diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2008-12-23 18:35:21 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2008-12-23 18:35:21 +0000 |
| commit | 2fabdf5789e562f51310270bef3cb863c0dc920b (patch) | |
| tree | d25d756be8550df073eb3ed4e5b39831380291b5 /bin | |
| parent | e086bf114fd88cb7f882d66afe4492fe5659bcf2 (diff) | |
| download | src-2fabdf5789e562f51310270bef3cb863c0dc920b.tar.gz src-2fabdf5789e562f51310270bef3cb863c0dc920b.zip | |
Vendor import of BIND 9.4.3vendor/bind9/9.4.3
Notes
Notes:
svn path=/vendor/bind9/dist/; revision=186448
svn path=/vendor/bind9/9.4.3/; revision=186449; tag=vendor/bind9/9.4.3
Diffstat (limited to 'bin')
52 files changed, 1015 insertions, 686 deletions
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 1f5f1cdc985b..2136a63a7588 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.c,v 1.10.18.18 2007/09/13 05:04:01 each Exp $ */ +/* $Id: check-tool.c,v 1.10.18.20 2008/10/24 01:43:17 tbox Exp $ */ /*! \file */ @@ -46,6 +46,14 @@ #include <isccfg/log.h> +#ifndef CHECK_SIBLING +#define CHECK_SIBLING 1 +#endif + +#ifndef CHECK_LOCAL +#define CHECK_LOCAL 1 +#endif + #ifdef HAVE_ADDRINFO #ifdef HAVE_GETADDRINFO #ifdef HAVE_GAISTRERROR @@ -59,20 +67,29 @@ result = (r); \ if (result != ISC_R_SUCCESS) \ goto cleanup; \ - } while (0) + } while (0) static const char *dbtype[] = { "rbt" }; int debug = 0; isc_boolean_t nomerge = ISC_TRUE; +#if CHECK_LOCAL isc_boolean_t docheckmx = ISC_TRUE; isc_boolean_t dochecksrv = ISC_TRUE; isc_boolean_t docheckns = ISC_TRUE; -unsigned int zone_options = DNS_ZONEOPT_CHECKNS | +#else +isc_boolean_t docheckmx = ISC_FALSE; +isc_boolean_t dochecksrv = ISC_FALSE; +isc_boolean_t docheckns = ISC_FALSE; +#endif +unsigned int zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_CHECKMX | DNS_ZONEOPT_MANYERRORS | DNS_ZONEOPT_CHECKNAMES | DNS_ZONEOPT_CHECKINTEGRITY | +#if CHECK_SIBLING + DNS_ZONEOPT_CHECKSIBLING | +#endif DNS_ZONEOPT_CHECKWILDCARD | DNS_ZONEOPT_WARNMXCNAME | DNS_ZONEOPT_WARNSRVCNAME; @@ -125,7 +142,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner, if (dns_name_countlabels(name) > 1U) strcat(namebuf, "."); dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); - + result = getaddrinfo(namebuf, NULL, &hints, &ai); dns_name_format(name, namebuf, sizeof(namebuf) - 1); switch (result) { @@ -297,7 +314,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) { if (dns_name_countlabels(name) > 1U) strcat(namebuf, "."); dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); - + result = getaddrinfo(namebuf, NULL, &hints, &ai); dns_name_format(name, namebuf, sizeof(namebuf) - 1); switch (result) { @@ -370,7 +387,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) { if (dns_name_countlabels(name) > 1U) strcat(namebuf, "."); dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); - + result = getaddrinfo(namebuf, NULL, &hints, &ai); dns_name_format(name, namebuf, sizeof(namebuf) - 1); switch (result) { diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index cc63153e941a..96efd794661c 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */ +/* $Id: named-checkconf.c,v 1.28.18.16 2007/11/26 23:46:18 tbox Exp $ */ /*! \file */ @@ -224,7 +224,8 @@ configure_zone(const char *vclass, const char *view, zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; else zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY; - } + } else + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; obj = NULL; if (get_maps(maps, "check-mx-cname", &obj)) { diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c index 08e958eae49c..f16053bcbb11 100644 --- a/bin/check/named-checkzone.c +++ b/bin/check/named-checkzone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkzone.c,v 1.29.18.19 2007/08/28 07:19:55 tbox Exp $ */ +/* $Id: named-checkzone.c,v 1.29.18.21 2008/10/24 01:43:17 tbox Exp $ */ /*! \file */ @@ -77,8 +77,9 @@ usage(void) { "[-f inputformat] [-F outputformat] " "[-t directory] [-w directory] [-k (ignore|warn|fail)] " "[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] " - "[-i (full|local|none)] [-M (ignore|warn|fail)] " - "[-S (ignore|warn|fail)] [-W (ignore|warn)] " + "[-i (full|full-sibling|local|local-sibling|none)] " + "[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] " + "[-W (ignore|warn)] " "zonename filename\n", prog_name); exit(1); } @@ -227,7 +228,7 @@ main(int argc, char **argv) { zone_options &= ~DNS_ZONEOPT_FATALNS; } else if (ARGCMP("fail")) { zone_options |= DNS_ZONEOPT_CHECKNS| - DNS_ZONEOPT_FATALNS; + DNS_ZONEOPT_FATALNS; } else { fprintf(stderr, "invalid argument to -n: %s\n", isc_commandline_argument); diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index bf532807dcbe..c9df21eaf4b0 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.23.18.22 2007/05/16 06:11:27 marka Exp $ +.\" $Id: dig.1,v 1.23.18.24 2008/10/14 01:30:11 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 @@ -59,7 +59,9 @@ Unless it is told to query a specific name server, will try each of the servers listed in \fI/etc/resolv.conf\fR. .PP -When no command line arguments or options are given, will perform an NS query for "." (the root). +When no command line arguments or options are given, +\fBdig\fR +will perform an NS query for "." (the root). .PP It is possible to set per\-user defaults for \fBdig\fR @@ -70,9 +72,9 @@ The IN and CH class names overlap with the IN and CH top level domains names. Ei \fB\-t\fR and \fB\-c\fR -options to specify the type and class or use the +options to specify the type and class, use the \fB\-q\fR -the specify the domain name or use "IN." and "CH." when looking up these top level domains. +the specify the domain name, or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of @@ -139,6 +141,10 @@ operate in batch mode by reading a list of lookup requests to process from the f \fBdig\fR using the command\-line interface. .PP +The +\fB\-m\fR +option enables memory usage debugging. +.PP If a non\-standard port number is to be queried, the \fB\-p\fR option is used. @@ -551,7 +557,7 @@ RFC1035. .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index ba5d87b24e98..5cde9c430e60 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.186.18.29 2007/08/28 07:19:55 tbox Exp $ */ +/* $Id: dig.c,v 1.186.18.33 2008/10/15 02:19:18 marka Exp $ */ /*! \file */ @@ -50,7 +50,7 @@ #define ADD_STRING(b, s) { \ if (strlen(s) >= isc_buffer_availablelength(b)) \ - return (ISC_R_NOSPACE); \ + return (ISC_R_NOSPACE); \ else \ isc_buffer_putstr(b, s); \ } @@ -71,7 +71,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE, multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE; /*% opcode text */ -static const char *opcodetext[] = { +static const char * const opcodetext[] = { "QUERY", "IQUERY", "STATUS", @@ -91,7 +91,7 @@ static const char *opcodetext[] = { }; /*% return code text */ -static const char *rcodetext[] = { +static const char * const rcodetext[] = { "NOERROR", "FORMERR", "SERVFAIL", @@ -144,8 +144,8 @@ help(void) { " q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n" " (Use ixfr=version for type ixfr)\n" " q-opt is one of:\n" -" -x dot-notation (shortcut for in-addr lookups)\n" -" -i (IP6.INT reverse IPv6 lookups)\n" +" -x dot-notation (shortcut for reverse lookups)\n" +" -i (use IP6.INT for IPv6 reverse lookups)\n" " -f filename (batch mode)\n" " -b address[#port] (bind to source address/port)\n" " -p port (specify port number)\n" @@ -156,6 +156,7 @@ help(void) { " -y [hmac:]name:key (specify named base64 tsig key)\n" " -4 (use IPv4 query transport only)\n" " -6 (use IPv6 query transport only)\n" +" -m (enable memory usage debugging)\n" " d-opt is of the form +keyword[=value], where keyword is:\n" " +[no]vc (TCP mode)\n" " +[no]tcp (TCP mode, alternate syntax)\n" @@ -383,7 +384,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -392,7 +393,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, if (style != NULL) dns_master_styledestroy(&style, mctx); - + return(result); } #endif @@ -429,7 +430,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -638,7 +639,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { strncat(lookup->cmdline, append, remaining); } if (first) { - snprintf(append, sizeof(append), + snprintf(append, sizeof(append), ";; global options: %s %s\n", short_form ? "short_form" : "", printcmd ? "printcmd" : ""); @@ -716,7 +717,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK2("aaonly", "aaflag"); lookup->aaonly = state; break; - case 'd': + case 'd': switch (cmd[2]) { case 'd': /* additional */ FULLCHECK("additional"); @@ -801,13 +802,13 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK("defname"); usesearch = state; break; - case 'n': /* dnssec */ + case 'n': /* dnssec */ FULLCHECK("dnssec"); if (state && lookup->edns == -1) lookup->edns = 0; lookup->dnssec = state; break; - case 'o': /* domain */ + case 'o': /* domain */ FULLCHECK("domain"); if (value == NULL) goto need_value; @@ -881,7 +882,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; } break; - case 'q': + case 'q': switch (cmd[1]) { case 'r': /* qr */ FULLCHECK("qr"); @@ -957,11 +958,11 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; #ifdef DIG_SIGCHASE case 'i': /* sigchase */ - FULLCHECK("sigchase"); + FULLCHECK("sigchase"); lookup->sigchase = state; if (lookup->sigchase) lookup->dnssec = ISC_TRUE; - break; + break; #endif case 't': /* stats */ FULLCHECK("stats"); @@ -989,7 +990,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, timeout = 1; break; #if DIG_SIGCHASE_TD - case 'o': /* topdown */ + case 'o': /* topdown */ FULLCHECK("topdown"); lookup->do_topdown = state; break; @@ -1024,7 +1025,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, #ifdef DIG_SIGCHASE case 'u': /* trusted-key */ FULLCHECK("trusted-key"); - if (value == NULL) + if (value == NULL) goto need_value; if (!state) goto invalid_option; @@ -1158,7 +1159,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, hash = strchr(value, '#'); if (hash != NULL) { srcport = (in_port_t) - parse_uint(hash + 1, + parse_uint(hash + 1, "port number", MAXPORT); *hash = '\0'; } else @@ -1211,7 +1212,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup) = clone_lookup(default_lookup, ISC_TRUE); *need_clone = ISC_TRUE; - strncpy((*lookup)->textname, value, + strncpy((*lookup)->textname, value, sizeof((*lookup)->textname)); (*lookup)->textname[sizeof((*lookup)->textname)-1]=0; (*lookup)->trace_root = ISC_TF((*lookup)->trace || @@ -1250,7 +1251,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->rdtypeset = ISC_TRUE; (*lookup)->ixfr_serial = parse_uint(&value[5], "serial number", - MAXSERIAL); + MAXSERIAL); (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; } else { @@ -1276,7 +1277,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, if (ptr2 == NULL) usage(); ptr3 = next_token(&value,":"); /* secret or NULL */ - if (ptr3 != NULL) { + if (ptr3 != NULL) { if (strcasecmp(ptr, "hmac-md5") == 0) { hmacname = DNS_TSIG_HMACMD5_NAME; digestbits = 0; @@ -1425,7 +1426,7 @@ getaddresses(dig_lookup_t *lookup, const char *host) { char tmp[ISC_NETADDR_FORMATSIZE]; result = bind9_getaddresses(host, 0, sockaddrs, - DIG_MAX_ADDRESSES, &count); + DIG_MAX_ADDRESSES, &count); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -1487,7 +1488,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (homedir != NULL) { unsigned int n; n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc", - homedir); + homedir); if (n < sizeof(rcfile)) batchfp = fopen(rcfile, "r"); } @@ -1567,7 +1568,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, tr.base = rv[0]; tr.length = strlen(rv[0]); result = dns_rdatatype_fromtext(&rdtype, - (isc_textregion_t *)&tr); + (isc_textregion_t *)&tr); if (result == ISC_R_SUCCESS && rdtype == dns_rdatatype_ixfr) { result = DNS_R_UNKNOWN; @@ -1588,8 +1589,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->rdtypeset = ISC_TRUE; lookup->ixfr_serial = parse_uint(&rv[0][5], - "serial number", - MAXSERIAL); + "serial number", + MAXSERIAL); lookup->section_question = plusquest; lookup->comments = pluscomm; @@ -1624,7 +1625,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup = clone_lookup(default_lookup, ISC_TRUE); need_clone = ISC_TRUE; - strncpy(lookup->textname, rv[0], + strncpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; lookup->trace_root = ISC_TF(lookup->trace || diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 6a28b8851a07..92be18050cf0 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.17.18.21 2007/08/28 07:19:55 tbox Exp $ --> +<!-- $Id: dig.docbook,v 1.17.18.24 2008/10/14 00:54:40 marka Exp $ --> <refentry id="man.dig"> <refentryinfo> @@ -42,6 +42,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -61,6 +62,7 @@ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg> <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg> + <arg><option>-m</option></arg> <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> @@ -118,8 +120,8 @@ </para> <para> - When no command line arguments or options are given, will perform an - NS query for "." (the root). + When no command line arguments or options are given, + <command>dig</command> will perform an NS query for "." (the root). </para> <para> @@ -132,8 +134,8 @@ <para> The IN and CH class names overlap with the IN and CH top level domains names. Either use the <option>-t</option> and - <option>-c</option> options to specify the type and class or - use the <option>-q</option> the specify the domain name or + <option>-c</option> options to specify the type and class, + use the <option>-q</option> the specify the domain name, or use "IN." and "CH." when looking up these top level domains. </para> @@ -231,6 +233,12 @@ </para> <para> + The <option>-m</option> option enables memory usage debugging. + <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD + documented in include/isc/mem.h --> + </para> + + <para> If a non-standard port number is to be queried, the <option>-p</option> option is used. <parameter>port#</parameter> is the port number that <command>dig</command> will send its diff --git a/bin/dig/dig.html b/bin/dig/dig.html index afdaa4f92e97..a8c459447f12 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.13.18.28 2007/05/16 06:11:27 marka Exp $ --> +<!-- $Id: dig.html,v 1.13.18.30 2008/10/14 01:30:11 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,12 +29,12 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> +<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543508"></a><h2>DESCRIPTION</h2> +<a name="id2543515"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -62,8 +62,8 @@ <code class="filename">/etc/resolv.conf</code>. </p> <p> - When no command line arguments or options are given, will perform an - NS query for "." (the root). + When no command line arguments or options are given, + <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root). </p> <p> It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via @@ -74,13 +74,13 @@ <p> The IN and CH class names overlap with the IN and CH top level domains names. Either use the <code class="option">-t</code> and - <code class="option">-c</code> options to specify the type and class or - use the <code class="option">-q</code> the specify the domain name or + <code class="option">-c</code> options to specify the type and class, + use the <code class="option">-q</code> the specify the domain name, or use "IN." and "CH." when looking up these top level domains. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543577"></a><h2>SIMPLE USAGE</h2> +<a name="id2543589"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -126,7 +126,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543668"></a><h2>OPTIONS</h2> +<a name="id2543680"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid @@ -152,6 +152,10 @@ <span><strong class="command">dig</strong></span> using the command-line interface. </p> <p> + The <code class="option">-m</code> option enables memory usage debugging. + + </p> +<p> If a non-standard port number is to be queried, the <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is the port number that <span><strong class="command">dig</strong></span> will send its @@ -226,7 +230,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543939"></a><h2>QUERY OPTIONS</h2> +<a name="id2544028"></a><h2>QUERY OPTIONS</h2> <p><span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -545,7 +549,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2545128"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545149"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -591,7 +595,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545258"></a><h2>IDN SUPPORT</h2> +<a name="id2545211"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -605,14 +609,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545281"></a><h2>FILES</h2> +<a name="id2545234"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545298"></a><h2>SEE ALSO</h2> +<a name="id2545251"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -620,7 +624,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545335"></a><h2>BUGS</h2> +<a name="id2545356"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 9e7e79659a69..8736c0cc75c5 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.259.18.43.10.3 2008/07/23 23:16:43 marka Exp $ */ +/* $Id: dighost.c,v 1.259.18.49 2008/07/23 23:33:02 marka Exp $ */ /*! \file * \note @@ -277,7 +277,7 @@ dns_name_t chase_name; /* the query name */ /* * the current name is the parent name when we follow delegation */ -dns_name_t chase_current_name; +dns_name_t chase_current_name; /* * the child name is used for delegation (NS DS responses in AUTHORITY section) */ @@ -493,6 +493,7 @@ void fatal(const char *format, ...) { va_list args; + fflush(stdout); fprintf(stderr, "%s: ", progname); va_start(args, format); vfprintf(stderr, format, args); @@ -510,6 +511,7 @@ debug(const char *format, ...) { va_list args; if (debugging) { + fflush(stdout); va_start(args, format); vfprintf(stderr, format, args); va_end(args); @@ -616,13 +618,13 @@ set_nameserver(char *opt) { return; result = bind9_getaddresses(opt, 0, sockaddrs, - DIG_MAX_ADDRESSES, &count); + DIG_MAX_ADDRESSES, &count); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", opt, isc_result_totext(result)); flush_server_list(); - + for (i = 0; i < count; i++) { isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); isc_netaddr_format(&netaddr, tmp, sizeof(tmp)); @@ -891,7 +893,7 @@ setup_text_key(void) { result = isc_base64_decodestring(keysecret, &secretbuf); if (result != ISC_R_SUCCESS) goto failure; - + secretsize = isc_buffer_usedlength(&secretbuf); result = dns_name_fromtext(&keyname, namebuf, @@ -1025,7 +1027,7 @@ setup_system(void) { domain = NULL; } } - + if (ndots == -1) { ndots = lwconf->ndots; debug("ndots is %d.", ndots); @@ -1088,7 +1090,7 @@ clear_searchlist(void) { void set_search_domain(char *domain) { dig_searchlist_t *search; - + clear_searchlist(); search = make_searchlist_entry(domain); ISC_LIST_APPEND(search_list, search, link); @@ -1409,7 +1411,7 @@ start_lookup(void) { current_lookup->qrdtype_sigchase = current_lookup->qrdtype; current_lookup->qrdtype = dns_rdatatype_ns; - + current_lookup->rdclass_sigchase = current_lookup->rdclass; current_lookup->rdclass_sigchaseset @@ -1490,7 +1492,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) INSIST(!free_now); debug("following up %s", query->lookup->textname); - + for (result = dns_message_firstname(msg, section); result == ISC_R_SUCCESS; result = dns_message_nextname(msg, section)) { @@ -1545,7 +1547,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) dns_rdataset_current(rdataset, &rdata); query->lookup->nsfound++; - (void)dns_rdata_tostruct(&rdata, &ns, NULL); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); dns_name_format(&ns.name, namestr, sizeof(namestr)); dns_rdata_freestruct(&ns); @@ -1845,7 +1848,7 @@ setup_lookup(dig_lookup_t *lookup) { &lookup->name); dns_message_puttempname(lookup->sendmsg, &lookup->oname); - fatal("'%s' is not in legal name syntax (%s)", + fatal("Origin '%s' is not in legal name syntax (%s)", lookup->origin->origin, isc_result_totext(result)); } @@ -2089,7 +2092,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { for (b = ISC_LIST_HEAD(sevent->bufferlist); b != NULL; - b = ISC_LIST_HEAD(sevent->bufferlist)) + b = ISC_LIST_HEAD(sevent->bufferlist)) ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); query = event->ev_arg; @@ -2169,7 +2172,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) { &l->interval, global_task, connect_timeout, l, &l->timer); check_result(result, "isc_timer_create"); -} +} static void connect_done(isc_task_t *task, isc_event_t *event); @@ -2191,7 +2194,7 @@ send_tcp_connect(dig_query_t *query) { query->waiting_connect = ISC_TRUE; query->lookup->current_query = query; get_address(query->servname, port, &query->sockaddr); - + if (specified_source && (isc_sockaddr_pf(&query->sockaddr) != isc_sockaddr_pf(&bind_address))) { @@ -2663,7 +2666,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, goto next_rdata; /* Now we have an SOA. Work with it. */ debug("got an SOA"); - (void)dns_rdata_tostruct(&rdata, &soa, NULL); + result = dns_rdata_tostruct(&rdata, &soa, NULL); + check_result(result, "dns_rdata_tostruct"); serial = soa.serial; dns_rdata_freestruct(&soa); if (!query->first_soa_rcvd) { @@ -2826,13 +2830,13 @@ recv_done(isc_task_t *task, isc_event_t *event) { char buf2[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t any; - if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) + if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) isc_sockaddr_any(&any); else isc_sockaddr_any6(&any); /* - * We don't expect a match when the packet is + * We don't expect a match when the packet is * sent to 0.0.0.0, :: or to a multicast addresses. * XXXMPA broadcast needs to be handled here as well. */ @@ -2850,7 +2854,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { } } - result = dns_message_peekheader(b, &id, &msgflags); + result = dns_message_peekheader(b, &id, &msgflags); if (result != ISC_R_SUCCESS || l->sendmsg->id != id) { match = ISC_FALSE; if (l->tcp_mode) { @@ -2955,7 +2959,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { return; } if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 && - !l->ignore && !l->tcp_mode) { + !l->ignore && !l->tcp_mode) { printf(";; Truncated, retrying in TCP mode.\n"); n = requeue_lookup(l, ISC_TRUE); n->tcp_mode = ISC_TRUE; @@ -2967,7 +2971,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { check_next_lookup(l); UNLOCK_LOOKUP; return; - } + } if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) || (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse)) { @@ -3093,7 +3097,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (l->trace_root) { /* - * This is the initial NS query. + * This is the initial NS query. */ int n; @@ -3108,7 +3112,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (!do_sigchase) #endif printmessage(query, msg, ISC_TRUE); - } + } #ifdef DIG_SIGCHASE if (do_sigchase) { chase_msg = isc_mem_allocate(mctx, @@ -3127,13 +3131,13 @@ recv_done(isc_task_t *task, isc_event_t *event) { isc_buffer_usedregion(b, &r); result = isc_buffer_allocate(mctx, &buf, r.length); - + check_result(result, "isc_buffer_allocate"); result = isc_buffer_copyregion(buf, &r); check_result(result, "isc_buffer_copyregion"); - + result = dns_message_parse(msg_temp, buf, 0); - + isc_buffer_free(&buf); chase_msg->msg = msg_temp; @@ -3149,9 +3153,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { } #endif } - + #ifdef DIG_SIGCHASE - if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) { + if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) { sigchase(msg_temp); } #endif @@ -3308,7 +3312,7 @@ cancel_all(void) { */ void destroy_libs(void) { -#ifdef DIG_SIGCHASE +#ifdef DIG_SIGCHASE void * ptr; dig_message_t *chase_msg; #endif @@ -3348,8 +3352,8 @@ destroy_libs(void) { clear_searchlist(); #ifdef WITH_IDN - result = dns_name_settotextfilter(NULL); - check_result(result, "dns_name_settotextfilter"); + result = dns_name_settotextfilter(NULL); + check_result(result, "dns_name_settotextfilter"); #endif dns_name_destroy(); @@ -3421,7 +3425,7 @@ destroy_libs(void) { #endif debug("Destroy memory"); - + #endif if (memdebugging != 0) isc_mem_stats(mctx, stderr); @@ -3518,7 +3522,7 @@ append_textname(char *name, const char *origin, size_t namesize) { (void)strcpy(name + namelen, origin); return idn_success; } - + static void idn_check_result(idn_result_t r, const char *msg) { if (r != idn_success) { @@ -3554,14 +3558,14 @@ void dump_database_section(dns_message_t *msg, int section) { dns_name_t *msg_name=NULL; - + dns_rdataset_t *rdataset; do { dns_message_currentname(msg, section, &msg_name); - + for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL; - rdataset = ISC_LIST_NEXT(rdataset, link)) { + rdataset = ISC_LIST_NEXT(rdataset, link)) { dns_name_print(msg_name, stdout); printf("\n"); print_rdataset(msg_name, rdataset, mctx); @@ -3578,15 +3582,15 @@ dump_database(void) { for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL; msg = ISC_LIST_NEXT(msg, link)) { if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ANSWER); - + if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_AUTHORITY); - + if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL); } } @@ -3616,7 +3620,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { if ((siginfo.covered == covers) || (covers == dns_rdatatype_any)) { dns_rdata_reset(&sigrdata); - dns_rdata_freestruct(&siginfo); + dns_rdata_freestruct(&siginfo); return (rdataset); } dns_rdata_reset(&sigrdata); @@ -3654,7 +3658,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { dns_rdataset_t *rdataset = NULL; dig_message_t * msg; - + for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL; msg = ISC_LIST_NEXT(msg, link)) { if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER) @@ -3747,7 +3751,7 @@ insert_trustedkey(dst_key_t * key) return; tk_list.key[tk_list.nb_tk++] = key; - return; + return; } void @@ -3770,7 +3774,7 @@ char alphnum[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; isc_result_t -removetmpkey(isc_mem_t *mctx, const char *file) +removetmpkey(isc_mem_t *mctx, const char *file) { char *tempnamekey = NULL; int tempnamekeylen; @@ -3783,7 +3787,7 @@ removetmpkey(isc_mem_t *mctx, const char *file) return (ISC_R_NOMEMORY); memset(tempnamekey, 0, tempnamekeylen); - + strcat(tempnamekey, file); strcat(tempnamekey,".key"); isc_file_remove(tempnamekey); @@ -3823,24 +3827,24 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { isc_mem_free(mctx, tempname); return (ISC_R_FAILURE); } - + x = cp--; while (cp >= tempname && *cp == 'X') { isc_random_get(&which); *cp = alphnum[which % (sizeof(alphnum) - 1)]; x = cp--; } - + tempnamekeylen = tempnamelen+5; tempnamekey = isc_mem_allocate(mctx, tempnamekeylen); if (tempnamekey == NULL) return (ISC_R_NOMEMORY); - + memset(tempnamekey, 0, tempnamekeylen); strncpy(tempnamekey, tempname, tempnamelen); strcat(tempnamekey ,".key"); - + if (isc_file_exists(tempnamekey)) { isc_mem_free(mctx, tempnamekey); isc_mem_free(mctx, tempname); @@ -3861,7 +3865,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { cleanup: isc_mem_free(mctx, tempname); - + return (result); } @@ -3875,7 +3879,7 @@ get_trusted_key(isc_mem_t *mctx) char buf[1500]; FILE *fp, *fptemp; dst_key_t *key = NULL; - + result = isc_file_exists(trustedkey); if (result != ISC_TRUE) { result = isc_file_exists("/etc/trusted-key.key"); @@ -3953,11 +3957,11 @@ nameFromString(const char *str, dns_name_t *p_ret) { result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret); check_result(result, "nameFromString"); -} +} #if DIG_SIGCHASE_TD -isc_result_t +isc_result_t prepare_lookup(dns_name_t *name) { isc_result_t result; @@ -3975,7 +3979,7 @@ prepare_lookup(dns_name_t *name) lookup->rdtype = lookup->rdtype_sigchase; lookup->rdtypeset = ISC_TRUE; lookup->qrdtype = lookup->qrdtype_sigchase; - + s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", @@ -4008,12 +4012,11 @@ prepare_lookup(dns_name_t *name) dns_rdataset_current(chase_nsrdataset, &rdata); - (void)dns_rdata_tostruct(&rdata, &ns, NULL); - - - + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); + #ifdef __FOLLOW_GLUE__ - + result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_aaaa, dns_rdatatype_any, &true); @@ -4037,12 +4040,12 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } } - + rdataset = NULL; result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a, dns_rdatatype_any, &true); @@ -4064,28 +4067,28 @@ prepare_lookup(dns_name_t *name) isc_buffer_free(&b); dns_rdata_reset(&a); printf("ns name: %s\n", namestr); - + srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } } #else - + dns_name_format(&ns.name, namestr, sizeof(namestr)); printf("ns name: "); dns_name_print(&ns.name, stdout); printf("\n"); srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); -#endif +#endif dns_rdata_freestruct(&ns); dns_rdata_reset(&rdata); - + } ISC_LIST_APPEND(lookup_list, lookup, link); @@ -4139,10 +4142,10 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) do { dns_rdataset_current(sigrdataset, &sigrdata); - + result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL); check_result(result, "sigrdata tostruct siginfo"); - + if (dns_name_compare(&siginfo.signer, zone_name) == 0) { dns_rdata_freestruct(&siginfo); dns_rdata_reset(&sigrdata); @@ -4150,7 +4153,7 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) } dns_rdata_freestruct(&siginfo); - + } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&sigrdata); @@ -4180,7 +4183,7 @@ initialization(dns_name_t *name) return (ISC_R_SUCCESS); } -#endif +#endif void print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) @@ -4204,10 +4207,10 @@ print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) } -void +void dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) { - isc_result_t result; - + isc_result_t result; + if (dns_name_dynamic(target)) free_name(target, mctx); result = dns_name_dup(source, mctx, target); @@ -4226,7 +4229,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) { * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key * and the RRset is valid * return ISC_R_NOTFOUND if not contains trusted key - or if the RRset isn't valid + or if the RRset isn't valid * return ISC_R_FAILURE if problem * */ @@ -4251,17 +4254,17 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(rdataset, &rdata); INSIST(rdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); - + for (i = 0; i < tk_list.nb_tk; i++) { if (dst_key_compare(tk_list.key[i], dnsseckey) == ISC_TRUE) { dns_rdata_reset(&rdata); - + printf(";; Ok, find a Trusted Key in the " "DNSKEY RRset: %d\n", dst_key_id(dnsseckey)); @@ -4276,7 +4279,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, } } } - + dns_rdata_reset(&rdata); if (dnsseckey != NULL) dst_key_free(&dnsseckey); @@ -4306,7 +4309,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4338,22 +4341,22 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, result = dns_rdataset_first(sigrdataset); check_result(result, "empty RRSIG dataset"); dns_rdata_init(&sigrdata); - + do { dns_rdataset_current(sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL); check_result(result, "sigrdata tostruct siginfo"); - + /* * Test if the id of the DNSKEY is * the id of the DNSKEY signer's */ if (siginfo.keyid == dst_key_id(dnsseckey)) { - + result = dns_rdataset_first(rdataset); check_result(result, "empty DS dataset"); - + result = dns_dnssec_verify(name, rdataset, dnsseckey, ISC_FALSE, mctx, &sigrdata); @@ -4370,7 +4373,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, } } dns_rdata_freestruct(&siginfo); - + } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&sigrdata); @@ -4396,18 +4399,18 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_init(&dsrdata); do { dns_rdataset_current(dsrdataset, &dsrdata); - + result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL); check_result(result, "dns_rdata_tostruct for DS"); - + result = dns_rdataset_first(keyrdataset); check_result(result, "empty KEY dataset"); - dns_rdata_init(&keyrdata); + dns_rdata_init(&keyrdata); do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4422,20 +4425,20 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, result = dns_ds_buildrdata(name, &keyrdata, dsinfo.digest_type, dsbuf, &newdsrdata); - dns_rdata_freestruct(&dsinfo); + dns_rdata_freestruct(&dsinfo); if (result != ISC_R_SUCCESS) { dns_rdata_reset(&keyrdata); dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - dns_rdata_freestruct(&dsinfo); + dns_rdata_freestruct(&dsinfo); printf("Oops: impossible to build" " new DS rdata\n"); return (result); } - - + + if (dns_rdata_compare(&dsrdata, &newdsrdata) == 0) { printf(";; OK a DS valids a DNSKEY" @@ -4443,7 +4446,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, printf(";; Now verify that this" " DNSKEY validates the " "DNSKEY RRset\n"); - + result = sigchase_verify_sig_key(name, keyrdataset, dnsseckey, @@ -4454,7 +4457,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - + return (result); } } else { @@ -4468,12 +4471,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dnsseckey = NULL; } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&keyrdata); - + } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS); #if 0 dns_rdata_reset(&dsrdata); WARNING #endif - + return (ISC_R_NOTFOUND); } @@ -4486,13 +4489,13 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, * ISC_R_SUCCESS: if we found the rrset * ISC_R_NOTFOUND: we do not found the rrset in cache * and we do a query on the net - * ISC_R_FAILURE: rrset not found + * ISC_R_FAILURE: rrset not found */ isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, isc_boolean_t *lookedup) -{ +{ isc_boolean_t tmplookedup; INSIST(rdataset != NULL); @@ -4567,7 +4570,7 @@ sigchase_td(dns_message_t *msg) } } - + if (have_answer) { chase_rdataset = chase_scanname_section(msg, &chase_name, @@ -4627,7 +4630,7 @@ sigchase_td(dns_message_t *msg) chase_dsrdataset, mctx); } - + if (result != ISC_R_SUCCESS) { printf("\n;; chain of trust can't be validated:" " FAILED\n\n"); @@ -4679,7 +4682,7 @@ sigchase_td(dns_message_t *msg) chase_sigrdataset = NULL; have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; - + dns_name_init(&tmp_name, NULL); result = child_of_zone(&chase_name, &chase_current_name, &tmp_name); @@ -4758,10 +4761,10 @@ sigchase_td(dns_message_t *msg) } chase_keyrdataset = NULL; chase_sigkeyrdataset = NULL; - - + + prepare_lookup(&chase_authority_name); - + have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; delegation_follow = ISC_TRUE; @@ -4855,7 +4858,7 @@ sigchase_td(dns_message_t *msg) } } -#endif +#endif #if DIG_SIGCHASE_BU @@ -4872,7 +4875,7 @@ getneededrr(dns_message_t *msg) if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER)) != ISC_R_SUCCESS) { printf(";; NO ANSWERS: %s\n", isc_result_totext(result)); - + if (chase_name.ndata == NULL) return (ISC_R_ADDRNOTAVAIL); } else { @@ -4915,7 +4918,7 @@ getneededrr(dns_message_t *msg) } INSIST(chase_sigrdataset != NULL); - + /* first find the DNSKEY name */ result = dns_rdataset_first(chase_sigrdataset); check_result(result, "empty RRSIG dataset"); @@ -4926,7 +4929,7 @@ getneededrr(dns_message_t *msg) dup_name(&siginfo.signer, &chase_signame, mctx); dns_rdata_freestruct(&siginfo); dns_rdata_reset(&sigrdata); - + /* Do we have a key? */ if (chase_keyrdataset == NULL) { result = advanced_rrsearch(&chase_keyrdataset, @@ -4995,7 +4998,7 @@ getneededrr(dns_message_t *msg) print_rdataset(&chase_signame, chase_dsrdataset, mctx); } } - + if (chase_dsrdataset != NULL) { /* * if there is no RRSIG of DS, @@ -5054,7 +5057,7 @@ sigchase_bu(dns_message_t *msg) dns_name_init(&query_name, NULL); dns_name_init(&rdata_name, NULL); nameFromString(current_lookup->textname, &query_name); - + result = prove_nx(msg, &query_name, current_lookup->rdclass, current_lookup->rdtype, &rdata_name, &rdataset, &sigrdataset); @@ -5076,7 +5079,7 @@ sigchase_bu(dns_message_t *msg) } printf(";; An NSEC prove the non-existence of a answers," " Now we want validate this NSEC\n"); - + dup_name(&rdata_name, &chase_name, mctx); free_name(&rdata_name, mctx); chase_rdataset = rdataset; @@ -5157,7 +5160,7 @@ sigchase_bu(dns_message_t *msg) chase_sigdsrdataset = NULL; chase_siglookedup = chase_keylookedup = ISC_FALSE; chase_dslookedup = chase_sigdslookedup = ISC_FALSE; - + printf(";; Now, we want to validate the DS : recursive call\n"); sigchase(msg); return; @@ -5250,7 +5253,7 @@ prove_nx_domain(dns_message_t *msg, " validate the non-existence : FAILED\n"); return (ISC_R_FAILURE); } - + do { nsecname = NULL; dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname); @@ -5328,7 +5331,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset, ret = dns_rdataset_first(nsecset); check_result(ret,"dns_rdataset_first"); - + dns_rdataset_current(nsecset, &nsec); ret = dns_nsec_typepresent(&nsec, type); @@ -5396,6 +5399,6 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class, rdataset, sigrdataset); return (ret); } - /* Never get here */ + /* Never get here */ } #endif diff --git a/bin/dig/host.1 b/bin/dig/host.1 index ee537bd47fa2..9993c0eac8da 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.14.18.14 2007/05/09 03:33:12 marka Exp $ +.\" $Id: host.1,v 1.14.18.16 2008/04/06 01:31:04 tbox Exp $ .\" .hy 0 .ad l @@ -154,7 +154,7 @@ option is used to select the query type. \fItype\fR can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR -automatically selects an appropriate query type. By default it looks for A records, but if the +automatically selects an appropriate query type. By default it looks for A, AAAA, and MX records, but if the \fB\-C\fR option was given, queries will be made for SOA records, and if \fIname\fR @@ -213,7 +213,7 @@ runs. \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index 8ab767902a5c..2c0ad3d7962f 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.5.18.11 2007/08/28 07:19:55 tbox Exp $ --> +<!-- $Id: host.docbook,v 1.5.18.13 2008/04/05 23:46:04 tbox Exp $ --> <refentry id="man.host"> <refentryinfo> @@ -41,6 +41,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -199,7 +200,7 @@ NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <command>host</command> automatically selects an appropriate query - type. By default it looks for A records, but if the + type. By default it looks for A, AAAA, and MX records, but if the <option>-C</option> option was given, queries will be made for SOA records, and if <parameter>name</parameter> is a dotted-decimal IPv4 diff --git a/bin/dig/host.html b/bin/dig/host.html index adc9883a66fc..88cd830f033b 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.7.18.20 2007/05/09 03:33:12 marka Exp $ --> +<!-- $Id: host.html,v 1.7.18.22 2008/04/06 01:31:04 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543428"></a><h2>DESCRIPTION</h2> +<a name="id2543431"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -148,7 +148,7 @@ NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <span><strong class="command">host</strong></span> automatically selects an appropriate query - type. By default it looks for A records, but if the + type. By default it looks for A, AAAA, and MX records, but if the <code class="option">-C</code> option was given, queries will be made for SOA records, and if <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4 @@ -184,7 +184,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543725"></a><h2>IDN SUPPORT</h2> +<a name="id2543797"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">host</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -198,12 +198,12 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543748"></a><h2>FILES</h2> +<a name="id2543819"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543828"></a><h2>SEE ALSO</h2> +<a name="id2543831"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 542190b9b665..e667ba9b08e6 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.23.18.14 2007/05/09 03:33:12 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.23.18.16 2008/10/16 01:29:40 tbox Exp $ .\" .hy 0 .ad l @@ -187,14 +187,14 @@ and .PP \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535, +RFC 2539, RFC 2845, -RFC 2539. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 8e81cb4f6ee6..ec7b69be2f42 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.7.18.11 2007/08/28 07:20:00 tbox Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.7.18.13 2008/10/15 23:46:06 tbox Exp $ --> <refentry id="man.dnssec-keygen"> <refentryinfo> <date>June 30, 2000</date> @@ -40,6 +40,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -340,9 +341,9 @@ <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>, - <citetitle>RFC 2535</citetitle>, + <citetitle>RFC 2539</citetitle>, <citetitle>RFC 2845</citetitle>, - <citetitle>RFC 2539</citetitle>. + <citetitle>RFC 4033</citetitle>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 7ad747f2b031..e0b0bfe059aa 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.9.18.20 2007/05/09 03:33:12 marka Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.9.18.22 2008/10/16 01:29:40 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543474"></a><h2>DESCRIPTION</h2> +<a name="id2543477"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -40,7 +40,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543485"></a><h2>OPTIONS</h2> +<a name="id2543489"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -148,7 +148,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543820"></a><h2>GENERATED KEYS</h2> +<a name="id2543824"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, @@ -194,7 +194,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543902"></a><h2>EXAMPLE</h2> +<a name="id2543906"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -215,16 +215,16 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543946"></a><h2>SEE ALSO</h2> +<a name="id2543949"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, - <em class="citetitle">RFC 2535</em>, + <em class="citetitle">RFC 2539</em>, <em class="citetitle">RFC 2845</em>, - <em class="citetitle">RFC 2539</em>. + <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544045"></a><h2>AUTHOR</h2> +<a name="id2544049"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index d150c3fc15fe..680960ae8928 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.28.18.17 2007/05/09 03:33:12 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.28.18.19 2008/10/16 01:29:40 tbox Exp $ .\" .hy 0 .ad l @@ -261,12 +261,12 @@ db.example.com.signed .PP \fBdnssec\-keygen\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 46cd4a74dfe2..9b4916910440 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.177.18.24 2007/08/28 07:20:00 tbox Exp $ */ +/* $Id: dnssec-signzone.c,v 1.177.18.26 2008/06/02 23:46:01 tbox Exp $ */ /*! \file */ @@ -128,7 +128,6 @@ static dns_name_t *gorigin; /* The database origin */ static isc_task_t *master = NULL; static unsigned int ntasks = 0; static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE; -static unsigned int assigned = 0, completed = 0; static isc_boolean_t nokeys = ISC_FALSE; static isc_boolean_t removefile = ISC_FALSE; static isc_boolean_t generateds = ISC_FALSE; @@ -969,7 +968,7 @@ active_node(dns_dbnode_t *node) { fatal("rdataset iteration failed: %s", isc_result_totext(result)); } else { - /* + /* * Delete RRSIGs for types that no longer exist. */ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2); @@ -1194,7 +1193,7 @@ signapex(void) { dns_fixedname_t fixed; dns_name_t *name; isc_result_t result; - + dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); result = dns_dbiterator_current(gdbiter, &node, name); @@ -1224,16 +1223,19 @@ assignwork(isc_task_t *task, isc_task_t *worker) { dns_rdataset_t nsec; isc_boolean_t found; isc_result_t result; + static unsigned int ended = 0; /* Protected by namelock. */ if (shuttingdown) return; + LOCK(&namelock); if (finished) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } - return; + goto unlock; } fname = isc_mem_get(mctx, sizeof(dns_fixedname_t)); @@ -1243,7 +1245,6 @@ assignwork(isc_task_t *task, isc_task_t *worker) { name = dns_fixedname_name(fname); node = NULL; found = ISC_FALSE; - LOCK(&namelock); while (!found) { result = dns_dbiterator_current(gdbiter, &node, name); if (result != ISC_R_SUCCESS) @@ -1270,14 +1271,14 @@ assignwork(isc_task_t *task, isc_task_t *worker) { fatal("failure iterating database: %s", isc_result_totext(result)); } - UNLOCK(&namelock); if (!found) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } isc_mem_put(mctx, fname, sizeof(dns_fixedname_t)); - return; + goto unlock; } sevent = (sevent_t *) isc_event_allocate(mctx, task, SIGNER_EVENT_WORK, @@ -1288,7 +1289,8 @@ assignwork(isc_task_t *task, isc_task_t *worker) { sevent->node = node; sevent->fname = fname; isc_task_send(worker, ISC_EVENT_PTR(&sevent)); - assigned++; + unlock: + UNLOCK(&namelock); } /*% @@ -1311,7 +1313,6 @@ writenode(isc_task_t *task, isc_event_t *event) { isc_task_t *worker; sevent_t *sevent = (sevent_t *)event; - completed++; worker = (isc_task_t *)event->ev_sender; dumpnode(dns_fixedname_name(sevent->fname), sevent->node); cleannode(gdb, gversion, sevent->node); @@ -1605,7 +1606,7 @@ writeset(const char *prefix, dns_rdatatype_t type) { unsigned char dsbuf[DNS_DS_BUFFERSIZE]; unsigned char keybuf[DST_KEY_MAXSIZE]; unsigned int filenamelen; - const dns_master_style_t *style = + const dns_master_style_t *style = (type == dns_rdatatype_dnskey) ? masterstyle : dsstyle; isc_buffer_init(&namebuf, namestr, sizeof(namestr)); @@ -1818,13 +1819,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) { printf("Signatures successfully verified: %10d\n", nverified); printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed); runtime_ms = runtime_us / 1000; - printf("Runtime in seconds: %7u.%03u\n", - (unsigned int) (runtime_ms / 1000), + printf("Runtime in seconds: %7u.%03u\n", + (unsigned int) (runtime_ms / 1000), (unsigned int) (runtime_ms % 1000)); if (runtime_us > 0) { sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us; printf("Signatures per second: %7u.%03u\n", - (unsigned int) sig_ms / 1000, + (unsigned int) sig_ms / 1000, (unsigned int) sig_ms % 1000); } } @@ -1914,7 +1915,7 @@ main(int argc, char *argv[]) { fatal("jitter must be numeric and positive"); break; - case 'l': + case 'l': dns_fixedname_init(&dlv_fixed); len = strlen(isc_commandline_argument); isc_buffer_init(&b, isc_commandline_argument, len); @@ -2080,7 +2081,7 @@ main(int argc, char *argv[]) { result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL, 0, 24, 0, 0, 0, 8, mctx); check_result(result, "dns_master_stylecreate"); - + gdb = NULL; TIME_NOW(&timer_start); @@ -2102,8 +2103,8 @@ main(int argc, char *argv[]) { DST_TYPE_PRIVATE, mctx, &newkey); if (result != ISC_R_SUCCESS) - fatal("cannot load dnskey %s: %s", argv[i], - isc_result_totext(result)); + fatal("cannot load dnskey %s: %s", argv[i], + isc_result_totext(result)); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -2111,7 +2112,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { if (!dst_key_isprivate(dkey)) fatal("cannot sign zone with " @@ -2140,7 +2141,7 @@ main(int argc, char *argv[]) { mctx, &newkey); if (result != ISC_R_SUCCESS) fatal("cannot load dnskey %s: %s", dskeyfile[i], - isc_result_totext(result)); + isc_result_totext(result)); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -2148,7 +2149,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { /* Override key flags. */ key->issigningkey = ISC_TRUE; diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 8d928318ac27..67eacc143272 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.10.18.17 2007/08/28 07:20:00 tbox Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.10.18.19 2008/10/15 23:46:06 tbox Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> <date>June 30, 2000</date> @@ -41,6 +41,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -459,7 +460,7 @@ db.example.com.signed <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>, - <citetitle>RFC 2535</citetitle>. + <citetitle>RFC 4033</citetitle>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index e794d4c66a37..18d851d1fcd3 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.8.18.23 2007/05/09 03:33:12 marka Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.8.18.25 2008/10/16 01:29:40 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543526"></a><h2>DESCRIPTION</h2> +<a name="id2543529"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543541"></a><h2>OPTIONS</h2> +<a name="id2543544"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -241,7 +241,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544327"></a><h2>EXAMPLE</h2> +<a name="id2544330"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -270,14 +270,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2544378"></a><h2>SEE ALSO</h2> +<a name="id2544381"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, - <em class="citetitle">RFC 2535</em>. + <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544403"></a><h2>AUTHOR</h2> +<a name="id2544406"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/client.c b/bin/named/client.c index 3b87d2648c0e..03cfdb6a714e 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.219.18.28.10.2 2008/07/23 07:28:54 tbox Exp $ */ +/* $Id: client.c,v 1.219.18.31 2008/05/22 23:46:03 tbox Exp $ */ #include <config.h> @@ -132,7 +132,7 @@ struct ns_clientmgr { #define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm') #define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC) -/*! +/*! * Client object states. Ordering is significant: higher-numbered * states are generally "more active", meaning that the client can * have more dynamically allocated data, outstanding events, etc. @@ -286,7 +286,7 @@ exit_check(ns_client_t *client) { * * Keep the view attached until any outstanding updates complete. */ - if (client->nupdates == 0 && + if (client->nupdates == 0 && client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL) dns_view_detach(&client->view); @@ -817,7 +817,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) { isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); if (ns_g_server->blackholeacl != NULL && dns_acl_match(&netaddr, NULL, - ns_g_server->blackholeacl, + ns_g_server->blackholeacl, &ns_g_server->aclenv, &match, NULL) == ISC_R_SUCCESS && match > 0) @@ -834,7 +834,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) { isc_buffer_usedregion(buffer, &r); CTRACE("sendto"); - + result = isc_socket_sendto2(socket, &r, client->task, address, pktinfo, client->sendevent, sockflags); @@ -1108,8 +1108,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) { /* * FORMERR loop avoidance: If we sent a FORMERR message * with the same ID to the same client less than two - * seconds ago, assume that we are in an infinite error - * packet dialog with a server for some protocol whose + * seconds ago, assume that we are in an infinite error + * packet dialog with a server for some protocol whose * error responses look enough like DNS queries to * elicit a FORMERR response. Drop a packet to break * the loop. @@ -1534,7 +1534,7 @@ client_request(isc_task_t *task, isc_event_t *event) { * For IPv6 UDP queries, we get this from the pktinfo structure (if * supported). * If all the attempts fail (this can happen due to memory shortage, - * etc), we regard this as an error for safety. + * etc), we regard this as an error for safety. */ if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0) isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr); @@ -1595,7 +1595,7 @@ client_request(isc_task_t *task, isc_event_t *event) { view); if (sigresult == ISC_R_SUCCESS) tsig = client->message->tsigname; - + if (allowed(&netaddr, tsig, view->matchclients) && allowed(&destaddr, tsig, view->matchdestinations) && !