diff options
Diffstat (limited to 'usr.sbin/bind/bin/rndc')
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc-confgen.8 | 51 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc-confgen.c | 19 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc-confgen.docbook | 294 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc-confgen.html | 213 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc.c | 196 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc.conf.html | 252 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/rndc.html | 182 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/rndc/unix/os.c | 6 |
8 files changed, 725 insertions, 488 deletions
diff --git a/usr.sbin/bind/bin/rndc/rndc-confgen.8 b/usr.sbin/bind/bin/rndc/rndc-confgen.8 index 7f420b4e760..d50df2e2a79 100644 --- a/usr.sbin/bind/bin/rndc/rndc-confgen.8 +++ b/usr.sbin/bind/bin/rndc/rndc-confgen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $ISC: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $ +.\" $ISC: rndc-confgen.8,v 1.9.18.11 2007/01/30 00:23:44 marka Exp $ .\" .hy 0 .ad l .\" Title: rndc\-confgen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Aug 27, 2001 .\" Manual: BIND9 .\" Source: BIND9 @@ -56,8 +56,9 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Do automatic \fBrndc\fR configuration. This creates a file @@ -100,31 +101,43 @@ option and set up a and \fInamed.conf\fR as directed. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP 3n +.RE +.PP \-c \fIkeyfile\fR +.RS 4 Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP 3n +.RE +.PP \-k \fIkeyname\fR +.RS 4 Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP 3n +.RE +.PP \-r \fIrandomfile\fR +.RS 4 Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -132,14 +145,18 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIaddress\fR +.RS 4 Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP 3n +.RE +.PP \-t \fIchrootdir\fR +.RS 4 Used with the \fB\-a\fR option to specify a directory where @@ -148,8 +165,10 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP 3n +.RE +.PP \-u \fIuser\fR +.RS 4 Used with the \fB\-a\fR option to set the owner of the @@ -157,6 +176,7 @@ option to set the owner of the file generated. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed. +.RE .SH "EXAMPLES" .PP To allow @@ -185,4 +205,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2001, 2003 Internet Software Consortium. +.br diff --git a/usr.sbin/bind/bin/rndc/rndc-confgen.c b/usr.sbin/bind/bin/rndc/rndc-confgen.c index 210bddb1f97..9b3812c572a 100644 --- a/usr.sbin/bind/bin/rndc/rndc-confgen.c +++ b/usr.sbin/bind/bin/rndc/rndc-confgen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rndc-confgen.c,v 1.9.2.6.2.5 2004/09/28 07:14:57 marka Exp $ */ +/* $ISC: rndc-confgen.c,v 1.18.18.3 2005/04/29 00:15:40 marka Exp $ */ + +/*! \file */ + +/** + * rndc-confgen generates configuration files for rndc. It can be used + * as a convenient alternative to writing the rndc.conf file and the + * corresponding controls and key statements in named.conf by hand. + * Alternatively, it can be run with the -a option to set up a + * rndc.key file and avoid the need for a rndc.conf file and a + * controls statement altogether. + */ #include <config.h> @@ -45,7 +56,7 @@ #include "util.h" -#define DEFAULT_KEYLENGTH 128 /* Bits. */ +#define DEFAULT_KEYLENGTH 128 /*% Bits. */ #define DEFAULT_KEYNAME "rndc-key" #define DEFAULT_SERVER "127.0.0.1" #define DEFAULT_PORT 953 @@ -78,7 +89,7 @@ Usage:\n\ exit (status); } -/* +/*% * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL, * make that user the owner of the file. The key will have * the name 'keyname' and the secret in the buffer 'secret'. diff --git a/usr.sbin/bind/bin/rndc/rndc-confgen.docbook b/usr.sbin/bind/bin/rndc/rndc-confgen.docbook index 562adb4e277..18ce3c53fd0 100644 --- a/usr.sbin/bind/bin/rndc/rndc-confgen.docbook +++ b/usr.sbin/bind/bin/rndc/rndc-confgen.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,9 +18,8 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $ISC: rndc-confgen.docbook,v 1.3.2.1.4.5 2005/05/13 01:22:34 marka Exp $ --> - -<refentry> +<!-- $ISC: rndc-confgen.docbook,v 1.6.18.7 2007/08/28 07:20:01 tbox Exp $ --> +<refentry id="man.rndc-confgen"> <refentryinfo> <date>Aug 27, 2001</date> </refentryinfo> @@ -31,10 +30,16 @@ <refmiscinfo>BIND9</refmiscinfo> </refmeta> + <refnamediv> + <refname><application>rndc-confgen</application></refname> + <refpurpose>rndc key generation tool</refpurpose> + </refnamediv> + <docinfo> <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -44,11 +49,6 @@ </copyright> </docinfo> - <refnamediv> - <refname><application>rndc-confgen</application></refname> - <refpurpose>rndc key generation tool</refpurpose> - </refnamediv> - <refsynopsisdiv> <cmdsynopsis> <command>rndc-confgen</command> @@ -67,18 +67,18 @@ <refsect1> <title>DESCRIPTION</title> - <para> - <command>rndc-confgen</command> generates configuration files - for <command>rndc</command>. It can be used as a - convenient alternative to writing the - <filename>rndc.conf</filename> file - and the corresponding <command>controls</command> - and <command>key</command> - statements in <filename>named.conf</filename> by hand. - Alternatively, it can be run with the <command>-a</command> - option to set up a <filename>rndc.key</filename> file and - avoid the need for a <filename>rndc.conf</filename> file - and a <command>controls</command> statement altogether. + <para><command>rndc-confgen</command> + generates configuration files + for <command>rndc</command>. It can be used as a + convenient alternative to writing the + <filename>rndc.conf</filename> file + and the corresponding <command>controls</command> + and <command>key</command> + statements in <filename>named.conf</filename> by hand. + Alternatively, it can be run with the <command>-a</command> + option to set up a <filename>rndc.key</filename> file and + avoid the need for a <filename>rndc.conf</filename> file + and a <command>controls</command> statement altogether. </para> </refsect1> @@ -89,145 +89,152 @@ <variablelist> <varlistentry> <term>-a</term> - <listitem> - <para> - Do automatic <command>rndc</command> configuration. - This creates a file <filename>rndc.key</filename> - in <filename>/etc</filename> (or whatever - <varname>sysconfdir</varname> - was specified as when <acronym>BIND</acronym> was built) - that is read by both <command>rndc</command> - and <command>named</command> on startup. The - <filename>rndc.key</filename> file defines a default - command channel and authentication key allowing - <command>rndc</command> to communicate with - <command>named</command> on the local host - with no further configuration. - </para> - <para> - Running <command>rndc-confgen -a</command> allows - BIND 9 and <command>rndc</command> to be used as drop-in - replacements for BIND 8 and <command>ndc</command>, - with no changes to the existing BIND 8 - <filename>named.conf</filename> file. - </para> + <listitem> + <para> + Do automatic <command>rndc</command> configuration. + This creates a file <filename>rndc.key</filename> + in <filename>/etc</filename> (or