upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-22 23:01:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

regen master

Browse source
This commit is contained in:
Tinderbox User 2017-10-26 01:09:30 +00:00
parent 3056d6f532
commit d3e8e9bdbb
8 changed files with 436 additions and 477 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
configure vendored
View file

@ -940,7 +940,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -1103,7 +1102,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1356,15 +1354,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1502,7 +1491,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1655,7 +1644,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]

11
doc/arm/Bv9ARM.ch06.html
View file

@ -2395,6 +2395,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[ <span class="command"><strong>maintain-ixfr-base</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
[ <span class="command"><strong>ixfr-from-differences</strong></span> ( <em class="replaceable"><code>yes_or_no</code></em> | <code class="option">master</code> | <code class="option">slave</code> ) ; ]
[ <span class="command"><strong>auto-dnssec</strong></span> ( <code class="option">allow</code> | <code class="option">maintain</code> | <code class="option">off</code> ) ; ]
[ <span class="command"><strong>inline-signing</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
[ <span class="command"><strong>dnssec-enable</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
[ <span class="command"><strong>dnssec-validation</strong></span> ( <em class="replaceable"><code>yes_or_no</code></em> | <code class="option">auto</code> ) ; ]
[ <span class="command"><strong>dnssec-lookaside</strong></span> ( <code class="option">auto</code> | <code class="option">no</code> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> ) ; ]
@ -2634,6 +2635,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
...
<span class="command"><strong>}</strong></span> ; ]
[ <span class="command"><strong>v6-bias</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>trust-anchor-telemetry</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
<span class="command"><strong>}</strong></span> ; ]
</pre>
@ -3046,7 +3048,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
Specifies the directory in which to store the configuration
parameters for zones added via <span class="command"><strong>rndc addzone</strong></span>.
By default, this is the working directory. If set to a relative
path, it will be relative to the working directory.
path, it will be relative to the working directory. The
directory <span class="emphasis"><em>must</em></span> be writable by the
effective user ID of the <span class="command"><strong>named</strong></span> process.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>named-xfer</strong></span></span></dt>
@ -4558,10 +4562,7 @@ options {
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
<dd>
<p>
This option is only available when
<acronym class="acronym">BIND</acronym> 9 is compiled with the
<strong class="userinput"><code>--enable-filter-aaaa</code></strong> option on the
"configure" command line. It is intended to help the
This option is intended to help the
transition from IPv4 to IPv6 by not giving IPv6 addresses
to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely

7
doc/arm/Bv9ARM.ch09.html
View file

@ -747,6 +747,13 @@
catagory.
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>filter-aaaa-on-v4</strong></span> and
<span class="command"><strong>filter-aaaa-on-v6</strong></span> options are no longer
conditionally compiled in <span class="command"><strong>named</strong></span>. [RT #46340]
</p>
</li>
</ul></div>
</div>

848
doc/arm/Bv9ARM.ch12.html
View file

@ -38,121 +38,97 @@
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.4">Prerequisite</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Compilation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Installation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">Known Defects/Restrictions</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">The dns.conf File</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Sample Applications</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.10">Library References</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Installation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Known Defects/Restrictions</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">The dns.conf File</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">Sample Applications</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
<p>This version of BIND 9 "exports" its internal libraries so
that they can be used by third-party applications more easily (we
call them "export" libraries in this document). In addition to
all major DNS-related APIs BIND 9 is currently using, the export
libraries provide the following features:</p>
<p>
This version of BIND 9 "exports" its internal libraries so
that they can be used by third-party applications more easily (we
call them "export" libraries in this document). Certain library
functions are altered from specific BIND-only behavior to more generic
behavior when used by other applications; to enable this generic behavior,
the calling program initializes the libraries by calling
<span class="command"><strong>isc_lib_register()</strong></span>.
</p>
<p>
In addition to DNS-related APIs that are used within BIND 9, the
libraries provide the following features:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>The newly created "DNS client" module. This is a higher
level API that provides an interface to name resolution,
single DNS transaction with a particular server, and dynamic
update. Regarding name resolution, it supports advanced
features such as DNSSEC validation and caching. This module
supports both synchronous and asynchronous mode.</p>
<p>
The "DNS client" module. This is a higher level API that
provides an interface to name resolution, single DNS transaction
with a particular server, and dynamic update. Regarding name
resolution, it supports advanced features such as DNSSEC validation
and caching. This module supports both synchronous and asynchronous
mode.
</p>
</li>
<li class="listitem">
<p>The new "IRS" (Information Retrieval System) library.
It provides an interface to parse the traditional resolv.conf
file and more advanced, DNS-specific configuration file for
the rest of this package (see the description for the
dns.conf file below).</p>
<p>
The "IRS" (Information Retrieval System) library. It provides an
interface to parse the traditional <code class="filename">resolv.conf</code>
file and more advanced, DNS-specific configuration file for the
rest of this package (see the description for the
<code class="filename">dns.conf</code> file below).
</p>
</li>
<li class="listitem">
<p>As part of the IRS library, newly implemented standard
address-name mapping functions, getaddrinfo() and
getnameinfo(), are provided. They use the DNSSEC-aware
validating resolver backend, and could use other advanced
features of the BIND 9 libraries such as caching. The
getaddrinfo() function resolves both A and AAAA RRs
concurrently (when the address family is unspecified).</p>
<p>
As part of the IRS library, the standard address-name
mapping functions, <span class="command"><strong>getaddrinfo()</strong></span> and
<span class="command"><strong>getnameinfo()</strong></span>, are provided. They use the
DNSSEC-aware validating resolver backend, and could use other
advanced features of the BIND 9 libraries such as caching. The
<span class="command"><strong>getaddrinfo()</strong></span> function resolves both A
and AAAA RRs concurrently when the address family is
unspecified.
</p>
</li>
<li class="listitem">
<p>An experimental framework to support other event
libraries than BIND 9's internal event task system.</p>
<p>
An experimental framework to support other event
libraries than BIND 9's internal event task system.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.4"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
in some platforms you may need to invoke a different command name
than "make" (e.g. "gmake") to indicate it's GNU make.</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.5"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
This will create (in addition to usual BIND 9 programs) and a
separate set of libraries under the lib/export directory. For
example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the
export version of the BIND 9 DNS library. Sample application
programs using the libraries will also be built under the
lib/export/samples directory (see below).</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.6"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
<a name="id-1.13.2.5"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>make install</code></strong>
</pre>
<p>
This will install library object files under the directory
specified by the --with-export-libdir configure option (default:
EPREFIX/lib/bind9), and header files under the directory
specified by the --with-export-includedir configure option
(default: PREFIX/include/bind9).
Root privilege is normally required.
"<span class="command"><strong>make install</strong></span>" at the top directory will do the
same.
</p>
<p>
To see how to build your own
application after the installation, see
<code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
</pre>
<p>
Normal installation of BIND will also install library object
and header files. Root privilege is normally required.
</p>
<p>
To see how to build your own application after the installation, see
<code class="filename">lib/samples/Makefile-postinstall.in</code>.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.7"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<a name="id-1.13.2.6"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
before).</p>
</li>
<li class="listitem">
<p>The "fixed" RRset order is not (currently) supported in
the export library. If you want to use "fixed" RRset order
for, e.g. <span class="command"><strong>named</strong></span> while still building the
export library even without the fixed order support, build
them separately:
<p>
The "fixed" RRset order is not (currently) supported in the export
library. If you want to use "fixed" RRset order for, e.g.
<span class="command"><strong>named</strong></span> while still building the export library
even without the fixed order support, build them separately:
</p>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
@ -162,399 +138,381 @@ $ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
</p>
</li>
</p>
</li>
<li class="listitem">
<p>The client module and the IRS library currently do not
support DNSSEC validation using DLV (the underlying modules
can handle it, but there is no tunable interface to enable
the feature).</p>
</li>
<p>
RFC 5011 is not supported in the validating stub resolver of the
export library. In fact, it is not clear whether it should: trust
anchors would be a system-wide configuration which would be managed
by an administrator, while the stub resolver will be used by
ordinary applications run by a normal user.
</p>
</li>
<li class="listitem">
<p>RFC 5011 is not supported in the validating stub
resolver of the export library. In fact, it is not clear
whether it should: trust anchors would be a system-wide
configuration which would be managed by an administrator,
while the stub resolver will be used by ordinary applications
run by a normal user.</p>
</li>
<li class="listitem">
<p>Not all common <code class="filename">/etc/resolv.conf</code>
options are supported
in the IRS library. The only available options in this
version are "debug" and "ndots".</p>
</li>
<p>
Not all common <code class="filename">/etc/resolv.conf</code> options are
supported in the IRS library. The only available options in this
version are <span class="command"><strong>debug</strong></span> and <span class="command"><strong>ndots</strong></span>.
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.8"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
<code class="filename">resolv.conf</code> file.
Specifically, it is intended to provide DNSSEC related
configuration parameters. By default the path to this
configuration file is <code class="filename">/etc/dns.conf</code>.
This module is very
experimental and the configuration syntax or library interfaces
may change in future versions. Currently, only the
<span class="command"><strong>trusted-keys</strong></span>
statement is supported, whose syntax is the same as the same name
of statement for <code class="filename">named.conf</code>. (See
<a class="xref" href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span class="command"><strong>trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
<a name="id-1.13.2.7"></a>The dns.conf File</h3></div></div></div>
<p>
The IRS library supports an "advanced" configuration file related to
the DNS library for configuration parameters that would be beyond the
capability of the <code class="filename">resolv.conf</code> file.
Specifically, it is intended to provide DNSSEC related configuration
parameters. By default the path to this configuration file is
<code class="filename">/etc/dns.conf</code>. This module is very experimental
and the configuration syntax or library interfaces may change in
future versions. Currently, only the <span class="command"><strong>trusted-keys</strong></span>
statement is supported, whose syntax is the same as the same
statement in <code class="filename">named.conf</code>. (See
<a class="xref" href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span class="command"><strong>trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.9"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="section">
<a name="id-1.13.2.8"></a>Sample Applications</h3></div></div></div>
<p>
Some sample application programs using this API are provided for
reference. The following is a brief description of these
applications.
</p>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.3"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
RRs. It can also act as a validating stub resolver if a trust
anchor is given via a set of command line options.</p>
<p>
Usage: sample [options] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-t RRtype
</span></dt>
<dd><p>
specify the RR type of the query. The default is the A RR.
</p></dd>
<dt><span class="term">
[-a algorithm] [-e] -k keyname -K keystring
</span></dt>
<a name="id-1.13.2.8.3"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
Sends a query of a given name (of a given optional RR type) to a
specified recursive server and prints the result as a list of RRs.
It can also act as a validating stub resolver if a trust anchor is
given via a set of command line options.
</p>
<p>
Usage: sample [options] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-t RRtype</span></dt>
<dd>
<p>
specify a command-line DNS key to validate the answer. For
example, to specify the following DNSKEY of example.com:
</p>
<p>
specify the RR type of the query. The default is the A RR.
</p>
</dd>
<dt><span class="term">[-a algorithm] [-e] -k keyname -K keystring</span></dt>
<dd>
<p>
specify a command-line DNS key to validate the answer. For
example, to specify the following DNSKEY of example.com:
</p>
<div class="literallayout"><p><br>
example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
</p></div>
              example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
      </p></div>
<p>
specify the options as follows:
</p>
specify the options as follows:
</p>
<pre class="screen">
<strong class="userinput"><code>
-e -k example.com -K "xxx"
</code></strong>
</pre>
<strong class="userinput"><code>-e -k example.com -K "xxx"</code></strong>
</pre>
<p>
-e means that this key is a zone's "key signing key" (as known
as "secure Entry point").
When -a is omitted rsasha1 will be used by default.
</p>
</dd>
<dt><span class="term">
-s domain:alt_server_address
</span></dt>
<dd><p>
specify a separate recursive server address for the specific
"domain". Example: -s example.com:2001:db8::1234
</p></dd>
-e means that this key is a zone's "key signing key" (also known
as "secure entry point").
When -a is omitted rsasha1 will be used by default.
</p>
</dd>
<dt><span class="term">-s domain:alt_server_address</span></dt>
<dd>
<p>
specify a separate recursive server address for the specific
"domain". Example: -s example.com:2001:db8::1234
</p>
</dd>
<dt><span class="term">server_address</span></dt>
<dd><p>
an IP(v4/v6) address of the recursive server to which queries
are sent.
</p></dd>
<dd>
<p>
an IP(v4/v6) address of the recursive server to which queries
are sent.
</p>
</dd>
<dt><span class="term">hostname</span></dt>
<dd><p>
the domain name for the query
</p></dd>
<dd>
<p>
the domain name for the query
</p>
</dd>
