "lwres_uint32_t lwres_context_nextserial(lwres_context_t\ *ctx);" .HP 27 -\fBvoid\ \fBlwres_context_freemem\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBvoid\ *mem\fR\fB, \fR\fBsize_t\ len\fR\fB);\fR +.BI "void lwres_context_freemem(lwres_context_t\ *ctx, void\ *mem, size_t\ len);" .HP 28 -\fBvoid\ \fBlwres_context_allocmem\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBsize_t\ len\fR\fB);\fR +.BI "void lwres_context_allocmem(lwres_context_t\ *ctx, size_t\ len);" .HP 30 -\fBvoid\ *\ \fBlwres_context_sendrecv\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBvoid\ *sendbase\fR\fB, \fR\fBint\ sendlen\fR\fB, \fR\fBvoid\ *recvbase\fR\fB, \fR\fBint\ recvlen\fR\fB, \fR\fBint\ *recvd_len\fR\fB);\fR +.BI "void * lwres_context_sendrecv(lwres_context_t\ *ctx, void\ *sendbase, int\ sendlen, void\ *recvbase, int\ recvlen, int\ *recvd_len);" .SH "DESCRIPTION" .PP \fBlwres_context_create()\fR @@ -159,3 +162,5 @@ times out waiting for a response. \fBlwres_conf_init\fR(3), \fBmalloc\fR(3), \fBfree\fR(3 ). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_context.html b/contrib/bind9/lib/lwres/man/lwres_context.html index 8988c5d..6f7fbec 100644 --- a/contrib/bind9/lib/lwres/man/lwres_context.html +++ b/contrib/bind9/lib/lwres/man/lwres_context.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_context - +
    -
    +

    Name

    lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

    @@ -52,18 +52,31 @@ lwres_result_t     +, + + +  +  ); - +
    + -
    lwres_result_t lwres_context_destroy(   );
    + + +  +  + +); + + + + + + +
    @@ -75,18 +88,31 @@ void
       ,
       );
    - +
    + -
    lwres_uint32_t lwres_context_nextserial(   );
    + + +  +  + +); + + + + + + + @@ -118,6 +149,11 @@ void + + + + + @@ -153,6 +189,11 @@ void * + + + + + @@ -160,7 +201,7 @@ void *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_context_create() creates a @@ -290,7 +331,7 @@ returned in

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_context_create() returns @@ -321,7 +362,7 @@ times out waiting for a response.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_conf_init(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_gabn.3 b/contrib/bind9/lib/lwres/man/lwres_gabn.3 index 60a56fe..593ebc5 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gabn.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gabn.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gabn.3,v 1.13.2.1.8.5 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_gabn.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gabn +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GABN" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_gabnrequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnrequest_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gabnrequest_render(lwres_context_t\ *ctx, lwres_gabnrequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 41 -\fBlwres_result_t\ \fBlwres_gabnresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gabnresponse_render(lwres_context_t\ *ctx, lwres_gabnresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_gabnrequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gabnrequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gabnrequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnrequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_gabnresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gabnresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_gabnresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_gabnresponse_free(lwres_context_t\ *ctx, lwres_gabnresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_gabnrequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnrequest_t\ **structp\fR\fB);\fR +.BI "void lwres_gabnrequest_free(lwres_context_t\ *ctx, lwres_gabnrequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver name\-to\-address lookup request and response messages. @@ -57,6 +60,7 @@ There are four main functions for the getaddrbyname opcode. One render function These structures are defined in \fI\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U typedef struct lwres_addr lwres_addr_t; @@ -80,6 +84,7 @@ typedef struct { size_t baselen; } lwres_gabnresponse_t; .fi +.RE .sp .PP \fBlwres_gabnrequest_render()\fR @@ -133,7 +138,8 @@ structures referenced via .PP The getaddrbyname opcode functions \fBlwres_gabnrequest_render()\fR, -\fBlwres_gabnresponse_render()\fR\fBlwres_gabnrequest_parse()\fR +\fBlwres_gabnresponse_render()\fR +\fBlwres_gabnrequest_parse()\fR and \fBlwres_gabnresponse_parse()\fR all return @@ -164,3 +170,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3 ) +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gabn.html b/contrib/bind9/lib/lwres/man/lwres_gabn.html index 7713945..fce25c5 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gabn.html +++ b/contrib/bind9/lib/lwres/man/lwres_gabn.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gabn - +

    -
    +

    Name

    lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

    @@ -52,6 +52,11 @@ lwres_result_t
    + + + + + @@ -77,6 +82,11 @@ lwres_result_t + + + + + @@ -102,6 +112,11 @@ lwres_result_t + + + + + @@ -127,6 +142,11 @@ lwres_result_t + + + + + @@ -142,6 +162,11 @@ void + + + + + @@ -157,6 +182,11 @@ void + + + + + @@ -164,7 +194,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver name-to-address lookup request and @@ -279,7 +309,7 @@ structures is also discarded.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The getaddrbyname opcode functions lwres_gabnrequest_render(), @@ -317,7 +347,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3 ) diff --git a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 index 388c59e..e6efcd0 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gai_strerror.3,v 1.13.2.1.8.5 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_gai_strerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gai_strerror +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GAI_STRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,48 +36,48 @@ gai_strerror \- print suitable error string #include .fi .HP 20 -\fBchar\ *\ \fBgai_strerror\fR\fR\fB(\fR\fBint\ ecode\fR\fB);\fR +.BI "char * gai_strerror(int\ ecode);" .SH "DESCRIPTION" .PP \fBlwres_gai_strerror()\fR returns an error message corresponding to an error code returned by \fBgetaddrinfo()\fR. The following error codes and their meaning are defined in \fIinclude/lwres/netdb.h\fR. -.TP +.TP 3n \fBEAI_ADDRFAMILY\fR address family for hostname not supported -.TP +.TP 3n \fBEAI_AGAIN\fR temporary failure in name resolution -.TP +.TP 3n \fBEAI_BADFLAGS\fR invalid value for \fBai_flags\fR -.TP +.TP 3n \fBEAI_FAIL\fR non\-recoverable failure in name resolution -.TP +.TP 3n \fBEAI_FAMILY\fR \fBai_family\fR not supported -.TP +.TP 3n \fBEAI_MEMORY\fR memory allocation failure -.TP +.TP 3n \fBEAI_NODATA\fR no address associated with hostname -.TP +.TP 3n \fBEAI_NONAME\fR hostname or servname not provided, or not known -.TP +.TP 3n \fBEAI_SERVICE\fR servname not supported for \fBai_socktype\fR -.TP +.TP 3n \fBEAI_SOCKTYPE\fR \fBai_socktype\fR not supported -.TP +.TP 3n \fBEAI_SYSTEM\fR system error returned in errno The message @@ -97,3 +100,5 @@ used by \fBlwres_getaddrinfo\fR(3), \fBgetaddrinfo\fR(3), \fBRFC2133\fR(). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html index 5506564..4b244e3 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html +++ b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gai_strerror - +