whatever + <varname>sysconfdir</varname> + was specified as when <acronym>BIND</acronym> was + built) + that is read by both <command>rndc</command> + and <command>named</command> on startup. The + <filename>rndc.key</filename> file defines a default + command channel and authentication key allowing + <command>rndc</command> to communicate with + <command>named</command> on the local host + with no further configuration. + </para> + <para> + Running <command>rndc-confgen -a</command> allows + BIND 9 and <command>rndc</command> to be used as + drop-in + replacements for BIND 8 and <command>ndc</command>, + with no changes to the existing BIND 8 + <filename>named.conf</filename> file. + </para> <para> - If a more elaborate configuration than that - generated by <command>rndc-confgen -a</command> - is required, for example if rndc is to be used remotely, - you should run <command>rndc-confgen</command> without the - <command>-a</command> option and set up a - <filename>rndc.conf</filename> and - <filename>named.conf</filename> - as directed. + If a more elaborate configuration than that + generated by <command>rndc-confgen -a</command> + is required, for example if rndc is to be used remotely, + you should run <command>rndc-confgen</command> without + the + <command>-a</command> option and set up a + <filename>rndc.conf</filename> and + <filename>named.conf</filename> + as directed. </para> - </listitem> + </listitem> </varlistentry> <varlistentry> <term>-b <replaceable class="parameter">keysize</replaceable></term> - <listitem> - <para> - Specifies the size of the authentication key in bits. - Must be between 1 and 512 bits; the default is 128. - </para> - </listitem> + <listitem> + <para> + Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is 128. + </para> + </listitem> </varlistentry> <varlistentry> <term>-c <replaceable class="parameter">keyfile</replaceable></term> - <listitem> - <para> - Used with the <command>-a</command> option to specify - an alternate location for <filename>rndc.key</filename>. - </para> - </listitem> + <listitem> + <para> + Used with the <command>-a</command> option to specify + an alternate location for <filename>rndc.key</filename>. + </para> + </listitem> </varlistentry> <varlistentry> <term>-h</term> - <listitem> - <para> - Prints a short summary of the options and arguments to - <command>rndc-confgen</command>. - </para> - </listitem> + <listitem> + <para> + Prints a short summary of the options and arguments to + <command>rndc-confgen</command>. + </para> + </listitem> </varlistentry> <varlistentry> <term>-k <replaceable class="parameter">keyname</replaceable></term> - <listitem> - <para> - Specifies the key name of the rndc authentication key. - This must be a valid domain name. - The default is <constant>rndc-key</constant>. - </para> - </listitem> + <listitem> + <para> + Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is <constant>rndc-key</constant>. + </para> + </listitem> </varlistentry> <varlistentry> <term>-p <replaceable class="parameter">port</replaceable></term> - <listitem> - <para> - Specifies the command channel port where <command>named</command> - listens for connections from <command>rndc</command>. - The default is 953. - </para> - </listitem> + <listitem> + <para> + Specifies the command channel port where <command>named</command> + listens for connections from <command>rndc</command>. + The default is 953. + </para> + </listitem> </varlistentry> <varlistentry> <term>-r <replaceable class="parameter">randomfile</replaceable></term> - <listitem> - <para> - Specifies a source of random data for generating the - authorization. If the operating - system does not provide a <filename>/dev/random</filename> - or equivalent device, the default source of randomness - is keyboard input. <filename>randomdev</filename> specifies - the name of a character device or file containing random - data to be used instead of the default. The special value - <filename>keyboard</filename> indicates that keyboard - input should be used. - </para> - </listitem> + <listitem> + <para> + Specifies a source of random data for generating the + authorization. If the operating + system does not provide a <filename>/dev/random</filename> + or equivalent device, the default source of randomness + is keyboard input. <filename>randomdev</filename> + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + <filename>keyboard</filename> indicates that keyboard + input should be used. + </para> + </listitem> </varlistentry> <varlistentry> <term>-s <replaceable class="parameter">address</replaceable></term> - <listitem> - <para> - Specifies the IP address where <command>named</command> - listens for command channel connections from - <command>rndc</command>. The default is the loopback - address 127.0.0.1. - </para> - </listitem> + <listitem> + <para> + Specifies the IP address where <command>named</command> + listens for command channel connections from + <command>rndc</command>. The default is the loopback + address 127.0.0.1. + </para> + </listitem> </varlistentry> <varlistentry> <term>-t <replaceable class="parameter">chrootdir</replaceable></term> - <listitem> - <para> - Used with the <command>-a</command> option to specify - a directory where <command>named</command> will run - chrooted. An additional copy of the <filename>rndc.key</filename> - will be written relative to this directory so that - it will be found by the chrooted <command>named</command>. - </para> - </listitem> + <listitem> + <para> + Used with the <command>-a</command> option to specify + a directory where <command>named</command> will run + chrooted. An additional copy of the <filename>rndc.key</filename> + will be written relative to this directory so that + it will be found by the chrooted <command>named</command>. + </para> + </listitem> </varlistentry> <varlistentry> <term>-u <replaceable class="parameter">user</replaceable></term> - <listitem> - <para> - Used with the <command>-a</command> option to set the owner - of the <filename>rndc.key</filename> file generated. If - <command>-t</command> is also specified only the file in - the chroot area has its owner changed. - </para> - </listitem> + <listitem> + <para> + Used with the <command>-a</command> option to set the + owner + of the <filename>rndc.key</filename> file generated. + If + <command>-t</command> is also specified only the file + in + the chroot area has its owner changed. + </para> + </listitem> </varlistentry> </variablelist> @@ -236,37 +243,31 @@ <refsect1> <title>EXAMPLES</title> <para> - To allow <command>rndc</command> to be used with - no manual configuration, run + To allow <command>rndc</command> to be used with + no manual configuration, run </para> - <para> - <userinput>rndc-confgen -a</userinput> + <para><userinput>rndc-confgen -a</userinput> </para> <para> - To print a sample <filename>rndc.conf</filename> file and - corresponding <command>controls</command> and <command>key</command> - statements to be manually inserted into <filename>named.conf</filename>, - run + To print a sample <filename>rndc.conf</filename> file and + corresponding <command>controls</command> and <command>key</command> + statements to be manually inserted into <filename>named.conf</filename>, + run </para> - <para> - <userinput>rndc-confgen</userinput> + <para><userinput>rndc-confgen</userinput> </para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>rndc</refentrytitle> - <manvolnum>8</manvolnum> + <para><citerefentry> + <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>rndc.conf</refentrytitle> - <manvolnum>5</manvolnum> + <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>named</refentrytitle> - <manvolnum>8</manvolnum> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> @@ -274,14 +275,11 @@ <refsect1> <title>AUTHOR</title> - <para> - <corpauthor>Internet Systems Consortium</corpauthor> + <para><corpauthor>Internet Systems Consortium</corpauthor> </para> </refsect1> -</refentry> - -<!