</dl></div>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.4"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
asynchronously.</p>
<p>
Usage: sample-async [-s server_address] [-t RR_type] input_file</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-s server_address
</span></dt>
<a name="id-1.13.2.8.4"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
asynchronously.</p>
<p>
Usage: sample-async [-s server_address] [-t RR_type] input_file</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-s server_address</span></dt>
<dd>
an IPv4 address of the recursive server to which queries are sent.
(IPv6 addresses are not supported in this implementation)
</dd>
<dt><span class="term">
-t RR_type
</span></dt>
an IPv4 address of the recursive server to which queries are sent.
(IPv6 addresses are not supported in this implementation)
</dd>
<dt><span class="term">-t RR_type</span></dt>
<dd>
specify the RR type of the queries. The default is the A
RR.
</dd>
<dt><span class="term">
input_file
</span></dt>
specify the RR type of the queries. The default is the A
RR.
</dd>
<dt><span class="term">input_file</span></dt>
<dd>
a list of domain names to be resolved. each line
consists of a single domain name. Example:
<div class="literallayout"><p><br>
  www.example.com<br>
  mx.example.net<br>
  ns.xxx.example<br>
</p></div>
</dd>
a list of domain names to be resolved. each line consists of a
single domain name. Example:
<div class="literallayout"><p><br>
      www.example.com<br>
      mx.example.net<br>
      ns.xxx.example<br>
      </p></div>
</dd>
</dl></div>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.5"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
"stub resolver": it stops the processing once it gets any
response from the server, whether it's a referral or an alias
(CNAME or DNAME) that would require further queries to get the
ultimate answer. In other words, this utility acts as a very
simplified <span class="command"><strong>dig</strong></span>.
</p>
<p>
Usage: sample-request [-t RRtype] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-t RRtype
</span></dt>
<a name="id-1.13.2.8.5"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
Sends a query to a specified server, and prints the response with
minimal processing. It doesn't act as a "stub resolver": it stops
the processing once it gets any response from the server, whether
it's a referral or an alias (CNAME or DNAME) that would require
further queries to get the ultimate answer. In other words, this
utility acts as a very simplified <span class="command"><strong>dig</strong></span>.
</p>
<p>
Usage: sample-request [-t RRtype] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-t RRtype</span></dt>
<dd>
<p>
specify the RR type of
the queries. The default is the A RR.
</p>
</dd>
<dt><span class="term">
server_address
</span></dt>
<p>
specify the RR type of the queries. The default is the A RR.
</p>
</dd>
<dt><span class="term">server_address</span></dt>
<dd>
<p>
an IP(v4/v6)
address of the recursive server to which the query is sent.
</p>
</dd>
<dt><span class="term">
hostname
</span></dt>
<p>
an IP(v4/v6) address of the recursive server to which
the query is sent.
</p>
</dd>
<dt><span class="term">hostname</span></dt>
<dd>
<p>
the domain name for the query
</p>
</dd>
<p>
the domain name for the query
</p>
</dd>
</dl></div>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.6"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
host name as an argument, calls getaddrinfo() with the given host
name, and calls getnameinfo() with the resulting IP addresses
returned by getaddrinfo(). If the dns.conf file exists and
defines a trust anchor, the underlying resolver will act as a
validating resolver, and getaddrinfo()/getnameinfo() will fail
with an EAI_INSECUREDATA error when DNSSEC validation fails.
</p>
<p>
Usage: sample-gai hostname
</p>
</div>
<div class="section">
<a name="id-1.13.2.8.6"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program to check <span class="command"><strong>getaddrinfo()</strong></span> and
<span class="command"><strong>getnameinfo()</strong></span> behavior. It takes a host name as an
argument, calls <span class="command"><strong>getaddrinfo()</strong></span> with the given host
name, and calls <span class="command"><strong>getnameinfo()</strong></span> with the resulting
IP addresses returned by <span class="command"><strong>getaddrinfo()</strong></span>. If the
dns.conf file exists and defines a trust anchor, the underlying
resolver will act as a validating resolver, and
<span class="command"><strong>getaddrinfo()</strong></span>/<span class="command"><strong>getnameinfo()</strong></span>
will fail with an EAI_INSECUREDATA error when DNSSEC validation
fails.
</p>
<p>
Usage: sample-gai hostname
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.7"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
authoritative server, and shows the response from the server. In
other words, this is a simplified <span class="command"><strong>nsupdate</strong></span>.
</p>
<p>
Usage: sample-update [options] (add|delete) "update data"
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-a auth_server
</span></dt>
<dd><p>
An IP address of the authoritative server that has authority
for the zone containing the update name. This should normally
be the primary authoritative server that accepts dynamic
updates. It can also be a secondary server that is configured
to forward update requests to the primary server.
</p></dd>
<dt><span class="term">
-k keyfile
</span></dt>
<dd><p>
A TSIG key file to secure the update transaction. The keyfile
format is the same as that for the nsupdate utility.
</p></dd>
<dt><span class="term">
-p prerequisite
</span></dt>
<dd><p>
A prerequisite for the update (only one prerequisite can be
specified). The prerequisite format is the same as that is
accepted by the nsupdate utility.
</p></dd>
<dt><span class="term">
-r recursive_server
</span></dt>
<dd><p>
An IP address of a recursive server that this utility will
use. A recursive server may be necessary to identify the
authoritative server address to which the update request is
sent.
</p></dd>
<dt><span class="term">
-z zonename
</span></dt>
<dd><p>
The domain name of the zone that contains
</p></dd>
<dt><span class="term">
(add|delete)
</span></dt>
<dd><p>
Specify the type of update operation. Either "add" or "delete"
must be specified.
</p></dd>
<dt><span class="term">
"update data"
</span></dt>
<dd><p>
Specify the data to be updated. A typical example of the data
would look like "name TTL RRtype RDATA".
</p></dd>
