aboutsummaryrefslogtreecommitdiff
path: root/contrib/bind9/bin/rndc
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/bin/rndc')
-rw-r--r--contrib/bind9/bin/rndc/Makefile.in102
-rw-r--r--contrib/bind9/bin/rndc/include/rndc/os.h44
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.8140
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.c323
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.docbook273
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.html538
-rw-r--r--contrib/bind9/bin/rndc/rndc.8118
-rw-r--r--contrib/bind9/bin/rndc/rndc.c687
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf36
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.5142
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.docbook210
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.html377
-rw-r--r--contrib/bind9/bin/rndc/rndc.docbook228
-rw-r--r--contrib/bind9/bin/rndc/rndc.html388
-rw-r--r--contrib/bind9/bin/rndc/unix/Makefile.in36
-rw-r--r--contrib/bind9/bin/rndc/unix/os.c68
-rw-r--r--contrib/bind9/bin/rndc/util.c55
-rw-r--r--contrib/bind9/bin/rndc/util.h49
18 files changed, 3814 insertions, 0 deletions
diff --git a/contrib/bind9/bin/rndc/Makefile.in b/contrib/bind9/bin/rndc/Makefile.in
new file mode 100644
index 000000000000..e6773151126b
--- /dev/null
+++ b/contrib/bind9/bin/rndc/Makefile.in
@@ -0,0 +1,102 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.32.2.3.8.8 2004/07/20 07:01:50 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS = ../../lib/isccc/libisccc.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+
+RNDCLIBS = ${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
+RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+SUBDIRS = unix
+
+TARGETS = rndc@EXEEXT@ rndc-confgen@EXEEXT@
+
+MANPAGES = rndc.8 rndc-confgen.8 rndc.conf.5
+
+HTMLPAGES = rndc.html rndc-confgen.html rndc.conf.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+UOBJS = unix/os.@O@
+
+@BIND9_MAKE_RULES@
+
+rndc.@O@: rndc.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -DRNDC_CONFFILE=\"${sysconfdir}/rndc.conf\" \
+ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+ -c ${srcdir}/rndc.c
+
+rndc-confgen.@O@: rndc-confgen.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+ -c ${srcdir}/rndc-confgen.c
+
+rndc@EXEEXT@: rndc.@O@ util.@O@ ${RNDCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc.@O@ util.@O@ \
+ ${RNDCLIBS}
+
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ ${UOBJS} ${CONFDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ \
+ ${UOBJS} ${CONFLIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
+
+install:: rndc@EXEEXT@ rndc-confgen@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+ ${INSTALL_DATA} ${srcdir}/rndc.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/rndc.conf.5 ${DESTDIR}${mandir}/man5
+
+clean distclean maintainer-clean::
+ rm -f ${TARGETS}
diff --git a/contrib/bind9/bin/rndc/include/rndc/os.h b/contrib/bind9/bin/rndc/include/rndc/os.h
new file mode 100644
index 000000000000..b5ade476b9f1
--- /dev/null
+++ b/contrib/bind9/bin/rndc/include/rndc/os.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.h,v 1.4.206.1 2004/03/06 10:21:33 marka Exp $ */
+
+#ifndef RNDC_OS_H
+#define RNDC_OS_H 1
+
+#include <isc/lang.h>
+#include <stdio.h>
+
+ISC_LANG_BEGINDECLS
+
+FILE *safe_create(const char *filename);
+/*
+ * Open 'filename' for writing, truncate if necessary. If the file was
+ * created ensure that only the owner can read/write it.
+ */
+
+int set_user(FILE *fd, const char *user);
+/*
+ * Set the owner of the file refernced by 'fd' to 'user'.
+ * Returns:
+ * 0 success
+ * -1 insufficient permissions, or 'user' does not exist.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/contrib/bind9/bin/rndc/rndc-confgen.8 b/contrib/bind9/bin/rndc/rndc-confgen.8
new file mode 100644
index 000000000000..b12e90cc569e
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc-confgen.8
@@ -0,0 +1,140 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc-confgen.8,v 1.3.2.5.2.3 2004/06/03 05:35:48 marka Exp $
+.\"
+.TH "RNDC-CONFGEN" "8" "Aug 27, 2001" "BIND9" ""
+.SH NAME
+rndc-confgen \- rndc key generation tool
+.SH SYNOPSIS
+.sp
+\fBrndc-confgen\fR [ \fB-a\fR ] [ \fB-b \fIkeysize\fB\fR ] [ \fB-c \fIkeyfile\fB\fR ] [ \fB-h\fR ] [ \fB-k \fIkeyname\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-r \fIrandomfile\fB\fR ] [ \fB-s \fIaddress\fB\fR ] [ \fB-t \fIchrootdir\fB\fR ] [ \fB-u \fIuser\fB\fR ]
+.SH "DESCRIPTION"
+.PP
+\fBrndc-confgen\fR generates configuration files
+for \fBrndc\fR. It can be used as a
+convenient alternative to writing the
+\fIrndc.conf\fR file
+and the corresponding \fBcontrols\fR
+and \fBkey\fR
+statements in \fInamed.conf\fR by hand.
+Alternatively, it can be run with the \fB-a\fR
+option to set up a \fIrndc.key\fR file and
+avoid the need for a \fIrndc.conf\fR file
+and a \fBcontrols\fR statement altogether.
+.SH "OPTIONS"
+.TP
+\fB-a\fR
+Do automatic \fBrndc\fR configuration.
+This creates a file \fIrndc.key\fR
+in \fI/etc\fR (or whatever
+sysconfdir
+was specified as when BIND was built)
+that is read by both \fBrndc\fR
+and \fBnamed\fR on startup. The
+\fIrndc.key\fR file defines a default
+command channel and authentication key allowing
+\fBrndc\fR to communicate with
+\fBnamed\fR on the local host
+with no further configuration.
+
+Running \fBrndc-confgen -a\fR allows
+BIND 9 and \fBrndc\fR to be used as drop-in
+replacements for BIND 8 and \fBndc\fR,
+with no changes to the existing BIND 8
+\fInamed.conf\fR file.
+
+If a more elaborate configuration than that
+generated by \fBrndc-confgen -a\fR
+is required, for example if rndc is to be used remotely,
+you should run \fBrndc-confgen\fR without the
+\fB-a\fR option and set up a
+\fIrndc.conf\fR and
+\fInamed.conf\fR
+as directed.
+.TP
+\fB-b \fIkeysize\fB\fR
+Specifies the size of the authentication key in bits.
+Must be between 1 and 512 bits; the default is 128.
+.TP
+\fB-c \fIkeyfile\fB\fR
+Used with the \fB-a\fR option to specify
+an alternate location for \fIrndc.key\fR.
+.TP
+\fB-h\fR
+Prints a short summary of the options and arguments to
+\fBrndc-confgen\fR.
+.TP
+\fB-k \fIkeyname\fB\fR
+Specifies the key name of the rndc authentication key.
+This must be a valid domain name.
+The default is rndc-key.
+.TP
+\fB-p \fIport\fB\fR
+Specifies the command channel port where \fBnamed\fR
+listens for connections from \fBrndc\fR.
+The default is 953.
+.TP
+\fB-r \fIrandomfile\fB\fR
+Specifies a source of random data for generating the
+authorization. If the operating
+system does not provide a \fI/dev/random\fR
+or equivalent device, the default source of randomness
+is keyboard input. \fIrandomdev\fR specifies
+the name of a character device or file containing random
+data to be used instead of the default. The special value
+\fIkeyboard\fR indicates that keyboard
+input should be used.
+.TP
+\fB-s \fIaddress\fB\fR
+Specifies the IP address where \fBnamed\fR
+listens for command channel connections from
+\fBrndc\fR. The default is the loopback
+address 127.0.0.1.
+.TP
+\fB-t \fIchrootdir\fB\fR
+Used with the \fB-a\fR option to specify
+a directory where \fBnamed\fR will run
+chrooted. An additional copy of the \fIrndc.key\fR
+will be written relative to this directory so that
+it will be found by the chrooted \fBnamed\fR.
+.TP
+\fB-u \fIuser\fB\fR
+Used with the \fB-a\fR option to set the owner
+of the \fIrndc.key\fR file generated. If
+\fB-t\fR is also specified only the file in
+the chroot area has its owner changed.
+.SH "EXAMPLES"
+.PP
+To allow \fBrndc\fR to be used with
+no manual configuration, run
+.PP
+\fBrndc-confgen -a\fR
+.PP
+To print a sample \fIrndc.conf\fR file and
+corresponding \fBcontrols\fR and \fBkey\fR
+statements to be manually inserted into \fInamed.conf\fR,
+run
+.PP
+\fBrndc-confgen\fR
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc.conf\fR(5),
+\fBnamed\fR(8),
+\fIBIND 9 Administrator Reference Manual\fR.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
diff --git a/contrib/bind9/bin/rndc/rndc-confgen.c b/contrib/bind9/bin/rndc/rndc-confgen.c
new file mode 100644
index 000000000000..ef0d4973186c
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc-confgen.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc-confgen.c,v 1.9.2.6.2.4 2004/03/06 10:21:31 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include <isc/assertions.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/keyboard.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+#include <rndc/os.h>
+
+#include "util.h"
+
+#define DEFAULT_KEYLENGTH 128 /* Bits. */
+#define DEFAULT_KEYNAME "rndc-key"
+#define DEFAULT_SERVER "127.0.0.1"
+#define DEFAULT_PORT 953
+
+static char program[256];
+char *progname;
+
+isc_boolean_t verbose = ISC_FALSE;
+
+const char *keyfile, *keydef;
+
+static void
+usage(int status) {
+
+ fprintf(stderr, "\
+Usage:\n\
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
+[-s addr] [-t chrootdir] [-u user]\n\
+ -a: generate just the key clause and write it to keyfile (%s)\n\
+ -b bits: from 1 through 512, default %d; total length of the secret\n\
+ -c keyfile: specify an alternate key file (requires -a)\n\
+ -k keyname: the name as it will be used in named.conf and rndc.conf\n\
+ -p port: the port named will listen on and rndc will connect to\n\
+ -r randomfile: a file containing random data\n\
+ -s addr: the address to which rndc should connect\n\
+ -t chrootdir: write a keyfile in chrootdir as well (requires -a)\n\
+ -u user: set the keyfile owner to \"user\" (requires -a)\n",
+ progname, keydef, DEFAULT_KEYLENGTH);
+
+ exit (status);
+}
+
+/*
+ * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL,
+ * make that user the owner of the file. The key will have
+ * the name 'keyname' and the secret in the buffer 'secret'.