-- +</refentry><!-- - Local variables: - mode: sgml - End: diff --git a/usr.sbin/bind/bin/rndc/rndc-confgen.html b/usr.sbin/bind/bin/rndc/rndc-confgen.html index e839c4b0422..eb376be3538 100644 --- a/usr.sbin/bind/bin/rndc/rndc-confgen.html +++ b/usr.sbin/bind/bin/rndc/rndc-confgen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $ISC: rndc-confgen.html,v 1.3.2.5.2.13 2006/06/29 13:02:31 marka Exp $ --> +<!-- $ISC: rndc-confgen.html,v 1.8.18.17 2007/01/30 00:23:44 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc-confgen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="man.rndc-confgen"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc-confgen</span> — rndc key generation tool</p> @@ -32,153 +32,156 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549476"></a><h2>DESCRIPTION</h2> -<p> - <span><strong class="command">rndc-confgen</strong></span> generates configuration files - for <span><strong class="command">rndc</strong></span>. It can be used as a - convenient alternative to writing the - <code class="filename">rndc.conf</code> file - and the corresponding <span><strong class="command">controls</strong></span> - and <span><strong class="command">key</strong></span> - statements in <code class="filename">named.conf</code> by hand. - Alternatively, it can be run with the <span><strong class="command">-a</strong></span> - option to set up a <code class="filename">rndc.key</code> file and - avoid the need for a <code class="filename">rndc.conf</code> file - and a <span><strong class="command">controls</strong></span> statement altogether. +<a name="id2543429"></a><h2>DESCRIPTION</h2> +<p><span><strong class="command">rndc-confgen</strong></span> + generates configuration files + for <span><strong class="command">rndc</strong></span>. It can be used as a + convenient alternative to writing the + <code class="filename">rndc.conf</code> file + and the corresponding <span><strong class="command">controls</strong></span> + and <span><strong class="command">key</strong></span> + statements in <code class="filename">named.conf</code> by hand. + Alternatively, it can be run with the <span><strong class="command">-a</strong></span> + option to set up a <code class="filename">rndc.key</code> file and + avoid the need for a <code class="filename">rndc.conf</code> file + and a <span><strong class="command">controls</strong></span> statement altogether. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549522"></a><h2>OPTIONS</h2> +<a name="id2543474"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> <p> - Do automatic <span><strong class="command">rndc</strong></span> configuration. - This creates a file <code class="filename">rndc.key</code> - in <code class="filename">/etc</code> (or whatever - <code class="varname">sysconfdir</code> - was specified as when <acronym class="acronym">BIND</acronym> was built) - that is read by both <span><strong class="command">rndc</strong></span> - and <span><strong class="command">named</strong></span> on startup. The - <code class="filename">rndc.key</code> file defines a default - command channel and authentication key allowing - <span><strong class="command">rndc</strong></span> to communicate with - <span><strong class="command">named</strong></span> on the local host - with no further configuration. - </p> + Do automatic <span><strong class="command">rndc</strong></span> configuration. + This creates a file <code class="filename">rndc.key</code> + in <code class="filename">/etc</code> (or whatever + <code class="varname">sysconfdir</code> + was specified as when <acronym class="acronym">BIND</acronym> was + built) + that is read by both <span><strong class="command">rndc</strong></span> + and <span><strong class="command">named</strong></span> on startup. The + <code class="filename">rndc.key</code> file defines a default + command channel and authentication key allowing + <span><strong class="command">rndc</strong></span> to communicate with + <span><strong class="command">named</strong></span> on the local host + with no further configuration. + </p> <p> - Running <span><strong class="command">rndc-confgen -a</strong></span> allows - BIND 9 and <span><strong class="command">rndc</strong></span> to be used as drop-in - replacements for BIND 8 and <span><strong class="command">ndc</strong></span>, - with no changes to the existing BIND 8 - <code class="filename">named.conf</code> file. - </p> + Running <span><strong class="command">rndc-confgen -a</strong></span> allows + BIND 9 and <span><strong class="command">rndc</strong></span> to be used as + drop-in + replacements for BIND 8 and <span><strong class="command">ndc</strong></span>, + with no changes to the existing BIND 8 + <code class="filename">named.conf</code> file. + </p> <p> - If a more elaborate configuration than that - generated by <span><strong class="command">rndc-confgen -a</strong></span> - is required, for example if rndc is to be used remotely, - you should run <span><strong class="command">rndc-confgen</strong></span> without the - <span><strong class="command">-a</strong></span> option and set up a - <code class="filename">rndc.conf</code> and - <code class="filename">named.conf</code> - as directed. + If a more elaborate configuration than that + generated by <span><strong class="command">rndc-confgen -a</strong></span> + is required, for example if rndc is to be used remotely, + you should run <span><strong class="command">rndc-confgen</strong></span> without + the + <span><strong class="command">-a</strong></span> option and set up a + <code class="filename">rndc.conf</code> and + <code class="filename">named.conf</code> + as directed. </p> </dd> <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt> <dd><p> - Specifies the size of the authentication key in bits. - Must be between 1 and 512 bits; the default is 128. - </p></dd> + Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is 128. + </p></dd> <dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt> <dd><p> - Used with the <span><strong class="command">-a</strong></span> option to specify - an alternate location for <code class="filename">rndc.key</code>. - </p></dd> + Used with the <span><strong class="command">-a</strong></span> option to specify + an alternate location for <code