Commit 2969d462 authored by Internet Software Consortium, Inc's avatar Internet Software Consortium, Inc Committed by Lamont Jones

9.4.0a6

parent 7cbf4ca4
--- 9.4.0a6 released ---
2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
2031. [bug] Emit a error message when "rndc refresh" is called on
a non slave/stub zone. [RT # 16073]
2030. [bug] We were being overly conservative when disabling
openssl engine support. [RT #16030]
2029. [bug] host printed out the server multiple times when
specified on the command line. [RT #15992]
2028. [port] linux: socket.c compatability for old systems.
[RT #16015]
2027. [port] libbind: Solaris x86 support. [RT #16020]
2026. [bug] Rate limit the two recursive client exceeded messages.
[RT #16044]
2025. [func] Update "zone serial unchanged" message. [RT #16026]
2024. [bug] named emited spurious "zone serial unchanged"
messages on reload. [RT #16027]
2023. [bug] "make install" should create ${localstatedir}/run and
${sysconfdir} if they do not exist. [RT #16033]
2022. [bug] If dnssec validation is disabled only assert CD if
CD was requested. [RT #16037]
2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
2019. [tuning] Reduce the amount of work performed per quantum
when cleaning the cache. [RT #15986]
2018. [bug] Checking if the HMAC MD5 private file was broken.
[RT #15960]
2017. [bug] allow-query default was not correct. [RT #15946]
2016. [bug] Return a partial answer if recursion is not
allowed but requested and we had the answer
to the original qname. [RT #15945]
--- 9.4.0a5 released ---
2015. [cleanup] use-additional-cache is now acache-enable for
......@@ -159,7 +207,7 @@
Jason Vas Dias <jvdias@redhat.com>.
1971. [port] linux: make detection of missing IF_NAMESIZE more
robust. [RT #15443]
robust. [RT #15443]
1970. [bug] nsupdate: adjust UDP timeout when falling back to
unsigned SOA query. [RT #15775]
......@@ -748,14 +796,14 @@
1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
......
# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.43.18.2 2005/09/06 03:47:14 marka Exp $
# $Id: Makefile.in,v 1.43.18.4 2006/05/19 00:04:01 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -44,7 +44,8 @@ maintainer-clean::
rm -f configure
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
install:: isc-config.sh installdirs
${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
......
......@@ -142,7 +142,6 @@ BIND 9.4.0
they reference. named has extended post zone load checks.
New zone options: check-mx and integrity-check.
edns-udp-size can now be overridden on a per server basis.
dig can now specify the EDNS version when making a query.
......@@ -155,7 +154,7 @@ BIND 9.4.0
Detect duplicates of UDP queries we are recursing on and
drop them. New stats category "duplicates".
"USE INTERNAL MALLOC" is now runtime selectable.
Meory management. "USE INTERNAL MALLOC" is now runtime selectable.
The lame cache is now done on a <qname,qclass,qtype> basis
as some servers only appear to be lame for certain query
......@@ -204,6 +203,66 @@ BIND 9.4.0
Integrate contibuted IDN code from JPNIC.
Validate pending NS RRsets, in the authority section, prior
to returning them if it can be done without requiring DNSKEYs
to be fetched.
It is now possible to configure named to accept expired
RRSIGs. Default "dnssec-accept-expired no;". Setting
"dnssec-accept-expired yes;" leaves named vulnerable to
replay attacks.
Addition memory leakage checks.
The maximum EDNS UDP response named will send can now be
set in named.conf (max-udp-size). This is independent of
the advertised receive buffer (edns-udp-size).
Named now falls back to advertising EDNS with a 512 byte
receive buffer if the initial EDNS queries fail.
Control the zeroing of the negative response TTL to a soa
query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;".
Seperate out MX and SRV to CNAME checks.
dig/nslookup/host: warn about missing "QR".
TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support.
dnssec-signzone: output the SOA record as the first record
in the signed zone.
Two new update policies. "selfsub" and "selfwild".
dig, nslookup and host now advertise a 4096 byte EDNS UDP
buffer size by default.
Report when a zone is removed.
DS/DLV SHA256 digest algorithm support.
Implement "rrset-order fixed".
Check the KSK flag when updating a secure dynamic zone.
New zone option "update-check-ksk yes;".
It is now possible to explicitly enable DNSSEC validation.
default dnssec-validation no; to be changed to yes in 9.5.0.
It is now posssible to enable/disable DNSSEC validation
from rndc. This is useful for the mobile hosts where the
current connection point breaks DNSSEC (firewall/proxy).
rndc validation newstate [view]
dnssec-signzone can now update the SOA record of the signed
zone, either as an increment or as the system time().