+ */
+static void
+write_key_file(const char *keyfile, const char *user,
+ const char *keyname, isc_buffer_t *secret )
+{
+ FILE *fd;
+
+ fd = safe_create(keyfile);
+ if (fd == NULL)
+ fatal( "unable to create \"%s\"\n", keyfile);
+ if (user != NULL) {
+ if (set_user(fd, user) == -1)
+ fatal("unable to set file owner\n");
+ }
+ fprintf(fd, "key \"%s\" {\n\talgorithm hmac-md5;\n"
+ "\tsecret \"%.*s\";\n};\n", keyname,
+ (int)isc_buffer_usedlength(secret),
+ (char *)isc_buffer_base(secret));
+ fflush(fd);
+ if (ferror(fd))
+ fatal("write to %s failed\n", keyfile);
+ if (fclose(fd))
+ fatal("fclose(%s) failed\n", keyfile);
+ fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
+}
+
+int
+main(int argc, char **argv) {
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_buffer_t key_rawbuffer;
+ isc_buffer_t key_txtbuffer;
+ isc_region_t key_rawregion;
+ isc_mem_t *mctx = NULL;
+ isc_entropy_t *ectx = NULL;
+ isc_entropysource_t *entropy_source = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+ dst_key_t *key = NULL;
+ const char *keyname = NULL;
+ const char *randomfile = NULL;
+ const char *serveraddr = NULL;
+ char key_rawsecret[64];
+ char key_txtsecret[256];
+ char *p;
+ int ch;
+ int port;
+ int keysize;
+ int entropy_flags = 0;
+ int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+ struct in_addr addr4_dummy;
+ struct in6_addr addr6_dummy;
+ char *chrootdir = NULL;
+ char *user = NULL;
+ isc_boolean_t keyonly = ISC_FALSE;
+ int len;
+
+ keydef = keyfile = RNDC_KEYFILE;
+
+ result = isc_file_progname(*argv, program, sizeof(program));
+ if (result != ISC_R_SUCCESS)
+ memcpy(program, "rndc-confgen", 13);
+ progname = program;
+
+ keyname = DEFAULT_KEYNAME;
+ keysize = DEFAULT_KEYLENGTH;
+ serveraddr = DEFAULT_SERVER;
+ port = DEFAULT_PORT;
+
+ while ((ch = isc_commandline_parse(argc, argv,
+ "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) {
+ switch (ch) {
+ case 'a':
+ keyonly = ISC_TRUE;
+ break;
+ case 'b':
+ keysize = strtol(isc_commandline_argument, &p, 10);
+ if (*p != '\0' || keysize < 0)
+ fatal("-b requires a non-negative number");
+ if (keysize < 1 || keysize > 512)
+ fatal("-b must be in the range 1 through 512");
+ break;
+ case 'c':
+ keyfile = isc_commandline_argument;
+ break;
+ case 'h':
+ usage(0);
+ case 'k':
+ case 'y': /* Compatible with rndc -y. */
+ keyname = isc_commandline_argument;
+ break;
+ case 'M':
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+ break;
+
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+ case 'p':
+ port = strtol(isc_commandline_argument, &p, 10);
+ if (*p != '\0' || port < 0 || port > 65535)
+ fatal("port '%s' out of range",
+ isc_commandline_argument);
+ break;
+ case 'r':
+ randomfile = isc_commandline_argument;
+ break;
+ case 's':
+ serveraddr = isc_commandline_argument;
+ if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
+ inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
+ fatal("-s should be an IPv4 or IPv6 address");
+ break;
+ case 't':
+ chrootdir = isc_commandline_argument;
+ break;
+ case 'u':
+ user = isc_commandline_argument;
+ break;
+ case 'V':
+ verbose = ISC_TRUE;
+ break;
+ case '?':
+ usage(1);
+ break;
+ default:
+ fatal("unexpected error parsing command arguments: "
+ "got %c\n", ch);
+ break;
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 0)
+ usage(1);
+
+ DO("create memory context", isc_mem_create(0, 0, &mctx));
+
+ DO("create entropy context", isc_entropy_create(mctx, &ectx));
+
+ if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+ randomfile = NULL;
+ open_keyboard = ISC_ENTROPY_KEYBOARDYES;
+ }
+ DO("start entropy source", isc_entropy_usebestsource(ectx,
+ &entropy_source,
+ randomfile,
+ open_keyboard));
+
+ entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
+
+ DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
+
+ DO("generate key", dst_key_generate(dns_rootname, DST_ALG_HMACMD5,
+ keysize, 0, 0,
+ DNS_KEYPROTO_ANY,
+ dns_rdataclass_in, mctx, &key));
+
+ isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
+
+ DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
+
+ isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
+ isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
+
+ DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+ &key_txtbuffer));
+
+ /*
+ * Shut down the entropy source now so the "stop typing" message
+ * does not muck with the output.
+ */
+ if (entropy_source != NULL)
+ isc_entropy_destroysource(&entropy_source);
+
+ if (key != NULL)
+ dst_key_free(&key);
+
+ isc_entropy_detach(&ectx);
+ dst_lib_destroy();
+
+ if (keyonly) {
+ write_key_file(keyfile, chrootdir == NULL ? user : NULL,
+ keyname, &key_txtbuffer);
+
+ if (chrootdir != NULL) {
+ char *buf;
+ len = strlen(chrootdir) + strlen(keyfile) + 2;
+ buf = isc_mem_get(mctx, len);
+ if (buf == NULL)
+ fatal("isc_mem_get(%d) failed\n", len);
+ snprintf(buf, len, "%s/%s", chrootdir, keyfile);
+
+ write_key_file(buf, user, keyname, &key_txtbuffer);
+ isc_mem_put(mctx, buf, len);
+ }
+ } else {
+ printf("\
+# Start of rndc.conf\n\
+key \"%s\" {\n\
+ algorithm hmac-md5;\n\
+ secret \"%.*s\";\n\
+};\n\
+\n\
+options {\n\
+ default-key \"%s\";\n\
+ default-server %s;\n\
+ default-port %d;\n\
+};\n\
+# End of rndc.conf\n\
+\n\
+# Use with the following in named.conf, adjusting the allow list as needed:\n\
+# key \"%s\" {\n\
+# algorithm hmac-md5;\n\
+# secret \"%.*s\";\n\
+# };\n\
+# \n\
+# controls {\n\
+# inet %s port %d\n\
+# allow { %s; } keys { \"%s\"; };\n\
+# };\n\
+# End of named.conf\n",
+ keyname,
+ (int)isc_buffer_usedlength(&key_txtbuffer),
+ (char *)isc_buffer_base(&key_txtbuffer),
+ keyname, serveraddr, port,
+ keyname,
+ (int)isc_buffer_usedlength(&key_txtbuffer),
+ (char *)isc_buffer_base(&key_txtbuffer),
+ serveraddr, port, serveraddr, keyname);
+ }
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/contrib/bind9/bin/rndc/rndc-confgen.docbook b/contrib/bind9/bin/rndc/rndc-confgen.docbook
new file mode 100644
index 000000000000..272de459c19a
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc-confgen.docbook
@@ -0,0 +1,273 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.3 2004/06/03 02:24:58 marka Exp $ -->
+
+<refentry>
+ <refentryinfo>
+ <date>Aug 27, 2001</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>rndc-confgen</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>rndc-confgen</application></refname>
+ <refpurpose>rndc key generation tool</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc-confgen</command>
+ <arg><option>-a</option></arg>
+ <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
+ <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
+ <arg><option>-h</option></arg>
+ <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
+ <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ <command>rndc-confgen</command> generates configuration files
+ for <command>rndc</command>. It can be used as a
+ convenient alternative to writing the
+ <filename>rndc.conf</filename> file
+ and the corresponding <command>controls</command>
+ and <command>key</command>
+ statements in <filename>named.conf</filename> by hand.
+ Alternatively, it can be run with the <command>-a</command>
+ option to set up a <filename>rndc.key</filename> file and
+ avoid the need for a <filename>rndc.conf</filename> file
+ and a <command>controls</command> statement altogether.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a</term>
+ <listitem>
+ <para>
+ Do automatic <command>rndc</command> configuration.
+ This creates a file <filename>rndc.key</filename>
+ in <filename>/etc</filename> (or whatever
+ <varname>sysconfdir</varname>
+ was specified as when <acronym>BIND</acronym> was built)
+ that is read by both <command>rndc</command>
+ and <command>named</command> on startup. The
+ <filename>rndc.key</filename> file defines a default
+ command channel and authentication key allowing
+ <command>rndc</command> to communicate with
+ <command>named</command> on the local host
+ with no further configuration.
+ </para>
+ <para>
+ Running <command>rndc-confgen -a</command> allows
+ BIND 9 and <command>rndc</command> to be used as drop-in
+ replacements for BIND 8 and <command>ndc</command>,
+ with no changes to the existing BIND 8
+ <filename>named.conf</filename> file.
+ </para>
+ <para>
+ If a more elaborate configuration than that
+ generated by <command>rndc-confgen -a</command>
+ is required, for example if rndc is to be used remotely,
+ you should run <command>rndc-confgen</command> without the
+ <command>-a</command> option and set up a
+ <filename>rndc.conf</filename> and
+ <filename>named.conf</filename>
+ as directed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-b <replaceable class="parameter">keysize</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the size of the authentication key in bits.
+ Must be between 1 and 512 bits; the default is 128.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">keyfile</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to specify
+ an alternate location for <filename>rndc.key</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Prints a short summary of the options and arguments to
+ <command>rndc-confgen</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">keyname</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the key name of the rndc authentication key.
+ This must be a valid domain name.
+ The default is <constant>rndc-key</constant>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the command channel port where <command>named</command>
+ listens for connections from <command>rndc</command>.