class="filename">rndc.key</code>. + </p></dd> <dt><span class="term">-h</span></dt> <dd><p> - Prints a short summary of the options and arguments to - <span><strong class="command">rndc-confgen</strong></span>. - </p></dd> + Prints a short summary of the options and arguments to + <span><strong class="command">rndc-confgen</strong></span>. + </p></dd> <dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt> <dd><p> - Specifies the key name of the rndc authentication key. - This must be a valid domain name. - The default is <code class="constant">rndc-key</code>. - </p></dd> + Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is <code class="constant">rndc-key</code>. + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> - Specifies the command channel port where <span><strong class="command">named</strong></span> - listens for connections from <span><strong class="command">rndc</strong></span>. - The default is 953. - </p></dd> + Specifies the command channel port where <span><strong class="command">named</strong></span> + listens for connections from <span><strong class="command">rndc</strong></span>. + The default is 953. + </p></dd> <dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt> <dd><p> - Specifies a source of random data for generating the - authorization. If the operating - system does not provide a <code class="filename">/dev/random</code> - or equivalent device, the default source of randomness - is keyboard input. <code class="filename">randomdev</code> specifies - the name of a character device or file containing random - data to be used instead of the default. The special value - <code class="filename">keyboard</code> indicates that keyboard - input should be used. - </p></dd> + Specifies a source of random data for generating the + authorization. If the operating + system does not provide a <code class="filename">/dev/random</code> + or equivalent device, the default source of randomness + is keyboard input. <code class="filename">randomdev</code> + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + <code class="filename">keyboard</code> indicates that keyboard + input should be used. + </p></dd> <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt> <dd><p> - Specifies the IP address where <span><strong class="command">named</strong></span> - listens for command channel connections from - <span><strong class="command">rndc</strong></span>. The default is the loopback - address 127.0.0.1. - </p></dd> + Specifies the IP address where <span><strong class="command">named</strong></span> + listens for command channel connections from + <span><strong class="command">rndc</strong></span>. The default is the loopback + address 127.0.0.1. + </p></dd> <dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt> <dd><p> - Used with the <span><strong class="command">-a</strong></span> option to specify - a directory where <span><strong class="command">named</strong></span> will run - chrooted. An additional copy of the <code class="filename">rndc.key</code> - will be written relative to this directory so that - it will be found by the chrooted <span><strong class="command">named</strong></span>. - </p></dd> + Used with the <span><strong class="command">-a</strong></span> option to specify + a directory where <span><strong class="command">named</strong></span> will run + chrooted. An additional copy of the <code class="filename">rndc.key</code> + will be written relative to this directory so that + it will be found by the chrooted <span><strong class="command">named</strong></span>. + </p></dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd><p> - Used with the <span><strong class="command">-a</strong></span> option to set the owner - of the <code class="filename">rndc.key</code> file generated. If - <span><strong class="command">-t</strong></span> is also specified only the file in - the chroot area has its owner changed. - </p></dd> + Used with the <span><strong class="command">-a</strong></span> option to set the + owner + of the <code class="filename">rndc.key</code> file generated. + If + <span><strong class="command">-t</strong></span> is also specified only the file + in + the chroot area has its owner changed. + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549972"></a><h2>EXAMPLES</h2> +<a name="id2543787"></a><h2>EXAMPLES</h2> <p> - To allow <span><strong class="command">rndc</strong></span> to be used with - no manual configuration, run + To allow <span><strong class="command">rndc</strong></span> to be used with + no manual configuration, run </p> -<p> - <strong class="userinput"><code>rndc-confgen -a</code></strong> +<p><strong class="userinput"><code>rndc-confgen -a</code></strong> </p> <p> - To print a sample <code class="filename">rndc.conf</code> file and - corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span> - statements to be manually inserted into <code class="filename">named.conf</code>, - run + To print a sample <code class="filename">rndc.conf</code> file and + corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span> + statements to be manually inserted into <code class="filename">named.conf</code>, + run </p> -<p> - <strong class="userinput"><code>rndc-confgen</code></strong> +<p><strong class="userinput"><code>rndc-confgen</code></strong> </p> </div> <div class="refsect1" lang="en"> -<a name="id2550016"></a><h2>SEE ALSO</h2> -<p> - <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, +<a name="id2543829"></a><h2>SEE ALSO</h2> +<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550058"></a><h2>AUTHOR</h2> -<p> - <span class="corpauthor">Internet Systems Consortium</span> +<a name="id2543867"></a><h2>AUTHOR</h2> +<p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> </div></body> diff --git a/usr.sbin/bind/bin/rndc/rndc.c b/usr.sbin/bind/bin/rndc/rndc.c index 439b14ec26b..6bb87e66f93 100644 --- a/usr.sbin/bind/bin/rndc/rndc.c +++ b/usr.sbin/bind/bin/rndc/rndc.c @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rndc.c,v 1.77.2.5.2.19 2006/08/04 03:03:08 marka Exp $ */ +/* $ISC: rndc.c,v 1.96.18.17 2006/08/04 03:03:41 marka Exp $ */ + +/*! \file */ /* * Principal Author: DCL @@ -30,6 +32,7 @@ #include <isc/commandline.h> #include <isc/file.h> #include <isc/log.h> +#include <isc/net.h> #include <isc/mem.h> #include <isc/random.h> #include <isc/socket.h> @@ -50,6 +53,8 @@ #include <isccc/types.h> #include <isccc/util.h> +#include <dns/name.h> + #include <bind9/getaddresses.h> #include "util.h" @@ -64,6 +69,8 @@ static const char *admin_keyfile; static const char *version = VERSION; static const char *servername = NULL; static isc_sockaddr_t serveraddrs[SERVERADDRS]; +static isc_sockaddr_t local4, local6; +static isc_boolean_t local4set = ISC_FALSE, local6set = ISC_FALSE; static int nserveraddrs; static int currentaddr = 0; static unsigned int remoteport = 0; @@ -97,10 +104,14 @@ command is one of the following:\n\ Schedule immediate maintenance for a zone.\n\ retransfer zone [class [view]]\n\ Retransfer a single zone without checking serial number.\n\ + freeze Suspend updates to all dynamic zones.\n\ freeze zone [class [view]]\n\ Suspend updates to a dynamic zone.