<a name="id-1.13.2.8.7"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
Accepts a single update command as a command-line argument, sends
an update request message to the authoritative server, and shows
the response from the server. In other words, this is a simplified
<span class="command"><strong>nsupdate</strong></span>.
</p>
<p>
Usage: sample-update [options] (add|delete) "update data"
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a auth_server</span></dt>
<dd>
<p>
An IP address of the authoritative server that has authority
for the zone containing the update name. This should
normally be the primary authoritative server that accepts
dynamic updates. It can also be a secondary server that is
configured to forward update requests to the primary server.
</p>
</dd>
<dt><span class="term">-k keyfile</span></dt>
<dd>
<p>
A TSIG key file to secure the update transaction. The
keyfile format is the same as that for the nsupdate utility.
</p>
</dd>
<dt><span class="term">-p prerequisite</span></dt>
<dd>
<p>
A prerequisite for the update (only one prerequisite can be
specified). The prerequisite format is the same as that is
accepted by the nsupdate utility.
</p>
</dd>
<dt><span class="term">-r recursive_server</span></dt>
<dd>
<p>
An IP address of a recursive server that this utility will
use. A recursive server may be necessary to identify the
authoritative server address to which the update request is
sent.
</p>
</dd>
<dt><span class="term">-z zonename</span></dt>
<dd>
<p>
The domain name of the zone that contains
</p>
</dd>
<dt><span class="term">(add|delete)</span></dt>
<dd>
<p>
Specify the type of update operation. Either "add" or
"delete" must be specified.
</p>
</dd>
<dt><span class="term">"update data"</span></dt>
<dd>
<p>
Specify the data to be updated. A typical example of the
data would look like "name TTL RRtype RDATA".
</p>
</dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
In practice, either -a or -r must be specified. Others can
be optional; the underlying library routine tries to identify the
appropriate server and the zone name for the update.
</p>
</div>
<p>
Examples: assuming the primary authoritative server of the
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
</p>
<pre class="screen">
<p>
In practice, either -a or -r must be specified. Others can be
optional; the underlying library routine tries to identify the
appropriate server and the zone name for the update.
</p>
</div>
<p>
Examples: assuming the primary authoritative server of the
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
<p>
adds an A RR for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
<p>
adds an A RR for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
<p>
removes all A RRs for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
<p>
removes all A RRs for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
<p>
removes all RRs for foo.dynamic.example.com using the given key.
</p>
</div>
<div class="section">
<p>
removes all RRs for foo.dynamic.example.com using the given key.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="id-1.13.2.9.8"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
correctly in terms of RFC 4074. This is included in the set of
sample programs to show how the export library can be used in a
DNS-related application.
</p>
<p>
Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file]
</p>
<p>
Options
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-d
</span></dt>
<dd><p>
run in the "debug" mode. with this option nsprobe will dump
every RRs it receives.
</p></dd>
<dt><span class="term">
-v
</span></dt>
<dd><p>
increase verbosity of other normal log messages. This can be
specified multiple times
</p></dd>
<dt><span class="term">
-c cache_address
</span></dt>
<dd><p>
specify an IP address of a recursive (caching) name server.
nsprobe uses this server to get the NS RRset of each domain and
the A and/or AAAA RRsets for the name servers. The default
value is 127.0.0.1.
</p></dd>
<dt><span class="term">
input_file
</span></dt>
<dd><p>
a file name containing a list of domain (zone) names to be
probed. when omitted the standard input will be used. Each
line of the input file specifies a single domain name such as
"example.com". In general this domain name must be the apex
name of some DNS zone (unlike normal "host names" such as
"www.example.com"). nsprobe first identifies the NS RRsets for
the given domain name, and sends A and AAAA queries to these
servers for some "widely used" names under the zone;
specifically, adding "www" and "ftp" to the zone name.
</p></dd>
<a name="id-1.13.2.8.8"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
Checks a set of domains to see the name servers of the domains
behave correctly in terms of RFC 4074. This is included in the set
of sample programs to show how the export library can be used in a
DNS-related application.
</p>
<p>
Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file]
</p>
<p>
Options
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-d</span></dt>
<dd>
<p>
Run in "debug" mode. With this option nsprobe will dump
every RRs it receives.
</p>
</dd>
<dt><span class="term">-v</span></dt>
<dd>
<p>
Increase verbosity of other normal log messages. This can be
specified multiple times.
</p>
</dd>
<dt><span class="term">-c cache_address</span></dt>
<dd>
<p>
Specify an IP address of a recursive (caching) name server.
nsprobe uses this server to get the NS RRset of each domain
and the A and/or AAAA RRsets for the name servers. The
default value is 127.0.0.1.
</p>
</dd>
<dt><span class="term">input_file</span></dt>
<dd>
<p>
A file name containing a list of domain (zone) names to be
probed. when omitted the standard input will be used. Each
line of the input file specifies a single domain name such as
"example.com". In general this domain name must be the apex
name of some DNS zone (unlike normal "host names" such as
"www.example.com"). nsprobe first identifies the NS RRsets
for the given domain name, and sends A and AAAA queries to
these servers for some "widely used" names under the zone;
specifically, adding "www" and "ftp" to the zone name.
</p>
</dd>
</dl></div>
</div>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.13.2.10"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
programs.</p>
<a name="id-1.13.2.9"></a>Library References</h3></div></div></div>
<p>
As of this writing, there is no formal "manual" for the libraries,
except this document, header files (some of which provide pretty
detailed explanations), and sample application programs.
</p>
</div>
</div>
</div>

12
doc/arm/Bv9ARM.html
View file

@ -267,13 +267,11 @@
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.4">Prerequisite</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Compilation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Installation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">Known Defects/Restrictions</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">The dns.conf File</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Sample Applications</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.10">Library References</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Installation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Known Defects/Restrictions</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">The dns.conf File</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">Sample Applications</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>

2
doc/arm/libdns.xml
View file

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2010, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2010, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

7
doc/arm/notes.html
View file

@ -707,6 +707,13 @@
catagory.
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>filter-aaaa-on-v4</strong></span> and
<span class="command"><strong>filter-aaaa-on-v6</strong></span> options are no longer
conditionally compiled in <span class="command"><strong>named</strong></span>. [RT #46340]
</p>
</li>
</ul></div>
</div>

12
doc/misc/options
View file

@ -168,9 +168,9 @@ options {
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
filter-aaaa { <address_match_element>; ... };
filter-aaaa-on-v4 ( break-dnssec | <boolean> );
filter-aaaa-on-v6 ( break-dnssec | <boolean> );
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
@ -521,9 +521,9 @@ view <string> [ <class> ] {
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
filter-aaaa { <address_match_element>; ... };
filter-aaaa-on-v4 ( break-dnssec | <boolean> );
filter-aaaa-on-v6 ( break-dnssec | <boolean> );
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };