diff options
author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2011-05-23 06:48:49 +0000 |
---|---|---|
committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2011-05-23 06:48:49 +0000 |
commit | 05ce6e23a4de597556dc2e7cbe5bce593a3da7f5 (patch) | |
tree | edea943caf661948394d2db033e33de913ede575 /usr.sbin/nsd | |
parent | 927432f907066551c12745a9deb07f3db437d33e (diff) |
remove old man-pages
Diffstat (limited to 'usr.sbin/nsd')
-rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8 | 94 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-notify.8 | 66 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-patch.8 | 69 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-xfer.8 | 83 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-zonec.8 | 126 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd.8 | 266 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd.conf.5 | 519 | ||||
-rw-r--r-- | usr.sbin/nsd/nsdc.8 | 167 |
8 files changed, 0 insertions, 1390 deletions
diff --git a/usr.sbin/nsd/nsd-checkconf.8 b/usr.sbin/nsd/nsd-checkconf.8 deleted file mode 100644 index 61abea90570..00000000000 --- a/usr.sbin/nsd/nsd-checkconf.8 +++ /dev/null @@ -1,94 +0,0 @@ -.TH "nsd\-checkconf" "8" "@date@" "NLnet Labs" "nsd @version@" -."\ Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -."\ See LICENSE for the license. -.SH "NAME" -.LP -.B nsd\-checkconf -\- NSD configuration file checker. -.SH "SYNOPSIS" -.LP -.B nsd\-checkconf -.RB [ \-v ] -.RB [ \-h ] -.RB [ \-o -.IR option ] -.RB [ \-z -.IR zonename ] -.RB [ \-s -.IR keyname ] -.I configfile -.SH "DESCRIPTION" -.LP -.B nsd\-checkconf -reads a configuration file. It prints parse errors to standard -error, and performs additional checks on the contents. The -configfile format is described in nsd.conf(5). -.P -The utility of this program is to check a config file for errors -before using it in nsd(8) or nsd-zonec(8). This program can also be used -for shell scripts to access the nsd config file, using the \-o and -\-z options. -.P -.SH "OPTIONS" -.TP -.B \-v -After reading print the options to standard output in configfile -format. Without this option, only success or parse errors are -reported. -.TP -.B \-h -Print usage help information and exit. -.TP -.B \-o\fI option -Return only this option from the config file. This option can -to be used in conjunction with the -.B \-z -option. -The special value -.I zones -prints out a list of configured zones. -.P -.RS -This option is primarily used by -.B nsdc -to parse the config file from the shell. If the -.B \-z -option is given, but the -.B \-o -option is not given, nothing is printed. -.RE -.TP -.B \-s\fI keyname -Prints the key secret (base64 blob) configured for this key in the -config file. Used to help shell scripts parse the config file. -.TP -.B \-z\fI zonename -Return the option specified with -.B \-o -for zone 'zonename'. -.P -.RS -If this option is not given, the server section of the config file -is used. This option is primarily used by -.B nsdc -to parse the config file from the shell. -.RE -.P -.RS -The \-o, \-s and \-z option print configfile options to standard output. -.RE -.SH "FILES" -.TP -/etc/nsd.conf -default -.B NSD -configuration file -.SH "SEE ALSO" -.LP -nsd(8), nsdc(8), nsd.conf(5), nsd\-notify(8), nsd\-patch(8), -nsd-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. diff --git a/usr.sbin/nsd/nsd-notify.8 b/usr.sbin/nsd/nsd-notify.8 deleted file mode 100644 index a34810f80df..00000000000 --- a/usr.sbin/nsd/nsd-notify.8 +++ /dev/null @@ -1,66 +0,0 @@ -.TH "nsd\-notify" "8" "@date@" "NLnet Labs" "nsd @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd\-notify -\- program to send NOTIFY's to remote nameservers. -.SH "SYNOPSIS" -.LP -.B nsd\-notify -.RB [ \-4 ] -.RB [ \-6 ] -.RB [ \-h ] -.RB [ \-a -.IR address[@port] ] -.RB [ \-p -.IR port ] -.RB [ \-y -.IR key:secret[:algorithm] ] -.B \-z -.I zone servers -.SH "DESCRIPTION" -.LP -.B Nsd\-notify -is simple program to send NOTIFY's to remote nameservers. -.B NSD -is a complete implementation of an authoritative DNS nameserver. -.SH "OPTIONS" -.TP -.B \-4 -Only send to IPv4 addresses. -.TP -.B \-6 -Only send to IPv6 addresses. -.TP -.B \-h -Print help information and exit. -.TP -.B \-a\fI address[@port] -Specify the source address (and port) to send from. -.TP -.B \-p\fI port -Specify the port to send to. -.TP -.B \-y\fI key:secret[:algorithm] -Specify a TSIG key and base64 encoded secret to sign the notification with. If -the TSIG algorithm is not defined, MD5 is used. -.TP -.B z\fI zone -Specify the zone to notify about. -.TP -.I servers -List of nameservers to send to. -.SH "EXAMPLES" -.LP -To run this program the standard way type: -.LP -.B # nsd\-notify \-z foobar.cz 1.2.3.4 -.SH "SEE ALSO" -.LP -nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8), -nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS -file in the distribution for further details. diff --git a/usr.sbin/nsd/nsd-patch.8 b/usr.sbin/nsd/nsd-patch.8 deleted file mode 100644 index 45aee1acb64..00000000000 --- a/usr.sbin/nsd/nsd-patch.8 +++ /dev/null @@ -1,69 +0,0 @@ -.TH "nsd\-patch" "8" "@date@" "NLnet Labs" "nsd @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd\-patch -\- NSD zone patcher version @version@. -.SH "SYNOPSIS" -.B nsd\-patch -.RB [ \-c -.IR configfile ] -.RB [ \-f ] -.RB [ \-h ] -.RB [ \-l ] -.RB [ \-o -.IR dbfile ] -.RB [ \-s ] -.RB [ \-x -.IR difffile ] -.SH "DESCRIPTION" -.LP -.B Nsd\-patch -is the zone patcher for nsd(8). It reads in the nsd database -(nsd.db) and difffile (ixfr.db), and overwrites the zone text files -if they have been updated. Running this regularly ensures that the -difffile does not grow infinitely. -.SH "OPTIONS" -.TP -.B \-c\fI configfile -Read specified configfile instead of the default -.IR /etc/nsd.conf . -.TP -.B \-f -Forces writing zone files. Also zones that have not changed are written -back to their zone files. -.TP -.B \-h -Print usage help information and exit. -.TP -.B \-l -List the journal entries from the difffile. Does not write to zone files. -.TP -.B \-o\fI dbfile -Store the output directly to dbfile. -.TP -.B \-s -Skip writing zone files. No zones are written back to their zone files. -.TP -.B \-x\fI difffile -Read specified difffile. Overrides the config file setting. -.SH "FILES" -.TP -/var/nsd/db/nsd.db -default -.B NSD -database -.TP -/etc/nsd.conf -default -.B NSD -configuration file -.SH "SEE ALSO" -nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8), nsd-notify(8), -nsd-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. diff --git a/usr.sbin/nsd/nsd-xfer.8 b/usr.sbin/nsd/nsd-xfer.8 deleted file mode 100644 index 93e1068d2b9..00000000000 --- a/usr.sbin/nsd/nsd-xfer.8 +++ /dev/null @@ -1,83 +0,0 @@ -.TH "nsd\-xfer" "8" "@date@" "NLnet Labs" "nsd @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd\-xfer -\- AXFR client to transfer zones from a name server -.SH "SYNOPSIS" -.LP -.B nsd\-xfer -.RB [ \-4 ] -.RB [ \-6 ] -.RB [ \-a -.IR address[@port] ] -.RB [ \-p -.IR port ] -.RB [ \-s -.IR serial ] -.RB [ \-T -.IR tsiginfo ] -.RB [ \-v ] -.B \-z -.I zone -.B \-f -.I file -.I servers -.SH "DESCRIPTION" -.LP -.B Nsd\-xfer -is program to transfer zones from a name server using AXFR. -.B NSD -is a complete implementation of an authoritative DNS nameserver. -.SH "OPTIONS" -.LP -.TP -.B \-4 -Only send to IPv4 addresses. -.TP -.B \-6 -Only send to IPv6 addresses. -.TP -.B \-a\fI address[@port] -Specify the source address (and port) to send from. -.TP -.B \-f\fI file -The file to store the zone in. -.TP -.B \-p\fI port -Specify the port to send to. -.TP -.B \-s\fI serial -Specify the serial of the current zone. The zone is only transferred -if the master server has a zone with a greater serial number. -.TP -.B \-T\fI tsiginfo -Use TSIG to verify the zone transfer. The -.I tsiginfo -file must contain the TSIG key information. The file is removed -upon successful reading of the key. The format of the tsiginfo file -is described in the doc/README file (section 3.3). -.TP -.B \-v -Be more verbose. -.TP -.B \-z\fI zone -Specify the zone to receive. -.TP -.I servers -List of nameservers to try. -.SH "EXAMPLES" -.LP -To run this program the standard way type: -.LP -# nsd\-xfer \-z foobar.cz \-f foobar.cz.zone 1.2.3.4 -.SH "SEE ALSO" -.LP -nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8), -nsd-notify(8), nsd-patch(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS -file in the distribution for further details. diff --git a/usr.sbin/nsd/nsd-zonec.8 b/usr.sbin/nsd/nsd-zonec.8 deleted file mode 100644 index c5ca4c70518..00000000000 --- a/usr.sbin/nsd/nsd-zonec.8 +++ /dev/null @@ -1,126 +0,0 @@ -.TH "nsd-zonec" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd-zonec -\- NSD zone compiler version 3.2.5. -.SH "SYNOPSIS" -.LP -.B nsd-zonec -.RB [ \-v ] -.RB [ \-h ] -.RB [ \-C ] -.RB [ \-L ] -.RB [ \-F ] -.RB [ \-c -.IR configfile ] -.RB [ \-d -.IR directory ] -.RB [ \-o -.IR origin ] -.RB [ \-z -.IR zonefile ] -.RB [ \-f -.IR database ] -.SH "DESCRIPTION" -.LP -.B Zonec -is the nsd(8) database compiler for creating name space databases -from a set of input master zone files specified in nsd.conf(5) file. -.LP -It is normally invoked via nsdc(8) rebuild command. -.B Zonec -will then parse every zone in nsd.conf(5) file and add it to the -name space database, -.I /var/nsd/db/nsd.db -by default, that is used by nsd(8) to answer incoming queries. -.SH "OPTIONS" -.TP -.B \-c\fI configfile -Read specified configfile instead of the default -.IR /etc/nsd.conf . -.TP -.B \-C -No config file is read (use with \-f, \-o and \-z). -.TP -.B \-d\fI directory -Change the working directory to -.I directory -before doing any work. Overrides zonesdir: option in config file. -.TP -.B \-f\fI database -Create the specified -.I database -instead of the file specified as database: in the config file. -.TP -.B \-o\fI origin -Use this as the first origin. Zone information is read from -zonefile specified with \-z. When reading zones from config file -this option is ignored. -.TP -.B \-z\fI zonefile -Reads all zone information from -.IR zonefile . -If -.IR zonefile -equals `\-`, then all zone information is read from stdin, making -constructs like: -.LP -.RS -.B # cat zones* -| -.B ./nsd-zonec \-C \-f nsd.db \-o example.net \-z \- -.RE -.LP -.RS -possible. When reading zones from config file this option is -ignored. -.RE -.TP -.B \-v -Increase the verbosity of nsd-zonec. This flag can be specified multiple -times to increase the level of verbosity. The first level of -verbosity will print per zone summary information. The second level -of will print progress information for each 10,000 RRs processed. -.TP -.B \-F -Set debug facilities. (If compiled with \-\-enable\-checking.) -.TP -.B \-L -Set debug level. (If compiled with \-\-enable\-checking.) -.SH "FILES" -.TP -/var/nsd/db/nsd.db -default -.B NSD -database -.TP -/etc/nsd/nsd.conf -default -.B NSD -configuration file -.SH "DIAGNOSTICS" -.LP -.B Zonec -will log all the problems via the standard error output and -progress via stdout if the -.B v -option is specified. -.SH "SEE ALSO" -.LP -nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd-notify(8), -nsd-patch(8), nsd-xfer(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. -.SH "BUGS" -.LP -.B Zonec -has rather weak error diagnostics that will change in further -versions. -.B Zonec -expects the input files to be free of syntax errors and very little -fool proof checks are done. diff --git a/usr.sbin/nsd/nsd.8 b/usr.sbin/nsd/nsd.8 deleted file mode 100644 index 27f995865a7..00000000000 --- a/usr.sbin/nsd/nsd.8 +++ /dev/null @@ -1,266 +0,0 @@ -.TH "NSD" "8" "@date@" "NLnet Labs" "NSD @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd -\- Name Server Daemon (NSD) version @version@. -.SH "SYNOPSIS" -.LP -.B nsd -.RB [ \-4 ] -.RB [ \-6 ] -.RB [ \-a -.IR ip\-address[@port] ] -.RB [ \-c -.IR configfile ] -.RB [ \-d ] -.RB [ \-f -.IR database ] -.RB [ \-h ] -.RB [ \-i -.IR identity ] -.RB [ \-I -.IR nsid ] -.RB [ \-l -.IR logfile ] -.RB [ \-N -.IR server\-count ] -.RB [ \-n -.IR noncurrent\-tcp\-count ] -.RB [ \-P -.IR pidfile ] -.RB [ \-p -.IR port ] -.RB [ \-s -.IR seconds ] -.RB [ \-t -.IR chrootdir ] -.RB [ \-u -.IR username ] -.RB [ \-V -.IR level ] -.RB [ \-v ] -.SH "DESCRIPTION" -.LP -.B NSD -is a complete implementation of an authoritative DNS nameserver. -Upon startup, -.B NSD -will read the database specified with -.B \-f -.I database -argument and put itself into background and answers queries on port -53 or a different port specified with -.B \-p -.I port -option. The -.I database -must be generated beforehand with nsd-zonec(8). By default, -.B NSD -will bind to all local interfaces available. Use the -.B \-a -.I ip\-address[@port] -option to specify a single particular interface address to be -bound. If this option is given more than once, -.B NSD -will bind its UDP and TCP sockets to all the specified ip\-addresses -separately. If IPv6 is enabled when -.B NSD -is compiled an IPv6 address can also be specified. -.P -.SH "OPTIONS" -.LP -All the options can be specified in the configfile ( -.B \-c -argument), except for the -.B \-v -and -.B \-h -options. If options are specified on the commandline, the options -on the commandline take precedence over the options in the -configfile. -.P -Normally -.B NSD -should be started with the `nsdc(8) start` command invoked from a -.I /etc/rc.d/nsd.sh -script or similar at the operating system startup. -.TP -.B \-4 -Only listen to IPv4 connections. -.TP -.B \-6 -Only listen to IPv6 connections. -.TP -.B \-a\fI ip\-address[@port] -Listen to the specified -.IR ip\-address . -The -.I ip\-address -must be specified in numeric format (using the standard IPv4 or IPv6 -notation). Optionally, a port number can be given. -This flag can be specified multiple times to listen to -multiple IP addresses. If this flag is not specified, -.B NSD -listens to the wildcard interface. -.TP -.B \-c\fI configfile -Read specified -.I configfile instead of the default -.IR /etc/nsd/nsd.conf . -For format description see nsd.conf(5). -.TP -.B \-d -Turn on debugging mode, do not fork, stay in the foreground. -.TP -.B \-f\fI database -Use the specified -.I database -instead of the default of -.IR /var/nsd/db/nsd.db . -If a -.B zonesdir: -is specified in the config file this path can be relative to that -directory. -.TP -.B \-h -Print help information and exit. -.TP -.B \-i\fI identity -Return the specified -.I identity -when asked for -.I CH TXT ID.SERVER -(This option is used to determine which server is answering the queries -when they are multicast). The default is the name returned by -gethostname(3). -.TP -.B \-I\fI nsid -Add the specified -.I nsid -to the EDNS section of the answer when queried with an NSID EDNS -enabled packet. -.TP -.B \-l\fI logfile -Log messages to the specified -.IR logfile . -The default is to log to stderr and syslog. If a -.B zonesdir: -is specified in the config file this path can be relative to that -directory. -.TP -.B \-N\fI count -Start -.I count -.B NSD -servers. The default is 1. Starting more than a single server is -only useful on machines with multiple CPUs and/or network adapters. -.TP -.B \-n\fI number -The maximum -.I number -of concurrent TCP connection that can be handled by each server. The -default is 10. -.TP -.B \-P\fI pidfile -Use the specified -.I pidfile -instead of the platform specific default, which is mostly -.IR /var/nsd/run/nsd.pid . -If a -.B zonesdir: -is specified in the config file, this path can be relative to that -directory. -.TP -.B \-p\fI port -Answer the queries on the specified -.IR port . -Normally this is port 53. -.TP -.B \-s\fI seconds -.It Fl s Ar seconds -Produce statistics dump every -.I seconds -seconds. This is equal to sending -.I SIGUSR1 -to the daemon periodically. -.TP -.B \-t\fI chroot -Specifies a directory to -.I chroot -to upon startup. This option requires you to ensure that appropriate -syslogd(8) socket (e.g. -.I chrootdir -/dev/log) is available, otherwise -.B NSD -won't produce any log output. -.TP -.B \-u\fI username -Drop user and group privileges to those of -.I username -after binding the socket. -The -.I username -must be one of: username, id, or id.gid. For example: nsd, 80, or -80.80. -.TP -.B \-V\fI level -This value specifies the verbosity level for (non\-debug) logging. -Default is 0. -.TP -.B \-v -Print the version number of -.B NSD -to standard error and exit. -.LP -.B NSD -reacts to the following signals: -.TP -SIGTERM -Stop answering queries, shutdown, and exit normally. -.TP -SIGHUP -Reload the database. -.TP -SIGUSR1 -Dump BIND8\-style statistics into the log. Ignored otherwise. -.SH "FILES" -.TP -/var/nsd/db/nsd.db -default -.B NSD -database -.TP -/var/nsd/run/nsd.pid -the process id of the name server. -.TP -/etc/nsd.conf -default -.B NSD -configuration file -.SH "DIAGNOSTICS" -.LP -will log all the problems via the standard syslog(8) -.I daemon -facility, unless the -.B \-d -option is specified. -.SH "SEE ALSO" -.LP -nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8), -nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. -.SH "BUGS" -.LP -.B NSD -will answer the queries erroneously if the -.I database -was not properly compiled with nsd-zonec(8). Therefore problems with -misconfigured master zone files or nsd-zonec(8) bugs may not be visible -until the queries are actually answered with -.BR NSD . diff --git a/usr.sbin/nsd/nsd.conf.5 b/usr.sbin/nsd/nsd.conf.5 deleted file mode 100644 index f4a2154263d..00000000000 --- a/usr.sbin/nsd/nsd.conf.5 +++ /dev/null @@ -1,519 +0,0 @@ -.TH "nsd.conf" "5" "@date@" "NLnet Labs" "nsd @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsd.conf -\- NSD configuration file -.SH "SYNOPSIS" -.LP -.B nsd.conf -.SH "DESCRIPTION" -.B Nsd.conf -is used to configure nsd(8). The file format has attributes and -values. Some attributes have attributes inside them. The notation -is: attribute: value. -.PP -Comments start with # and last to the end of line. Empty lines are -ignored as is whitespace at the beginning of a line. -.PP -.B Nsd.conf -specifies options for the nsd server, zone files, primaries and -secondaries. -.SH "EXAMPLE" -.LP -An example of a short nsd.conf file is below. -.LP -# Example.com nsd.conf file -.RS 0 -# This is a comment. -.RE -.TP -server: -.RS 5 -database: "/var/nsd/db/nsd.db" -.RE -.RS 5 -username: nsd -.RE -.RS 5 -logfile: "/var/log/nsd.log" -.RE -.RS 5 -pidfile: "/var/nsd/run/nsd.pid" -.RE -.RS 5 -difffile: "/var/nsd/run/ixfr.db" -.RE -.RS 5 -xfrdfile: "/var/nsd/run/rfrd.state" -.RE -.TP -zone: -.RS 5 -name: example.com -.RE -.RS 5 -# note that quotes are optional on the value -.RE -.RS 5 -zonefile: /var/nsd/zones/example.com -.RE -.SH "FILE FORMAT" -There must be whitespace between keywords. Attribute keywords end -with a colon ':'. An attribute is followed by its containing -attributes, or a value. -.P -At the top level only -.B server: -or -.B zone: -or -.B key: -are allowed. These are followed by their attributes or the start of -a new -.B server: -or -.B zone: -or -.B key: -clause. The -.B zone: -attribute is followed by zone options. The -.B server: -attribute is followed by global options for the -.B NSD -server. A -.B key: -attribute is used to define keys for authentication. -.P -Files can be included using the -.B include: -directive. It can appear anywhere, and takes a single filename as -an argument. Processing continues as if the text from the included -file was copied into the config file at that point. -.S "Server Options" -.LP -The global options (if not overridden from the NSD commandline) are -taken from the -.B server: -clause. There may only be one -.B server: -clause. -.TP -.B ip\-address:\fR <ip4 or ip6>[@port] -NSD will bind to the listed ip\-address. Can be give multiple times -to bind multiple ip\-addresses. Optionally, a port number can be given. -If none are given NSD listens to the wildcard interface. Same as commandline option -.BR \-a. -.TP -.B debug\-mode:\fR <yes or no> -Turns on debugging mode for nsd, does not fork a daemon process. -Default is no. Same as commandline option -.BR \-d. -.TP -.B ip4\-only:\fR <yes or no> -If yes, NSD only listens to IPv4 connections. Same as commandline -option -.BR \-4. -.TP -.B ip6\-only:\fR <yes or no> -If yes, NSD only listens to IPv6 connections. Same as commandline -option -.BR \-6. -.TP -.B database:\fR <filename> -By default -.I /var/nsd/db/nsd.db -is used. The specified file is used to store the compiled -zone information. Same as commandline option -.BR \-f. -.TP -.B identity:\fR <string> -Returns the specified identity when asked for CH TXT ID.SERVER. -Default is the name as returned by gethostname(3). Same as -commandline option -.BR \-i . -.TP -.B nsid:\fR <string> -Add the specified nsid to the EDNS section of the answer when queried -with an NSID EDNS enabled packet. Same as commandline option -.BR \-I . -.TP -.B logfile:\fR <filename> -Log messages to the logfile. The default is to log to stderr and -syslog (with facility LOG_DAEMON). Same as commandline option -.BR \-l . -.TP -.B server\-count:\fR <number> -.It \fBserver\-count:\fR <number> -Start this many NSD servers. Default is 1. Same as commandline -option -.BR \-N . -.TP -.B tcp\-count:\fR <number> -The maximum number of concurrent, active TCP connections by each server. -Default is 10. This option should have a value below 1000. -Same as commandline option -.BR \-n . -.TP -.B tcp\-query\-count:\fR <number> -The maximum number of queries served on a single TCP connection. -Default is 0, meaning there is no maximum. -.TP -.B tcp\-timeout:\fR <number> -Overrides the default TCP timeout. This also affects zone transfers over TCP. -.TP -.B ipv4\-edns\-size:\fR <number> -Preferred EDNS buffer size for IPv4. -.TP -.B ipv6\-edns\-size:\fR <number> -Preferred EDNS buffer size for IPv6. -.TP -.B pidfile:\fR <filename> -Use the pid file instead of the platform specific default, usually -.IR /var/run/nsd.pid. -Same as commandline option -.BR \-P . -.TP -.B port:\fR <number> -Answer queries on the specified port. Default is 53. Same as -commandline option -.BR \-p . -.TP -.B statistics:\fR <number> -If not present no statistics are dumped. Statistics are produced -every number seconds. Same as commandline option -.BR \-s . -.TP -.B chroot:\fR <directory> -NSD will chroot on startup to the specified directory. Same as -commandline option -.BR \-t . -.TP -.B username:\fR <username> -After binding the socket, drop user privileges and assume the -username. Can be username, id or id.gid. Same as commandline option -.BR \-u . -.TP -.B zonesdir:\fR <directory> -Change the working directory to the specified directory before -accessing zone files. Same as commandline option -.B \-d -for nsd-zonec(8). Also nsd(8) will access files (pid file, database -file, log file) relative to this directory. Set the value to "" -(the empty string) to disable the change of working directory. -.TP -.B difffile:\fR <filename> -When NSD receives IXFR updates it will store them in this file. -This file contains the differences between the database file and the -latest zone version. Default is -.IR /var/nsd/run/ixfr.db . -.TP -.B xfrdfile:\fR <filename> -The soa timeout and zone transfer daemon in NSD will save its state -to this file. State is read back after a restart. The state file can -be deleted without too much harm, but timestamps of zones will be -gone. For more details see the section on zone expiry behavior of -NSD. Default is -.IR /var/nsd/run/xfrd.state . -.TP -.B xrfd\-reload\-timeout:\fR <number> -If this value is \-1, xfrd will not trigger a reload after a zone -transfer. If positive xfrd will trigger a reload after a zone -transfer, then it will wait for the number of seconds before it will -trigger a new reload. Setting this value throttles the reloads to -once per the number of seconds. The default is 10 seconds. -.TP -.B verbosity:\fR <level> -This value specifies the verbosity level for (non\-debug) logging. -Default is 0. 1 gives more information about incoming notifies and -zone transfers. 2 lists soft warnings that are encountered. -.TP -.B hide\-version:\fR <yes or no> -Prevent NSD from replying with the version string on CHAOS class -queries. -.SS "Zone Options" -.LP -For every zone the options need to be specified in one -.B zone: -clause. The access control list elements can be given multiple -times to add multiple servers. These elements need to be added -explicitly. -.TP -.B name:\fR <string> -The name of the zone. This is the domain name of the apex of the -zone. May end with a '.' (in FQDN notation). For example -"example.com", "sub.example.net.". This attribute must be present in -each zone. -.TP -.B zonefile:\fR <filename> -The file containing the zone information. This file is used by -nsd-zonec(8). This attribute must be present in each zone. -.TP -.B allow\-notify:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED> -Access control list. The listed (primary) address is allowed to -send notifies to this (secondary) server. Notifies from unlisted or -specifically BLOCKED addresses are discarded. If NOKEY is given no -TSIG signature is required. -.P -.RS -The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be -a subnet of the form 1.2.3.4/24, or masked like -1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25. -A port number can be added using a suffix of @number, for example -1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300. -Note the ip\-spec ranges do not use spaces around the /, &, @ and \- -symbols. -.RE -.TP -.B request\-xfr:\fR [AXFR|UDP] <ip\-address> <key\-name | NOKEY> -Access control list. The listed address (the master) is queried for -AXFR/IXFR on update. The specified key is used during AXFR/IXFR. -.P -.RS -If the AXFR option is given, the server will not be contacted with -IXFR queries but only AXFR requests will be made to the server. This -allows an NSD secondary to have a master server that runs NSD. If -the AXFR option is left out then both IXFR and AXFR requests are -made to the master server. -.P -If the UDP option is given, the secondary will use UDP to transmit the IXFR -requests. You should deploy TSIG when allowing UDP transport, to authenticate -notifies and zone transfers. Otherwise, NSD is more vulnerable for -Kaminsky-style attacks. If the UDP option is left out then IXFR will be -transmitted using TCP. -.RE -.TP -.B allow\-axfr\-fallback:\fR <yes or no> -This option should be accompanied by request-xfr. It (dis)allows NSD (as secondary) -to fallback to AXFR if the primary name server does not support IXFR. Default is yes. -.TP -.B notify:\fR <ip\-address> <key\-name | NOKEY> -Access control list. The listed address (a secondary) is notified -of updates to this zone. The specified key is used to sign the -notify. Only on secondary configurations will NSD be able to detect -zone updates (as it gets notified itself, or refreshes after a -time). -.TP -.B notify\-retry:\fR <number> -This option should be accompanied by notify. It sets the number of retries -when sending notifies. -.TP -.B provide\-xfr:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED> -Access control list. The listed address (a secondary) is allowed to -request AXFR from this server. Zone data will be provided to the -address. The specified key is used during AXFR. For unlisted or -BLOCKED addresses no data is provided, requests are discarded. -.P -.RS -The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be -a subnet of the form 1.2.3.4/24, or masked like -1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25. -A port number can be added using a suffix of @number, for example -1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300. Note the ip\-spec -ranges do not use spaces around the /, &, @ and \- symbols. -.RE -.TP -.B outgoing\-interface:\fR <ip\-address> -Access control list. The listed address is used to request AXFR|IXFR (in case of -a secondary) or used to send notifies (in case of a primary). -.P -.RS -The ip\-address is either a plain IP address (IPv4 or IPv6), or can be -a subnet of the form 1.2.3.4/24, or masked like -1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25. -.RE -.SS "Key Declarations" -The -.B key: -clause establishes a key for use in access control lists. It has -the following attributes. -.TP -.B name:\fR <string> -The key name. Used to refer to this key in the access control list. -.TP -.B algorithm:\fR <string> -Authentication algorithm for this key. -.TP -.B secret:\fR <base64 blob> -The base64 encoded shared secret. It is possible to put the -.B secret: -declaration (and base64 blob) into a different file, and then to -.B include: -that file. In this way the key secret and the rest of the configuration -file, which may have different security policies, can be split apart. -.SH "NSD CONFIGURATION FOR BIND9 HACKERS" -BIND9 is a name server implementation with its own configuration -file format, named.conf(5). BIND9 types zones as 'Master' or 'Slave'. -.SS "Slave zones" -For a slave zone, the master servers are listed. The master servers are -queried for zone data, and are listened to for update notifications. -In NSD these two properties need to be configured seperately, by listing -the master address in allow\-notify and request\-xfr statements. -.P -In BIND9 you only need to provide allow\-notify elements for -any extra sources of notifications (i.e. the operators), NSD needs to have -allow\-notify for both masters and operators. BIND9 allows -additional transfer sources, in NSD you list those as request\-xfr. -.P -Here is an example of a slave zone in BIND9 syntax. -.P -# Config file for example.org -options { -.RS 5 -dnssec\-enable yes; -.RE -.RS 0 -}; -.RE -.LP -key tsig.example.org. { -.RS 5 -algorithm hmac\-md5; -.RE -.RS 5 -secret "aaaaaabbbbbbccccccdddddd"; -.RE -}; -.LP -server 162.0.4.49 { -.RS 5 -keys { tsig.example.org. ; }; -.RE -}; -.LP -zone "example.org" { -.RS 5 -type slave; -.RE -.RS 5 -file "secondary/example.org.signed"; -.RE -.RS 5 -masters { 162.0.4.49; }; -.RE -}; -.P -For NSD, DNSSEC is enabled automatically for zones that are signed. The -dnssec\-enable statement in the options clause is not needed. In NSD -keys are associated with an IP address in the access control list -statement, therefore the server{} statement is not needed. Below is -the same example in an NSD config file. -.LP -# Config file for example.org -.RS 0 -key: -.RE -.RS 5 -name: tsig.example.org. -.RE -.RS 5 -algorithm: hmac\-md5 -.RE -.RS 5 -secret: "aaaaaabbbbbbccccccdddddd" -.RE -.LP -zone: -.RS 5 -name: "example.org" -.RE -.RS 5 -zonefile: "secondary/example.org.signed" -.RE -.RS 5 -# the master is allowed to notify and will provide zone data. -.RE -.RS 5 -allow\-notify: 162.0.4.49 NOKEY -.RE -.RS 5 -request\-xfr: 162.0.4.49 tsig.example.org. -.RE -.P -Notice that the master is listed twice, once to allow it to send notifies -to this slave server and once to tell the slave server where to look for -updates zone data. More allow\-notify and request\-xfr lines can be -added to specify more masters. -.P -It is possible to specify extra allow\-notify lines for addresses -that are also allowed to send notifications to this slave server. -.SS "Master zones" -For a master zone in BIND9, the slave servers are listed. These slave -servers are sent notifications of updated and are allowed to request -transfer of the zone data. In NSD these two properties need to be -configured seperately. -.P -Here is an example of a master zone in BIND9 syntax. -.LP -zone "example.nl" { -.RS 5 -type master; -.RE -.RS 5 -file "example.nl"; -.RE -}; -.LP -In NSD syntax this becomes: -.LP -zone: -.RS 5 -name: "example.nl" -.RE -.RS 5 -zonefile: "example.nl" -.RE -.RS 5 -# allow anybody to request xfr. -.RE -.RS 5 -provide\-xfr: 0.0.0.0/0 NOKEY -.RE -.RS 5 -provide\-xfr: ::0/0 NOKEY -.RE -.P -.RS 5 -# to list a slave server you would in general give -.RE -.RS 5 -# provide\-xfr: 1.2.3.4 tsig\-key.name. -.RE -.RS 5 -# notify: 1.2.3.4 NOKEY -.RE -.SS "Other" -NSD is an authoritative only DNS server. This means that it is -meant as a primary or secondary server for zones, providing DNS -data to DNS resolvers and caches. BIND9 can function as an -authoritative DNS server, the configuration options for that are -compared with those for NSD in this section. However, BIND9 can -also function as a resolver or cache. The configuration options that -BIND9 has for the resolver or caching thus have no equivalents for NSD. -.SH "FILES" -.TP -/var/nsd/db/nsd.db -default -.B NSD -database -.TP -/etc/nsd.conf -default -.B NSD -configuration file -.SH "SEE ALSO" -.LP -nsd(8), nsdc(8), nsd\-checkconf(8), nsd-notify(8), -nsd-patch(8), nsd-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. -.SH "BUGS" -.LP -.B nsd.conf -is parsed by a primitive parser, error messages may not be to the -point. diff --git a/usr.sbin/nsd/nsdc.8 b/usr.sbin/nsd/nsdc.8 deleted file mode 100644 index ca59dc3a4d1..00000000000 --- a/usr.sbin/nsd/nsdc.8 +++ /dev/null @@ -1,167 +0,0 @@ -.TH "NSDC" "8" "@date@" "NLnet Labs" "NSDC @version@" -.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. -.\" See LICENSE for the license. -.SH "NAME" -.LP -.B nsdc -\- Name Server Daemon (NSD) control script. -.SH "SYNOPSIS" -.LP -.B nsdc -.RB [ \-c -.IR configfile ] -.I start -| -.I stop -| -.I reload -| -.I rebuild -| -.I restart -| -.I running -| -.I update -| -.I notify -| -.I patch -.SH "DESCRIPTION" -.LP -.B Nsdc -is the shell script that used to control nsd(8) and nsd-zonec(8) from -.B NSD -distribution. -.B Nsdc -is also suitable to be linked into -.I /etc/rc.d -directory on -.I BSD -like systems for automatic startup of nsd(8) at boot time. -.P -At every invokation, -.B nsdc -will try to read the nsd.conf(5) configuration file. An example of -such configuration file is distributed with the -.B NSD -package as -.IR nsd.conf.sample . -The config file is checked for errors before it is used, see -nsd\-checkconf(8). -.P -Possible -.B nsdc -applications are: -.TP -.I start -Start nsd(8). -.TP -.I stop -Shut down nsd(8) by sending -.I SIGTERM -to it. -.TP -.I reload -Initiate nsd(8) name space database reload by sending -.IR SIGHUP. -.TP -.I rebuild -Rebuild the nsd(8) database by invoking nsd-zonec(8) with appropriate -arguments. -.TP -.I restart -Restart nsdc(8). This equals to nsdc stop && nsdc start. -.TP -.I running -Check whether nsd(8) is running. Returns error message and error -code if it is not running, and no message and zero error code -otherwise. -.TP -.I update -Updates all the slave zones which have -.I allow\-notify: -from localhost (127.0.0.1 or ::1) allowed. -If a TSIG key is specified for the allow\-notify statement in the -config file, it will be used to secure the notify. Note that NSD -keeps track of zone timeouts automatically, this is only needed if -you want to manually force updates by sending notify messages to the -localhost. -.P -.RS -Another method you can use is to stop nsd, delete the xfrd.state -file and then start nsd again. It will try to update all zones. -This method does not require allow\-notify: statements. -.RE -.TP -.I notify -Sends notify messages to all the slaves for all the zones that have the -.I notify: -keyword in the -.I nsd.conf -file. If a TSIG key is specified for a notify statement, it will be -used to secure the notification message to that slave server. -.TP -.I patch -Merge zone transfer changes back to zone files. It reads in the nsd -database (nsd.db) and difffile (ixfr.db), and overwrites the zone -text files if they have been updated. Running this regularly -ensures that the difffile does not grow infinitely. -.SH "OPTIONS" -.TP -.B \-c\fI configfile -Specify configfile to use instead of the default -.IR /etc/nsd.conf . -.SH "FILES" -.TP -/etc/nsd.conf -Configuration file for nsd to change default pathnames and -.B NSD -flags. The zone names, pathnames to zone files and access control -lists are also in nsd.conf(5). -.TP -/var/nsd/db/nsd.db -default -.B NSD -database -.TP -/var/nsd/db/nsd.db.lock -Lockfile for the -.B NSD -database access by operator tools. -.TP -/var/nsd/run/ixfr.db -Journal of zone transfers, the diff file containing the new zone -contents transferred. -.TP -/var/nsd/run/xfrd.state -State for the zone transfer process of -.BR NSD. -Contains timeouts for the zones and whether zones are expired. -.TP -/var/nsd/run/nsd.pid -the process id of the name server. -.SH "DIAGNOSTICS" -.LP -.B Nsdc -will return zero return code if operation was successful and -an error message to standard output plus a non\-zero return code -otherwise. -.SH "SEE ALSO" -.LP -nsd(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8), -nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8) -.SH "AUTHORS" -.LP -.B NSD -was written by NLnet Labs and RIPE NCC joint team. Please see -CREDITS file in the distribution for further details. -.SH "BUGS" -Syntax checking of the config file is rudimentary and error -messages may be wrong. If you do a nsdc patch, whilst a (long) zone -transfer is busy, the zone transfer contents will be partially -lost. After a reload, this will be detected and the zone transfer -should be restarted. The reload that happens at the end of nsdc -patch also frees up memory churn in -.B NSD -caused by zone transfers. |