\n\ + thaw Enable updates to all dynamic zones and reload them.\n\ thaw zone [class [view]]\n\ Enable updates to a frozen dynamic zone and reload it.\n\ + notify zone [class [view]]\n\ + Resend NOTIFY messages for the zone.\n\ reconfig Reload configuration file and new zones only.\n\ stats Write server statistics to the statistics file.\n\ querylog Toggle query logging.\n\ @@ -121,6 +132,8 @@ command is one of the following:\n\ Flush the given name from the server's cache(s)\n\ status Display status of the server.\n\ recursing Dump the queries that are currently recursing (named.recursing)\n\ + validation newstate [view]\n\ + Enable / disable DNSSEC validation.\n\ *restart Restart the server.\n\ \n\ * == not yet implemented\n\ @@ -133,11 +146,20 @@ Version: %s\n", static void get_addresses(const char *host, in_port_t port) { isc_result_t result; - - isc_app_block(); - result = bind9_getaddresses(servername, port, - serveraddrs, SERVERADDRS, &nserveraddrs); - isc_app_unblock(); + int found = 0, count; + + if (*host == '/') { + result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs], + host); + if (result == ISC_R_SUCCESS) + nserveraddrs++; + } else { + count = SERVERADDRS - nserveraddrs; + result = bind9_getaddresses(host, port, + &serveraddrs[nserveraddrs], + count, &found); + nserveraddrs += found; + } if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -174,10 +196,12 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" - "This may indicate that the remote server is using " - "an older version of \n" - "the command protocol, this host is not authorized " - "to connect,\nor the key is invalid."); + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not syncronized, or\n" + "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); @@ -235,10 +259,12 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" - "This may indicate that the remote server is using " - "an older version of \n" - "the command protocol, this host is not authorized " - "to connect,\nor the key is invalid."); + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not syncronized, or\n" + "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); @@ -357,6 +383,8 @@ rndc_connected(isc_task_t *task, isc_event_t *event) { static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { isc_result_t result; + int pf; + isc_sockettype_t type; char socktext[ISC_SOCKADDR_FORMATSIZE]; @@ -364,9 +392,22 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { notify("using server %s (%s)", servername, socktext); - DO("create socket", isc_socket_create(socketmgr, - isc_sockaddr_pf(addr), - isc_sockettype_tcp, &sock)); + pf = isc_sockaddr_pf(addr); + if (pf == AF_INET || pf == AF_INET6) + type = isc_sockettype_tcp; + else + type = isc_sockettype_unix; + DO("create socket", isc_socket_create(socketmgr, pf, type, &sock)); + switch (isc_sockaddr_pf(addr)) { + case AF_INET: + DO("bind socket", isc_socket_bind(sock, &local4)); + break; + case AF_INET6: + DO("bind socket", isc_socket_bind(sock, &local6)); + break; + default: + break; + } DO("connect", isc_socket_connect(sock, addr, task, rndc_connected, NULL)); connects++; @@ -376,8 +417,6 @@ static void rndc_start(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); - get_addresses(servername, (in_port_t) remoteport); - currentaddr = 0; rndc_startconnect(&serveraddrs[currentaddr], task); } @@ -388,6 +427,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, { isc_result_t result; const char *conffile = admin_conffile; + const cfg_obj_t *addresses = NULL; const cfg_obj_t *defkey = NULL; const cfg_obj_t *options = NULL; const cfg_obj_t *servers = NULL; @@ -398,12 +438,14 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, const cfg_obj_t *secretobj = NULL; const cfg_obj_t *algorithmobj = NULL; cfg_obj_t *config = NULL; + const cfg_obj_t *address = NULL; const cfg_listelt_t *elt; const char *secretstr; const char *algorithm; static char secretarray[1024]; const cfg_type_t *conftype = &cfg_type_rndcconf; isc_boolean_t key_only = ISC_FALSE; + const cfg_listelt_t *element; if (! isc_file_exists(conffile)) { conffile = admin_keyfile; @@ -521,10 +563,96 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, if (defport != NULL) { remoteport = cfg_obj_asuint32(defport); if (remoteport > 65535 || remoteport == 0) - fatal("port %d out of range", remoteport); + fatal("port %u out of range", remoteport); } else if (remoteport == 0) remoteport = NS_CONTROL_PORT; + if (server != NULL) + result = cfg_map_get(server, "addresses", &addresses); + else + result = ISC_R_NOTFOUND; + if (result == ISC_R_SUCCESS) { + for (element = cfg_list_first(addresses); + element != NULL; + element = cfg_list_next(element)) + { + isc_sockaddr_t sa; + + address = cfg_listelt_value(element); + if (!cfg_obj_issockaddr(address)) { + unsigned int myport; + const char *name; + const cfg_obj_t *obj; + + obj = cfg_tuple_get(address, "name"); + name = cfg_obj_asstring(obj); + obj = cfg_tuple_get(address, "port"); + if (cfg_obj_isuint32(obj)) { + myport = cfg_obj_asuint32(obj); + if (myport > ISC_UINT16_MAX || + myport == 0) + fatal("port %u out of range", + myport); + } else + myport = remoteport; + if (nserveraddrs < SERVERADDRS) + get_addresses(name, (in_port_t) myport); + else + fprintf(stderr, "too many address: " + "%s: dropped\n", name); + continue; + } + sa = *cfg_obj_assockaddr(address); + if (isc_sockaddr_getport(&sa) == 0) + isc_sockaddr_setport(&sa, remoteport); + if (nserveraddrs < SERVERADDRS) + serveraddrs[nserveraddrs++] = sa; + else { + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(&sa, socktext, + sizeof(socktext)); + fprintf(stderr, + "too many address: %s: dropped\n", + socktext); + } + } + } + + if (!local4set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = ISC_TRUE; + } + } + if (!local4set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = ISC_TRUE; + } + } + + if (!local6set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = ISC_TRUE; + } + } + if (!local6set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = ISC_TRUE; + } + } + *configp = config; } @@ -540,6 +668,8 @@ main(int argc, char **argv) { cfg_parser_t *pctx = NULL; cfg_obj_t *config = NULL; const char *keyname = NULL; + struct in_addr in; + struct in6_addr in6; char *p; size_t argslen; int ch; @@ -553,13 +683,28 @@ main(int argc, char **argv) { admin_conffile = RNDC_CONFFILE; admin_keyfile = RNDC_KEYFILE; + isc_sockaddr_any(&local4); + isc_sockaddr_any6(&local6); + result = isc_app_start(); if (result != ISC_R_SUCCESS) fatal("isc_app_start() failed: %s", isc_result_totext(result)); - while ((ch = isc_commandline_parse(argc, argv, "c:k:Mmp:s:Vy:")) + while ((ch = isc_commandline_parse(argc, argv, "b:c:k:Mmp:s:Vy:")) != -1) { switch (ch) { + case 'b': + if (inet_pton(AF_INET, isc_commandline_argument, + &in) == 1) { + isc_sockaddr_fromin(&local4, &in, 0); + local4set = ISC_TRUE; + } else if (inet_pton(AF_INET6, isc_commandline_argument, + &in6) == 1) { + isc_sockaddr_fromin6(&local6, &in6, 0); + local6set = ISC_TRUE; + } + break; + case 'c': admin_conffile = isc_commandline_argument; break; @@ -586,15 +731,19 @@ main(int argc, char **argv) { case 's': servername = isc_commandline_argument; break; + case 'V': verbose = ISC_TRUE; break; + case 'y': keyname = isc_commandline_argument; break; + case '?': usage(0); break; + default: fatal("unexpected error parsing command arguments: " "got %c\n", ch); @@ -665,6 +814,9 @@ main(int argc, char **argv) { if (strcmp(command, "restart") == 0) fatal("'%s' is not implemented", command); + if (nserveraddrs == 0) + get_addresses(servername, (in_port_t) remoteport); + DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL)); result = isc_app_run(); @@ -686,6 +838,8 @@ main(int argc, char **argv) { isc_mem_put(mctx, args, argslen); isccc_ccmsg_invalidate(&ccmsg); + dns_name_destroy(); + if (show_final_mem) isc_mem_stats(mctx, stderr); diff --git a/usr.sbin/bind/bin/rndc/rndc.conf.html b/usr.sbin/bind/bin/rndc/rndc.conf.html index 4a5bd66d7dd..45c818322f5 100644 --- a/usr.sbin/bind/bin/rndc/rndc.conf.html +++ b/usr.sbin/bind/bin/rndc/rndc.