((client->message->flags & DNS_MESSAGEFLAG_RD) @@ -1726,7 +1726,7 @@ client_request(isc_task_t *task, isc_event_t *event) { ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), ra ? "recursion available" : - "recursion not available"); + "recursion not available"); /* * Adjust maximum UDP response size for this client. @@ -1820,10 +1820,10 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) { return (result); manager->mctxpool[manager->nextmctx] = clientmctx; - manager->nextmctx++; - if (manager->nextmctx == NMCTXS) - manager->nextmctx = 0; } + manager->nextmctx++; + if (manager->nextmctx == NMCTXS) + manager->nextmctx = 0; #else clientmctx = manager->mctx; #endif @@ -2093,7 +2093,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { if (ns_g_server->blackholeacl != NULL && dns_acl_match(&netaddr, NULL, - ns_g_server->blackholeacl, + ns_g_server->blackholeacl, &ns_g_server->aclenv, &match, NULL) == ISC_R_SUCCESS && match > 0) @@ -2482,7 +2482,7 @@ ns_client_checkacl(ns_client_t *client, isc_result_t result = ns_client_checkaclsilent(client, acl, default_allow); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "%s approved", opname); @@ -2538,16 +2538,16 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category, void ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type, - dns_rdataclass_t rdclass, char *buf, size_t len) + dns_rdataclass_t rdclass, char *buf, size_t len) { - char namebuf[DNS_NAME_FORMATSIZE]; - char typebuf[DNS_RDATATYPE_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - - dns_name_format(name, namebuf, sizeof(namebuf)); - dns_rdatatype_format(type, typebuf, sizeof(typebuf)); - dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf)); - (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf, + char namebuf[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + char classbuf[DNS_RDATACLASS_FORMATSIZE]; + + dns_name_format(name, namebuf, sizeof(namebuf)); + dns_rdatatype_format(type, typebuf, sizeof(typebuf)); + dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf)); + (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf, classbuf); } @@ -2575,7 +2575,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) { isc_mem_put(client->mctx, buf, len); len += 1024; } else if (result == ISC_R_SUCCESS) - ns_client_log(client, NS_LOGCATEGORY_UNMATCHED, + ns_client_log(client, NS_LOGCATEGORY_UNMATCHED, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), "%s\n%.*s", reason, (int)isc_buffer_usedlength(&buffer), @@ -2595,7 +2595,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { const char *sep; REQUIRE(VALID_MANAGER(manager)); - + LOCK(&manager->lock); client = ISC_LIST_HEAD(manager->recursing); while (client != NULL) { diff --git a/bin/named/config.c b/bin/named/config.c index 632960c15c37..233d9e097f26 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.47.18.32.10.3 2008/07/23 23:48:17 tbox Exp $ */ +/* $Id: config.c,v 1.47.18.35 2008/09/04 08:03:07 marka Exp $ */ /*! \file */ @@ -403,7 +403,7 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, static isc_result_t get_masters_def(const cfg_obj_t *cctx, const char *name, - const cfg_obj_t **ret) + const cfg_obj_t **ret) { isc_result_t result; const cfg_obj_t *masters = NULL; @@ -521,7 +521,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, tresult = get_masters_def(config, listname, &list); if (tresult == ISC_R_NOTFOUND) { cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR, - "masters \"%s\" not found", listname); + "masters \"%s\" not found", listname); result = tresult; goto cleanup; @@ -599,7 +599,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (keys[i] == NULL) goto cleanup; dns_name_init(keys[i], NULL); - + keystr = cfg_obj_asstring(key); isc_buffer_init(&b, keystr, strlen(keystr)); isc_buffer_add(&b, strlen(keystr)); @@ -655,7 +655,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, isc_mem_put(mctx, lists, listcount * sizeof(*lists)); if (stack != NULL) isc_mem_put(mctx, stack, stackcount * sizeof(*stack)); - + INSIST(keycount == addrcount); *addrsp = addrs; diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index f0703cb06505..e8e36f3e5e52 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.40.18.10.40.3 2008/07/23 23:16:43 marka Exp $ */ +/* $Id: controlconf.c,v 1.40.18.14 2008/07/23 23:33:02 marka Exp $ */ /*! \file */ @@ -345,9 +345,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { listener = conn->listener; secret.rstart = NULL; - /* Is the server shutting down? */ - if (listener->controls->shuttingdown) - goto cleanup; + /* Is the server shutting down? */ + if (listener->controls->shuttingdown) + goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && @@ -364,9 +364,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { { ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; @@ -375,7 +372,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_fromwire(&ccregion, &request, &secret); if (result == ISC_R_SUCCESS) break; - else if (result == ISCCC_R_BADAUTH) { + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + if (result == ISCCC_R_BADAUTH) { /* * For some reason, request is non-NULL when * isccc_cc_fromwire returns ISCCC_R_BADAUTH. @@ -396,7 +394,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } isc_stdtime_get(&now); @@ -407,17 +405,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); - goto cleanup; + goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } /* @@ -426,7 +424,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); - goto cleanup; + goto cleanup_request; } /* @@ -436,16 +434,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) - result = ISCCC_R_DUPLICATE; + result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); - goto cleanup; + goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); - goto cleanup; + goto cleanup_request; } /* @@ -459,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_request; if (eresult != ISC_R_SUCCESS) { isccc_sexpr_t *data; @@ -467,7 +465,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) - goto cleanup; + goto cleanup_response; } } @@ -478,20 +476,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { char *str = (char *)isc_buffer_base(&text); if (isccc_cc_definestring(data, "text", str) == NULL) - goto cleanup; + goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) - goto cleanup; + goto cleanup_response; ccregion.rstart = conn->buffer + 4; ccregion.rend = conn->buffer + sizeof(conn->buffer); result = isccc_cc_towire(response, &ccregion, &secret); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; isc_buffer_init(&b, conn->buffer, 4); len = sizeof(conn->buffer) - REGION_SIZE(ccregion); isc_buffer_putuint32(&b, len - 4); @@ -500,31 +498,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; conn->sending = ISC_TRUE; - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + isccc_sexpr_free(&request); + isccc_sexpr_free(&response); return; + cleanup_response: + isccc_sexpr_free(&response); + + cleanup_request: + isccc_sexpr_free(&request); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + cleanup: - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); } static void @@ -548,7 +542,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) { conn = isc_mem_get(listener->mctx, sizeof(*conn)); if (conn == NULL) return (ISC_R_NOMEMORY); - + conn->sock = sock; isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg); conn->ccmsg_valid = ISC_TRUE; @@ -660,7 +654,7 @@ ns_controls_shutdown(ns_controls_t *controls) { static isc_result_t cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, - const cfg_obj_t **objp) + const cfg_obj_t **objp) { const cfg_listelt_t *element; const char *str; @@ -808,7 +802,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, if (result != ISC_R_SUCCESS) \ goto cleanup; \ } while (0) - + static isc_result_t get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; @@ -828,14 +822,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { CHECK(cfg_map_get(config, "key", &key)); keyid = isc_mem_get(mctx, sizeof(*keyid)); - if (keyid == NULL) + if (keyid == NULL) CHECK(ISC_R_NOMEMORY); keyid->keyname = isc_mem_strdup(mctx, cfg_obj_asstring(cfg_map_getname(key))); keyid->secret.base = NULL; keyid->secret.length = 0; ISC_LINK_INIT(keyid, link); - if (keyid->keyname == NULL) + if (keyid->keyname == NULL) CHECK(ISC_R_NOMEMORY); CHECK(bind9_check_key(key, ns_g_lctx)); @@ -891,7 +885,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { cfg_parser_destroy(&pctx); return (result); } - + /* * Ensures that both '*global_keylistp' and '*control_keylistp' are * valid or both are NULL. @@ -925,7 +919,7 @@ static void update_listener(ns_controls_t *cp, controllistener_t **listenerp, const cfg_obj_t *control, const cfg_obj_t *config, isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, - const char *socktext, isc_sockettype_t type) + const char *socktext, isc_sockettype_t type) { controllistener_t *listener; const cfg_obj_t *allow; @@ -945,7 +939,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp, *listenerp = NULL; return; } - + /* * There is already a listener for this sockaddr. * Update the access list and key information. @@ -1339,7 +1333,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, update_listener(cp, &listener, control, config, &addr, aclconfctx, - cfg_obj_asstring(path), + cfg_obj_asstring(path), isc_sockettype_unix); if (listener != NULL) @@ -1385,10 +1379,10 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, isc_sockaddr_setport(&addr, NS_CONTROL_PORT); isc_sockaddr_format(&addr, socktext, sizeof(socktext)); - + update_listener(cp, &listener, NULL, NULL, &addr, NULL, socktext, - isc_sockettype_tcp); + isc_sockettype_tcp); if (listener != NULL) /* diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 11f3989460e9..9c86afd46d5f 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.64.18.4 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: globals.h,v 1.64.18.6 2008/10/24 01:43:17 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -48,6 +48,7 @@ EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL); +EXTERN unsigned int ns_g_cpus_detected INIT(1); /* * XXXRTH We're going to want multiple timer managers eventually. One diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 2a82c9874764..08d33d9912c5 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.76.18.8.44.3 2008/07/23 23:16:43 marka Exp $ */ +/* $Id: interfacemgr.c,v 1.76.18.11 2008/07/23 23:33:02 marka Exp $ */ /*! \file */ @@ -90,7 +90,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, mgr->generation = 1; mgr->listenon4 = NULL; mgr->listenon6 = NULL; - + ISC_LIST_INIT(mgr->interfaces); ISC_LIST_INIT(mgr->listenon); @@ -323,7 +323,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) { goto tcp_listen_failure; } - /* + /* * If/when there a multiple filters listen to the * result. */ @@ -510,7 +510,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) { unsigned int prefixlen; family = interface->address.family; - + elt.type = dns_aclelementtype_ipprefix; elt.negative = ISC_FALSE; elt.u.ip_prefix.address = interface->address; @@ -550,7 +550,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) { static void setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface, in_port_t port) -{ +{ isc_sockaddr_t *addr; isc_sockaddr_t *old; @@ -564,7 +564,7 @@ setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface, old != NULL; old = ISC_LIST_NEXT(old, link)) if (isc_sockaddr_equal(addr, old)) - break; + break; if (old != NULL) isc_mem_put(mgr->mctx, addr, sizeof(*addr)); @@ -700,7 +700,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, { isc_interface_t interface; ns_listenlist_t *ll; - unsigned int family; + unsigned int family; result = isc_interfaceiter_current(iter, &interface); if (result != ISC_R_SUCCESS) @@ -882,7 +882,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, UNEXPECTED_ERROR(__FILE__, __LINE__, "interface iteration failed: %s", isc_result_totext(result)); - else + else result = ISC_R_SUCCESS; cleanup_iter: isc_interfaceiter_destroy(&iter); @@ -913,7 +913,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, /* * Warn if we are not listening on any interface, unless - * we're in lwresd-only mode, in which case that is to + * we're in lwresd-only mode, in which case that is to * be expected. */ if (ext_listen == NULL && diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c index 78c2b0b85184..02e8f4de3be5 100644 --- a/bin/named/lwaddr.c +++ b/bin/named/lwaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.c,v 1.4.18.2 2005/04/29 00:15:23 marka Exp $ */ +/* $Id: lwaddr.c,v 1.4.18.4 2008/01/11 23:45:59 tbox Exp $ */ /*! \file */ @@ -81,7 +81,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) { } else { la->family = LWRES_ADDRTYPE_V6; la->length = 16; - memcpy(la->address, &na->type.in, 16); + memcpy(la->address, &na->type.in6, 16); } return (ISC_R_SUCCESS); } diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c index a500d278896e..a54d44375124 100644 --- a/bin/named/lwdgnba.c +++ b/bin/named/lwdgnba.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgnba.c,v 1.16.18.2 2005/04/29 00:15:24 marka Exp $ */ +/* $Id: lwdgnba.c,v 1.16.18.4 2008/01/14 23:45:59 tbox Exp $ */ /*! \file */ @@ -220,8 +220,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) { b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) goto out; - if (req->addr.address == NULL) - goto out; client->options = 0; if (req->addr.family == LWRES_ADDRTYPE_V4) { diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c index fa591b41a245..69cc957e261c 100644 --- a/bin/named/lwdnoop.c +++ b/bin/named/lwdnoop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdnoop.c,v 1.7.18.2 2005/04/29 00:15:25 marka Exp $ */ +/* $Id: lwdnoop.c,v 1.7.18.4 2008/01/22 23:27:05 tbox Exp $ */ /*! \file */ @@ -44,7 +44,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { result = lwres_nooprequest_parse(client->clientmgr->lwctx, b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) - goto out; + goto send_error; client->pkt.recvlength = LWRES_RECVLENGTH; client->pkt.authtype = 0; /* XXXMLG */ @@ -57,7 +57,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp, &client->pkt, &lwb); if (lwres != LWRES_R_SUCCESS) - goto out; + goto cleanup_req; r.base = lwb.base; r.length = lwb.used; @@ -65,7 +65,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { client->sendlength = r.length; result = ns_lwdclient_sendreply(client, &r); if (result != ISC_R_SUCCESS) - goto out; + goto cleanup_lwb; /* * We can now destroy request. @@ -76,13 +76,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { return; - out: - if (req != NULL) - lwres_nooprequest_free(client->clientmgr->lwctx, &req); + cleanup_lwb: + lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length); - if (lwb.base != NULL) - lwres_context_freemem(client->clientmgr->lwctx, - lwb.base, lwb.length); + cleanup_req: + lwres_nooprequest_free(client->clientmgr->lwctx, &req); + send_error: ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); } diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 825645aa1eaa..827edcd65737 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.15.18.12 2007/05/16 06:11:27 marka Exp $ +.