+ The default is 953.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r <replaceable class="parameter">randomfile</replaceable></term>
+ <listitem>
+ <para>
+ Specifies a source of random data for generating the
+ authorization. If the operating
+ system does not provide a <filename>/dev/random</filename>
+ or equivalent device, the default source of randomness
+ is keyboard input. <filename>randomdev</filename> specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <filename>keyboard</filename> indicates that keyboard
+ input should be used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">address</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the IP address where <command>named</command>
+ listens for command channel connections from
+ <command>rndc</command>. The default is the loopback
+ address 127.0.0.1.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to specify
+ a directory where <command>named</command> will run
+ chrooted. An additional copy of the <filename>rndc.key</filename>
+ will be written relative to this directory so that
+ it will be found by the chrooted <command>named</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-u <replaceable class="parameter">user</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to set the owner
+ of the <filename>rndc.key</filename> file generated. If
+ <command>-t</command> is also specified only the file in
+ the chroot area has its owner changed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ To allow <command>rndc</command> to be used with
+ no manual configuration, run
+ </para>
+ <para>
+ <userinput>rndc-confgen -a</userinput>
+ </para>
+ <para>
+ To print a sample <filename>rndc.conf</filename> file and
+ corresponding <command>controls</command> and <command>key</command>
+ statements to be manually inserted into <filename>named.conf</filename>,
+ run
+ </para>
+ <para>
+ <userinput>rndc-confgen</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ <corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/contrib/bind9/bin/rndc/rndc-confgen.html b/contrib/bind9/bin/rndc/rndc-confgen.html
new file mode 100644
index 000000000000..7292be2f99dc
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc-confgen.html
@@ -0,0 +1,538 @@
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.4 2004/08/22 23:39:00 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>rndc-confgen</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="AEN1"
+></A
+><SPAN
+CLASS="APPLICATION"
+>rndc-confgen</SPAN
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN9"
+></A
+><H2
+>Name</H2
+><SPAN
+CLASS="APPLICATION"
+>rndc-confgen</SPAN
+>&nbsp;--&nbsp;rndc key generation tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN13"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>rndc-confgen</B
+> [<VAR
+CLASS="OPTION"
+>-a</VAR
+>] [<VAR
+CLASS="OPTION"
+>-b <VAR
+CLASS="REPLACEABLE"
+>keysize</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-c <VAR
+CLASS="REPLACEABLE"
+>keyfile</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-h</VAR
+>] [<VAR
+CLASS="OPTION"
+>-k <VAR
+CLASS="REPLACEABLE"
+>keyname</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-p <VAR
+CLASS="REPLACEABLE"
+>port</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-r <VAR
+CLASS="REPLACEABLE"
+>randomfile</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-s <VAR
+CLASS="REPLACEABLE"
+>address</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-t <VAR
+CLASS="REPLACEABLE"
+>chrootdir</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-u <VAR
+CLASS="REPLACEABLE"
+>user</VAR
+></VAR
+>]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN44"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+> <B
+CLASS="COMMAND"
+>rndc-confgen</B
+> generates configuration files
+ for <B
+CLASS="COMMAND"
+>rndc</B
+>. It can be used as a
+ convenient alternative to writing the
+ <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> file
+ and the corresponding <B
+CLASS="COMMAND"
+>controls</B
+>
+ and <B
+CLASS="COMMAND"
+>key</B
+>
+ statements in <TT
+CLASS="FILENAME"
+>named.conf</TT
+> by hand.
+ Alternatively, it can be run with the <B
+CLASS="COMMAND"
+>-a</B
+>
+ option to set up a <TT
+CLASS="FILENAME"
+>rndc.key</TT
+> file and
+ avoid the need for a <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> file
+ and a <B
+CLASS="COMMAND"
+>controls</B
+> statement altogether.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN57"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-a</DT
+><DD
+><P
+> Do automatic <B
+CLASS="COMMAND"
+>rndc</B
+> configuration.
+ This creates a file <TT
+CLASS="FILENAME"
+>rndc.key</TT
+>
+ in <TT
+CLASS="FILENAME"
+>/etc</TT
+> (or whatever
+ <VAR
+CLASS="VARNAME"
+>sysconfdir</VAR
+>
+ was specified as when <ACRONYM
+CLASS="ACRONYM"
+>BIND</ACRONYM
+> was built)
+ that is read by both <B
+CLASS="COMMAND"
+>rndc</B
+>
+ and <B
+CLASS="COMMAND"
+>named</B
+> on startup. The
+ <TT
+CLASS="FILENAME"
+>rndc.key</TT
+> file defines a default
+ command channel and authentication key allowing
+ <B
+CLASS="COMMAND"
+>rndc</B
+> to communicate with
+ <B
+CLASS="COMMAND"
+>named</B
+> on the local host
+ with no further configuration.
+ </P
+><P
+> Running <B
+CLASS="COMMAND"
+>rndc-confgen -a</B
+> allows
+ BIND 9 and <B
+CLASS="COMMAND"
+>rndc</B
+> to be used as drop-in
+ replacements for BIND 8 and <B
+CLASS="COMMAND"
+>ndc</B
+>,
+ with no changes to the existing BIND 8
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+> file.
+ </P
+><P
+> If a more elaborate configuration than that
+ generated by <B
+CLASS="COMMAND"
+>rndc-confgen -a</B
+>
+ is required, for example if rndc is to be used remotely,
+ you should run <B
+CLASS="COMMAND"
+>rndc-confgen</B
+> without the
+ <B
+CLASS="COMMAND"
+>-a</B
+> option and set up a
+ <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> and
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+>
+ as directed.
+ </P
+></DD
+><DT
+>-b <VAR
+CLASS="REPLACEABLE"
+>keysize</VAR
+></DT
+><DD
+><P
+> Specifies the size of the authentication key in bits.
+ Must be between 1 and 512 bits; the default is 128.
+ </P
+></DD
+><DT
+>-c <VAR
+CLASS="REPLACEABLE"
+>keyfile</VAR
+></DT
+><DD
+><P
+> Used with the <B
+CLASS="COMMAND"
+>-a</B
+> option to specify
+ an alternate location for <TT
+CLASS="FILENAME"
+>rndc.key</TT
+>.
+ </P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+> Prints a short summary of the options and arguments to
+ <B
+CLASS="COMMAND"
+>rndc-confgen</B
+>.
+ </P
+></DD
+><DT
+>-k <VAR
+CLASS="REPLACEABLE"
+>keyname</VAR
+></DT
+><DD
+><P
+> Specifies the key name of the rndc authentication key.
+ This must be a valid domain name.
+ The default is <CODE
+CLASS="CONSTANT"
+>rndc-key</CODE
+>.
+ </P
+></DD
+><DT
+>-p <VAR
+CLASS="REPLACEABLE"
+>port</VAR
+></DT
+><DD
+><P
+> Specifies the command channel port where <B
+CLASS="COMMAND"
+>named</B
+>
+ listens for connections from <B
+CLASS="COMMAND"
+>rndc</B
+>.
+ The default is 953.
+ </P
+></DD
+><DT
+>-r <VAR
+CLASS="REPLACEABLE"
+>randomfile</VAR
+></DT
+><DD
+><P
+> Specifies a source of random data for generating the
+ authorization. If the operating
+ system does not provide a <TT
+CLASS="FILENAME"
+>/dev/random</TT
+>
+ or equivalent device, the default source of randomness
+ is keyboard input. <TT
+CLASS="FILENAME"
+>randomdev</TT
+> specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <TT
+CLASS="FILENAME"
+>keyboard</TT
+> indicates that keyboard
+ input should be used.
+ </P
+></DD
+><DT
+>-s <VAR
+CLASS="REPLACEABLE"
+>address</VAR
+></DT
+><DD
+><P
+> Specifies the IP address where <B
+CLASS="COMMAND"
+>named</B
+>
+ listens for command channel connections from
+ <B
+CLASS="COMMAND"
+>rndc</B
+>. The default is the loopback
+ address 127.0.0.1.
+ </P
+></DD
+><DT
+>-t <VAR
+CLASS="REPLACEABLE"
+>chrootdir</VAR
+></DT
+><DD
+><P
+> Used with the <B
+CLASS="COMMAND"
+>-a</B
+> option to specify
+ a directory where <B
+CLASS="COMMAND"
+>named</B
+> will run
+ chrooted. An additional copy of the <TT
+CLASS="FILENAME"
+>rndc.key</TT
+>
+ will be written relative to this directory so that
+ it will be found by the chrooted <B
+CLASS="COMMAND"
+>named</B
+>.
+ </P
+></DD
+><DT
+>-u <VAR
+CLASS="REPLACEABLE"
+>user</VAR
+></DT
+><DD
+><P
+> Used with the <B
+CLASS="COMMAND"
+>-a</B
+> option to set the owner
+ of the <TT
+CLASS="FILENAME"
+>rndc.key</TT
+> file generated. If
+ <B
+CLASS="COMMAND"
+>-t</B
+> is also specified only the file in
+ the chroot area has its owner changed.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN147"
+></A
+><H2
+>EXAMPLES</H2
+><P
+> To allow <B
+CLASS="COMMAND"
+>rndc</B
+> to be used with
+ no manual configuration, run
+ </P
+><P
+> <KBD
+CLASS="USERINPUT"
+>rndc-confgen -a</KBD
+>
+ </P
+><P
+> To print a sample <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> file and
+ corresponding <B
+CLASS="COMMAND"
+>controls</B
+> and <B
+CLASS="COMMAND"
+>key</B
+>
+ statements to be manually inserted into <TT
+CLASS="FILENAME"
+>named.conf</TT
+>,
+ run
+ </P
+><P
+> <KBD
+CLASS="USERINPUT"
+>rndc-confgen</KBD
+>
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN160"
+></A
+><H2
+>SEE ALSO</H2
+><P
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rndc</SPAN
+>(8)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rndc.conf</SPAN
+>(5)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>named</SPAN
+>(8)</SPAN
+>,
+ <I
+CLASS="CITETITLE"
+>BIND 9 Administrator Reference Manual</I
+>.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN173"
+></A
+><H2
+>AUTHOR</H2
+><P
+> Internet Systems Consortium
+ </P
+></DIV
+></BODY
+></HTML
+>
diff --git a/contrib/bind9/bin/rndc/rndc.8 b/contrib/bind9/bin/rndc/rndc.8
new file mode 100644
index 000000000000..356883bc4147
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.8
@@ -0,0 +1,118 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.8,v 1.24.206.2 2004/06/03 05:35:49 marka Exp $
+.\"
+.TH "RNDC" "8" "June 30, 2000" "BIND9" ""
+.SH NAME
+rndc \- name server control utility
+.SH SYNOPSIS
+.sp
+\fBrndc\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-k \fIkey-file\fB\fR ] [ \fB-s \fIserver\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-V\fR ] [ \fB-y \fIkey_id\fB\fR ] \fBcommand\fR
+.SH "DESCRIPTION"
+.PP
+\fBrndc\fR controls the operation of a name
+server. It supersedes the \fBndc\fR utility
+that was provided in old BIND releases. If
+\fBrndc\fR is invoked with no command line
+options or arguments, it prints a short summary of the
+supported commands and the available options and their
+arguments.
+.PP
+\fBrndc\fR communicates with the name server
+over a TCP connection, sending commands authenticated with
+digital signatures. In the current versions of
+\fBrndc\fR and \fBnamed\fR named
+the only supported authentication algorithm is HMAC-MD5,
+which uses a shared secret on each end of the connection.