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $ISC: rndc.conf.html,v 1.5.2.1.4.13 2006/06/29 13:02:31 marka Exp $ --> +<!-- $ISC: rndc.conf.html,v 1.6.18.23 2007/05/09 13:35:47 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="man.rndc.conf"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">rndc.conf</code> — rndc configuration file</p> @@ -32,147 +32,185 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549398"></a><h2>DESCRIPTION</h2> -<p> - <code class="filename">rndc.conf</code> is the configuration file - for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control - utility. This file has a similar structure and syntax to - <code class="filename">named.conf</code>. Statements are enclosed - in braces and terminated with a semi-colon. Clauses in - the statements are also semi-colon terminated. The usual - comment styles are supported: - </p> -<p> - C style: /* */ - </p> -<p> - C++ style: // to end of line - </p> -<p> - Unix style: # to end of line - </p> -<p> - <code class="filename">rndc.conf</code> is much simpler than - <code class="filename">named.conf</code>. The file uses three - statements: an options statement, a server statement - and a key statement. - </p> -<p> - The <code class="option">options</code> statement contains three clauses. - The <code class="option">default-server</code> clause is followed by the - name or address of a name server. This host will be used when - no name server is given as an argument to - <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code> - clause is followed by the name of a key which is identified by - a <code class="option">key</code> statement. If no - <code class="option">keyid</code> is provided on the rndc command line, - and no <code class="option">key</code> clause is found in a matching - <code class="option">server</code> statement, this default key will be - used to authenticate the server's commands and responses. The - <code class="option">default-port</code> clause is followed by the port - to connect to on the remote name server. If no - <code class="option">port</code> option is provided on the rndc command - line, and no <code class="option">port</code> clause is found in a - matching <code class="option">server</code> statement, this default port - will be used to connect. - </p> -<p> - After the <code class="option">server</code> keyword, the server statement - includes a string which is the hostname or address for a name - server. The statement has two possible clauses: - <code class="option">key</code> and <code class="option">port</code>. The key name must - match the name of a key statement in the file. The port number - specifies the port to connect to. - </p> -<p> - The <code class="option">key</code> statement begins with an identifying - string, the name of the key. The statement has two clauses. - <code class="option">algorithm</code> identifies the encryption algorithm - for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5 is - supported. This is followed by a secret clause which contains - the base-64 encoding of the algorithm's encryption key. The - base-64 string is enclosed in double quotes. - </p> -<p> - There are two common ways to generate the base-64 string for the - secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span> can - be used to generate a random key, or the - <span><strong class="command">mmencode</strong></span> program, also known as - <span><strong class="command">mimencode</strong></span>, can be used to generate a base-64 - string from known input. <span><strong class="command">mmencode</strong></span> does not - ship with BIND 9 but is available on many systems. See the - EXAMPLE section for sample command lines for each. +<a name="id2543352"></a><h2>DESCRIPTION</h2> +<p><code class="filename">rndc.conf</code> is the configuration file + for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control + utility. This file has a similar structure and syntax to + <code class="filename">named.conf</code>. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + </p> +<p> + C style: /* */ + </p> +<p> + C++ style: // to end of line + </p> +<p> + Unix style: # to end of line + </p> +<p><code class="filename">rndc.conf</code> is much simpler than + <code class="filename">named.conf</code>. The file uses three + statements: an options statement, a server statement + and a key statement. + </p> +<p> + The <code class="option">options</code> statement contains five clauses. + The <code class="option">default-server</code> clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code> + clause is followed by the name of a key which is identified by + a <code class="option">key</code> statement. If no + <code class="option">keyid</code> is provided on the rndc command line, + and no <code class="option">key</code> clause is found in a matching + <code class="option">server</code> statement, this default key will be + used to authenticate the server's commands and responses. The + <code class="option">default-port</code> clause is followed by the port + to connect to on the remote name server. If no + <code class="option">port</code> option is provided on the rndc command + line, and no <code class="option">port</code> clause is found in a + matching <code class="option">server</code> statement, this default port + will be used to connect. + The <code class="option">default-source-address</code> and + <code class="option">default-source-address-v6</code> clauses which + can be used to set the IPv4 and IPv6 source addresses + respectively. + </p> +<p> + After the <code class="option">server</code> keyword, the server + statement includes a string which is the hostname or address + for a name server. The statement has three possible clauses: + <code class="option">key</code>, <code class="option">port</code> and + <code class="option">addresses</code>. The key name must match the + name of a key statement in the file. The port number + specifies the port to connect to. If an <code class="option">addresses</code> + clause is supplied these addresses will be used instead of + the server name. Each address can take an optional port. + If an <code class="option">source-address</code> or <code class="option">source-address-v6</code> + of supplied then these will be used to specify the IPv4 and IPv6 + source addresses respectively. + </p> +<p> + The <code class="option">key</code> statement begins with an identifying + string, the name of the key. The statement has two clauses. + <code class="option">algorithm</code> identifies the encryption algorithm + for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5 + is + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's encryption key. The + base-64 string is enclosed in double quotes. + </p> +<p> + There are two common ways to generate the base-64 string for the + secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span> + can + be used to generate a random key, or the + <span><strong class="command">mmencode</strong></span> program, also known as + <span><strong class="command">mimencode</strong></span>, can be used to generate a + base-64 + string from known input. <span><strong class="command">mmencode</strong></span> does + not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549601"></a><h2>EXAMPLE</h2> +<a name="id2543500"></a><h2>EXAMPLE</h2> <pre class="programlisting"> - options { + options { default-server localhost; default-key samplekey; }; - +</pre> +<p> + </p> +<pre class="programlisting"> server localhost { key samplekey; }; - +</pre> +<p> + </p> +<pre class="programlisting"> + server testserver { + key testkey; + addresses { localhost port 5353; }; + }; +</pre> +<p> + </p> +<pre class="programlisting"> key samplekey { algorithm hmac-md5; - secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; + secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz"; + }; +</pre> +<p> + </p> +<pre class="programlisting"> + key testkey { + algorithm hmac-md5; + secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; }; </pre> <p> - In the above example, <span><strong class="command">rndc</strong></span> will by default use - the server at localhost (127.0.0.1) and the key called samplekey. - Commands to the localhost server will use the samplekey key, which - must also be defined in the server's configuration file with the - same name and secret. The key statement indicates that samplekey - uses the HMAC-MD5 algorithm and its secret clause contains the - base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. </p> <p> - To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>: + In the above example, <span><strong class="command">rndc</strong></span> will by + default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-MD5 algorithm and its secret clause contains the + base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. </p> <p> - <strong class="userinput"><code>rndc-confgen</code></strong> + If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will + connect to server on localhost port 5353 using the key testkey. </p> <p> - A complete <code class="filename">rndc.conf</code> file, including the - randomly generated key, will be written to the standard - output. Commented out <code class="option">key</code> and - <code class="option">controls</code> statements for - <code class="filename">named.conf</code> are also printed. + To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>: + </p> +<p><strong class="userinput"><code>rndc-confgen</code></strong> </p> <p> - To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>: + A complete <code class="filename">rndc.conf</code> file, including + the + randomly generated key, will be written to the standard + output. Commented-out <code class="option">key</code> and + <code class="option">controls</code> statements for + <code class="filename">named.conf</code> are also printed. </p> <p> - <strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong> + To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>: + </p> +<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong> </p> </div> <div class="refsect1" lang="en"> -<a name="id2549730"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2543592"></a><h2>NAME SERVER CONFIGURATION</h2> <p> - The name server must be configured to accept rndc connections and - to recognize the key specified in the <code class="filename">rndc.conf</code> - file, using the controls statement in <code class="filename">named.conf</code>. - See the sections on the <code class="option">controls</code> statement in the - BIND 9 Administrator Reference Manual for details. + The name server must be configured to accept rndc connections and + to recognize the key specified in the <code class="filename">rndc.conf</code> + file, using the controls statement in <code class="filename">named.conf</code>. + See the sections on the <code class="option">controls</code> statement in the + BIND 9 Administrator Reference Manual for details. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549750"></a><h2>SEE ALSO</h2> -<p> - <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, +<a name="id2543613"></a><h2>SEE ALSO</h2> +<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549793"></a><h2>AUTHOR</h2> -<p> - <span class="corpauthor">Internet Systems Consortium</span> +<a name="id2543652"></a><h2>AUTHOR</h2> +<p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> </div></body> diff --git a/usr.sbin/bind/bin/rndc/rndc.html b/usr.sbin/bind/bin/rndc/rndc.html index cbc276613eb..461499f3f78 100644 --- a/usr.sbin/bind/bin/rndc/rndc.html +++ b/usr.sbin/bind/bin/rndc/rndc.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,142 +14,150 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $ISC: rndc.html,v 1.7.2.1.4.12 2006/06/29 13:02:31 marka Exp $ --> +<!-- $ISC: rndc.html,v 1.8.18.22 2007/06/20 02:26:58 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="man.rndc"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc</span> — name server control utility</p> </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> +<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549451"></a><h2>DESCRIPTION</h2> -<p> - <span><strong class="command">rndc</strong></span> controls the operation of a name - server. It supersedes the <span><strong class="command">ndc</strong></span> utility - that was provided in old BIND releases. If - <span><strong class="command">rndc</strong></span> is invoked with no command line - options or arguments, it prints a short summary of the - supported commands and the available options and their - arguments. +<a name="id2543413"></a><h2>DESCRIPTION</h2> +<p><span><strong class="command">rndc</strong></span> + controls the operation of a name + server. It supersedes the <span><strong class="command">ndc</strong></span> utility + that was provided in old BIND releases. If + <span><strong class="command">rndc</strong></span> is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. </p> -<p> - <span><strong class="command">rndc</strong></span> communicates with the name server - over a TCP connection, sending commands authenticated with - digital signatures. In the current versions of - <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named - the only supported authentication algorithm is HMAC-MD5, - which uses a shared secret on each end of the connection. - This provides TSIG-style authentication for the command - request and the name server's response. All commands sent - over the channel must be signed by a key_id known to the - server. +<p><span><strong class="command">rndc</strong></span> + communicates with the name server + over a TCP connection, sending commands authenticated with + digital signatures. In the current versions of + <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>, + the only supported authentication algorithm is HMAC-MD5, + which uses a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. </p> -<p> - <span><strong class="command">rndc</strong></span> reads a configuration file to - determine how to contact the name server and decide what - algorithm and key it should use. +<p><span><strong class="command">rndc</strong></span> + reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549492"></a><h2>OPTIONS</h2> +<a name="id2543448"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> +<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>source-address</code></em> + as the source address for the connection to the server. + Multiple instances are permitted to allow setting of both + the IPv4 and IPv6 source addresses. + </p></dd> <dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> - Use <em class="replaceable"><code>config-file</code></em> - as the configuration file instead of the default, - <code class="filename">/etc/rndc.conf</code>. - </p></dd> + Use <em class="replaceable"><code>config-file</code></em> + as the configuration file instead of the default, + <code class="filename">/etc/rndc.conf</code>. + </p></dd> <dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt> <dd><p> - Use <em class="replaceable"><code>key-file</code></em> - as the key file instead of the default, - <code class="filename">/etc/rndc.key</code>. The key in - <code class="filename">/etc/rndc.key</code> will be used to authenticate - commands sent to the server if the <em class="replaceable"><code>config-file</code></em> - does not exist. - </p></dd> + Use <em class="replaceable"><code>key-file</code></em> + as the key file instead of the default, + <code class="filename">/etc/rndc.key</code>. The key in + <code class="filename">/etc/rndc.key</code> will be used to + authenticate + commands sent to the server if the <em class="replaceable"><code>config-file</code></em> + does not exist. + </p></dd> <dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt> -<dd><p> - <em class="replaceable"><code>server</code></em> is - the name or address of the server which matches a - server statement in the configuration file for - <span><strong class="command">rndc</strong></span>. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. - </p></dd> +<dd><p><em class="replaceable"><code>server</code></em> is + the name or address of the server which matches a + server statement in the configuration file for + <span><strong class="command">rndc</strong></span>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <span><strong class="command">rndc</strong></span> + configuration file will be used. + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> - Send commands to TCP port - <em class="replaceable"><code>port</code></em> instead - of BIND 9's default control channel port, 953. - </p></dd> + Send commands to TCP port + <em class="replaceable"><code>port</code></em> + instead + of BIND 9's default control channel port, 953. + </p></dd> <dt><span class="term">-V</span></dt> <dd><p> - Enable verbose logging. - </p></dd> -<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt> + Enable verbose logging. + </p></dd> +<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt> <dd><p> - Use the key <em class="replaceable"><code>keyid</code></em> - from the configuration file. - <em class="replaceable"><code>keyid</code></em> must be - known by named with the same algorithm and secret string - in order for control message validation to succeed. - If no <em class="replaceable"><code>keyid</code></em> - is specified, <span><strong class="command">rndc</strong></span> will first look - for a key clause in the server statement of the server - being used, or if no server statement is present for that - host, then the default-key clause of the options statement. - Note that the configuration file contains shared secrets - which are used to send authenticated control commands - to name servers. It should therefore not have general read - or write access. - </p></dd> + Use the key <em class="replaceable"><code>key_id</code></em> + from the configuration file. + <em class="replaceable"><code>key_id</code></em> + must be + known by named with the same algorithm and secret string + in order for control message validation to succeed. + If no <em class="replaceable"><code>key_id</code></em> + is specified, <span><strong class="command">rndc</strong></span> will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. + </p></dd> </dl></div> <p> For the complete set of commands supported by <span><strong class="command">rndc</strong></span>, see the BIND 9 Administrator Reference Manual or run - <span><strong class="command">rndc</strong></span> without arguments to see its help message. + <span><strong class="command">rndc</strong></span> without arguments to see its help + message. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549811"></a><h2>LIMITATIONS</h2> -<p> - <span><strong class="command">rndc</strong></span> does not yet support all the commands of - the BIND 8 <span><strong class="command">ndc</strong></span> utility. +<a name="id2543656"></a><h2>LIMITATIONS</h2> +<p><span><strong class="command">rndc</strong></span> + does not yet support all the commands of + the BIND 8 <span><strong class="command">ndc</strong></span> utility. </p> <p> - There is currently no way to provide the shared secret for a - <code class="option">key_id</code> without using the configuration file. + There is currently no way to provide the shared secret for a + <code class="option">key_id</code> without using the configuration file. </p> <p> - Several error messages could be clearer. + Several error messages could be clearer. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549840"></a><h2>SEE ALSO</h2> -<p> - <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, +<a name="id2543683"></a><h2>SEE ALSO</h2> +<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, - <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span> + <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549892"></a><h2>AUTHOR</h2> -<p> - <span class="corpauthor">Internet Systems Consortium</span> +<a name="id2543730"></a><h2>AUTHOR</h2> +<p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> </div></body> diff --git a/usr.sbin/bind/bin/rndc/unix/os.c b/usr.sbin/bind/bin/rndc/unix/os.c index d89603dead8..97d5d3b19c1 100644 --- a/usr.sbin/bind/bin/rndc/unix/os.c +++ b/usr.sbin/bind/bin/rndc/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: os.c,v 1.5.206.1 2004/03/06 10:21:33 marka Exp $ */ +/* $ISC: os.c,v 1.6.18.2 2005/04/29 00:15:41 marka Exp $ */ + +/*! \file */ #include <config.h> |