    -
    +

    Name

    gai_strerror — print suitable error string

    @@ -37,7 +37,7 @@ char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_gai_strerror() returns an error message corresponding to an error code returned by @@ -109,7 +109,7 @@ used by

    -

    SEE ALSO

    +

    SEE ALSO

    strerror(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 index df1390a..fe52cd5 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getaddrinfo.3,v 1.16.2.1.8.6 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getaddrinfo.3,v 1.16.2.1.8.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getaddrinfo +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETADDRINFO" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,13 +36,14 @@ lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and se #include .fi .HP 22 -\fBint\ \fBlwres_getaddrinfo\fR\fR\fB(\fR\fBconst\ char\ *hostname\fR\fB, \fR\fBconst\ char\ *servname\fR\fB, \fR\fBconst\ struct\ addrinfo\ *hints\fR\fB, \fR\fBstruct\ addrinfo\ **res\fR\fB);\fR +.BI "int lwres_getaddrinfo(const\ char\ *hostname, const\ char\ *servname, const\ struct\ addrinfo\ *hints, struct\ addrinfo\ **res);" .HP 24 -\fBvoid\ \fBlwres_freeaddrinfo\fR\fR\fB(\fR\fBstruct\ addrinfo\ *ai\fR\fB);\fR +.BI "void lwres_freeaddrinfo(struct\ addrinfo\ *ai);" .PP If the operating system does not provide a \fBstruct addrinfo\fR, the following structure is used: .sp +.RS 3n .nf struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ @@ -52,6 +56,7 @@ struct addrinfo { struct addrinfo *ai_next; /* next structure in linked list */ }; .fi +.RE .sp .SH "DESCRIPTION" .PP @@ -77,13 +82,13 @@ is either a decimal port number or a service name as listed in is an optional pointer to a \fBstruct addrinfo\fR. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. The caller can supply the following structure elements in \fI*hints\fR: -.TP +.TP 3n \fBai_family\fR The protocol family that should be used. When \fBai_family\fR is set to \fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system. -.TP +.TP 3n \fBai_socktype\fR denotes the type of socket \(em \fBSOCK_STREAM\fR, @@ -93,12 +98,12 @@ or \(em that is wanted. When \fBai_socktype\fR is zero the caller will accept any socket type. -.TP +.TP 3n \fBai_protocol\fR indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP. If \fBai_protocol\fR is zero the caller will accept any protocol. -.TP +.TP 3n \fBai_flags\fR Flag bits. If the \fBAI_CANONNAME\fR @@ -209,7 +214,8 @@ if an error occurs. If both and \fIservname\fR are -\fBNULL\fR\fBlwres_getaddrinfo()\fR +\fBNULL\fR +\fBlwres_getaddrinfo()\fR returns \fBEAI_NONAME\fR. .SH "SEE ALSO" @@ -225,3 +231,5 @@ returns \fBsendto\fR(2), \fBsendmsg\fR(2), \fBsocket\fR(2). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html index bc84e74..375c319 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html +++ b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getaddrinfo - +

    -
    +

    Name

    lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

    @@ -52,18 +52,31 @@ int
    + + + + +
    @@ -103,6 +129,11 @@ void
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
    - +
    + -
    void lwres_freeaddrinfo(   );
    + + +  +  + +); + +

    If the operating system does not provide a @@ -87,7 +100,7 @@ struct addrinfo {

    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_getaddrinfo() is used to get a list of IP addresses and port numbers for host @@ -284,7 +297,7 @@ created by a call to

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getaddrinfo() returns zero on success or one of the error codes listed in @@ -304,7 +317,7 @@ returns