Statistics about acache now recorded and sent to log.
libbind: corresponds to that from BIND 8.4.7.
BIND 9.3.0
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.186.18.24 2006/01/27 02:50:50 marka Exp $ */
/* $Id: dig.c,v 1.186.18.25 2006/05/15 06:11:39 marka Exp $ */
/*! \file */
......@@ -495,7 +495,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (msg != query->lookup->sendmsg &&
(msg->flags & DNS_MESSAGEFLAG_RD) != 0 &&
(msg->flags & DNS_MESSAGEFLAG_RA) == 0)
printf(";; WARNING: recusion requested "
printf(";; WARNING: recursion requested "
"but not available\n");
}
if (msg != query->lookup->sendmsg && extrabytes != 0U)
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.94.18.13 2006/03/02 23:48:49 marka Exp $ */
/* $Id: host.c,v 1.94.18.14 2006/05/23 04:40:42 marka Exp $ */
/*! \file */
......@@ -48,6 +48,7 @@ static isc_boolean_t default_lookups = ISC_TRUE;
static int seen_error = -1;
static isc_boolean_t list_addresses = ISC_TRUE;
static dns_rdatatype_t list_type = dns_rdatatype_a;
static isc_boolean_t printed_server = ISC_FALSE;
static const char *opcodetext[] = {
"QUERY",
......@@ -398,7 +399,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
*/
force_error = (seen_error == 1) ? 1 : 0;
seen_error = 1;
if (listed_server) {
if (listed_server && !printed_server) {
char sockstr[ISC_SOCKADDR_FORMATSIZE];
printf("Using domain server:\n");
......@@ -407,6 +408,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
sizeof(sockstr));
printf("Address: %s\n", sockstr);
printf("Aliases: \n\n");
printed_server = ISC_TRUE;
}
if (msg->rcode != 0) {
......
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named.conf.5,v 1.1.2.18 2006/03/10 00:47:37 marka Exp $
.\" $Id: named.conf.5,v 1.1.2.19 2006/05/17 02:38:42 marka Exp $
.\"
.hy 0
.ad l
......@@ -186,8 +186,8 @@ options {
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
query\-source \fIquerysource4\fR;
query\-source\-v6 \fIquerysource6\fR;
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
......@@ -317,8 +317,8 @@ view \fIstring\fR \fIoptional_class\fR {
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
query\-source \fIquerysource4\fR;
query\-source\-v6 \fIquerysource6\fR;
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.1.2.21 2006/03/09 23:38:20 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.1.2.22 2006/05/16 06:11:37 marka Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
......@@ -232,8 +232,8 @@ options {
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
query-source <replaceable>querysource4</replaceable>;
query-source-v6 <replaceable>querysource6</replaceable>;
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
cleaning-interval <replaceable>integer</replaceable>;
min-roots <replaceable>integer</replaceable>; // not implemented
lame-ttl <replaceable>integer</replaceable>;
......@@ -380,8 +380,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
query-source <replaceable>querysource4</replaceable>;
query-source-v6 <replaceable>querysource6</replaceable>;
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
cleaning-interval <replaceable>integer</replaceable>;
min-roots <replaceable>integer</replaceable>; // not implemented
lame-ttl <replaceable>integer</replaceable>;
......