+This provides TSIG-style authentication for the command
+request and the name server's response. All commands sent
+over the channel must be signed by a key_id known to the
+server.
+.PP
+\fBrndc\fR reads a configuration file to
+determine how to contact the name server and decide what
+algorithm and key it should use.
+.SH "OPTIONS"
+.TP
+\fB-c \fIconfig-file\fB\fR
+Use \fIconfig-file\fR
+as the configuration file instead of the default,
+\fI/etc/rndc.conf\fR.
+.TP
+\fB-k \fIkey-file\fB\fR
+Use \fIkey-file\fR
+as the key file instead of the default,
+\fI/etc/rndc.key\fR. The key in
+\fI/etc/rndc.key\fR will be used to authenticate
+commands sent to the server if the \fIconfig-file\fR
+does not exist.
+.TP
+\fB-s \fIserver\fB\fR
+\fIserver\fR is
+the name or address of the server which matches a
+server statement in the configuration file for
+\fBrndc\fR. If no server is supplied on the
+command line, the host named by the default-server clause
+in the option statement of the configuration file will be
+used.
+.TP
+\fB-p \fIport\fB\fR
+Send commands to TCP port
+\fIport\fR instead
+of BIND 9's default control channel port, 953.
+.TP
+\fB-V\fR
+Enable verbose logging.
+.TP
+\fB-y \fIkeyid\fB\fR
+Use the key \fIkeyid\fR
+from the configuration file.
+\fIkeyid\fR must be
+known by named with the same algorithm and secret string
+in order for control message validation to succeed.
+If no \fIkeyid\fR
+is specified, \fBrndc\fR will first look
+for a key clause in the server statement of the server
+being used, or if no server statement is present for that
+host, then the default-key clause of the options statement.
+Note that the configuration file contains shared secrets
+which are used to send authenticated control commands
+to name servers. It should therefore not have general read
+or write access.
+.PP
+For the complete set of commands supported by \fBrndc\fR,
+see the BIND 9 Administrator Reference Manual or run
+\fBrndc\fR without arguments to see its help message.
+.PP
+.SH "LIMITATIONS"
+.PP
+\fBrndc\fR does not yet support all the commands of
+the BIND 8 \fBndc\fR utility.
+.PP
+There is currently no way to provide the shared secret for a
+\fBkey_id\fR without using the configuration file.
+.PP
+Several error messages could be clearer.
+.SH "SEE ALSO"
+.PP
+\fBrndc.conf\fR(5),
+\fBnamed\fR(8),
+\fBnamed.conf\fR(5)
+\fBndc\fR(8),
+\fIBIND 9 Administrator Reference Manual\fR.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
diff --git a/contrib/bind9/bin/rndc/rndc.c b/contrib/bind9/bin/rndc/rndc.c
new file mode 100644
index 000000000000..9ea07ac00eb3
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.c
@@ -0,0 +1,687 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.c,v 1.77.2.5.2.12 2004/03/08 04:04:23 marka Exp $ */
+
+/*
+ * Principal Author: DCL
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/random.h>
+#include <isc/socket.h>
+#include <isc/stdtime.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/thread.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <isccc/alist.h>
+#include <isccc/base64.h>
+#include <isccc/cc.h>
+#include <isccc/ccmsg.h>
+#include <isccc/result.h>
+#include <isccc/sexpr.h>
+#include <isccc/types.h>
+#include <isccc/util.h>
+
+#include <bind9/getaddresses.h>
+
+#include "util.h"
+
+#define SERVERADDRS 10
+
+char *progname;
+isc_boolean_t verbose;
+
+static const char *admin_conffile;
+static const char *admin_keyfile;
+static const char *version = VERSION;
+static const char *servername = NULL;
+static isc_sockaddr_t serveraddrs[SERVERADDRS];
+static int nserveraddrs;
+static int currentaddr = 0;
+static unsigned int remoteport = 0;
+static isc_socketmgr_t *socketmgr = NULL;
+static unsigned char databuf[2048];
+static isccc_ccmsg_t ccmsg;
+static isccc_region_t secret;
+static isc_boolean_t failed = ISC_FALSE;
+static isc_mem_t *mctx;
+static int sends, recvs, connects;
+static char *command;
+static char *args;
+static char program[256];
+static isc_socket_t *sock = NULL;
+static isc_uint32_t serial;
+
+static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task);
+
+static void
+usage(int status) {
+ fprintf(stderr, "\
+Usage: %s [-c config] [-s server] [-p port]\n\
+ [-k key-file ] [-y key] [-V] command\n\
+\n\
+command is one of the following:\n\
+\n\
+ reload Reload configuration file and zones.\n\
+ reload zone [class [view]]\n\
+ Reload a single zone.\n\
+ refresh zone [class [view]]\n\
+ Schedule immediate maintenance for a zone.\n\
+ retransfer zone [class [view]]\n\
+ Retransfer a single zone without checking serial number.\n\
+ freeze zone [class [view]]\n\
+ Suspend updates to a dynamic zone.\n\
+ unfreeze zone [class [view]]\n\
+ Enable updates to a frozen dynamic zone and reload it.\n\
+ reconfig Reload configuration file and new zones only.\n\
+ stats Write server statistics to the statistics file.\n\
+ querylog Toggle query logging.\n\
+ dumpdb Dump cache(s) to the dump file (named_dump.db).\n\
+ stop Save pending updates to master files and stop the server.\n\
+ stop -p Save pending updates to master files and stop the server\n\
+ reporting process id.\n\
+ halt Stop the server without saving pending updates.\n\
+ halt -p Stop the server without saving pending updates reporting\n\
+ process id.\n\
+ trace Increment debugging level by one.\n\
+ trace level Change the debugging level.\n\
+ notrace Set debugging level to 0.\n\
+ flush Flushes all of the server's caches.\n\
+ flush [view] Flushes the server's cache for a view.\n\
+ flushname name [view]\n\
+ Flush the given name from the server's cache(s)\n\
+ status Display status of the server.\n\
+ recursing Dump the queries that are currently recursing (named.recursing)\n\
+ *restart Restart the server.\n\
+\n\
+* == not yet implemented\n\
+Version: %s\n",
+ progname, version);
+
+ exit(status);
+}
+
+static void
+get_addresses(const char *host, in_port_t port) {
+ isc_result_t result;
+
+ isc_app_block();
+ result = bind9_getaddresses(servername, port,
+ serveraddrs, SERVERADDRS, &nserveraddrs);
+ isc_app_unblock();
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+ INSIST(nserveraddrs > 0);
+}
+
+static void
+rndc_senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+
+ UNUSED(task);
+
+ sends--;
+ if (sevent->result != ISC_R_SUCCESS)
+ fatal("send failed: %s", isc_result_totext(sevent->result));
+ isc_event_free(&event);
+}
+
+static void
+rndc_recvdone(isc_task_t *task, isc_event_t *event) {
+ isccc_sexpr_t *response = NULL;
+ isccc_sexpr_t *data;
+ isccc_region_t source;
+ char *errormsg = NULL;
+ char *textmsg = NULL;
+ isc_result_t result;
+
+ recvs--;
+
+ if (ccmsg.result == ISC_R_EOF)
+ fatal("connection to remote host closed\n"
+ "This may indicate that the remote server is using "
+ "an older version of \n"
+ "the command protocol, this host is not authorized "
+ "to connect,\nor the key is invalid.");
+
+ if (ccmsg.result != ISC_R_SUCCESS)
+ fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+ source.rstart = isc_buffer_base(&ccmsg.buffer);
+ source.rend = isc_buffer_used(&ccmsg.buffer);
+
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ data = isccc_alist_lookup(response, "_data");
+ if (data == NULL)
+ fatal("no data section in response");
+ result = isccc_cc_lookupstring(data, "err", &errormsg);
+ if (result == ISC_R_SUCCESS) {
+ failed = ISC_TRUE;
+ fprintf(stderr, "%s: '%s' failed: %s\n",
+ progname, command, errormsg);
+ }
+ else if (result != ISC_R_NOTFOUND)
+ fprintf(stderr, "%s: parsing response failed: %s\n",
+ progname, isc_result_totext(result));
+
+ result = isccc_cc_lookupstring(data, "text", &textmsg);
+ if (result == ISC_R_SUCCESS)
+ printf("%s\n", textmsg);
+ else if (result != ISC_R_NOTFOUND)
+ fprintf(stderr, "%s: parsing response failed: %s\n",
+ progname, isc_result_totext(result));
+
+ isc_event_free(&event);
+ isccc_sexpr_free(&response);
+ isc_socket_detach(&sock);
+ isc_task_shutdown(task);
+ RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+}
+
+static void
+rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
+ isccc_sexpr_t *response = NULL;
+ isccc_sexpr_t *_ctrl;
+ isccc_region_t source;
+ isc_result_t result;
+ isc_uint32_t nonce;
+ isccc_sexpr_t *request = NULL;
+ isccc_time_t now;
+ isc_region_t r;
+ isccc_sexpr_t *data;
+ isccc_region_t message;
+ isc_uint32_t len;
+ isc_buffer_t b;
+
+ recvs--;
+
+ if (ccmsg.result == ISC_R_EOF)
+ fatal("connection to remote host closed\n"
+ "This may indicate that the remote server is using "
+ "an older version of \n"
+ "the command protocol, this host is not authorized "
+ "to connect,\nor the key is invalid.");
+
+ if (ccmsg.result != ISC_R_SUCCESS)
+ fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+ source.rstart = isc_buffer_base(&ccmsg.buffer);
+ source.rend = isc_buffer_used(&ccmsg.buffer);
+
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ _ctrl = isccc_alist_lookup(response, "_ctrl");
+ if (_ctrl == NULL)
+ fatal("_ctrl section missing");
+ nonce = 0;
+ if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+ nonce = 0;
+
+ isc_stdtime_get(&now);
+
+ DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+ now, now + 60, &request));
+ data = isccc_alist_lookup(request, "_data");
+ if (data == NULL)
+ fatal("_data section missing");
+ if (isccc_cc_definestring(data, "type", args) == NULL)
+ fatal("out of memory");
+ if (nonce != 0) {
+ _ctrl = isccc_alist_lookup(request, "_ctrl");
+ if (_ctrl == NULL)
+ fatal("_ctrl section missing");
+ if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL)
+ fatal("out of memory");
+ }
+ message.rstart = databuf + 4;
+ message.rend = databuf + sizeof(databuf);
+ DO("render message", isccc_cc_towire(request, &message, &secret));
+ len = sizeof(databuf) - REGION_SIZE(message);
+ isc_buffer_init(&b, databuf, 4);
+ isc_buffer_putuint32(&b, len - 4);
+ r.length = len;
+ r.base = databuf;
+
+ isccc_ccmsg_cancelread(&ccmsg);
+ DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+ rndc_recvdone, NULL));
+ recvs++;
+ DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+ NULL));
+ sends++;
+
+ isc_event_free(&event);
+ isccc_sexpr_free(&response);
+ return;
+}
+
+static void
+rndc_connected(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+ isccc_sexpr_t *request = NULL;
+ isccc_sexpr_t *data;
+ isccc_time_t now;
+ isccc_region_t message;
+ isc_region_t r;
+ isc_uint32_t len;
+ isc_buffer_t b;
+ isc_result_t result;
+
+ connects--;
+
+ if (sevent->result != ISC_R_SUCCESS) {
+ if (sevent->result != ISC_R_CANCELED &&
+ currentaddr < nserveraddrs)
+ {
+ notify("connection failed: %s",
+ isc_result_totext(sevent->result));
+ isc_socket_detach(&sock);
+ isc_event_free(&event);
+ rndc_startconnect(&serveraddrs[currentaddr++], task);
+ return;
+ } else
+ fatal("connect failed: %s",
+ isc_result_totext(sevent->result));
+ }
+
+ isc_stdtime_get(&now);
+ DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+ now, now + 60, &request));
+ data = isccc_alist_lookup(request, "_data");
+ if (data == NULL)
+ fatal("_data section missing");
+ if (isccc_cc_definestring(data, "type", "null") == NULL)
+ fatal("out of memory");
+ message.rstart = databuf + 4;
+ message.rend = databuf + sizeof(databuf);
+ DO("render message", isccc_cc_towire(request, &message, &secret));
+ len = sizeof(databuf) - REGION_SIZE(message);
+ isc_buffer_init(&b, databuf, 4);
+ isc_buffer_putuint32(&b, len - 4);
+ r.length = len;
+ r.base = databuf;
+
+ isccc_ccmsg_init(mctx, sock, &ccmsg);
+ isccc_ccmsg_setmaxsize(&ccmsg, 1024);
+
+ DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+ rndc_recvnonce, NULL));
+ recvs++;
+ DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+ NULL));
+ sends++;
+ isc_event_free(&event);
+}
+
+static void
+rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
+ isc_result_t result;
+
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(addr, socktext, sizeof(socktext));
+
+ notify("using server %s (%s)", servername, socktext);
+
+ DO("create socket", isc_socket_create(socketmgr,
+ isc_sockaddr_pf(addr),
+ isc_sockettype_tcp, &sock));
+ DO("connect", isc_socket_connect(sock, addr, task, rndc_connected,
+ NULL));
+ connects++;
+}
+
+static void
+rndc_start(isc_task_t *task, isc_event_t *event) {
+ isc_event_free(&event);
+
+ get_addresses(servername, (in_port_t) remoteport);
+
+ currentaddr = 0;
+ rndc_startconnect(&serveraddrs[currentaddr++], task);
+}
+
+static void
+parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
+ cfg_parser_t **pctxp, cfg_obj_t **configp)
+{
+ isc_result_t result;
+ const char *conffile = admin_conffile;
+ cfg_obj_t *defkey = NULL;
+ cfg_obj_t *options = NULL;
+ cfg_obj_t *servers = NULL;
+ cfg_obj_t *server = NULL;
+ cfg_obj_t *keys = NULL;
+ cfg_obj_t *key = NULL;
+ cfg_obj_t *defport = NULL;
+ cfg_obj_t *secretobj = NULL;
+ cfg_obj_t *algorithmobj = NULL;
+ cfg_obj_t *config = NULL;
+ cfg_listelt_t *elt;
+ const char *secretstr;
+ const char *algorithm;
+ static char secretarray[1024];
+ const cfg_type_t *conftype = &cfg_type_rndcconf;
+ isc_boolean_t key_only = ISC_FALSE;
+
+ if (! isc_file_exists(conffile)) {
+ conffile = admin_keyfile;
+ conftype = &cfg_type_rndckey;
+
+ if (! isc_file_exists(conffile))
+ fatal("neither %s nor %s was found",
+ admin_conffile, admin_keyfile);
+ key_only = ISC_TRUE;
+ }
+
+ DO("create parser", cfg_parser_create(mctx, log, pctxp));
+
+ /*
+ * The parser will output its own errors, so DO() is not used.
+ */
+ result = cfg_parse_file(*pctxp, conffile, conftype, &config);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not load rndc configuration");
+
+ if (!key_only)
+ (void)cfg_map_get(config, "options", &options);
+
+ if (key_only && servername == NULL)
+ servername = "127.0.0.1";
+ else if (servername == NULL && options != NULL) {
+ cfg_obj_t *defserverobj = NULL;
+ (void)cfg_map_get(options, "default-server", &defserverobj);
+ if (defserverobj != NULL)
+ servername = cfg_obj_asstring(defserverobj);
+ }
+
+ if (servername == NULL)
+ fatal("no server specified and no default");
+
+ if (!key_only) {
+ (void)cfg_map_get(config, "server", &servers);
+ if (servers != NULL) {
+ for (elt = cfg_list_first(servers);
+ elt != NULL;
+ elt = cfg_list_next(elt))
+ {
+ const char *name;
+ server = cfg_listelt_value(elt);
+ name = cfg_obj_asstring(cfg_map_getname(server));
+ if (strcasecmp(name, servername) == 0)
+ break;
+ server = NULL;
+ }
+ }
+ }
+
+ /*
+ * Look for the name of the key to use.
+ */
+ if (keyname != NULL)
+ ; /* Was set on command line, do nothing. */
+ else if (server != NULL) {
+ DO("get key for server", cfg_map_get(server, "key", &defkey));
+ keyname = cfg_obj_asstring(defkey);
+ } else if (options != NULL) {
+ DO("get default key", cfg_map_get(options, "default-key",
+ &defkey));
+ keyname = cfg_obj_asstring(defkey);
+ } else if (!key_only)
+ fatal("no key for server and no default");
+
+ /*
+ * Get the key's definition.
+ */
+ if (key_only)
+ DO("get key", cfg_map_get(config, "key", &key));
+ else {
+ DO("get config key list", cfg_map_get(config, "key", &keys));
+ for (elt = cfg_list_first(keys);
+ elt != NULL;
+ elt = cfg_list_next(elt))
+ {
+ key = cfg_listelt_value(elt);
+ if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
+ keyname) == 0)
+ break;
+ }
+ if (elt == NULL)
+ fatal("no key definition for name %s", keyname);
+ }
+ (void)cfg_map_get(key, "secret", &secretobj);
+ (void)cfg_map_get(key, "algorithm", &algorithmobj);
+ if (secretobj == NULL || algorithmobj == NULL)
+ fatal("key must have algorithm and secret");
+
+ secretstr = cfg_obj_asstring(secretobj);
+ algorithm = cfg_obj_asstring(algorithmobj);
+
+ if (strcasecmp(algorithm, "hmac-md5") != 0)
+ fatal("unsupported algorithm: %s", algorithm);
+
+ secret.rstart = (unsigned char *)secretarray;
+ secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
+ DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
+ secret.rend = secret.rstart;
+ secret.rstart = (unsigned char *)secretarray;
+
+ /*
+ * Find the port to connect to.
+ */
+ if (remoteport != 0)
+ ; /* Was set on command line, do nothing. */
+ else {
+ if (server != NULL)
+ (void)cfg_map_get(server, "port", &defport);
+ if (defport == NULL && options != NULL)
+ (void)cfg_map_get(options, "default-port", &defport);
+ }
+ if (defport != NULL) {
+ remoteport = cfg_obj_asuint32(defport);
+ if (remoteport > 65535 || remoteport == 0)
+ fatal("port %d out of range", remoteport);
+ } else if (remoteport == 0)
+ remoteport = NS_CONTROL_PORT;
+
+ *configp = config;
+}
+
+int
+main(int argc, char **argv) {
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_taskmgr_t *taskmgr = NULL;
+ isc_task_t *task = NULL;
+ isc_log_t *log = NULL;
+ isc_logconfig_t *logconfig = NULL;
+ isc_logdestination_t logdest;
+ cfg_parser_t *pctx = NULL;
+ cfg_obj_t *config = NULL;
+ const char *keyname = NULL;
+ char *p;
+ size_t argslen;
+ int ch;
+ int i;
+
+ result = isc_file_progname(*argv, program, sizeof(program));
+ if (result != ISC_R_SUCCESS)
+ memcpy(program, "rndc", 5);
+ progname = program;
+
+ admin_conffile = RNDC_CONFFILE;
+ admin_keyfile = RNDC_KEYFILE;
+
+ result = isc_app_start();
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_app_start() failed: %s", isc_result_totext(result));
+
+ while ((ch = isc_commandline_parse(argc, argv, "c:k:Mmp:s:Vy:"))
+ != -1) {
+ switch (ch) {
+ case 'c':
+ admin_conffile = isc_commandline_argument;
+ break;
+
+ case 'k':
+ admin_keyfile = isc_commandline_argument;
+ break;
+
+ case 'M':
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+ break;
+
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+
+ case 'p':
+ remoteport = atoi(isc_commandline_argument);
+ if (remoteport > 65535 || remoteport == 0)
+ fatal("port '%s' out of range",
+ isc_commandline_argument);
+ break;
+
+ case 's':
+ servername = isc_commandline_argument;
+ break;
+ case 'V':
+ verbose = ISC_TRUE;
+ break;
+ case 'y':
+ keyname = isc_commandline_argument;
+ break;
+ case '?':
+ usage(0);
+ break;
+ default:
+ fatal("unexpected error parsing command arguments: "
+ "got %c\n", ch);
+ break;
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc < 1)
+ usage(1);
+
+ isc_random_get(&serial);
+
+ DO("create memory context", isc_mem_create(0, 0, &mctx));
+ DO("create socket manager", isc_socketmgr_create(mctx, &socketmgr));
+ DO("create task manager", isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ DO("create task", isc_task_create(taskmgr, 0, &task));
+
+ DO("create logging context", isc_log_create(mctx, &log, &logconfig));
+ isc_log_setcontext(log);
+ DO("setting log tag", isc_log_settag(logconfig, progname));
+ logdest.file.stream = stderr;
+ logdest.file.name = NULL;
+ logdest.file.versions = ISC_LOG_ROLLNEVER;
+ logdest.file.maximum_size = 0;
+ DO("creating log channel",
+ isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
+ ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
+ DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL));
+
+ parse_config(mctx, log, keyname, &pctx, &config);
+
+ isccc_result_register();
+
+ command = *argv;
+
+ /*
+ * Convert argc/argv into a space-delimited command string
+ * similar to what the user might enter in interactive mode
+ * (if that were implemented).