    -

    SEE ALSO

    +

    SEE ALSO

    lwres(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_gethostent.3 b/contrib/bind9/lib/lwres/man/lwres_gethostent.3 index 99dc533..6fe933d7 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gethostent.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gethostent.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gethostent.3,v 1.16.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_gethostent.3,v 1.16.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gethostent +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETHOSTENT" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,27 +36,27 @@ lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent #include .fi .HP 37 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname(const\ char\ *name);" .HP 38 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname2\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBint\ af\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname2(const\ char\ *name, int\ af);" .HP 37 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyaddr\fR\fR\fB(\fR\fBconst\ char\ *addr\fR\fB, \fR\fBint\ len\fR\fB, \fR\fBint\ type\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyaddr(const\ char\ *addr, int\ len, int\ type);" .HP 34 -\fBstruct\ hostent\ *\ \fBlwres_gethostent\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "struct hostent * lwres_gethostent(void);" .HP 22 -\fBvoid\ \fBlwres_sethostent\fR\fR\fB(\fR\fBint\ stayopen\fR\fB);\fR +.BI "void lwres_sethostent(int\ stayopen);" .HP 22 -\fBvoid\ \fBlwres_endhostent\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "void lwres_endhostent(void);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname_r\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname_r(const\ char\ *name, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyaddr_r\fR\fR\fB(\fR\fBconst\ char\ *addr\fR\fB, \fR\fBint\ len\fR\fB, \fR\fBint\ type\fR\fB, \fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyaddr_r(const\ char\ *addr, int\ len, int\ type, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 36 -\fBstruct\ hostent\ *\ \fBlwres_gethostent_r\fR\fR\fB(\fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostent_r(struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 24 -\fBvoid\ \fBlwres_sethostent_r\fR\fR\fB(\fR\fBint\ stayopen\fR\fB);\fR +.BI "void lwres_sethostent_r(int\ stayopen);" .HP 24 -\fBvoid\ \fBlwres_endhostent_r\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "void lwres_endhostent_r(void);" .SH "DESCRIPTION" .PP These functions provide hostname\-to\-address and address\-to\-hostname lookups by means of the lightweight resolver. They are similar to the standard @@ -63,6 +66,7 @@ functions provided by most operating systems. They use a which is usually defined in \fI\fR. .sp +.RS 3n .nf struct hostent { char *h_name; /* official name of host */ @@ -73,25 +77,26 @@ struct hostent { }; #define h_addr h_addr_list[0] /* address, for backward compatibility */ .fi +.RE .sp .PP The members of this structure are: -.TP +.TP 3n \fBh_name\fR The official (canonical) name of the host. -.TP +.TP 3n \fBh_aliases\fR A NULL\-terminated array of alternate names (nicknames) for the host. -.TP +.TP 3n \fBh_addrtype\fR The type of address being returned \(em \fBPF_INET\fR or \fBPF_INET6\fR. -.TP +.TP 3n \fBh_length\fR The length of the address in bytes. -.TP +.TP 3n \fBh_addr_list\fR A \fBNULL\fR @@ -217,16 +222,16 @@ return NULL to indicate an error. In this case the global variable \fBlwres_h_errno\fR will contain one of the following error codes defined in \fI\fR: -.TP +.TP 3n \fBHOST_NOT_FOUND\fR The host or address was not found. -.TP +.TP 3n \fBTRY_AGAIN\fR A recoverable error occurred, e.g., a timeout. Retrying the lookup may succeed. -.TP +.TP 3n \fBNO_RECOVERY\fR A non\-recoverable error occurred. -.TP +.TP 3n \fBNO_DATA\fR The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup). The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility. .PP @@ -286,3 +291,5 @@ The resolver daemon does not currently support any non\-DNS name services such a \fI/etc/hosts\fR or \fBNIS\fR, consequently the above functions don't, either. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gethostent.html b/contrib/bind9/lib/lwres/man/lwres_gethostent.html index 263f993..fefc67b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gethostent.html +++ b/contrib/bind9/lib/lwres/man/lwres_gethostent.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gethostent - +

    -
    +

    Name

    lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

    @@ -31,14 +31,22 @@

    Synopsis

    #include <lwres/netdb.h>
    - +
    + -
    struct hostent * lwres_gethostbyname(   );
    + + +  +  + +); + + + + + + + @@ -70,6 +83,11 @@ struct hostent * + + + + + @@ -109,6 +127,11 @@ struct hostent * + + + + + @@ -149,6 +172,11 @@ struct hostent * + + + + + @@ -174,6 +202,11 @@ struct hostent * + + + + + @@ -187,7 +220,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions provide hostname-to-address and address-to-hostname lookups by means of the lightweight resolver. @@ -324,7 +357,7 @@ calls to lwres_gethostbyaddr_r() return

    -

    RETURN VALUES

    +

    RETURN VALUES

    The functions lwres_gethostbyname(), @@ -391,7 +424,7 @@ hostent. If buf was too small, b

    -

    SEE ALSO

    +

    SEE ALSO

    gethostent(3), @@ -402,7 +435,7 @@ hostent. If buf was too small, b

    -

    BUGS

    +

    BUGS

    lwres_gethostbyname(), lwres_gethostbyname2(), diff --git a/contrib/bind9/lib/lwres/man/lwres_getipnode.3 b/contrib/bind9/lib/lwres/man/lwres_getipnode.3 index d83758c..f7ab62b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getipnode.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getipnode.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getipnode.3,v 1.13.2.2.4.6 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getipnode.3,v 1.13.2.2.4.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getipnode +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETIPNODE" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,11 +36,11 @@ lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent \- lightweight r #include .fi .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_getipnodebyname\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBint\ af\fR\fB, \fR\fBint\ flags\fR\fB, \fR\fBint\ *error_num\fR\fB);\fR +.BI "struct hostent * lwres_getipnodebyname(const\ char\ *name, int\ af, int\ flags, int\ *error_num);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_getipnodebyaddr\fR\fR\fB(\fR\fBconst\ void\ *src\fR\fB, \fR\fBsize_t\ len\fR\fB, \fR\fBint\ af\fR\fB, \fR\fBint\ *error_num\fR\fB);\fR +.BI "struct hostent * lwres_getipnodebyaddr(const\ void\ *src, size_t\ len, int\ af, int\ *error_num);" .HP 23 -\fBvoid\ \fBlwres_freehostent\fR\fR\fB(\fR\fBstruct\ hostent\ *he\fR\fB);\fR +.BI "void lwres_freehostent(struct\ hostent\ *he);" .SH "DESCRIPTION" .PP These functions perform thread safe, protocol independent nodename\-to\-address and address\-to\-nodename translation as defined in RFC2553. @@ -47,6 +50,7 @@ They use a which is defined in \fInamedb.h\fR: .sp +.RS 3n .nf struct hostent { char *h_name; /* official name of host */ @@ -57,25 +61,26 @@ struct hostent { }; #define h_addr h_addr_list[0] /* address, for backward compatibility */ .fi +.RE .sp .PP The members of this structure are: -.TP +.TP 3n \fBh_name\fR The official (canonical) name of the host. -.TP +.TP 3n \fBh_aliases\fR A NULL\-terminated array of alternate names (nicknames) for the host. -.TP +.TP 3n \fBh_addrtype\fR The type of address being returned \- usually \fBPF_INET\fR or \fBPF_INET6\fR. -.TP +.TP 3n \fBh_length\fR The length of the address in bytes. -.TP +.TP 3n \fBh_addr_list\fR A \fBNULL\fR @@ -88,20 +93,20 @@ for the hostname \fIname\fR. The \fIflags\fR parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned. The flag bits are: -.TP +.TP 3n \fBAI_V4MAPPED\fR This is used with an \fIaf\fR of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses. -.TP +.TP 3n \fBAI_ALL\fR This is used with an \fIaf\fR of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses. -.TP +.TP 3n \fBAI_ADDRCONFIG\fR Only return an IPv6 or IPv4 address if here is an active network interface of that type. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored. -.TP +.TP 3n \fBAI_DEFAULT\fR This default sets the \fBAI_V4MAPPED\fR @@ -145,16 +150,16 @@ to an appropriate error code and the function returns a \fBNULL\fR pointer. The error codes and their meanings are defined in \fI\fR: -.TP +.TP 3n \fBHOST_NOT_FOUND\fR No such host is known. -.TP +.TP 3n \fBNO_ADDRESS\fR The server recognised the request and the name but no address is available. Another type of request to the name server for the domain might return an answer. -.TP +.TP 3n \fBTRY_AGAIN\fR A temporary and possibly transient error occurred, such as a failure of a server to respond. The request may succeed if retried. -.TP +.TP 3n \fBNO_RECOVERY\fR An unexpected failure occurred, and retrying the request is pointless. .PP @@ -168,3 +173,5 @@ translates these error codes to suitable error messages. \fBlwres_getaddrinfo\fR(3), \fBlwres_getnameinfo\fR(3), \fBlwres_hstrerror\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getipnode.html b/contrib/bind9/lib/lwres/man/lwres_getipnode.html index c5038b4..779da90 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getipnode.html +++ b/contrib/bind9/lib/lwres/man/lwres_getipnode.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getipnode - +