......@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.html,v 1.1.2.25 2006/04/23 10:12:42 marka Exp $ -->
<!-- $Id: named.conf.html,v 1.1.2.27 2006/05/17 02:38:42 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -204,8 +204,8 @@ options
rfc2308-type1<em class="replaceable"><code>boolean</code></em>;//notyetimplemented<br>
additional-from-auth<em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache<em class="replaceable"><code>boolean</code></em>;<br>
query-source<em class="replaceable"><code>querysource4</code></em>;<br>
query-source-v6<em class="replaceable"><code>querysource6</code></em>;<br>
query-source((<em class="replaceable"><code>ipv4_address</code></em>|*)|[<span class="optional">address(<em class="replaceable"><code>ipv4_address</code></em>|*)</span>])[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
query-source-v6((<em class="replaceable"><code>ipv6_address</code></em>|*)|[<span class="optional">address(<em class="replaceable"><code>ipv6_address</code></em>|*)</span>])[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
min-roots<em class="replaceable"><code>integer</code></em>;//notimplemented<br>
lame-ttl<em class="replaceable"><code>integer</code></em>;<br>
......@@ -312,7 +312,7 @@ options
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2526182"></a><h2>VIEW</h2>
<a name="id2526208"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -351,8 +351,8 @@ view
rfc2308-type1<em class="replaceable"><code>boolean</code></em>;//notyetimplemented<br>
additional-from-auth<em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache<em class="replaceable"><code>boolean</code></em>;<br>
query-source<em class="replaceable"><code>querysource4</code></em>;<br>
query-source-v6<em class="replaceable"><code>querysource6</code></em>;<br>
query-source((<em class="replaceable"><code>ipv4_address</code></em>|*)|[<span class="optional">address(<em class="replaceable"><code>ipv4_address</code></em>|*)</span>])[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
query-source-v6((<em class="replaceable"><code>ipv6_address</code></em>|*)|[<span class="optional">address(<em class="replaceable"><code>ipv6_address</code></em>|*)</span>])[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
min-roots<em class="replaceable"><code>integer</code></em>;//notimplemented<br>
lame-ttl<em class="replaceable"><code>integer</code></em>;<br>
......@@ -451,7 +451,7 @@ view
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2526651"></a><h2>ZONE</h2>
<a name="id2526839"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
type(master|slave|stub|hint|<br>
......@@ -535,12 +535,12 @@ zone
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2527072"></a><h2>FILES</h2>
<a name="id2527123"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2527083"></a><h2>SEE ALSO</h2>
<a name="id2527134"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.257.18.28 2006/03/09 23:46:20 marka Exp $ */
/* $Id: query.c,v 1.257.18.31 2006/05/26 02:48:26 marka Exp $ */
/*! \file */
......@@ -1761,8 +1761,6 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
/* Find AAAA RRset with sig RRset */
result = dns_db_findrdataset(db, node, version, dns_rdatatype_aaaa,
0, client->now, rdataset, sigrdataset);
/* The NXDOMAIN case should be covered above */
INSIST(result != DNS_R_NCACHENXDOMAIN);
/*
* If we can't promote glue/pending from the cache to secure
* then drop it.
......@@ -1777,13 +1775,6 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
dns_rdataset_disassociate(sigrdataset);
result = ISC_R_NOTFOUND;
}
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
/*
* Negative cache entries don't have sigrdatasets.
*/
INSIST(! dns_rdataset_isassociated(sigrdataset));
}
if (result == ISC_R_SUCCESS) {
ISC_LIST_APPEND(cfname.list, rdataset, link);
rdataset = NULL;
......@@ -2958,17 +2949,31 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
result = isc_quota_attach(&ns_g_server->recursionquota,
&client->recursionquota);
if (result == ISC_R_SOFTQUOTA) {
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
"recursive-clients soft limit exceeded, "
"aborting oldest query");
static isc_stdtime_t last = 0;
isc_stdtime_t now;
isc_stdtime_get(&now);
if (now != last) {
last = now;
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_QUERY,
ISC_LOG_WARNING,
"recursive-clients soft limit "
"exceeded, aborting oldest query");
}
ns_client_killoldestquery(client);
result = ISC_R_SUCCESS;
} else if (result == ISC_R_QUOTA) {
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
"no more recursive clients: %s",
isc_result_totext(result));
static isc_stdtime_t last = 0;
isc_stdtime_t now;
isc_stdtime_get(&now);
if (now != last) {
last = now;
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_QUERY,
ISC_LOG_WARNING,
"no more recursive clients: %s",
isc_result_totext(result));
}
ns_client_killoldestquery(client);
}
if (result == ISC_R_SUCCESS && !client->mortal &&
......@@ -3486,9 +3491,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
}
if (result != ISC_R_SUCCESS) {
if (result == DNS_R_REFUSED)
QUERY_ERROR(DNS_R_REFUSED);
else
if (result == DNS_R_REFUSED) {
if (!PARTIALANSWER(client))
QUERY_ERROR(DNS_R_REFUSED);
} else
QUERY_ERROR(DNS_R_SERVFAIL);
goto cleanup;
}
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.419.18.45 2006/05/03 01:46:40 marka Exp $ */
/* $Id: server.c,v 1.419.18.47 2006/05/24 04:30:43 marka Exp $ */
/*! \file */
......@@ -1545,19 +1545,13 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
* For now, there is only one kind of trusted keys, the
* "security roots".
*/
if (view->enablednssec) {
CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
&view->secroots));
dns_resolver_resetmustbesecure(view->resolver);
obj = NULL;
result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
if (result == ISC_R_SUCCESS)
CHECK(mustbesecure(obj, view->resolver));
} else {
if (view->secroots != NULL)
dns_keytable_detach(&view->secroots);
dns_resolver_resetmustbesecure(view->resolver);
}
CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
&view->secroots));
dns_resolver_resetmustbesecure(view->resolver);
obj = NULL;
result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
if (result == ISC_R_SUCCESS)
CHECK(mustbesecure(obj, view->resolver));
obj = NULL;
result = ns_config_get(maps, "max-cache-ttl", &obj);
......@@ -4027,20 +4021,29 @@ isc_result_t
ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone refresh queued";
const unsigned char msg1[] = "zone refresh queued";
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
dns_zone_refresh(zone);
dns_zone_detach(&zone);
if (sizeof(msg) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg, sizeof(msg));
return (ISC_R_SUCCESS);
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
dns_zone_detach(&zone);
if (sizeof(msg1) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg1, sizeof(msg1));
return (ISC_R_SUCCESS);
}
dns_zone_detach(&zone);
if (sizeof(msg2) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg2, sizeof(msg2));
return (ISC_R_FAILURE);
}
isc_result_t
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.110.18.22 2006/03/06 01:38:00 marka Exp $ */
/* $Id: zoneconf.c,v 1.110.18.23 2006/05/16 03:39:57 marka Exp $ */
/*% */
......@@ -65,7 +65,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
void (*clearzacl)(dns_zone_t *))
{
isc_result_t result;
const cfg_obj_t *maps[4];
const cfg_obj_t *maps[5];
const cfg_obj_t *aclobj = NULL;
int i = 0;
dns_acl_t *dacl = NULL;
......@@ -80,6 +80,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
if (options != NULL)
maps[i++] = options;
}
maps[i++] = ns_g_defaults;
maps[i] = NULL;
result = ns_config_get(maps, aclname, &aclobj);
......
This diff is collapsed.
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.11 2006/04/23 10:12:42 marka Exp $ -->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.12 2006/05/08 15:46:13 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2545261">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2544133">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2544546">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2545546">The Domain Name System (<span class="acronym">DNS</span>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2544701">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2544132">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2544545">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2545545">The Domain Name System (<span class="acronym">DNS</span>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2545568">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2545670">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548144">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548289">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548393">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548455">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2545566">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2545669">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548211">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548288">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548392">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2548454">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
......@@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2545261"></a>Scope of Document</h2></div></div></div>
<a name="id2544701"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<span class="acronym">BIND</span>) implements an
......@@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2544133"></a>Organization of This Document</h2></div></div></div>
<a name="id2544132"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Section 1</em></span> introduces
the basic <span class="acronym">DNS</span> and <span class="acronym">BIND</span> concepts. <span class="emphasis"><em>Section 2</em></span>
......@@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2544546"></a>Conventions Used in This Document</h2></div></div></div>
<a name="id2544545"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
......@@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2545546"></a>The Domain Name System (<span class="acronym">DNS</span>)</h2></div></div></div>
<a name="id2545545"></a>The Domain Name System (<span class="acronym">DNS</span>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <span class="acronym">BIND</span> software
......@@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2545568"></a>DNS Fundamentals</h3></div></div></div>
<a name="id2545566"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
......@@ -273,7 +273,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2545670"></a>Domains and Domain Names</h3></div></div></div>
<a name="id2545669"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
......@@ -319,7 +319,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2548144"></a>Zones</h3></div></div></div>
<a name="id2548211"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
......@@ -372,7 +372,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2548289"></a>Authoritative Name Servers</h3></div></div></div>
<a name="id2548288"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
......@@ -389,7 +389,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2548312"></a>The Primary Master</h4></div></div></div>
<a name="id2548311"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
......@@ -409,7 +409,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2548342"></a>Slave Servers</h4></div></div></div>
<a name="id2548341"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
......@@ -425,7 +425,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2548363"></a>Stealth Servers</h4></div></div></div>
<a name="id2548362"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
......@@ -460,7 +460,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2548393"></a>Caching Name Servers</h3></div></div></div>
<a name="id2548392"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
......@@ -487,7 +487,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2548428"></a>Forwarding</h4></div></div></div>
<a name="id2548427"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
......@@ -514,7 +514,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2548455"></a>Name Servers in Multiple Roles</h3></div></div></div>
<a name="id2548454"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <span class="acronym">BIND</span> name server can
simultaneously act as
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.12 2006/04/23 10:12:42 marka Exp $ -->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.13 2006/05/08 15:46:13 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548626">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548652">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548665">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548692">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548702">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548625">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548651">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548664">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548691">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2548701">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2548626"></a>Hardware requirements</h2></div></div></div>
<a name="id2548625"></a>Hardware requirements</h2></div></div></div>
<p>
<span class="acronym">DNS</span> hardware requirements have
traditionally been quite modest.
......@@ -73,7 +73,7 @@
</div>