+ */
+ argslen = 0;
+ for (i = 0; i < argc; i++)
+ argslen += strlen(argv[i]) + 1;
+
+ args = isc_mem_get(mctx, argslen);
+ if (args == NULL)
+ DO("isc_mem_get", ISC_R_NOMEMORY);
+
+ p = args;
+ for (i = 0; i < argc; i++) {
+ size_t len = strlen(argv[i]);
+ memcpy(p, argv[i], len);
+ p += len;
+ *p++ = ' ';
+ }
+
+ p--;
+ *p++ = '\0';
+ INSIST(p == args + argslen);
+
+ notify("%s", command);
+
+ if (strcmp(command, "restart") == 0)
+ fatal("'%s' is not implemented", command);
+
+ DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL));
+
+ result = isc_app_run();
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_app_run() failed: %s", isc_result_totext(result));
+
+ if (connects > 0 || sends > 0 || recvs > 0)
+ isc_socket_cancel(sock, task, ISC_SOCKCANCEL_ALL);
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_log_destroy(&log);
+ isc_log_setcontext(NULL);
+
+ cfg_obj_destroy(pctx, &config);
+ cfg_parser_destroy(&pctx);
+
+ isc_mem_put(mctx, args, argslen);
+ isccc_ccmsg_invalidate(&ccmsg);
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ if (failed)
+ return (1);
+
+ return (0);
+}
diff --git a/contrib/bind9/bin/rndc/rndc.conf b/contrib/bind9/bin/rndc/rndc.conf
new file mode 100644
index 000000000000..1dc56074d715
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.conf
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.conf,v 1.7.206.1 2004/03/06 10:21:32 marka Exp $ */
+
+/*
+ * Sample rndc configuration file.
+ */
+
+options {
+ default-server localhost;
+ default-key "key";
+};
+
+server localhost {
+ key "key";
+};
+
+key "key" {
+ algorithm hmac-md5;
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+};
diff --git a/contrib/bind9/bin/rndc/rndc.conf.5 b/contrib/bind9/bin/rndc/rndc.conf.5
new file mode 100644
index 000000000000..5b61cfb00c1e
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.conf.5
@@ -0,0 +1,142 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.conf.5,v 1.21.206.2 2004/06/03 05:35:50 marka Exp $
+.\"
+.TH "RNDC.CONF" "5" "June 30, 2000" "BIND9" ""
+.SH NAME
+rndc.conf \- rndc configuration file
+.SH SYNOPSIS
+.sp
+\fBrndc.conf\fR
+.SH "DESCRIPTION"
+.PP
+\fIrndc.conf\fR is the configuration file
+for \fBrndc\fR, the BIND 9 name server control
+utility. This file has a similar structure and syntax to
+\fInamed.conf\fR. Statements are enclosed
+in braces and terminated with a semi-colon. Clauses in
+the statements are also semi-colon terminated. The usual
+comment styles are supported:
+.PP
+C style: /* */
+.PP
+C++ style: // to end of line
+.PP
+Unix style: # to end of line
+.PP
+\fIrndc.conf\fR is much simpler than
+\fInamed.conf\fR. The file uses three
+statements: an options statement, a server statement
+and a key statement.
+.PP
+The \fBoptions\fR statement contains three clauses.
+The \fBdefault-server\fR clause is followed by the
+name or address of a name server. This host will be used when
+no name server is given as an argument to
+\fBrndc\fR. The \fBdefault-key\fR
+clause is followed by the name of a key which is identified by
+a \fBkey\fR statement. If no
+\fBkeyid\fR is provided on the rndc command line,
+and no \fBkey\fR clause is found in a matching
+\fBserver\fR statement, this default key will be
+used to authenticate the server's commands and responses. The
+\fBdefault-port\fR clause is followed by the port
+to connect to on the remote name server. If no
+\fBport\fR option is provided on the rndc command
+line, and no \fBport\fR clause is found in a
+matching \fBserver\fR statement, this default port
+will be used to connect.
+.PP
+After the \fBserver\fR keyword, the server statement
+includes a string which is the hostname or address for a name
+server. The statement has two possible clauses:
+\fBkey\fR and \fBport\fR. The key name must
+match the name of a key statement in the file. The port number
+specifies the port to connect to.
+.PP
+The \fBkey\fR statement begins with an identifying
+string, the name of the key. The statement has two clauses.
+\fBalgorithm\fR identifies the encryption algorithm
+for \fBrndc\fR to use; currently only HMAC-MD5 is
+supported. This is followed by a secret clause which contains
+the base-64 encoding of the algorithm's encryption key. The
+base-64 string is enclosed in double quotes.
+.PP
+There are two common ways to generate the base-64 string for the
+secret. The BIND 9 program \fBrndc-confgen\fR can
+be used to generate a random key, or the
+\fBmmencode\fR program, also known as
+\fBmimencode\fR, can be used to generate a base-64
+string from known input. \fBmmencode\fR does not
+ship with BIND 9 but is available on many systems. See the
+EXAMPLE section for sample command lines for each.
+.SH "EXAMPLE"
+.sp
+.nf
+ options {
+ default-server localhost;
+ default-key samplekey;
+ };
+
+ server localhost {
+ key samplekey;
+ };
+
+ key samplekey {
+ algorithm hmac-md5;
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+ };
+
+.sp
+.fi
+.PP
+In the above example, \fBrndc\fR will by default use
+the server at localhost (127.0.0.1) and the key called samplekey.
+Commands to the localhost server will use the samplekey key, which
+must also be defined in the server's configuration file with the
+same name and secret. The key statement indicates that samplekey
+uses the HMAC-MD5 algorithm and its secret clause contains the
+base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+.PP
+To generate a random secret with \fBrndc-confgen\fR:
+.PP
+\fBrndc-confgen\fR
+.PP
+A complete \fIrndc.conf\fR file, including the
+randomly generated key, will be written to the standard
+output. Commented out \fBkey\fR and
+\fBcontrols\fR statements for
+\fInamed.conf\fR are also printed.
+.PP
+To generate a base-64 secret with \fBmmencode\fR:
+.PP
+\fBecho "known plaintext for a secret" | mmencode\fR
+.SH "NAME SERVER CONFIGURATION"
+.PP
+The name server must be configured to accept rndc connections and
+to recognize the key specified in the \fIrndc.conf\fR
+file, using the controls statement in \fInamed.conf\fR.
+See the sections on the \fBcontrols\fR statement in the
+BIND 9 Administrator Reference Manual for details.
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc-confgen\fR(8),
+\fBmmencode\fR(1),
+\fIBIND 9 Administrator Reference Manual\fR.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
diff --git a/contrib/bind9/bin/rndc/rndc.conf.docbook b/contrib/bind9/bin/rndc/rndc.conf.docbook
new file mode 100644
index 000000000000..95f158b7602a
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.conf.docbook
@@ -0,0 +1,210 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.conf.docbook,v 1.4.206.2 2004/06/03 02:24:58 marka Exp $ -->
+
+<refentry>
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><filename>rndc.conf</filename></refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><filename>rndc.conf</filename></refname>
+ <refpurpose>rndc configuration file</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc.conf</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ <filename>rndc.conf</filename> is the configuration file
+ for <command>rndc</command>, the BIND 9 name server control
+ utility. This file has a similar structure and syntax to
+ <filename>named.conf</filename>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </para>
+ <para>
+ C style: /* */
+ </para>
+ <para>
+ C++ style: // to end of line
+ </para>
+ <para>
+ Unix style: # to end of line
+ </para>
+ <para>
+ <filename>rndc.conf</filename> is much simpler than
+ <filename>named.conf</filename>. The file uses three
+ statements: an options statement, a server statement
+ and a key statement.
+ </para>
+ <para>
+ The <option>options</option> statement contains three clauses.
+ The <option>default-server</option> clause is followed by the
+ name or address of a name server. This host will be used when
+ no name server is given as an argument to
+ <command>rndc</command>. The <option>default-key</option>
+ clause is followed by the name of a key which is identified by
+ a <option>key</option> statement. If no
+ <option>keyid</option> is provided on the rndc command line,
+ and no <option>key</option> clause is found in a matching
+ <option>server</option> statement, this default key will be
+ used to authenticate the server's commands and responses. The
+ <option>default-port</option> clause is followed by the port
+ to connect to on the remote name server. If no
+ <option>port</option> option is provided on the rndc command
+ line, and no <option>port</option> clause is found in a
+ matching <option>server</option> statement, this default port
+ will be used to connect.
+ </para>
+ <para>
+ After the <option>server</option> keyword, the server statement
+ includes a string which is the hostname or address for a name
+ server. The statement has two possible clauses:
+ <option>key</option> and <option>port</option>. The key name must
+ match the name of a key statement in the file. The port number
+ specifies the port to connect to.
+ </para>
+ <para>
+ The <option>key</option> statement begins with an identifying
+ string, the name of the key. The statement has two clauses.
+ <option>algorithm</option> identifies the encryption algorithm
+ for <command>rndc</command> to use; currently only HMAC-MD5 is
+ supported. This is followed by a secret clause which contains
+ the base-64 encoding of the algorithm's encryption key. The
+ base-64 string is enclosed in double quotes.
+ </para>
+ <para>
+ There are two common ways to generate the base-64 string for the
+ secret. The BIND 9 program <command>rndc-confgen</command> can
+ be used to generate a random key, or the
+ <command>mmencode</command> program, also known as
+ <command>mimencode</command>, can be used to generate a base-64
+ string from known input. <command>mmencode</command> does not
+ ship with BIND 9 but is available on many systems. See the
+ EXAMPLE section for sample command lines for each.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLE</title>
+
+ <programlisting>
+ options {
+ default-server localhost;
+ default-key samplekey;
+ };
+
+ server localhost {
+ key samplekey;
+ };
+
+ key samplekey {
+ algorithm hmac-md5;
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+ };
+ </programlisting>
+
+ <para>
+ In the above example, <command>rndc</command> will by default use
+ the server at localhost (127.0.0.1) and the key called samplekey.
+ Commands to the localhost server will use the samplekey key, which
+ must also be defined in the server's configuration file with the
+ same name and secret. The key statement indicates that samplekey
+ uses the HMAC-MD5 algorithm and its secret clause contains the
+ base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+ </para>
+ <para>
+ To generate a random secret with <command>rndc-confgen</command>:
+ </para>
+ <para>
+ <userinput>rndc-confgen</userinput>
+ </para>
+ <para>
+ A complete <filename>rndc.conf</filename> file, including the
+ randomly generated key, will be written to the standard
+ output. Commented out <option>key</option> and
+ <option>controls</option> statements for
+ <filename>named.conf</filename> are also printed.
+ </para>
+ <para>
+ To generate a base-64 secret with <command>mmencode</command>:
+ </para>
+ <para>
+ <userinput>echo "known plaintext for a secret" | mmencode</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>NAME SERVER CONFIGURATION</title>
+ <para>
+ The name server must be configured to accept rndc connections and
+ to recognize the key specified in the <filename>rndc.conf</filename>
+ file, using the controls statement in <filename>named.conf</filename>.
+ See the sections on the <option>controls</option> statement in the
+ BIND 9 Administrator Reference Manual for details.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>mmencode</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ <corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
+
diff --git a/contrib/bind9/bin/rndc/rndc.conf.html b/contrib/bind9/bin/rndc/rndc.conf.html
new file mode 100644
index 000000000000..ea087c8be60e
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.conf.html
@@ -0,0 +1,377 @@
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.conf.html,v 1.5.2.1.4.3 2004/08/22 23:39:00 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>rndc.conf</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="AEN1"
+></A
+><TT
+CLASS="FILENAME"
+>rndc.conf</TT
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN9"
+></A
+><H2
+>Name</H2
+><TT
+CLASS="FILENAME"
+>rndc.conf</TT
+>&nbsp;--&nbsp;rndc configuration file</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN13"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>rndc.conf</B
+> </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN16"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+> <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> is the configuration file
+ for <B
+CLASS="COMMAND"
+>rndc</B
+>, the BIND 9 name server control
+ utility. This file has a similar structure and syntax to
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </P
+><P
+> C style: /* */
+ </P
+><P
+> C++ style: // to end of line
+ </P
+><P
+> Unix style: # to end of line
+ </P
+><P
+> <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> is much simpler than
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+>. The file uses three
+ statements: an options statement, a server statement
+ and a key statement.
+ </P
+><P
+> The <VAR
+CLASS="OPTION"
+>options</VAR
+> statement contains three clauses.
+ The <VAR
+CLASS="OPTION"
+>default-server</VAR
+> clause is followed by the
+ name or address of a name server. This host will be used when
+ no name server is given as an argument to
+ <B
+CLASS="COMMAND"
+>rndc</B
+>. The <VAR
+CLASS="OPTION"
+>default-key</VAR
+>
+ clause is followed by the name of a key which is identified by
+ a <VAR
+CLASS="OPTION"
+>key</VAR
+> statement. If no
+ <VAR
+CLASS="OPTION"
+>keyid</VAR
+> is provided on the rndc command line,
+ and no <VAR
+CLASS="OPTION"
+>key</VAR
+> clause is found in a matching
+ <VAR
+CLASS="OPTION"
+>server</VAR
+> statement, this default key will be
+ used to authenticate the server's commands and responses. The
+ <VAR
+CLASS="OPTION"
+>default-port</VAR
+> clause is followed by the port
+ to connect to on the remote name server. If no
+ <VAR
+CLASS="OPTION"
+>port</VAR
+> option is provided on the rndc command
+ line, and no <VAR
+CLASS="OPTION"
+>port</VAR
+> clause is found in a
+ matching <VAR
+CLASS="OPTION"
+>server</VAR
+> statement, this default port
+ will be used to connect.
+ </P
+><P
+> After the <VAR
+CLASS="OPTION"
+>server</VAR
+> keyword, the server statement
+ includes a string which is the hostname or address for a name
+ server. The statement has two possible clauses:
+ <VAR
+CLASS="OPTION"
+>key</VAR
+> and <VAR
+CLASS="OPTION"
+>port</VAR
+>. The key name must
+ match the name of a key statement in the file. The port number
+ specifies the port to connect to.
+ </P
+><P
+> The <VAR
+CLASS="OPTION"
+>key</VAR
+> statement begins with an identifying
+ string, the name of the key. The statement has two clauses.
+ <VAR
+CLASS="OPTION"
+>algorithm</VAR
+> identifies the encryption algorithm
+ for <B
+CLASS="COMMAND"
+>rndc</B
+> to use; currently only HMAC-MD5 is
+ supported. This is followed by a secret clause which contains
+ the base-64 encoding of the algorithm's encryption key. The
+ base-64 string is enclosed in double quotes.
+ </P
+><P
+> There are two common ways to generate the base-64 string for the
+ secret. The BIND 9 program <B
+CLASS="COMMAND"
+>rndc-confgen</B
+> can
+ be used to generate a random key, or the
+ <B
+CLASS="COMMAND"
+>mmencode</B
+> program, also known as
+ <B
+CLASS="COMMAND"
+>mimencode</B
+>, can be used to generate a base-64
+ string from known input. <B
+CLASS="COMMAND"
+>mmencode</B
+> does not
+ ship with BIND 9 but is available on many systems. See the
+ EXAMPLE section for sample command lines for each.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN54"
+></A
+><H2
+>EXAMPLE</H2
+><PRE
+CLASS="PROGRAMLISTING"
+> options {
+ default-server localhost;
+ default-key samplekey;
+ };
+
+ server localhost {
+ key samplekey;
+ };
+
+ key samplekey {
+ algorithm hmac-md5;
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+ };
+ </PRE
+><P
+> In the above example, <B
+CLASS="COMMAND"
+>rndc</B
+> will by default use
+ the server at localhost (127.0.0.1) and the key called samplekey.
+ Commands to the localhost server will use the samplekey key, which
+ must also be defined in the server's configuration file with the
+ same name and secret. The key statement indicates that samplekey
+ uses the HMAC-MD5 algorithm and its secret clause contains the
+ base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+ </P
+><P
+> To generate a random secret with <B
+CLASS="COMMAND"
+>rndc-confgen</B
+>:
+ </P
+><P
+> <KBD
+CLASS="USERINPUT"
+>rndc-confgen</KBD
+>
+ </P
+><P
+> A complete <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+> file, including the
+ randomly generated key, will be written to the standard
+ output. Commented out <VAR
+CLASS="OPTION"
+>key</VAR
+> and
+ <VAR
+CLASS="OPTION"
+>controls</VAR
+> statements for
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+> are also printed.
+ </P
+><P
+> To generate a base-64 secret with <B
+CLASS="COMMAND"
+>mmencode</B
+>:
+ </P
+><P
+> <KBD
+CLASS="USERINPUT"
+>echo "known plaintext for a secret" | mmencode</KBD
+>
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN72"
+></A
+><H2
+>NAME SERVER CONFIGURATION</H2
+><P
+> The name server must be configured to accept rndc connections and
+ to recognize the key specified in the <TT
+CLASS="FILENAME"
+>rndc.conf</TT
+>
+ file, using the controls statement in <TT
+CLASS="FILENAME"
+>named.conf</TT
+>.
+ See the sections on the <VAR
+CLASS="OPTION"
+>controls</VAR
+> statement in the
+ BIND 9 Administrator Reference Manual for details.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN78"
+></A
+><H2
+>SEE ALSO</H2
+><P
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rndc</SPAN
+>(8)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rndc-confgen</SPAN
+>(8)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>mmencode</SPAN
+>(1)</SPAN
+>,
+ <I
+CLASS="CITETITLE"
+>BIND 9 Administrator Reference Manual</I
+>.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN91"
+></A
+><H2
+>AUTHOR</H2
+><P
+> Internet Systems Consortium
+ </P
+></DIV
+></BODY
+></HTML
+>
diff --git a/contrib/bind9/bin/rndc/rndc.docbook b/contrib/bind9/bin/rndc/rndc.docbook
new file mode 100644
index 000000000000..d4529ccfa6e2
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.docbook
@@ -0,0 +1,228 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.docbook,v 1.7.206.2 2004/06/03 02:24:58 marka Exp $ -->
+
+<refentry>
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>rndc</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>rndc</application></refname>
+ <refpurpose>name server control utility</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc</command>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-V</option></arg>
+ <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
+ <arg choice="req">command</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ <command>rndc</command> controls the operation of a name
+ server. It supersedes the <command>ndc</command> utility
+ that was provided in old BIND releases. If
+ <command>rndc</command> is invoked with no command line
+ options or arguments, it prints a short summary of the
+ supported commands and the available options and their
+ arguments.
+ </para>
+ <para>
+ <command>rndc</command> communicates with the name server
+ over a TCP connection, sending commands authenticated with
+ digital signatures. In the current versions of
+ <command>rndc</command> and <command>named</command> named
+ the only supported authentication algorithm is HMAC-MD5,
+ which uses a shared secret on each end of the connection.
+ This provides TSIG-style authentication for the command
+ request and the name server's response. All commands sent
+ over the channel must be signed by a key_id known to the
+ server.
+ </para>
+ <para>
+ <command>rndc</command> reads a configuration file to
+ determine how to contact the name server and decide what
+ algorithm and key it should use.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable>
+ as the configuration file instead of the default,
+ <filename>/etc/rndc.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">key-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">key-file</replaceable>
+ as the key file instead of the default,
+ <filename>/etc/rndc.key</filename>. The key in
+ <filename>/etc/rndc.key</filename> will be used to authenticate
+ commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
+ does not exist.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">server</replaceable></term>
+ <listitem>
+ <para>
+ <replaceable class="parameter">server</replaceable> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <command>rndc</command>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the option statement of the configuration file will be
+ used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Send commands to TCP port
+ <replaceable class="parameter">port</replaceable> instead
+ of BIND 9's default control channel port, 953.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-V</term>
+ <listitem>
+ <para>
+ Enable verbose logging.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-y <replaceable class="parameter">keyid</replaceable></term>
+ <listitem>
+ <para>
+ Use the key <replaceable class="parameter">keyid</replaceable>
+ from the configuration file.
+ <replaceable class="parameter">keyid</replaceable> must be
+ known by named with the same algorithm and secret string
+ in order for control message validation to succeed.
+ If no <replaceable class="parameter">keyid</replaceable>
+ is specified, <command>rndc</command> will first look
+ for a key clause in the server statement of the server
+ being used, or if no server statement is present for that
+ host, then the default-key clause of the options statement.
+ Note that the configuration file contains shared secrets
+ which are used to send authenticated control commands
+ to name servers. It should therefore not have general read
+ or write access.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ <para>
+ For the complete set of commands supported by <command>rndc</command>,
+ see the BIND 9 Administrator Reference Manual or run
+ <command>rndc</command> without arguments to see its help message.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>LIMITATIONS</title>
+ <para>
+ <command>rndc</command> does not yet support all the commands of
+ the BIND 8 <command>ndc</command> utility.
+ </para>
+ <para>
+ There is currently no way to provide the shared secret for a
+ <option>key_id</option> without using the configuration file.
+ </para>
+ <para>
+ Several error messages could be clearer.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>rndc.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>ndc</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ <corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
+
diff --git a/contrib/bind9/bin/rndc/rndc.html b/contrib/bind9/bin/rndc/rndc.html
new file mode 100644
index 000000000000..56f1aa1dba15
--- /dev/null
+++ b/contrib/bind9/bin/rndc/rndc.html
@@ -0,0 +1,388 @@
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.html,v 1.7.2.1.4.3 2004/08/22 23:39:00 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>rndc</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="AEN1"
+></A
+><SPAN
+CLASS="APPLICATION"
+>rndc</SPAN
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN9"
+></A
+><H2
+>Name</H2
+><SPAN
+CLASS="APPLICATION"
+>rndc</SPAN
+>&nbsp;--&nbsp;name server control utility</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN13"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>rndc</B
+> [<VAR
+CLASS="OPTION"
+>-c <VAR
+CLASS="REPLACEABLE"
+>config-file</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-k <VAR
+CLASS="REPLACEABLE"
+>key-file</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-s <VAR
+CLASS="REPLACEABLE"
+>server</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-p <VAR
+CLASS="REPLACEABLE"
+>port</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-V</VAR
+>] [<VAR
+CLASS="OPTION"
+>-y <VAR
+CLASS="REPLACEABLE"
+>key_id</VAR
+></VAR
+>] {command}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN34"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+> <B
+CLASS="COMMAND"
+>rndc</B
+> controls the operation of a name
+ server. It supersedes the <B
+CLASS="COMMAND"
+>ndc</B
+> utility
+ that was provided in old BIND releases. If
+ <B
+CLASS="COMMAND"
+>rndc</B
+> is invoked with no command line
+ options or arguments, it prints a short summary of the
+ supported commands and the available options and their
+ arguments.
+ </P
+><P
+> <B
+CLASS="COMMAND"
+>rndc</B
+> communicates with the name server
+ over a TCP connection, sending commands authenticated with
+ digital signatures. In the current versions of
+ <B
+CLASS="COMMAND"
+>rndc</B
+> and <B
+CLASS="COMMAND"
+>named</B
+> named
+ the only supported authentication algorithm is HMAC-MD5,
+ which uses a shared secret on each end of the connection.
+ This provides TSIG-style authentication for the command
+ request and the name server's response. All commands sent
+ over the channel must be signed by a key_id known to the
+ server.
+ </P
+><P
+> <B
+CLASS="COMMAND"
+>rndc</B
+> reads a configuration file to
+ determine how to contact the name server and decide what
+ algorithm and key it should use.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN46"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-c <VAR
+CLASS="REPLACEABLE"
+>config-file</VAR
+></DT
+><DD
+><P
+> Use <VAR
+CLASS="REPLACEABLE"
+>config-file</VAR
+>
+ as the configuration file instead of the default,
+ <TT
+CLASS="FILENAME"
+>/etc/rndc.conf</TT
+>.
+ </P
+></DD
+><DT
+>-k <VAR
+CLASS="REPLACEABLE"
+>key-file</VAR
+></DT
+><DD
+><P
+> Use <VAR
+CLASS="REPLACEABLE"
+>key-file</VAR
+>
+ as the key file instead of the default,
+ <TT
+CLASS="FILENAME"
+>/etc/rndc.key</TT
+>. The key in
+ <TT
+CLASS="FILENAME"
+>/etc/rndc.key</TT
+> will be used to authenticate
+ commands sent to the server if the <VAR
+CLASS="REPLACEABLE"
+>config-file</VAR
+>
+ does not exist.
+ </P
+></DD
+><DT
+>-s <VAR
+CLASS="REPLACEABLE"
+>server</VAR
+></DT
+><DD
+><P
+> <VAR
+CLASS="REPLACEABLE"
+>server</VAR
+> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <B
+CLASS="COMMAND"
+>rndc</B
+>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the option statement of the configuration file will be
+ used.
+ </P
+></DD
+><DT
+>-p <VAR
+CLASS="REPLACEABLE"
+>port</VAR
+></DT
+><DD
+><P
+> Send commands to TCP port
+ <VAR
+CLASS="REPLACEABLE"
+>port</VAR
+> instead
+ of BIND 9's default control channel port, 953.
+ </P
+></DD
+><DT
+>-V</DT
+><DD
+><P
+> Enable verbose logging.
+ </P
+></DD
+><DT
+>-y <VAR
+CLASS="REPLACEABLE"
+>keyid</VAR
+></DT
+><DD
+><P
+> Use the key <VAR
+CLASS="REPLACEABLE"
+>keyid</VAR
+>
+ from the configuration file.
+ <VAR
+CLASS="REPLACEABLE"
+>keyid</VAR
+> must be
+ known by named with the same algorithm and secret string
+ in order for control message validation to succeed.
+ If no <VAR
+CLASS="REPLACEABLE"
+>keyid</VAR
+>
+ is specified, <B
+CLASS="COMMAND"
+>rndc</B
+> will first look
+ for a key clause in the server statement of the server
+ being used, or if no server statement is present for that
+ host, then the default-key clause of the options statement.
+ Note that the configuration file contains shared secrets
+ which are used to send authenticated control commands
+ to name servers. It should therefore not have general read
+ or write access.
+ </P
+></DD
+></DL
+></DIV
+><P
+> For the complete set of commands supported by <B
+CLASS="COMMAND"
+>rndc</B
+>,
+ see the BIND 9 Administrator Reference Manual or run
+ <B
+CLASS="COMMAND"
+>rndc</B
+> without arguments to see its help message.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN94"
+></A
+><H2
+>LIMITATIONS</H2
+><P
+> <B
+CLASS="COMMAND"
+>rndc</B
+> does not yet support all the commands of
+ the BIND 8 <B
+CLASS="COMMAND"
+>ndc</B
+> utility.
+ </P
+><P
+> There is currently no way to provide the shared secret for a
+ <VAR
+CLASS="OPTION"
+>key_id</VAR
+> without using the configuration file.
+ </P
+><P
+> Several error messages could be clearer.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN102"
+></A
+><H2
+>SEE ALSO</H2
+><P
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rndc.conf</SPAN
+>(5)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>named</SPAN
+>(8)</SPAN
+>,
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>named.conf</SPAN
+>(5)</SPAN
+>
+ <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>ndc</SPAN
+>(8)</SPAN
+>,
+ <I
+CLASS="CITETITLE"
+>BIND 9 Administrator Reference Manual</I
+>.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN118"
+></A
+><H2
+>AUTHOR</H2
+><P
+> Internet Systems Consortium
+ </P
+></DIV
+></BODY
+></HTML
+>
diff --git a/contrib/bind9/bin/rndc/unix/Makefile.in b/contrib/bind9/bin/rndc/unix/Makefile.in
new file mode 100644
index 000000000000..0409a188838f
--- /dev/null
+++ b/contrib/bind9/bin/rndc/unix/Makefile.in
@@ -0,0 +1,36 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.1.12.3 2004/03/08 04:04:24 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
+ ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS = os.@O@
+
+SRCS = os.c
+
+TARGETS = ${OBJS}
+
+@BIND9_MAKE_RULES@
diff --git a/contrib/bind9/bin/rndc/unix/os.c b/contrib/bind9/bin/rndc/unix/os.c
new file mode 100644
index 000000000000..1adfdee9f15e
--- /dev/null
+++ b/contrib/bind9/bin/rndc/unix/os.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.5.206.1 2004/03/06 10:21:33 marka Exp $ */
+
+#include <config.h>
+
+#include <rndc/os.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+int
+set_user(FILE *fd, const char *user) {
+ struct passwd *pw;
+
+ pw = getpwnam(user);
+ if (pw == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ return (fchown(fileno(fd), pw->pw_uid, -1));
+}
+
+FILE *
+safe_create(const char *filename) {
+ int fd;
+ FILE *f;
+ struct stat sb;
+ int flags = O_WRONLY;
+
+ if (stat(filename, &sb) == -1) {
+ if (errno != ENOENT)
+ return (NULL);
+ flags = O_WRONLY | O_CREAT | O_EXCL;
+ } else if ((sb.st_mode & S_IFREG) == 0) {
+ errno = EOPNOTSUPP;
+ return (NULL);
+ } else
+ flags = O_WRONLY | O_TRUNC;
+
+ fd = open(filename, flags, S_IRUSR | S_IWUSR);
+ if (fd == -1)
+ return (NULL);
+ f = fdopen(fd, "w");
+ if (f == NULL)
+ close(fd);
+ return (f);
+}
diff --git a/contrib/bind9/bin/rndc/util.c b/contrib/bind9/bin/rndc/util.c
new file mode 100644
index 000000000000..249cbe2ab1c1
--- /dev/null
+++ b/contrib/bind9/bin/rndc/util.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.c,v 1.2.206.1 2004/03/06 10:21:32 marka Exp $ */
+
+#include <config.h>
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/boolean.h>
+
+#include "util.h"
+
+extern isc_boolean_t verbose;
+extern const char *progname;
+
+void
+notify(const char *fmt, ...) {
+ va_list ap;
+
+ if (verbose) {
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fputs("\n", stderr);
+ }
+}
+
+void
+fatal(const char *format, ...) {
+ va_list args;
+
+ fprintf(stderr, "%s: ", progname);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ exit(1);
+}
diff --git a/contrib/bind9/bin/rndc/util.h b/contrib/bind9/bin/rndc/util.h
new file mode 100644
index 000000000000..3c19cd447575
--- /dev/null
+++ b/contrib/bind9/bin/rndc/util.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.h,v 1.5.206.1 2004/03/06 10:21:32 marka Exp $ */
+
+#ifndef RNDC_UTIL_H
+#define RNDC_UTIL_H 1
+
+#include <isc/lang.h>
+
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT 953
+
+#undef DO
+#define DO(name, function) \
+ do { \
+ result = function; \
+ if (result != ISC_R_SUCCESS) \
+ fatal("%s: %s", name, isc_result_totext(result)); \
+ else \
+ notify("%s", name); \
+ } while (0)
+
+ISC_LANG_BEGINDECLS
+
+void
+notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+ISC_LANG_ENDDECLS
+
+#endif /* RNDC_UTIL_H */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 01:05:11 +0000