    -
    +

    Name

    lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

    @@ -52,6 +52,11 @@ struct hostent *
    + + + + + @@ -77,22 +82,35 @@ struct hostent * + + + + +
    @@ -50,6 +58,11 @@ struct hostent *
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
    - +
    + -
    void lwres_freehostent(   );
    + + +  +  + +); + +
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions perform thread safe, protocol independent nodename-to-address and address-to-nodename @@ -233,7 +251,7 @@ structure itself.

    -

    RETURN VALUES

    +

    RETURN VALUES

    If an error occurs, lwres_getipnodebyname() @@ -279,7 +297,7 @@ translates these error codes to suitable error messages.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC2553, diff --git a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 index 853c2b9..a9af04b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getnameinfo.3,v 1.15.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getnameinfo.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getnameinfo +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETNAMEINFO" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,7 +36,7 @@ lwres_getnameinfo \- lightweight resolver socket address structure to hostname a #include .fi .HP 22 -\fBint\ \fBlwres_getnameinfo\fR\fR\fB(\fR\fBconst\ struct\ sockaddr\ *sa\fR\fB, \fR\fBsize_t\ salen\fR\fB, \fR\fBchar\ *host\fR\fB, \fR\fBsize_t\ hostlen\fR\fB, \fR\fBchar\ *serv\fR\fB, \fR\fBsize_t\ servlen\fR\fB, \fR\fBint\ flags\fR\fB);\fR +.BI "int lwres_getnameinfo(const\ struct\ sockaddr\ *sa, size_t\ salen, char\ *host, size_t\ hostlen, char\ *serv, size_t\ servlen, int\ flags);" .SH "DESCRIPTION" .PP This function is equivalent to the @@ -41,7 +44,8 @@ This function is equivalent to the function defined in RFC2133. \fBlwres_getnameinfo()\fR returns the hostname for the -\fBstruct sockaddr\fR\fIsa\fR +\fBstruct sockaddr\fR +\fIsa\fR which is \fIsalen\fR bytes long. The hostname is of length @@ -64,19 +68,19 @@ bytes long. The maximum length of the service name is The \fIflags\fR argument sets the following bits: -.TP +.TP 3n \fBNI_NOFQDN\fR A fully qualified domain name is not required for local hosts. The local part of the fully qualified domain name is returned instead. -.TP +.TP 3n \fBNI_NUMERICHOST\fR Return the address in numeric form, as if calling inet_ntop(), instead of a host name. -.TP +.TP 3n \fBNI_NAMEREQD\fR A name is required. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned. If the hostname is not found and the flag is not set, the address is returned in numeric form. -.TP +.TP 3n \fBNI_NUMERICSERV\fR The service name is returned as a digit string representing the port number. -.TP +.TP 3n \fBNI_DGRAM\fR Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp". This is required for the few ports (512\-514) that have different services for UDP and TCP. .SH "RETURN VALUES" @@ -96,3 +100,5 @@ returns 0 on success or a non\-zero error code if an error occurs. RFC2133 fails to define what the nonzero return values of \fBgetnameinfo\fR(3) are. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html index 6e7a7b1..3111730 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html +++ b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getnameinfo - +

    -
    +

    Name

    lwres_getnameinfo — lightweight resolver socket address structure to hostname and service name

    @@ -67,6 +67,11 @@ int     +, + + +  +  ); @@ -74,7 +79,7 @@ int
    -

    DESCRIPTION

    +

    DESCRIPTION

    This function is equivalent to the getnameinfo(3) function defined in RFC2133. lwres_getnameinfo() returns the hostname for the struct sockaddr sa which is @@ -125,14 +130,14 @@ TCP.

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getnameinfo() returns 0 on success or a non-zero error code if an error occurs.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC2133, getservbyport(3), @@ -143,7 +148,7 @@ returns 0 on success or a non-zero error code if an error occurs.

    -

    BUGS

    +

    BUGS

    RFC2133 fails to define what the nonzero return values of getnameinfo(3) diff --git a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 index 6d900f8..1aeca28 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getrrsetbyname +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Oct 18, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETRRSETBYNAME" "3" "Oct 18, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,12 +36,13 @@ lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records #include .fi .HP 25 -\fBint\ \fBlwres_getrrsetbyname\fR\fR\fB(\fR\fBconst\ char\ *hostname\fR\fB, \fR\fBunsigned\ int\ rdclass\fR\fB, \fR\fBunsigned\ int\ rdtype\fR\fB, \fR\fBunsigned\ int\ flags\fR\fB, \fR\fBstruct\ rrsetinfo\ **res\fR\fB);\fR +.BI "int lwres_getrrsetbyname(const\ char\ *hostname, unsigned\ int\ rdclass, unsigned\ int\ rdtype, unsigned\ int\ flags, struct\ rrsetinfo\ **res);" .HP 21 -\fBvoid\ \fBlwres_freerrset\fR\fR\fB(\fR\fBstruct\ rrsetinfo\ *rrset\fR\fB);\fR +.BI "void lwres_freerrset(struct\ rrsetinfo\ *rrset);" .PP The following structures are used: .sp +.RS 3n .nf struct rdatainfo { unsigned int rdi_length; /* length of data */ @@ -56,6 +60,7 @@ struct rrsetinfo { struct rdatainfo *rri_sigs; /* individual signatures */ }; .fi +.RE .sp .SH "DESCRIPTION" .PP @@ -115,22 +120,24 @@ created by a call to .PP \fBlwres_getrrsetbyname()\fR returns zero on success, and one of the following error codes if an error occurred: -.TP +.TP 3n \fBERRSET_NONAME\fR the name does not exist -.TP +.TP 3n \fBERRSET_NODATA\fR the name exists, but does not have data of the desired type -.TP +.TP 3n \fBERRSET_NOMEMORY\fR memory could not be allocated -.TP +.TP 3n \fBERRSET_INVAL\fR a parameter is invalid -.TP +.TP 3n \fBERRSET_FAIL\fR other failure -.TP +.TP 3n .SH "SEE ALSO" .PP \fBlwres\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html index f36a1d2..6cbed6f 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html +++ b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getrrsetbyname - +

    -
    +

    Name

    lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

    @@ -57,18 +57,31 @@ int     +, + + +  +  ); - +
    + -
    void lwres_freerrset(   );
    + + +  +  + +); + +

    The following structures are used: @@ -95,7 +108,7 @@ struct rrsetinfo {

    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_getrrsetbyname() gets a set of resource records associated with a @@ -172,7 +185,7 @@ created by a call to

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getrrsetbyname() returns zero on success, and one of the following error @@ -208,7 +221,7 @@ other failure

    -

    SEE ALSO

    +

    SEE ALSO

    lwres(3).

    diff --git a/contrib/bind9/lib/lwres/man/lwres_gnba.3 b/contrib/bind9/lib/lwres/man/lwres_gnba.3 index 58047ce..dc546d2 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gnba.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gnba.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gnba.3,v 1.13.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_gnba.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gnba +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GNBA" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_gnbarequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *\fR\fB\fIctx\fR\fR\fB, \fR\fBlwres_gnbarequest_t\ *\fR\fB\fIreq\fR\fR\fB, \fR\fBlwres_lwpacket_t\ *\fR\fB\fIpkt\fR\fR\fB, \fR\fBlwres_buffer_t\ *\fR\fB\fIb\fR\fR\fB);\fR +.BI "lwres_result_t lwres_gnbarequest_render(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 41 -\fBlwres_result_t\ \fBlwres_gnbaresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbaresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gnbaresponse_render(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_gnbarequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gnbarequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gnbarequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbarequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_gnbaresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gnbaresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbaresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_gnbaresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_gnbaresponse_free(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_gnbarequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbarequest_t\ **structp\fR\fB);\fR +.BI "void lwres_gnbarequest_free(lwres_context_t\ *ctx, lwres_gnbarequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver address\-to\-name lookup request and response messages. @@ -57,6 +60,7 @@ to the canonical format. This is complemented by a parse function which converts These structures are defined in \fIlwres/lwres.h\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U typedef struct { @@ -74,6 +78,7 @@ typedef struct { size_t baselen; } lwres_gnbaresponse_t; .fi +.RE .sp .PP \fBlwres_gnbarequest_render()\fR @@ -127,7 +132,8 @@ structures referenced via .PP The getnamebyaddr opcode functions \fBlwres_gnbarequest_render()\fR, -\fBlwres_gnbaresponse_render()\fR\fBlwres_gnbarequest_parse()\fR +\fBlwres_gnbaresponse_render()\fR +\fBlwres_gnbarequest_parse()\fR and \fBlwres_gnbaresponse_parse()\fR all return @@ -158,3 +164,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gnba.html b/contrib/bind9/lib/lwres/man/lwres_gnba.html index 89cf35e..4d07580 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gnba.html +++ b/contrib/bind9/lib/lwres/man/lwres_gnba.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gnba - +
    -
    +

    Name

    lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

    @@ -39,25 +39,31 @@ lwres_result_t lwres_gnbarequest_render ( -lwres_context_t *  +  ctx,   -lwres_gnbarequest_t *  +  + +ctx, + + +  +  req,   -lwres_lwpacket_t *  +  pkt,   -lwres_buffer_t *  +  b); @@ -84,6 +90,11 @@ lwres_result_t     +, + + +  +  ); @@ -109,6 +120,11 @@ lwres_result_t     +, + + +  +  ); @@ -134,6 +150,11 @@ lwres_result_t     +, + + +  +  ); @@ -150,6 +171,11 @@ void     +, + + +  +  ); @@ -165,6 +191,11 @@ void     +, + + +  +  ); @@ -172,7 +203,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver address-to-name lookup request and @@ -277,7 +308,7 @@ structures is also discarded.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The getnamebyaddr opcode functions lwres_gnbarequest_render(), @@ -315,7 +346,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3).

    diff --git a/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 b/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 index a1ecf7c..d6fc8f5 100644 --- a/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 +++ b/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_hstrerror.3,v 1.13.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_hstrerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_hstrerror +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_HSTRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,9 +36,9 @@ lwres_herror, lwres_hstrerror \- lightweight resolver error message generation #include .fi .HP 18 -\fBvoid\ \fBlwres_herror\fR\fR\fB(\fR\fBconst\ char\ *s\fR\fB);\fR +.BI "void lwres_herror(const\ char\ *s);" .HP 29 -\fBconst\ char\ *\ \fBlwres_hstrerror\fR\fR\fB(\fR\fBint\ err\fR\fB);\fR +.BI "const char * lwres_hstrerror(int\ err);" .SH "DESCRIPTION" .PP \fBlwres_herror()\fR @@ -51,19 +54,19 @@ for the error code stored in the global variable \fBlwres_hstrerror()\fR returns an appropriate string for the error code gievn by \fIerr\fR. The values of the error codes and messages are as follows: -.TP +.TP 3n \fBNETDB_SUCCESS\fR Resolver Error 0 (no error) -.TP +.TP 3n \fBHOST_NOT_FOUND\fR Unknown host -.TP +.TP 3n \fBTRY_AGAIN\fR Host name lookup failure -.TP +.TP 3n \fBNO_RECOVERY\fR Unknown server error -.TP +.TP 3n \fBNO_DATA\fR No address associated with name .SH "RETURN VALUES" @@ -79,3 +82,5 @@ is not a valid error code. .PP \fBherror\fR(3), \fBlwres_hstrerror\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_hstrerror.html b/contrib/bind9/lib/lwres/man/lwres_hstrerror.html index 4204a33..d2f1e4a 100644 --- a/contrib/bind9/lib/lwres/man/lwres_hstrerror.html +++ b/contrib/bind9/lib/lwres/man/lwres_hstrerror.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_hstrerror - +
    -
    +

    Name

    lwres_herror, lwres_hstrerror — lightweight resolver error message generation

    @@ -40,7 +40,7 @@ const char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_herror() prints the string s on stderr followed by the string @@ -79,7 +79,7 @@ the error codes and messages are as follows:

    -

    RETURN VALUES

    +

    RETURN VALUES

    The string Unknown resolver error is returned by lwres_hstrerror() @@ -89,7 +89,7 @@ is not a valid error code.

    -

    SEE ALSO

    +

    SEE ALSO

    herror(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_inetntop.3 b/contrib/bind9/lib/lwres/man/lwres_inetntop.3 index 782cbaf..6395e60 100644 --- a/contrib/bind9/lib/lwres/man/lwres_inetntop.3 +++ b/contrib/bind9/lib/lwres/man/lwres_inetntop.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_inetntop.3,v 1.12.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_inetntop.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_inetntop +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_INETNTOP" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,7 +36,7 @@ lwres_net_ntop \- lightweight resolver IP address presentation #include .fi .HP 28 -\fBconst\ char\ *\ \fBlwres_net_ntop\fR\fR\fB(\fR\fBint\ af\fR\fB, \fR\fBconst\ void\ *src\fR\fB, \fR\fBchar\ *dst\fR\fB, \fR\fBsize_t\ size\fR\fB);\fR +.BI "const char * lwres_net_ntop(int\ af, const\ void\ *src, char\ *dst, size_t\ size);" .SH "DESCRIPTION" .PP \fBlwres_net_ntop()\fR @@ -67,3 +70,5 @@ is not supported. \fBRFC1884\fR(), \fBinet_ntop\fR(3), \fBerrno\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_inetntop.html b/contrib/bind9/lib/lwres/man/lwres_inetntop.html index 3c794a5..ca5c0bd 100644 --- a/contrib/bind9/lib/lwres/man/lwres_inetntop.html +++ b/contrib/bind9/lib/lwres/man/lwres_inetntop.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_inetntop - +

    -
    +

    Name

    lwres_net_ntop — lightweight resolver IP address presentation

    @@ -52,6 +52,11 @@ const char *     +, + + +  +  ); @@ -59,7 +64,7 @@ const char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_net_ntop() converts an IP address of protocol family af — IPv4 or IPv6 — @@ -75,7 +80,7 @@ ASCII representation of the address.

    -

    RETURN VALUES

    +

    RETURN VALUES

    If successful, the function returns dst: a pointer to a string containing the presentation format of the @@ -87,7 +92,7 @@ supported.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC1884, inet_ntop(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_noop.3 b/contrib/bind9/lib/lwres/man/lwres_noop.3 index d2eba57..e32c2f8 100644 --- a/contrib/bind9/lib/lwres/man/lwres_noop.3 +++ b/contrib/bind9/lib/lwres/man/lwres_noop.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_noop.3,v 1.14.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_noop.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_noop +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_NOOP" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_nooprequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_nooprequest_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_nooprequest_render(lwres_context_t\ *ctx, lwres_nooprequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 41 -\fBlwres_result_t\ \fBlwres_noopresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_noopresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_noopresponse_render(lwres_context_t\ *ctx, lwres_noopresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_nooprequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_nooprequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_nooprequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_nooprequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_noopresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_noopresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_noopresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_noopresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_noopresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_noopresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_noopresponse_free(lwres_context_t\ *ctx, lwres_noopresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_nooprequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_nooprequest_t\ **structp\fR\fB);\fR +.BI "void lwres_nooprequest_free(lwres_context_t\ *ctx, lwres_nooprequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver no\-op request and response messages. @@ -61,6 +64,7 @@ to the canonical format. This is complemented by a parse function which converts These structures are defined in \fIlwres/lwres.h\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_NOOP 0x00000000U typedef struct { @@ -72,6 +76,7 @@ typedef struct { unsigned char *data; } lwres_noopresponse_t; .fi +.RE .sp Although the structures have different types, they are identical. This is because the no\-op opcode simply echos whatever data was sent: the response is therefore identical to the request. .PP @@ -126,7 +131,8 @@ structures referenced via .PP The no\-op opcode functions \fBlwres_nooprequest_render()\fR, -\fBlwres_noopresponse_render()\fR\fBlwres_nooprequest_parse()\fR +\fBlwres_noopresponse_render()\fR +\fBlwres_nooprequest_parse()\fR and \fBlwres_noopresponse_parse()\fR all return @@ -157,3 +163,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3 ) +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_noop.html b/contrib/bind9/lib/lwres/man/lwres_noop.html index 261bac8..145bcac 100644 --- a/contrib/bind9/lib/lwres/man/lwres_noop.html +++ b/contrib/bind9/lib/lwres/man/lwres_noop.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_noop - +

    -
    +

    Name

    lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

    @@ -53,6 +53,11 @@ lwres_result_t     +, + + +  +  ); @@ -78,6 +83,11 @@ lwres_result_t     +, + + +  +  ); @@ -103,6 +113,11 @@ lwres_result_t     +, + + +  +  ); @@ -128,6 +143,11 @@ lwres_result_t     +, + + +  +  ); @@ -143,6 +163,11 @@ void     +, + + +  +  ); @@ -158,6 +183,11 @@ void     +, + + +  +  ); @@ -165,7 +195,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver no-op request and response messages. @@ -246,7 +276,7 @@ structures referenced via structp.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The no-op opcode functions lwres_nooprequest_render(), @@ -285,7 +315,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3 ) diff --git a/contrib/bind9/lib/lwres/man/lwres_packet.3 b/contrib/bind9/lib/lwres/man/lwres_packet.3 index 777e0c7..35a8f10 100644 --- a/contrib/bind9/lib/lwres/man/lwres_packet.3 +++ b/contrib/bind9/lib/lwres/man/lwres_packet.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_packet.3,v 1.15.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_packet.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_packet +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_PACKET" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,9 +36,9 @@ lwres_lwpacket_renderheader, lwres_lwpacket_parseheader \- lightweight resolver #include .fi .HP 43 -\fBlwres_result_t\ \fBlwres_lwpacket_renderheader\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB);\fR +.BI "lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" .HP 42 -\fBlwres_result_t\ \fBlwres_lwpacket_parseheader\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB);\fR +.BI "lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" .SH "DESCRIPTION" .PP These functions rely on a @@ -43,6 +46,7 @@ These functions rely on a which is defined in \fIlwres/lwpacket.h\fR. .sp +.RS 3n .nf typedef struct lwres_lwpacket lwres_lwpacket_t; struct lwres_lwpacket { @@ -57,52 +61,54 @@ struct lwres_lwpacket { lwres_uint16_t authlength; }; .fi +.RE .sp .PP The elements of this structure are: -.TP +.TP 3n \fBlength\fR the overall packet length, including the entire packet header. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBversion\fR the header format. There is currently only one format, \fBLWRES_LWPACKETVERSION_0\fR. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBpktflags\fR library\-defined flags for this packet: for instance whether the packet is a request or a reply. Flag values can be set, but not defined by the caller. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBserial\fR is set by the requestor and is returned in all replies. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped. This field must be set by the application. -.TP +.TP 3n \fBopcode\fR indicates the operation. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library. Opcodes between 0x04000000 and 0xffffffff are application defined. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBresult\fR is only valid for replies. Results between 0x04000000 and 0xffffffff are application defined. Results between 0x00000000 and 0x03ffffff are reserved for library use. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBrecvlength\fR is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies. This field is supplied by the application. -.TP +.TP 3n \fBauthtype\fR defines the packet level authentication that is used. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use. Currently these are not used and must be zero. -.TP +.TP 3n \fBauthlen\fR gives the length of the authentication data. Since packet authentication is currently not used, this must be zero. .PP The following opcodes are currently defined: -.TP +.TP 3n \fBNOOP\fR Success is always returned and the packet contents are echoed. The lwres_noop_*() functions should be used for this type. -.TP +.TP 3n \fBGETADDRSBYNAME\fR returns all known addresses for a given name. The lwres_gabn_*() functions should be used for this type. -.TP +.TP 3n \fBGETNAMEBYADDR\fR return the hostname for the given address. The lwres_gnba_*() functions should be used for this type. .PP \fBlwres_lwpacket_renderheader()\fR transfers the contents of lightweight resolver packet structure -\fBlwres_lwpacket_t\fR\fI*pkt\fR +\fBlwres_lwpacket_t\fR +\fI*pkt\fR in network byte order to the lightweight resolver buffer, \fI*b\fR. .PP @@ -127,3 +133,5 @@ and lightweight resolver packet \fI*pkt\fR both functions return \fBLWRES_R_UNEXPECTEDEND\fR. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_packet.html b/contrib/bind9/lib/lwres/man/lwres_packet.html index b83fbcb..32bb81e 100644 --- a/contrib/bind9/lib/lwres/man/lwres_packet.html +++ b/contrib/bind9/lib/lwres/man/lwres_packet.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_packet - +

    -
    +

    Name

    lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

    @@ -42,6 +42,11 @@ lwres_result_t     +, + + +  +  ); @@ -57,6 +62,11 @@ lwres_result_t     +, + + +  +  ); @@ -64,7 +74,7 @@ lwres_result_t
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions rely on a struct lwres_lwpacket @@ -202,7 +212,7 @@ buffer *b to resolver packet

    -

    RETURN VALUES

    +

    RETURN VALUES

    Successful calls to lwres_lwpacket_renderheader() and lwres_lwpacket_parseheader() return diff --git a/contrib/bind9/lib/lwres/man/lwres_resutil.3 b/contrib/bind9/lib/lwres/man/lwres_resutil.3 index 5d4cfc0..907706c 100644 --- a/contrib/bind9/lib/lwres/man/lwres_resutil.3 +++ b/contrib/bind9/lib/lwres/man/lwres_resutil.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_resutil.3,v 1.14.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_resutil.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_resutil +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_RESUTIL" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,13 +36,13 @@ lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr #include .fi .HP 34 -\fBlwres_result_t\ \fBlwres_string_parse\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBchar\ **c\fR\fB, \fR\fBlwres_uint16_t\ *len\fR\fB);\fR +.BI "lwres_result_t lwres_string_parse(lwres_buffer_t\ *b, char\ **c, lwres_uint16_t\ *len);" .HP 32 -\fBlwres_result_t\ \fBlwres_addr_parse\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_addr_t\ *addr\fR\fB);\fR +.BI "lwres_result_t lwres_addr_parse(lwres_buffer_t\ *b, lwres_addr_t\ *addr);" .HP 36 -\fBlwres_result_t\ \fBlwres_getaddrsbyname\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBconst\ char\ *name\fR\fB, \fR\fBlwres_uint32_t\ addrtypes\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_getaddrsbyname(lwres_context_t\ *ctx, const\ char\ *name, lwres_uint32_t\ addrtypes, lwres_gabnresponse_t\ **structp);" .HP 35 -\fBlwres_result_t\ \fBlwres_getnamebyaddr\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_uint32_t\ addrtype\fR\fB, \fR\fBlwres_uint16_t\ addrlen\fR\fB, \fR\fBconst\ unsigned\ char\ *addr\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_getnamebyaddr(lwres_context_t\ *ctx, lwres_uint32_t\ addrtype, lwres_uint16_t\ addrlen, const\ unsigned\ char\ *addr, lwres_gnbaresponse_t\ **structp);" .SH "DESCRIPTION" .PP \fBlwres_string_parse()\fR @@ -71,6 +74,7 @@ use the \fBlwres_gnbaresponse_t\fR structure defined below: .sp +.RS 3n .nf typedef struct { lwres_uint32_t flags; @@ -85,6 +89,7 @@ typedef struct { size_t baselen; } lwres_gabnresponse_t; .fi +.RE .sp The contents of this structure are not manipulated directly but they are controlled through the \fBlwres_gabn\fR(3 ) @@ -158,3 +163,5 @@ if the buffers used for sending queries and receiving replies are too small. .PP \fBlwres_buffer\fR(3), \fBlwres_gabn\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_resutil.html b/contrib/bind9/lib/lwres/man/lwres_resutil.html index 4cee0c7..a9bc1ee 100644 --- a/contrib/bind9/lib/lwres/man/lwres_resutil.html +++ b/contrib/bind9/lib/lwres/man/lwres_resutil.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_resutil - +

    -
    +

    Name

    lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

    @@ -47,6 +47,11 @@ lwres_result_t     +, + + +  +  ); @@ -62,6 +67,11 @@ lwres_result_t     +, + + +  +  ); @@ -87,6 +97,11 @@ lwres_result_t     +, + + +  +  ); @@ -117,6 +132,11 @@ lwres_result_t     +, + + +  +  ); @@ -124,7 +144,7 @@ lwres_result_t
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_string_parse() retrieves a DNS-encoded string starting the current pointer of lightweight resolver buffer @@ -200,7 +220,7 @@ is made available through *structp.

    -

    RETURN VALUES

    +

    RETURN VALUES

    Successful calls to lwres_string_parse() @@ -244,7 +264,7 @@ small.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_buffer(3), diff --git a/contrib/bind9/libtool.m4 b/contrib/bind9/libtool.m4 index c3b71e8..551ffd0 100644 --- a/contrib/bind9/libtool.m4 +++ b/contrib/bind9/libtool.m4 @@ -2557,7 +2557,7 @@ AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_SYS_LIB_STRIP AC_LIBTOOL_DLOPEN_SELF($1) -# Report which librarie types wil actually be built +# Report which libraries types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) diff --git a/contrib/bind9/ltmain.sh b/contrib/bind9/ltmain.sh index a6453bb..e032aff 100644 --- a/contrib/bind9/ltmain.sh +++ b/contrib/bind9/ltmain.sh @@ -1488,9 +1488,17 @@ EOF ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe) - case "$archive_cmds" in - *"\$LD"*) ;; - *) deplibs="$deplibs $arg";; + case $host in + *-*-freebsd*) + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + ;; + *) + case "$archive_cmds" in + *"\$LD"*) ;; + *) deplibs="$deplibs $arg";; + esac + ;; esac continue ;; diff --git a/contrib/bind9/make/rules.in b/contrib/bind9/make/rules.in index 6b83bce..39e82ce 100644 --- a/contrib/bind9/make/rules.in +++ b/contrib/bind9/make/rules.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: rules.in,v 1.40.2.5.4.8 2005/10/28 01:53:44 marka Exp $ +# $Id: rules.in,v 1.40.2.5.4.10 2006/01/06 00:01:42 marka Exp $ ### ### Common Makefile rules for BIND 9. @@ -101,6 +101,12 @@ STD_CINCLUDES = @STD_CINCLUDES@ STD_CDEFINES = @STD_CDEFINES@ STD_CWARNINGS = @STD_CWARNINGS@ +BUILD_CC = @BUILD_CC@ +BUILD_CFLAGS = @BUILD_CFLAGS@ +BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ +BUILD_LDFAGS = @BUILD_LDFAGS@ +BUILD_LIBS = @BUILD_LIBS@ + .SUFFIXES: .SUFFIXES: .c .@O@ diff --git a/contrib/bind9/version b/contrib/bind9/version index a9b6ee5..a183b00 100644 --- a/contrib/bind9/version +++ b/contrib/bind9/version @@ -1,10 +1,10 @@ -# $Id: version,v 1.26.2.17.2.21.4.2 2006/10/04 07:00:13 marka Exp $ +# $Id: version,v 1.26.2.17.2.26 2006/11/28 00:52:38 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. # MAJORVER=9 MINORVER=3 -PATCHVER=2 -RELEASETYPE=-P -RELEASEVER=2 +PATCHVER=3 +RELEASETYPE= +RELEASEVER= -- cgit v1.1