\" $Id: lwresd.8,v 1.15.18.13 2008/10/17 01:29:23 tbox Exp $ .\" .hy 0 .ad l @@ -85,9 +85,9 @@ Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/lwresd.conf\fR. -<term>\-c</term> +\fB\-c\fR can not be used with -<term>\-C</term>. +\fB\-C\fR. .RE .PP \-C \fIconfig\-file\fR @@ -96,9 +96,9 @@ Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -<term>\-C</term> +\fB\-C\fR can not be used with -<term>\-c</term>. +\fB\-c\fR. .RE .PP \-d \fIdebug\-level\fR @@ -217,7 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c index 1f7184e72dcc..8a89b1c764ce 100644 --- a/bin/named/lwresd.c +++ b/bin/named/lwresd.c @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.46.18.7.52.3 2008/07/23 23:16:43 marka Exp $ */ +/* $Id: lwresd.c,v 1.46.18.10 2008/07/23 23:33:02 marka Exp $ */ -/*! \file +/*! \file * \brief * Main program for the Lightweight Resolver Daemon. * @@ -224,7 +224,7 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, for (i = 0; i < lwc->searchnxt; i++) { CHECK(buffer_putstr(&b, "\t\t\"")); CHECK(buffer_putstr(&b, lwc->search[i])); - CHECK(buffer_putstr(&b, "\";\n")); + CHECK(buffer_putstr(&b, "\";\n")); } CHECK(buffer_putstr(&b, "\t};\n")); } diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 5b3143e6e5b4..6dd2c40adf61 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.7.18.8 2007/08/28 07:20:01 tbox Exp $ --> +<!-- $Id: lwresd.docbook,v 1.7.18.10 2008/10/16 23:46:00 tbox Exp $ --> <refentry> <refentryinfo> <date>June 30, 2000</date> @@ -40,6 +40,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -145,7 +146,7 @@ configuration file instead of the default, <filename>/etc/lwresd.conf</filename>. <!-- Should this be an absolute path name? --> - <term>-c</term> can not be used with <term>-C</term>. + <option>-c</option> can not be used with <option>-C</option>. </para> </listitem> </varlistentry> @@ -157,7 +158,7 @@ Use <replaceable class="parameter">config-file</replaceable> as the configuration file instead of the default, <filename>/etc/resolv.conf</filename>. - <term>-C</term> can not be used with <term>-c</term>. + <option>-C</option> can not be used with <option>-c</option>. </para> </listitem> </varlistentry> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index b59a7cc72581..463e6b0ee3cf 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.5.18.18 2007/05/16 06:11:27 marka Exp $ --> +<!-- $Id: lwresd.html,v 1.5.18.19 2008/10/17 01:29:23 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543461"></a><h2>DESCRIPTION</h2> +<a name="id2543464"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543508"></a><h2>OPTIONS</h2> +<a name="id2543511"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -87,14 +87,14 @@ configuration file instead of the default, <code class="filename">/etc/lwresd.conf</code>. - <font color="red"><term>-c</term></font> can not be used with <font color="red"><term>-C</term></font>. + <code class="option">-c</code> can not be used with <code class="option">-C</code>. </p></dd> <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> Use <em class="replaceable"><code>config-file</code></em> as the configuration file instead of the default, <code class="filename">/etc/resolv.conf</code>. - <font color="red"><term>-C</term></font> can not be used with <font color="red"><term>-c</term></font>. + <code class="option">-C</code> can not be used with <code class="option">-c</code>. </p></dd> <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> @@ -197,7 +197,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543925"></a><h2>FILES</h2> +<a name="id2543928"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -210,14 +210,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543964"></a><h2>SEE ALSO</h2> +<a name="id2543968"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543998"></a><h2>AUTHOR</h2> +<a name="id2544002"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/main.c b/bin/named/main.c index 6b9b67e13550..d8b0a3345138 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.136.18.17 2006/11/10 18:51:14 marka Exp $ */ +/* $Id: main.c,v 1.136.18.21 2008/10/24 01:28:08 marka Exp $ */ /*! \file */ @@ -33,6 +33,7 @@ #include <isc/hash.h> #include <isc/os.h> #include <isc/platform.h> +#include <isc/print.h> #include <isc/resource.h> #include <isc/stdio.h> #include <isc/string.h> @@ -85,6 +86,7 @@ static char program_name[ISC_DIR_NAMEMAX] = "named"; static char absolute_conffile[ISC_DIR_PATHMAX]; static char saved_command_line[512]; static char version[512]; +static unsigned int maxsocks = 0; void ns_main_earlywarning(const char *format, ...) { @@ -356,7 +358,8 @@ parse_command_line(int argc, char *argv[]) { isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, - "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) { + "46c:C:d:fgi:lm:n:N:p:P:" + "sS:t:u:vx:")) != -1) { switch (ch) { case '4': if (disable4) @@ -435,6 +438,10 @@ parse_command_line(int argc, char *argv[]) { /* XXXRTH temporary syntax */ want_stats = ISC_TRUE; break; + case 'S': + maxsocks = parse_int(isc_commandline_argument, + "max number of sockets"); + break; case 't': /* XXXJAB should we make a copy? */ ns_g_chrootdir = isc_commandline_argument; @@ -466,17 +473,14 @@ parse_command_line(int argc, char *argv[]) { static isc_result_t create_managers(void) { isc_result_t result; -#ifdef ISC_PLATFORM_USETHREADS - unsigned int cpus_detected; -#endif + unsigned int socks; #ifdef ISC_PLATFORM_USETHREADS - cpus_detected = isc_os_ncpus(); if (ns_g_cpus == 0) - ns_g_cpus = cpus_detected; + ns_g_cpus = ns_g_cpus_detected; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s", - cpus_detected, cpus_detected == 1 ? "" : "s", + ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s", ns_g_cpus, ns_g_cpus == 1 ? "" : "s"); #else ns_g_cpus = 1; @@ -497,13 +501,19 @@ create_managers(void) { return (ISC_R_UNEXPECTED); } - result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr); + result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_socketmgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks); + if (result == ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_INFO, "using up to %u sockets", socks); + } result = isc_entropy_create(ns_g_mctx, &ns_g_entropy); if (result != ISC_R_SUCCESS) { @@ -550,6 +560,7 @@ destroy_managers(void) { static void setup(void) { isc_result_t result; + isc_resourcevalue_t old_openfiles; #ifdef HAVE_LIBSCF char *instance = NULL; #endif @@ -603,6 +614,13 @@ setup(void) { } #endif +#ifdef ISC_PLATFORM_USETHREADS + /* + * Check for the number of cpu's before ns_os_chroot(). + */ + ns_g_cpus_detected = isc_os_ncpus(); +#endif + ns_os_chroot(ns_g_chrootdir); /* @@ -656,6 +674,23 @@ setup(void) { &ns_g_initopenfiles); /* + * System resources cannot effectively be tuned on some systems. + * Raise the limit in such cases for safety. + */ + old_openfiles = ns_g_initopenfiles; + ns_os_adjustnofile(); + (void)isc_resource_getlimit(isc_resource_openfiles, + &ns_g_initopenfiles); + if (old_openfiles != ns_g_initopenfiles) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, + "adjusted limit on open files from " + "%" ISC_PRINT_QUADFORMAT "u to " + "%" ISC_PRINT_QUADFORMAT "u", + old_openfiles, ns_g_initopenfiles); + } + + /* * If the named configuration filename is relative, prepend the current * directory's name before possibly changing to another directory. */ @@ -665,7 +700,7 @@ setup(void) { sizeof(absolute_conffile)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("could not construct absolute path of " - "configuration file: %s", + "configuration file: %s", isc_result_totext(result)); ns_g_conffile = absolute_conffile; } @@ -757,7 +792,7 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) { if (debug) UNEXPECTED_ERROR(__FILE__, __LINE__, "scf_handle_create() failed: %s", - scf_strerror(scf_error())); + scf_strerror(scf_error())); return (ISC_R_FAILURE); } diff --git a/bin/named/named.8 b/bin/named/named.8 index f5e82303024d..9487dac2e178 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.20.18.15 2007/06/20 02:26:58 marka Exp $ +.\" $Id: named.8,v 1.20.18.16 2008/09/01 02:29:00 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -131,6 +131,21 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha .RE .RE .PP +\-S \fI#max\-socks\fR +.RS 4 +Allow +\fBnamed\fR +to use up to +\fI#max\-socks\fR +sockets. +.RS +.B "Warning:" +This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because +\fBnamed\fR +reserves some file descriptors for its internal use. +.RE +.RE +.PP \-t \fIdirectory\fR .RS 4 Chroot to @@ -230,7 +245,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 00c92a69c13a..a2ccbe07fb33 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.2.26 2007/08/19 23:26:13 marka Exp $ +.\" $Id: named.conf.5,v 1.1.2.27 2008/09/05 01:32:08 tbox Exp $ .\" .hy 0 .ad l @@ -174,6 +174,7 @@ options { port \fIinteger\fR; querylog \fIboolean\fR; recursing\-file \fIquoted_string\fR; + reserved\-sockets \fIinteger\fR; random\-device \fIquoted_string\fR; recursive\-clients \fIinteger\fR; serial\-query\-rate \fIinteger\fR; @@ -516,5 +517,5 @@ zone \fIstring\fR \fIoptional_class\fR { \fBrndc\fR(8), BIND 9 Administrator Reference Manual. .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 8635f9754fd6..32aa53742488 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.1.2.29.12.2 2008/07/23 23:48:17 tbox Exp $ --> +<!-- $Id: named.conf.docbook,v 1.1.2.31 2008/09/04 23:46:08 tbox Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 09e71a324cdd..f729988d4da1 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.1.2.35 2007/08/19 23:26:13 marka Exp $ --> +<!-- $Id: named.conf.html,v 1.1.2.36 2008/09/05 01:32:08 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2542042"></a><h2>DESCRIPTION</h2> +<a name="id2543342"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543367"></a><h2>ACL</h2> +<a name="id2543370"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543383"></a><h2>KEY</h2> +<a name="id2543386"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543402"></a><h2>MASTERS</h2> +<a name="id2543405"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543448"></a><h2>SERVER</h2> +<a name="id2543451"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -97,7 +97,7 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543516"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543520"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -105,7 +105,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543542"></a><h2>CONTROLS</h2> +<a name="id2543545"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -117,7 +117,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543577"></a><h2>LOGGING</h2> +<a name="id2543580"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -135,7 +135,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543616"></a><h2>LWRES</h2> +<a name="id2543619"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -148,7 +148,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543657"></a><h2>OPTIONS</h2> +<a name="id2543660"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -172,6 +172,7 @@ options {<br> port <em class="replaceable"><code>integer</code></em>;<br> querylog <em class="replaceable"><code>boolean</code></em>;<br> recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br> + reserved-sockets <em class="replaceable"><code>integer</code></em>;<br> random-device <em class="replaceable"><code>quoted_string</code></em>;<br> recursive-clients <em class="replaceable"><code>integer</code></em>;<br> serial-query-rate <em class="replaceable"><code>integer</code></em>;<br> @@ -313,7 +314,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544401"></a><h2>VIEW</h2> +<a name="id2544407"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -453,7 +454,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544966"></a><h2>ZONE</h2> +<a name="id2544972"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -538,12 +539,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545319"></a><h2>FILES</h2> +<a name="id2545325"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545331"></a><h2>SEE ALSO</h2> +<a name="id2545337"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 74b41f5031b6..15d554c07f27 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.7.18.12 2007/08/28 07:20:01 tbox Exp $ --> +<!-- $Id: named.docbook,v 1.7.18.14 2008/08/21 23:46:01 tbox Exp $ --> <refentry id="man.named"> <refentryinfo> <date>June 30, 2000</date> @@ -41,6 +41,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -64,6 +65,7 @@ <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> <arg><option>-s</option></arg> + <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> <arg><option>-v</option></arg> @@ -215,6 +217,33 @@ </varlistentry> <varlistentry> + <term>-S <replaceable class="parameter">#max-socks</replaceable></term> + <listitem> + <para> + Allow <command>named</command> to use up to + <replaceable class="parameter">#max-socks</replaceable> sockets. + </para> + <warning> + <para> + This option should be unnecessary for the vast majority + of users. + The use of this option could even be harmful because the + specified value may exceed the limitation of the + underlying system API. + It is therefore set only when the default configuration + causes exhaustion of file descriptors and the + operational environment is known to support the + specified number of sockets. + Note also that the actual maximum number is normally a little + fewer than the specified value because + <command>named</command> reserves some file descriptors + for its internal use. + </para> + </warning> + </listitem> + </varlistentry> + + <varlistentry> <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para>Chroot diff --git a/bin/named/named.html b/bin/named/named.html index 294ecce406a0..ed4f16a3e218 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.6.18.21 2007/06/20 02:26:58 marka Exp $ --> +<!-- $Id: named.html,v 1.6.18.22 2008/09/01 02:29:00 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543452"></a><h2>DESCRIPTION</h2> +<a name="id2543464"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543477"></a><h2>OPTIONS</h2> +<a name="id2543489"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -126,6 +126,31 @@ </p> </div> </dd> +<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt> +<dd> +<p> + Allow <span><strong class="command">named</strong></span> to use up to + <em class="replaceable"><code>#max-socks</code></em> sockets. + </p> +<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> +<h3 class="title">Warning</h3> +<p> + This option should be unnecessary for the vast majority + of users. + The use of this option could even be harmful because the + specified value may exceed the limitation of the + underlying system API. + It is therefore set only when the default configuration + causes exhaustion of file descriptors and the + operational environment is known to support the + specified number of sockets. + Note also that the actual maximum number is normally a little + fewer than the specified value because + <span><strong class="command">named</strong></span> reserves some file descriptors + for its internal use. + </p> +</div> +</dd> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p>Chroot @@ -191,7 +216,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543864"></a><h2>SIGNALS</h2> +<a name="id2543911"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -212,7 +237,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543912"></a><h2>CONFIGURATION</h2> +<a name="id2543959"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided @@ -221,7 +246,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543929"></a><h2>FILES</h2> +<a name="id2543976"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -234,7 +259,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543969"></a><h2>SEE ALSO</h2> +<a name="id2544016"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -247,7 +272,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544039"></a><h2>AUTHOR</h2> +<a name="id2544086"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/query.c b/bin/named/query.c index 38eb9a13c15b..5cafbc9e45a8 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.257.18.40 2007/09/26 03:08:14 each Exp $ */ +/* $Id: query.c,v 1.257.18.46 2008/10/15 22:33:01 marka Exp $ */ /*! \file */ @@ -2298,7 +2298,7 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name, static isc_boolean_t get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig, dns_rdataset_t *keyrdataset, dst_key_t **keyp) -{ +{ isc_result_t result; dns_dbnode_t *node = NULL; isc_boolean_t secure = ISC_FALSE; @@ -2331,12 +2331,12 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig, isc_buffer_init(&b, rdata.data, rdata.length); isc_buffer_add(&b, rdata.length); result = dst_key_fromdns(&rrsig->signer, rdata.rdclass, &b, - client->mctx, keyp); + client->mctx, keyp); if (result != ISC_R_SUCCESS) continue; if (rrsig->algorithm == (dns_secalg_t)dst_key_alg(*keyp) && - rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) && - dst_key_iszonekey(*keyp)) { + rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) && + dst_key_iszonekey(*keyp)) { secure = ISC_TRUE; break; } @@ -2354,7 +2354,7 @@ verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset, isc_boolean_t ignore = ISC_FALSE; dns_fixedname_init(&fixed); - + again: result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx, rdata, NULL); @@ -2382,7 +2382,7 @@ validate(ns_client_t *client, dns_db_t *db, dns_name_t *name, if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset)) return (ISC_FALSE); - + for (result = dns_rdataset_first(sigrdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(sigrdataset)) { @@ -2757,6 +2757,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, &olabels); (void)dns_name_fullcompare(name, &nsec.next, &order, &nlabels); + /* + * Check for a pathological condition created when + * serving some malformed signed zones and bail out. + */ + if (dns_name_countlabels(name) == nlabels) + goto cleanup; + if (olabels > nlabels) dns_name_split(name, olabels, NULL, wname); else @@ -2924,13 +2931,14 @@ query_resume(isc_task_t *task, isc_event_t *event) { static isc_result_t query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, - dns_rdataset_t *nameservers) + dns_rdataset_t *nameservers, isc_boolean_t resuming) { isc_result_t result; dns_rdataset_t *rdataset, *sigrdataset; isc_sockaddr_t *peeraddr; - inc_stats(client, dns_statscounter_recursion); + if (!resuming) + inc_stats(client, dns_statscounter_recursion); /* * We are about to recurse, which means that this client will @@ -3162,11 +3170,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) { cleanup: if (nsec != NULL) - query_putrdataset(client, &nsec); - if (nsecsig != NULL) - query_putrdataset(client, &nsecsig); - if (fname != NULL) - query_releasename(client, &fname); + query_putrdataset(client, &nsec); + if (nsecsig != NULL) + query_putrdataset(client, &nsecsig); + if (fname != NULL) + query_releasename(client, &fname); } static inline void @@ -3269,12 +3277,12 @@ warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) { dns_rdata_soa_t soa; dns_rdataset_t found; isc_result_t result; - + for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++) { if (dns_name_issubdomain(fname, &rfc1918names[i])) { dns_rdataset_init(&found); result = dns_ncache_getrdataset(rdataset, - &rfc1918names[i], + &rfc1918names[i], dns_rdatatype_soa, &found); if (result != ISC_R_SUCCESS) @@ -3335,6 +3343,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) unsigned int options; isc_boolean_t empty_wild; dns_rdataset_t *noqname; + isc_boolean_t resuming; CTRACE("query_find"); @@ -3360,6 +3369,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) need_wildcardproof = ISC_FALSE; empty_wild = ISC_FALSE; options = 0; + resuming = ISC_FALSE; + is_zone = ISC_FALSE; if (event != NULL) { /* @@ -3369,7 +3380,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) want_restart = ISC_FALSE; authoritative = ISC_FALSE; - is_zone = ISC_FALSE; qtype = event->qtype; if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) @@ -3402,6 +3412,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } result = event->result; + resuming = ISC_TRUE; goto resume; } @@ -3602,7 +3613,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (RECURSIONOK(client)) { result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; @@ -3773,10 +3784,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (dns_rdatatype_atparent(type)) result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, + resuming); else result = query_recurse(client, qtype, - fname, rdataset); + fname, rdataset, + resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; @@ -4220,7 +4233,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) result = query_recurse(client, qtype, NULL, - NULL); + NULL, + resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; @@ -4437,6 +4451,7 @@ ns_query_start(ns_client_t *client) { dns_rdataset_t *rdataset; ns_client_t *qclient; dns_rdatatype_t qtype; + isc_boolean_t want_ad; CTRACE("ns_query_start"); @@ -4576,6 +4591,15 @@ ns_query_start(ns_client_t *client) { client->query.attributes &= ~NS_QUERYATTR_SECURE; /* + * Set 'want_ad' if the client has set AD in the query. + * This allows AD to be returned on queries without DO set. + */ + if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) + want_ad = ISC_TRUE; + else + want_ad = ISC_FALSE; + + /* * This is an ordinary query. */ result = dns_message_reply(message, ISC_TRUE); @@ -4594,7 +4618,7 @@ ns_query_start(ns_client_t *client) { * Set AD. We must clear it if we add non-validated data to a * response. */ - if (WANTDNSSEC(client)) + if (WANTDNSSEC(client) || want_ad) message->flags |= DNS_MESSAGEFLAG_AD; qclient = NULL; diff --git a/bin/named/server.c b/bin/named/server.c index 79bd125c5498..784ff94d3414 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,13 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.419.18.57.10.3 2008/07/23 12:04:32 marka Exp $ */ +/* $Id: server.c,v 1.419.18.68 2008/09/04 23:46:08 tbox Exp $ */ /*! \file */ #include <config.h> #include <stdlib.h> +#include <unistd.h> #include <isc/app.h> #include <isc/base64.h> @@ -31,8 +32,10 @@ #include <isc/hash.h> #include <isc/lex.h> #include <isc/parseint.h> +#include <isc/portset.h> #include <isc/print.h> #include <isc/resource.h> +#include <isc/socket.h> #include <isc/stdio.h> #include <isc/string.h> #include <isc/task.h> @@ -197,6 +200,7 @@ static const struct { #endif /* RFC 3330 */ + { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */ { "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */ { "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */ { "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */ @@ -438,7 +442,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, *target = keytable; /* Transfer ownership. */ keytable = NULL; result = ISC_R_SUCCESS; - + cleanup: return (result); } @@ -454,7 +458,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) isc_boolean_t value; isc_result_t result; isc_buffer_t b; - + dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); for (element = cfg_list_first(mbs); @@ -472,7 +476,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) } result = ISC_R_SUCCESS; - + cleanup: return (result); } @@ -482,13 +486,15 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) */ static isc_result_t get_view_querysource_dispatch(const cfg_obj_t **maps, - int af, dns_dispatch_t **dispatchp) + int af, dns_dispatch_t **dispatchp, + isc_boolean_t is_firstview) { isc_result_t result; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; const cfg_obj_t *obj = NULL; + unsigned int maxdispatchbuffers; /* * Make compiler happy. @@ -540,12 +546,18 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, attrs |= DNS_DISPATCHATTR_IPV6; break; } - - if (isc_sockaddr_getport(&sa) != 0) { + if (isc_sockaddr_getport(&sa) == 0) { + attrs |= DNS_DISPATCHATTR_EXCLUSIVE; + maxdispatchbuffers = 4096; + } else { INSIST(obj != NULL); - cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, - "using specific query-source port suppresses port " - "randomization and can be insecure."); + if (is_firstview) { + cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, + "using specific query-source port " + "suppresses port randomization and can be " + "insecure."); + } + maxdispatchbuffers = 1000; } attrmask = 0; @@ -557,7 +569,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, disp = NULL; result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &sa, 4096, - 1024, 32768, 16411, 16433, + maxdispatchbuffers, 32768, 16411, 16433, attrs, attrmask, &disp); if (result != ISC_R_SUCCESS) { isc_sockaddr_t any; @@ -609,7 +621,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { return (result); obj = cfg_tuple_get(ent, "name"); - if (cfg_obj_isstring(obj)) + if (cfg_obj_isstring(obj)) str = cfg_obj_asstring(obj); else str = "*"; @@ -662,7 +674,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen); peer = NULL; - result = dns_peer_new(mctx, &na, &peer); + result = dns_peer_newprefix(mctx, &na, prefixlen, &peer); if (result != ISC_R_SUCCESS) return (result); @@ -840,7 +852,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) { dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); - + for (element = cfg_list_first(disablelist); element != NULL; element = cfg_list_next(element)) @@ -911,9 +923,9 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, const cfg_obj_t *alternates; const cfg_obj_t *zonelist; #ifdef DLZ - const cfg_obj_t *dlz; - unsigned int dlzargc; - char **dlzargv; + const cfg_obj_t *dlz; + unsigned int dlzargc; + char **dlzargv; #endif const cfg_obj_t *disabled; const cfg_obj_t *obj; @@ -1064,7 +1076,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, result = ISC_R_NOMEMORY; goto cleanup; } - + result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv); if (result != ISC_R_SUCCESS) { isc_mem_free(mctx, s); @@ -1183,8 +1195,12 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, * * XXXRTH Hardwired number of tasks. */ - CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4)); - CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6)); + CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); + CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); if (dispatch4 == NULL && dispatch6 == NULL) { UNEXPECTED_ERROR(__FILE__, __LINE__, "unable to obtain neither an IPv4 nor" @@ -1223,7 +1239,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj); INSIST(result == ISC_R_SUCCESS); dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj)); - + /* * Set the resolver's EDNS UDP size. */ @@ -1236,7 +1252,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (udpsize > 4096) udpsize = 4096; dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize); - + /* * Set the maximum UDP response size. */ @@ -1273,7 +1289,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, (void)ns_config_get(maps, "forward", &forwardtype); (void)ns_config_get(maps, "forwarders", &forwarders); if (forwarders != NULL) - CHECK(configure_forward(config, view, dns_rootname, + CHECK(configure_forward(config, view, dns_rootname, forwarders, forwardtype)); /* @@ -1293,7 +1309,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, /* * If we still have no hints, this is a non-IN view with no * "hints zone" configured. Issue a warning, except if this - * is a root server. Root servers never need to consult + * is a root server. Root servers never need to consult * their hints, so it's no point requiring users to configure * them. */ @@ -1416,7 +1432,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, view->transfer_format = dns_one_answer; else INSIST(0); - + /* * Set sources where additional data and CNAME/DNAME * targets for authoritative answers may be found. @@ -1516,7 +1532,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj), max_clients_per_query); - + obj = NULL; result = ns_config_get(maps, "dnssec-enable", &obj); INSIST(result == ISC_R_SUCCESS); @@ -1745,14 +1761,14 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (result == ISC_R_SUCCESS && forwarders->fwdpolicy == dns_fwdpolicy_only) continue; - + if (!rfc1918 && empty_zones[empty_zone].rfc1918) { if (logit) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_WARNING, - "Warning%s%s: " + "Warning%s%s: " "'empty-zones-enable/" "disable-empty-zone' " "not set: disabling " @@ -1794,7 +1810,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, dns_zone_setclass(zone, view->rdclass); dns_zone_settype(zone, dns_zone_master); CHECK(dns_zone_setdbtype(zone, empty_dbtypec, - empty_dbtype)); + empty_dbtype)); if (view->queryacl != NULL) dns_zone_setqueryacl(zone, view->queryacl); dns_zone_setdialup(zone, dns_dialuptype_no); @@ -1809,7 +1825,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, dns_zone_detach(&zone); } } - + result = ISC_R_SUCCESS; cleanup: @@ -2125,7 +2141,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, "name")); else vname = "<default view>"; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "zone '%s': wrong class for view '%s'", @@ -2499,7 +2515,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) { } ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE); - + clean: ns_listenlist_detach(&list); return; @@ -2588,7 +2604,7 @@ setstring(ns_server_t *server, char **field, const char *value) { *field = copy; return (ISC_R_SUCCESS); -} +} /* * Replace the current value of '*field', a dynamically allocated @@ -2630,7 +2646,7 @@ set_limit(const cfg_obj_t **maps, const char *configname, result = isc_resource_setlimit(resourceid, value); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, result == ISC_R_SUCCESS ? - ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, + ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, "set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s", description, value, isc_result_totext(result)); } @@ -2647,31 +2663,48 @@ set_limits(const cfg_obj_t **maps) { SETLIMIT("files", openfiles, "open files"); } -static isc_result_t -portlist_fromconf(dns_portlist_t *portlist, unsigned int family, - const cfg_obj_t *ports) +static void +portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports, + isc_boolean_t positive) { const cfg_listelt_t *element; - isc_result_t result = ISC_R_SUCCESS; for (element = cfg_list_first(ports); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *obj = cfg_listelt_value(element); - in_port_t port = (in_port_t)cfg_obj_asuint32(obj); - - result = dns_portlist_add(portlist, family, port); - if (result != ISC_R_SUCCESS) - break; + + if (cfg_obj_isuint32(obj)) { + in_port_t port = (in_port_t)cfg_obj_asuint32(obj); + + if (positive) + isc_portset_add(portset, port); + else + isc_portset_remove(portset, port); + } else { + const cfg_obj_t *obj_loport, *obj_hiport; + in_port_t loport, hiport; + + obj_loport = cfg_tuple_get(obj, "loport"); + loport = (in_port_t)cfg_obj_asuint32(obj_loport); + obj_hiport = cfg_tuple_get(obj, "hiport"); + hiport = (in_port_t)cfg_obj_asuint32(obj_hiport); + + if (positive) + isc_portset_addrange(portset, loport, hiport); + else { + isc_portset_removerange(portset, loport, + hiport); + } + } } - return (result); } static isc_result_t removed(dns_zone_t *zone, void *uap) { const char *type; - if (dns_zone_getview(zone) != uap) + if (dns_zone_getview(zone) != uap) return (ISC_R_SUCCESS); switch (dns_zone_gettype(zone)) { @@ -2704,28 +2737,31 @@ load_configuration(const char *filename, ns_server_t *server, const cfg_obj_t *maps[3]; const cfg_obj_t *obj; const cfg_obj_t *options; - const cfg_obj_t *v4ports, *v6ports; + const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports; const cfg_obj_t *views; dns_view_t *view = NULL; dns_view_t *view_next; dns_viewlist_t tmpviewlist; dns_viewlist_t viewlist; - in_port_t listen_port; + in_port_t listen_port, udpport_low, udpport_high; int i; isc_interval_t interval; - isc_resourcevalue_t files; + isc_portset_t *v4portset = NULL; + isc_portset_t *v6portset = NULL; + isc_resourcevalue_t nfiles; isc_result_t result; isc_uint32_t heartbeat_interval; isc_uint32_t interface_interval; isc_uint32_t reserved; isc_uint32_t udpsize; + unsigned int maxsocks; cfg_aclconfctx_init(&aclconfctx); ISC_LIST_INIT(viewlist); /* Ensure exclusive access to configuration data. */ result = isc_task_beginexclusive(server->task); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + RUNTIME_CHECK(result == ISC_R_SUCCESS); /* * Parse the global default pseudo-config file. @@ -2799,20 +2835,22 @@ load_configuration(const char *filename, ns_server_t *server, set_limits(maps); /* - * Sanity check on "files" limit. + * Check if max number of open sockets that the system allows is + * sufficiently large. Failing this condition is not necessarily fatal, + * but may cause subsequent runtime failures for a busy recursive + * server. */ - result = isc_resource_curlimit(isc_resource_openfiles, &files); - if (result == ISC_R_SUCCESS && files < FD_SETSIZE) { + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks); + if (result != ISC_R_SUCCESS) + maxsocks = 0; + result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles); + if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_WARNING, - "the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) " - "is less than FD_SETSIZE (%d), increase " - "'files' in named.conf or recompile with a " - "smaller FD_SETSIZE.", files, FD_SETSIZE); - if (files > FD_SETSIZE) - files = FD_SETSIZE; - } else - files = FD_SETSIZE; + "max open files (%" ISC_PRINT_QUADFORMAT "u)" + " is smaller than max sockets (%u)", + nfiles, maxsocks); + } /* * Set the number of socket reserved for TCP, stdio etc. @@ -2821,20 +2859,23 @@ load_configuration(const char *filename, ns_server_t *server, result = ns_config_get(maps, "reserved-sockets", &obj); INSIST(result == ISC_R_SUCCESS); reserved = cfg_obj_asuint32(obj); - if (files < 128U) /* Prevent underflow. */ - reserved = 0; - else if (reserved > files - 128U) /* Mimimum UDP space. */ - reserved = files - 128; - if (reserved < 128U) /* Mimimum TCP/stdio space. */ + if (maxsocks != 0) { + if (maxsocks < 128U) /* Prevent underflow. */ + reserved = 0; + else if (reserved > maxsocks - 128U) /* Minimum UDP space. */ + reserved = maxsocks - 128; + } + /* Minimum TCP/stdio space. */ + if (reserved < 128U) reserved = 128; - if (reserved + 128U > files) { + if (reserved + 128U > maxsocks && maxsocks != 0) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, "less than 128 UDP sockets available after " - "applying 'reserved-sockets' and 'files'"); + "applying 'reserved-sockets' and 'maxsockets'"); } isc__socketmgr_setreserved(ns_g_socketmgr, reserved); - + /* * Configure various server options. */ @@ -2859,24 +2900,64 @@ load_configuration(const char *filename, ns_server_t *server, INSIST(result == ISC_R_SUCCESS); server->aclenv.match_mapped = cfg_obj_asboolean(obj); - v4ports = NULL; - v6ports = NULL; - (void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports); - (void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports); - if (v4ports != NULL || v6ports != NULL) { - dns_portlist_t *portlist = NULL; - result = dns_portlist_create(ns_g_mctx, &portlist); - if (result == ISC_R_SUCCESS && v4ports != NULL) - result = portlist_fromconf(portlist, AF_INET, v4ports); - if (result == ISC_R_SUCCESS && v6ports != NULL) - portlist_fromconf(portlist, AF_INET6, v6ports); - if (result == ISC_R_SUCCESS) - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist); - if (portlist != NULL) - dns_portlist_detach(&portlist); - CHECK(result); - } else - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL); + /* + * Configure sets of UDP query source ports. + */ + CHECKM(isc_portset_create(ns_g_mctx, &v4portset), + "creating UDP port set"); + CHECKM(isc_portset_create(ns_g_mctx, &v6portset), + "creating UDP port set"); + + usev4ports = NULL; + usev6ports = NULL; + avoidv4ports = NULL; + avoidv6ports = NULL; + + (void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports); + if (usev4ports != NULL) + portset_fromconf(v4portset, usev4ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low, + &udpport_high), + "get the default UDP/IPv4 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v4portset, udpport_low); + else { + isc_portset_addrange(v4portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv4 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports); + if (avoidv4ports != NULL) + portset_fromconf(v4portset, avoidv4ports, ISC_FALSE); + + (void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports); + if (usev6ports != NULL) + portset_fromconf(v6portset, usev6ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low, + &udpport_high), + "get the default UDP/IPv6 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v6portset, udpport_low); + else { + isc_portset_addrange(v6portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv6 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports); + if (avoidv6ports != NULL) + portset_fromconf(v6portset, avoidv6ports, ISC_FALSE); + + dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset); /* * Set the EDNS UDP size when we don't match a view. @@ -3037,7 +3118,7 @@ load_configuration(const char *filename, ns_server_t *server, NULL, &interval, ISC_FALSE)); } server->heartbeat_interval = heartbeat_interval; - + isc_interval_set(&interval, 1200, 0); CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL, &interval, ISC_FALSE)); @@ -3185,6 +3266,15 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_changeuser(); /* + * Check that the working directory is writable. + */ + if (access(".", W_OK) != 0) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "the working directory is not writable"); + } + + /* * Configure the logging system. * * Do this after changing UID to make sure that any log @@ -3277,7 +3367,7 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_writepidfile(lwresd_g_defaultpidfile, first_time); else ns_os_writepidfile(ns_g_defaultpidfile, first_time); - + obj = NULL; if (options != NULL && cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS) @@ -3344,6 +3434,12 @@ load_configuration(const char *filename, ns_server_t *server, result = ISC_R_SUCCESS; cleanup: + if (v4portset != NULL) + isc_portset_destroy(ns_g_mctx, &v4portset); + + if (v6portset != NULL) + isc_portset_destroy(ns_g_mctx, &v6portset); + cfg_aclconfctx_destroy(&aclconfctx); if (parser != NULL) { @@ -3414,7 +3510,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) { */ CHECK(dns_zonemgr_forcemaint(server->zonemgr)); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -3442,7 +3538,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) { */ dns_zonemgr_resumexfrs(server->zonemgr); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -3501,7 +3597,7 @@ run_server(isc_task_t *task, isc_event_t *event) { ISC_LOG_NOTICE, "running"); } -void +void ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) { REQUIRE(NS_SERVER_VALID(server)); @@ -3635,7 +3731,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->interface_timer = NULL; server->heartbeat_timer = NULL; server->pps_timer = NULL; - + server->interface_interval = 0; server->heartbeat_interval = 0; @@ -3658,7 +3754,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->hostname_set = ISC_FALSE; server->hostname = NULL; - server->version_set = ISC_FALSE; + server->version_set = ISC_FALSE; server->version = NULL; server->server_usehostname = ISC_FALSE; server->server_id = NULL; @@ -3814,7 +3910,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &dispatch->addr, 4096, 1000, 32768, 16411, 16433, - attrs, attrmask, &dispatch->dispatch); + attrs, attrmask, &dispatch->dispatch); if (result != ISC_R_SUCCESS) goto cleanup; @@ -3917,7 +4013,7 @@ next_token(char **stringp, const char *delim) { break; } while (*res == '\0'); return (res); -} +} /* * Find the zone specified in the control channel command 'args', @@ -3975,14 +4071,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) { } else { rdclass = dns_rdataclass_in; } - + if (viewtxt == NULL) viewtxt = "_default"; result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); if (result != ISC_R_SUCCESS) goto fail1; - + result = dns_zt_find(view->zonetable, dns_fixedname_name(&name), 0, NULL, zonep); /* Partial match? */ @@ -4001,7 +4097,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -4014,7 +4110,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { result = ISC_R_NOTFOUND; dns_zone_detach(&zone); return (result); -} +} /* * Act on a "reload" command from the command channel. @@ -4025,7 +4121,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { dns_zone_t *zone = NULL; dns_zonetype_t type; const char *msg = NULL; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -4042,7 +4138,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { } else { result = dns_zone_load(zone); dns_zone_detach(&zone); - switch (result) { + switch (result) { case ISC_R_SUCCESS: msg = "zone reload successful"; break; @@ -4064,7 +4160,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, (const unsigned char *)msg, strlen(msg) + 1); return (result); -} +} /* * Act on a "reconfig" command from the command channel. @@ -4091,14 +4187,14 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) { return (result); if (zone == NULL) return (ISC_R_UNEXPECTEDEND); - + dns_zone_notify(zone); dns_zone_detach(&zone); if (sizeof(msg) <= isc_buffer_availablelength(text)) isc_buffer_putmem(text, msg, sizeof(msg)); return (ISC_R_SUCCESS); -} +} /* * Act on a "refresh" command from the command channel. @@ -4125,17 +4221,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, msg1, sizeof(msg1)); return (ISC_R_SUCCESS); } - + dns_zone_detach(&zone); if (sizeof(msg2) <= isc_buffer_availablelength(text)) isc_buffer_putmem(text, msg2, sizeof(msg2)); return (ISC_R_FAILURE); -} +} isc_result_t ns_server_togglequerylog(ns_server_t *server) { server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "query logging is now %s", @@ -4239,15 +4335,15 @@ ns_server_dumpstats(ns_server_t *server) { CHECKMF(isc_stdio_open(server->statsfile, "a", &fp), "could not open statistics dump file", server->statsfile); - + ncounters = DNS_STATS_NCOUNTERS; fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now); - + for (i = 0; i < ncounters; i++) fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n", dns_statscounter_names[i], server->querystats[i]); - + zone = NULL; for (result = dns_zone_first(server->zonemgr, &zone); result == ISC_R_SUCCESS; @@ -4258,7 +4354,7 @@ ns_server_dumpstats(ns_server_t *server) { char zonename[DNS_NAME_FORMATSIZE]; dns_view_t *view; char *viewname; - + dns_name_format(dns_zone_getorigin(zone), zonename, sizeof(zonename)); view = dns_zone_getview(zone); @@ -4278,7 +4374,7 @@ ns_server_dumpstats(ns_server_t *server) { if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; CHECK(result); - + fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now); cleanup: @@ -4306,7 +4402,7 @@ static isc_result_t add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) { struct viewlistentry *vle; isc_result_t result = ISC_R_SUCCESS; - + /* * Prevent duplicate views. */ @@ -4369,7 +4465,7 @@ dumpdone(void *arg, isc_result_t result) { struct dumpcontext *dctx = arg; char buf[1024+32]; const dns_master_style_t *style; - + if (result != ISC_R_SUCCESS) goto cleanup; if (dctx->mdctx != NULL) @@ -4526,7 +4622,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { dctx->dumpzones = ISC_TRUE; dctx->dumpcache = ISC_FALSE; ptr = next_token(&args, " \t"); - } + } nextview: for (view = ISC_LIST_HEAD(server->viewlist); @@ -4646,7 +4742,7 @@ ns_server_validation(ns_server_t *server, char *args) { else result = ISC_R_FAILURE; out: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -4689,7 +4785,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { else result = ISC_R_FAILURE; } - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -4746,7 +4842,7 @@ ns_server_flushname(ns_server_t *server, char *args) { result = ISC_R_NOTFOUND; else result = ISC_R_FAILURE; - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -4798,7 +4894,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { char *journal; const char *vname, *sep; isc_boolean_t frozen; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -4806,7 +4902,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); tresult = ISC_R_SUCCESS; - for (view = ISC_LIST_HEAD(server->viewlist); + for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { result = dns_view_freezezones(view, freeze); diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h index 24afdcbbcc4a..6c603dcc2a22 100644 --- a/bin/named/unix/include/named/os.h +++ b/bin/named/unix/include/named/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.22.18.3 2005/04/29 00:15:39 marka Exp $ */ +/* $Id: os.h,v 1.22.18.5 2008/10/24 01:43:17 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 @@ -46,11 +46,13 @@ void ns_os_changeuser(void); void +ns_os_adjustnofile(void); + +void ns_os_minprivs(void); void ns_os_writepidfile(const char *filename, isc_boolean_t first_time); - void ns_os_shutdown(void); diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 386461238fe5..ad26a8e9b0e9 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.66.18.11 2006/02/03 23:51:38 marka Exp $ */ +/* $Id: os.c,v 1.66.18.17 2008/10/24 01:43:17 tbox Exp $ */ /*! \file */ @@ -42,6 +42,7 @@ #include <isc/buffer.h> #include <isc/file.h> #include <isc/print.h> +#include <isc/resource.h> #include <isc/result.h> #include <isc/strerror.h> #include <isc/string.h> @@ -116,6 +117,16 @@ static int dfd[2] = { -1, -1 }; static isc_boolean_t non_root = ISC_FALSE; static isc_boolean_t non_root_caps = ISC_FALSE; +#if defined(HAVE_CAPSET) +#undef _POSIX_SOURCE +#ifdef HAVE_SYS_CAPABILITY_H +#include <sys/capability.h> +#else +#include <linux/capability.h> +int capset(cap_user_header_t hdrp, const cap_user_data_t datap); +#endif +#include <sys/prctl.h> +#else /*% * We define _LINUX_FS_H to prevent it from being included. We don't need * anything from it, and the files it includes cause warnings with 2.2 @@ -148,6 +159,7 @@ static isc_boolean_t non_root_caps = ISC_FALSE; #endif #define SYS_capset __NR_capset #endif +#endif static void linux_setcaps(unsigned int caps) { @@ -165,13 +177,23 @@ linux_setcaps(unsigned int caps) { cap.effective = caps; cap.permitted = caps; cap.inheritable = 0; - if (syscall(SYS_capset, &caphead, &cap) < 0) { +#ifdef HAVE_CAPSET + if (capset(&caphead, &cap) < 0 ) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("capset failed: %s:" " please ensure that the capset kernel" " module is loaded. see insmod(8)", strbuf); } +#else + if (syscall(SYS_capset, &caphead, &cap) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + ns_main_earlyfatal("syscall(capset) failed: %s:" + " please ensure that the capset kernel" + " module is loaded. see insmod(8)", + strbuf); + } +#endif } static void @@ -326,7 +348,7 @@ ns_os_daemonize(void) { /* * Wait for the child to finish loading for the first time. * This would be so much simpler if fork() worked once we - * were multi-threaded. + * were multi-threaded. */ (void)close(dfd[1]); do { @@ -496,15 +518,37 @@ ns_os_changeuser(void) { ns_main_earlyfatal("setuid(): %s", strbuf); } -#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) - linux_minprivs(); -#endif #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) /* * Restore the ability of named to drop core after the setuid() * call has disabled it. */ - prctl(PR_SET_DUMPABLE,1,0,0,0); + if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s", + strbuf); + } +#endif +#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) + linux_minprivs(); +#endif +} + +void +ns_os_adjustnofile() { +#ifdef HAVE_LINUXTHREADS + isc_result_t result; + isc_resourcevalue_t newvalue; + + /* + * Linux: max number of open files specified by one thread doesn't seem + * to apply to other threads on Linux. + */ + newvalue = ISC_RESOURCE_UNLIMITED; + + result = isc_resource_setlimit(isc_resource_openfiles, newvalue); + if (result != ISC_R_SUCCESS) + ns_main_earlywarning("couldn't adjust limit on open files"); #endif } @@ -665,7 +709,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) { ptr = next_token(&input, " \t"); if (ptr == NULL) return; - + if (strcmp(ptr, "-p") != 0) return; diff --git a/bin/named/update.c b/bin/named/update.c index 98054f8b3ceb..fb6dec2f11e0 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.109.18.23 2007/08/28 07:20:01 tbox Exp $ */ +/* $Id: update.c,v 1.109.18.27 2008/02/07 03:16:08 marka Exp $ */ #include <config.h> @@ -114,7 +114,7 @@ } \ update_log(client, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s (%s)", _what, \ - msg, isc_result_totext(result)); \ + msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) @@ -403,7 +403,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { result = dns_rdataset_next(rdataset)) { rr_t rr = { 0, DNS_RDATA_INIT }; - + dns_rdataset_current(rdataset, &rr.rdata); rr.ttl = rdataset->ttl; result = (*ctx->rr_action)(ctx->rr_action_data, &rr); @@ -843,10 +843,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, /* A new unique name begins here. */ node = NULL; result = dns_db_findnode(db, name, ISC_FALSE, &node); - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND) { + dns_diff_clear(&trash); return (DNS_R_NXRRSET); - if (result != ISC_R_SUCCESS) + } + if (result != ISC_R_SUCCESS) { + dns_diff_clear(&trash); return (result); + } /* A new unique type begins here. */ while (t != NULL && dns_name_equal(&t->name, name)) { @@ -854,7 +858,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, dns_rdataset_t rdataset; dns_diff_t d_rrs; /* Database RRs with this name and type */ - dns_diff_t u_rrs; /* Update RRs with + dns_diff_t u_rrs; /* Update RRs with this name and type */ *typep = type = t->rdata.type; @@ -874,6 +878,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, &rdataset, NULL); if (result != ISC_R_SUCCESS) { dns_db_detachnode(db, &node); + dns_diff_clear(&trash); return (DNS_R_NXRRSET); } @@ -1119,7 +1124,7 @@ typedef struct { static isc_result_t add_rr_prepare_action(void *data, rr_t *rr) { - isc_result_t result = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; add_rr_prepare_ctx_t *ctx = data; dns_difftuple_t *tuple = NULL; isc_boolean_t equal; @@ -1647,10 +1652,11 @@ ksk_sanity(dns_db_t *db, dns_dbversion_t *ver) { * Add RRSIG records for an RRset, recording the change in "diff". */ static isc_result_t -add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys, - unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception, - isc_stdtime_t expire, isc_boolean_t check_ksk) +add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, + dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, + isc_mem_t *mctx, isc_stdtime_t inception, isc_stdtime_t expire, + isc_boolean_t check_ksk) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -1659,6 +1665,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_buffer_t buffer; unsigned char data[1024]; /* XXX */ unsigned int i; + isc_boolean_t added_sig = ISC_FALSE; dns_rdataset_init(&rdataset); isc_buffer_init(&buffer, data, sizeof(data)); @@ -1671,14 +1678,14 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_db_detachnode(db, &node); for (i = 0; i < nkeys; i++) { - + if (check_ksk && type != dns_rdatatype_dnskey && (dst_key_flags(keys[i]) & DNS_KEYFLAG_KSK) != 0) continue; if (!dst_key_isprivate(keys[i])) continue; - + /* Calculate the signature, creating a RRSIG RDATA. */ CHECK(dns_dnssec_sign(name, &rdataset, keys[i], &inception, &expire, @@ -1689,6 +1696,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name, rdataset.ttl, &sig_rdata)); dns_rdata_reset(&sig_rdata); + added_sig = ISC_TRUE; + } + if (!added_sig) { + update_log(client, zone, ISC_LOG_ERROR, + "found no private keys, " + "unable to generate any signatures"); + result = ISC_R_NOTFOUND; } failure: @@ -1770,7 +1784,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); dns_rdataset_init(&rdataset); CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0, - (isc_stdtime_t) 0, &rdataset, NULL)); + (isc_stdtime_t) 0, &rdataset, NULL)); CHECK(dns_rdataset_first(&rdataset)); dns_rdataset_current(&rdataset, &rdata); CHECK(dns_rdata_tostruct(&rdata, &soa, NULL)); @@ -1820,9 +1834,9 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, */ CHECK(rrset_exists(db, newver, name, type, 0, &flag)); if (flag) { - CHECK(add_sigs(db, newver, name, type, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, + CHECK(add_sigs(client, zone, db, newver, name, + type, &sig_diff, zone_keys, + nkeys, client->mctx, inception, expire, check_ksk)); } skip: @@ -2006,10 +2020,10 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_rdatatype_rrsig, dns_rdatatype_nsec, NULL, &sig_diff)); } else if (t->op == DNS_DIFFOP_ADD) { - CHECK(add_sigs(db, newver, &t->name, dns_rdatatype_nsec, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, expire, - check_ksk)); + CHECK(add_sigs(client, zone, db, newver, &t->name, + dns_rdatatype_nsec, &sig_diff, + zone_keys, nkeys, client->mctx, + inception, expire, check_ksk)); } else { INSIST(0); } @@ -2274,7 +2288,7 @@ check_mx(ns_client_t *client, dns_zone_t *zone, ownerbuf, namebuf, dns_result_totext(DNS_R_MXISADDRESS)); } - + /* * Check zone integrity checks. */ @@ -2474,7 +2488,7 @@ update_action(isc_task_t *task, isc_event_t *event) { else if (client->signer == NULL) CHECK(checkupdateacl(client, NULL, "update", zonename, ISC_FALSE)); - + if (dns_zone_getupdatedisabled(zone)) FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled"); @@ -2881,7 +2895,7 @@ update_action(isc_task_t *task, isc_event_t *event) { * The reason for failure should have been logged at this point. */ if (ver != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, + update_log(client, zone, LOGLEVEL_DEBUG, "rolling back"); dns_db_closeversion(db, &ver, ISC_FALSE); } @@ -2933,7 +2947,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) { static void forward_fail(isc_task_t *task, isc_event_t *event) { - ns_client_t *client = (ns_client_t *)event->ev_arg; + ns_client_t *client = (ns_client_t *)event->ev_arg; UNUSED(task); diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index 6bb22f846ca2..713ec30b60f7 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.22.18.1 2004/07/20 07:03:20 marka Exp $ +# $Id: Makefile.in,v 1.22.18.3 2008/08/29 23:46:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -55,7 +55,7 @@ UOBJS = SRCS = nsupdate.c -MANPAGES = nsupdate.8 +MANPAGES = nsupdate.1 HTMLPAGES = nsupdate.html @@ -76,8 +76,8 @@ clean distclean:: installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 install:: nsupdate@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir} - ${INSTALL_DATA} ${srcdir}/nsupdate.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1 diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.1 index 8e3963acc3de..454f50560f20 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.30.18.14 2007/05/09 03:33:13 marka Exp $ +.\" $Id: nsupdate.1,v 1.1.4.2 2008/09/01 02:29:00 tbox Exp $ .\" .hy 0 .ad l @@ -24,7 +24,7 @@ .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" +.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -342,7 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 7f101744d9dd..88749e64f957 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.130.18.19 2007/08/28 07:20:01 tbox Exp $ */ +/* $Id: nsupdate.c,v 1.130.18.22 2008/01/17 23:45:58 tbox Exp $ */ /*! \file */ @@ -311,7 +311,7 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len) { strncpy(buf, hmacstr, len); buf[len] = 0; - + if (strcasecmp(buf, "hmac-md5") == 0) { *hmac = DNS_TSIG_HMACMD5_NAME; } else if (strncasecmp(buf, "hmac-md5-", 9) == 0) { @@ -1155,7 +1155,7 @@ evaluate_key(char *cmdline) { secret = isc_mem_allocate(mctx, secretlen); if (secret == NULL) fatal("out of memory"); - + isc_buffer_init(&secretbuf, secret, secretlen); result = isc_base64_decodestring(secretstr, &secretbuf); if (result != ISC_R_SUCCESS) { @@ -1222,8 +1222,8 @@ evaluate_class(char *cmdline) { } r.base = word; - r.length = strlen(word); - result = dns_rdataclass_fromtext(&rdclass, &r); + r.length = strlen(word); + result = dns_rdataclass_fromtext(&rdclass, &r); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not parse class name: %s\n", word); return (STATUS_SYNTAX); @@ -1407,8 +1407,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) { failure: if (name != NULL) dns_message_puttempname(updatemsg, &name); - if (rdata != NULL) - dns_message_puttemprdata(updatemsg, &rdata); + dns_message_puttemprdata(updatemsg, &rdata); return (STATUS_SYNTAX); } @@ -1480,7 +1479,7 @@ show_message(dns_message_t *msg) { setzone(userzone); bufsz = INITTEXT; - do { + do { if (bufsz > MAXTEXT) { fprintf(stderr, "could not allocate large enough " "buffer to display message\n"); @@ -1662,7 +1661,7 @@ update_completed(isc_task_t *task, isc_event_t *event) { char buf[64]; isc_buffer_t b; dns_rdataset_t *rds; - + isc_buffer_init(&b, buf, sizeof(buf) - 1); result = dns_rcode_totext(answer->rcode, &b); check_result(result, "dns_rcode_totext"); @@ -1678,7 +1677,7 @@ update_completed(isc_task_t *task, isc_event_t *event) { int bufsz; bufsz = INITTEXT; - do { + do { if (bufsz > MAXTEXT) { fprintf(stderr, "could not allocate large " "enough buffer to display message\n"); @@ -1766,7 +1765,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { ddebug("recvsoa()"); requests--; - + REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE); reqev = (dns_requestevent_t *)event; request = reqev->request; @@ -1883,7 +1882,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { section = DNS_SECTION_ANSWER; else if (pass == 1) section = DNS_SECTION_AUTHORITY; - else + else goto droplabel; result = dns_message_firstname(rcvmsg, section); @@ -1912,7 +1911,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { break; } } - + result = dns_message_nextname(rcvmsg, section); } @@ -1977,7 +1976,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_message_destroy(&rcvmsg); ddebug("Out of recvsoa"); return; - + droplabel: result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION); INSIST(result == ISC_R_SUCCESS); diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index 0ea49061addb..43fe69ad4853 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,14 +18,14 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.docbook,v 1.18.18.10 2007/08/28 07:20:01 tbox Exp $ --> +<!-- $Id: nsupdate.docbook,v 1.18.18.12 2008/08/29 23:46:16 tbox Exp $ --> <refentry> <refentryinfo> <date>Jun 30, 2000</date> </refentryinfo> <refmeta> <refentrytitle>nsupdate</refentrytitle> - <manvolnum>8</manvolnum> + <manvolnum>1</manvolnum> <refmiscinfo>BIND9</refmiscinfo> </refmeta> <refnamediv> @@ -39,6 +39,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index d11b57ea6eb8..1fe0f9c15806 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.14.18.22 2007/05/09 03:33:13 marka Exp $ --> +<!-- $Id: nsupdate.html,v 1.14.18.23 2008/09/01 02:29:00 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543417"></a><h2>DESCRIPTION</h2> +<a name="id2543420"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. @@ -153,7 +153,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543645"></a><h2>INPUT FORMAT</h2> +<a name="id2543649"></a><h2>INPUT FORMAT</h2> <p><span><strong class="command">nsupdate</strong></span> reads input from <em class="parameter"><code>filename</code></em> @@ -402,7 +402,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544648"></a><h2>EXAMPLES</h2> +<a name="id2544446"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -456,7 +456,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544692"></a><h2>FILES</h2> +<a name="id2544490"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -475,7 +475,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544829"></a><h2>SEE ALSO</h2> +<a name="id2544560"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>, @@ -488,7 +488,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544900"></a><h2>BUGS</h2> +<a name="id2542172"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc-confgen.c b/bin/rndc/rndc-confgen.c index 0764104ffa22..bb7ba8151ef9 100644 --- a/bin/rndc/rndc-confgen.c +++ b/bin/rndc/rndc-confgen.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc-confgen.c,v 1.18.18.3 2005/04/29 00:15:40 marka Exp $ */ +/* $Id: rndc-confgen.c,v 1.18.18.5 2008/10/15 23:46:06 tbox Exp $ */ /*! \file */ @@ -62,7 +62,7 @@ #define DEFAULT_PORT 953 static char program[256]; -char *progname; +const char *progname; isc_boolean_t verbose = ISC_FALSE; @@ -148,7 +148,7 @@ main(int argc, char **argv) { isc_boolean_t keyonly = ISC_FALSE; int len; - keydef = keyfile = RNDC_KEYFILE; + keydef = keyfile = RNDC_KEYFILE; result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) @@ -286,7 +286,7 @@ main(int argc, char **argv) { fatal("isc_mem_get(%d) failed\n", len); snprintf(buf, len, "%s%s%s", chrootdir, (*keyfile != '/') ? "/" : "", keyfile); - + write_key_file(buf, user, keyname, &key_txtbuffer); isc_mem_put(mctx, buf, len); } diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 14a51b3c62f8..6858ed77cb15 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.26.18.15 2007/06/20 02:26:58 marka Exp $ +.\" $Id: rndc.8,v 1.26.18.16 2007/12/14 22:37:16 marka Exp $ .\" .hy 0 .ad l @@ -133,6 +133,7 @@ Several error messages could be clearer. .SH "SEE ALSO" .PP \fBrndc.conf\fR(5), +\fBrndc\-confgen\fR(8), \fBnamed\fR(8), \fBnamed.conf\fR(5), \fBndc\fR(8), diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index b916aea88bd0..772cc2975ca1 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.96.18.17.42.3 2008/07/23 23:16:43 marka Exp $ */ +/* $Id: rndc.c,v 1.96.18.21 2008/10/15 03:07:19 marka Exp $ */ /*! \file */ @@ -61,7 +61,7 @@ #define SERVERADDRS 10 -char *progname; +const char *progname; isc_boolean_t verbose; static const char *admin_conffile; @@ -93,7 +93,7 @@ static void usage(int status) { fprintf(stderr, "\ Usage: %s [-c config] [-s server] [-p port]\n\ - [-k key-file ] [-y key] [-V] command\n\ + [-k key-file ] [-y key] [-V] command\n\ \n\ command is one of the following:\n\ \n\ @@ -106,10 +106,10 @@ command is one of the following:\n\ Retransfer a single zone without checking serial number.\n\ freeze Suspend updates to all dynamic zones.\n\ freeze zone [class [view]]\n\ - Suspend updates to a dynamic zone.\n\ + Suspend updates to a dynamic zone.\n\ thaw Enable updates to all dynamic zones and reload them.\n\ thaw zone [class [view]]\n\ - Enable updates to a frozen dynamic zone and reload it.\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ notify zone [class [view]]\n\ Resend NOTIFY messages for the zone.\n\ reconfig Reload configuration file and new zones only.\n\ @@ -152,7 +152,7 @@ get_addresses(const char *host, in_port_t port) { result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs], host); if (result == ISC_R_SUCCESS) - nserveraddrs++; + nserveraddrs++; } else { count = SERVERADDRS - nserveraddrs; result = bind9_getaddresses(host, port, @@ -485,7 +485,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, (void)cfg_map_get(config, "server", &servers); if (servers != NULL) { for (elt = cfg_list_first(servers); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { const char *name; @@ -521,7 +521,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, else { DO("get config key list", cfg_map_get(config, "key", &keys)); for (elt = cfg_list_first(keys); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { key = cfg_listelt_value(elt); @@ -599,7 +599,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, get_addresses(name, (in_port_t) myport); else fprintf(stderr, "too many address: " - "%s: dropped\n", name); + "%s: dropped\n", name); continue; } sa = *cfg_obj_assockaddr(address); @@ -739,7 +739,7 @@ main(int argc, char **argv) { case 'y': keyname = isc_commandline_argument; break; - + case '?': usage(0); break; @@ -773,7 +773,7 @@ main(int argc, char **argv) { logdest.file.maximum_size = 0; DO("creating log channel", isc_log_createchannel(logconfig, "stderr", - ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, + ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL)); DO("enabling log channel", isc_log_usechannel(logconfig, "stderr", NULL, NULL)); diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index 0719a74461b5..f2f0a0d6a84b 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.docbook,v 1.8.18.12 2007/08/28 07:20:01 tbox Exp $ --> +<!-- $Id: rndc.docbook,v 1.8.18.13 2007/12/14 20:53:58 marka Exp $ --> <refentry id="man.rndc"> <refentryinfo> <date>June 30, 2000</date> @@ -225,6 +225,9 @@ <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> + <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index d4d0ebb693fe..c460225cb646 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.html,v 1.8.18.22 2007/06/20 02:26:58 marka Exp $ --> +<!-- $Id: rndc.html,v 1.8.18.23 2007/12/14 22:37:16 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -149,6 +149,7 @@ <div class="refsect1" lang="en"> <a name="id2543683"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, + <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>, @@ -156,7 +157,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543730"></a><h2>AUTHOR</h2> +<a name="id2543738"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |