From 1173d5eff8dc423c129f442023419436ee94db23 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Sun, 9 Dec 2007 13:39:46 +0000 Subject: resolve conflicts --- usr.sbin/bind/bin/dig/Makefile.in | 6 +- usr.sbin/bind/bin/dig/dig.1 | 249 ++++-- usr.sbin/bind/bin/dig/dig.c | 321 +++++-- usr.sbin/bind/bin/dig/dig.docbook | 1477 ++++++++++++++++++------------- usr.sbin/bind/bin/dig/dig.html | 787 +++++++++------- usr.sbin/bind/bin/dig/dighost.c | 672 ++++++++++---- usr.sbin/bind/bin/dig/host.1 | 43 +- usr.sbin/bind/bin/dig/host.c | 111 ++- usr.sbin/bind/bin/dig/host.docbook | 437 +++++---- usr.sbin/bind/bin/dig/host.html | 311 ++++--- usr.sbin/bind/bin/dig/include/dig/dig.h | 61 +- usr.sbin/bind/bin/dig/nslookup.1 | 174 ++-- usr.sbin/bind/bin/dig/nslookup.c | 30 +- 13 files changed, 2981 insertions(+), 1698 deletions(-) (limited to 'usr.sbin/bind/bin/dig') diff --git a/usr.sbin/bind/bin/dig/Makefile.in b/usr.sbin/bind/bin/dig/Makefile.in index 46ccff97998..daf459e0f3c 100644 --- a/usr.sbin/bind/bin/dig/Makefile.in +++ b/usr.sbin/bind/bin/dig/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $ISC: Makefile.in,v 1.25.12.12 2004/08/18 23:25:57 marka Exp $ +# $ISC: Makefile.in,v 1.33.18.6 2005/09/09 14:11:04 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -45,7 +45,7 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \ ${LWRESDEPLIBS} LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \ - ${ISCCFGLIBS} @LIBS@ + ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ SUBDIRS = diff --git a/usr.sbin/bind/bin/dig/dig.1 b/usr.sbin/bind/bin/dig/dig.1 index 68944537e62..52e423a2014 100644 --- a/usr.sbin/bind/bin/dig/dig.1 +++ b/usr.sbin/bind/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $ISC: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $ +.\" $ISC: dig.1,v 1.23.18.22 2007/05/16 06:11:27 marka Exp $ .\" .hy 0 .ad l .\" Title: dig .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 @@ -50,7 +50,7 @@ Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR -option is given. Unlike earlier versions, the BIND9 implementation of +option is given. Unlike earlier versions, the BIND 9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line. .PP @@ -65,21 +65,30 @@ It is possible to set per\-user defaults for \fBdig\fR via \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. +.PP +The IN and CH class names overlap with the IN and CH top level domains names. Either use the +\fB\-t\fR +and +\fB\-c\fR +options to specify the type and class or use the +\fB\-q\fR +the specify the domain name or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of \fBdig\fR looks like: .sp -.RS 3n +.RS 4 .nf dig @server name type .fi .RE .sp where: -.TP 3n +.PP \fBserver\fR +.RS 4 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR argument is a hostname, @@ -91,11 +100,15 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP 3n +.RE +.PP \fBname\fR +.RS 4 is the name of the resource record that is to be looked up. -.TP 3n +.RE +.PP \fBtype\fR +.RS 4 indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR can be any valid query type. If no @@ -103,6 +116,7 @@ can be any valid query type. If no argument is supplied, \fBdig\fR will perform a lookup for an A record. +.RE .SH "OPTIONS" .PP The @@ -114,14 +128,14 @@ The default query class (IN for internet) is overridden by the \fB\-c\fR option. \fIclass\fR -is any valid class, such as HS for Hesiod records or CH for CHAOSNET records. +is any valid class, such as HS for Hesiod records or CH for Chaosnet records. .PP The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file -\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to +\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to \fBdig\fR using the command\-line interface. .PP @@ -146,7 +160,7 @@ to only use IPv6 query transport. The \fB\-t\fR option sets the query type to -\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the +\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, \fItype\fR @@ -154,7 +168,14 @@ is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR. .PP -Reverse lookups \- mapping addresses to names \- are simplified by the +The +\fB\-q\fR +option sets the query name to +\fIname\fR. This useful do distinguish the +\fIname\fR +from other arguments. +.PP +Reverse lookups \(em mapping addresses to names \(em are simplified by the \fB\-x\fR option. \fIaddr\fR @@ -178,6 +199,8 @@ and their responses using transaction signatures (TSIG), specify a TSIG key file option. You can also specify the TSIG key itself on the command line using the \fB\-y\fR option; +\fIhmac\fR +is the type of the TSIG, default HMAC\-MD5, \fIname\fR is the name of the TSIG key and \fIkey\fR @@ -185,7 +208,7 @@ is the actual key. The key is a base\-64 encoded string, typically generated by \fBdnssec\-keygen\fR(8). Caution should be taken when using the \fB\-y\fR option on multi\-user systems as the key can be visible in the output from -\fBps\fR(1 ) +\fBps\fR(1) or in the shell's history file. When using TSIG authentication with \fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate \fBkey\fR @@ -202,19 +225,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP 3n +.PP \fB+[no]tcp\fR -Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP 3n +.RS 4 +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. +.RE +.PP \fB+[no]vc\fR +.RS 4 Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP 3n +.RE +.PP \fB+[no]ignore\fR +.RS 4 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP 3n +.RE +.PP \fB+domain=somename\fR +.RS 4 Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR @@ -222,36 +252,59 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP 3n +.RE +.PP \fB+[no]search\fR +.RS 4 Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP 3n +.RE +.PP +\fB+[no]showsearch\fR +.RS 4 +Perform [do not perform] a search showing intermediate results. +.RE +.PP \fB+[no]defname\fR +.RS 4 Deprecated, treated as a synonym for \fI+[no]search\fR -.TP 3n +.RE +.PP \fB+[no]aaonly\fR +.RS 4 Sets the "aa" flag in the query. -.TP 3n +.RE +.PP \fB+[no]aaflag\fR +.RS 4 A synonym for \fI+[no]aaonly\fR. -.TP 3n +.RE +.PP \fB+[no]adflag\fR +.RS 4 Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP 3n +.RE +.PP \fB+[no]cdflag\fR +.RS 4 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP 3n +.RE +.PP \fB+[no]cl\fR +.RS 4 Display [do not display] the CLASS when printing the record. -.TP 3n +.RE +.PP \fB+[no]ttlid\fR +.RS 4 Display [do not display] the TTL when printing the record. -.TP 3n +.RE +.PP \fB+[no]recurse\fR +.RS 4 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR normally sends recursive queries. Recursion is automatically disabled when the @@ -259,75 +312,109 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP 3n +.RE +.PP \fB+[no]nssearch\fR +.RS 4 When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP 3n +.RE +.PP \fB+[no]trace\fR +.RS 4 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP 3n +.RE +.PP \fB+[no]cmd\fR -toggles the printing of the initial comment in the output identifying the version of +.RS 4 +Toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP 3n +.RE +.PP \fB+[no]short\fR +.RS 4 Provide a terse answer. The default is to print the answer in a verbose form. -.TP 3n +.RE +.PP \fB+[no]identify\fR +.RS 4 Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP 3n +.RE +.PP \fB+[no]comments\fR +.RS 4 Toggle the display of comment lines in the output. The default is to print comments. -.TP 3n +.RE +.PP \fB+[no]stats\fR -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP 3n +.RS 4 +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. +.RE +.PP \fB+[no]qr\fR +.RS 4 Print [do not print] the query as it is sent. By default, the query is not printed. -.TP 3n +.RE +.PP \fB+[no]question\fR +.RS 4 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP 3n +.RE +.PP \fB+[no]answer\fR +.RS 4 Display [do not display] the answer section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]authority\fR +.RS 4 Display [do not display] the authority section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]additional\fR +.RS 4 Display [do not display] the additional section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]all\fR +.RS 4 Set or clear all display flags. -.TP 3n +.RE +.PP \fB+time=T\fR +.RS 4 Sets the timeout for a query to \fIT\fR -seconds. The default time out is 5 seconds. An attempt to set +seconds. The default timeout is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP 3n +.RE +.PP \fB+tries=T\fR +.RS 4 Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1. -.TP 3n +.RE +.PP \fB+retry=T\fR +.RS 4 Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2. Unlike \fI+tries\fR, this does not include the initial query. -.TP 3n +.RE +.PP \fB+ndots=D\fR +.RS 4 Set the number of dots that have to appear in \fIname\fR to @@ -339,30 +426,51 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP 3n +.RE +.PP \fB+bufsize=B\fR +.RS 4 Set the UDP message buffer size advertised using EDNS0 to \fIB\fR -bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP 3n +bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. +.RE +.PP +\fB+edns=#\fR +.RS 4 +Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. +\fB+noedns\fR +clears the remembered EDNS version. +.RE +.PP \fB+[no]multiline\fR +.RS 4 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP 3n +.RE +.PP \fB+[no]fail\fR -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP 3n +.RS 4 +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. +.RE +.PP \fB+[no]besteffort\fR +.RS 4 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP 3n +.RE +.PP \fB+[no]dnssec\fR +.RS 4 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.TP 3n +.RE +.PP \fB+[no]sigchase\fR +.RS 4 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+trusted\-key=####\fR +.RS 4 Specifies a file containing trusted keys to be used with \fB+sigchase\fR. Each DNSKEY record must be on its own line. .sp @@ -375,9 +483,12 @@ then in the current directory. .sp Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+[no]topdown\fR -When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RS 4 +When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RE .SH "MULTIPLE QUERIES" .PP The BIND 9 implementation of @@ -394,7 +505,7 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp -.RS 3n +.RS 4 .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi @@ -414,6 +525,17 @@ which means that \fBdig\fR will not print the initial query when it looks up the NS records for isc.org. +.SH "IDN SUPPORT" +.PP +If +\fBdig\fR +has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names. +\fBdig\fR +appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the +\fBIDN_DISABLE\fR +environment variable. The IDN support is disabled if the variable is set when +\fBdig\fR +runs. .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -425,8 +547,11 @@ isc.org. \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035. -.SH "BUGS " +.SH "BUGS" .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/usr.sbin/bind/bin/dig/dig.c b/usr.sbin/bind/bin/dig/dig.c index 14a5c4a0105..ae9f8721049 100644 --- a/usr.sbin/bind/bin/dig/dig.c +++ b/usr.sbin/bind/bin/dig/dig.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */ +/* $ISC: dig.c,v 1.186.18.29 2007/08/28 07:19:55 tbox Exp $ */ + +/*! \file */ #include #include @@ -40,6 +42,7 @@ #include #include #include +#include #include @@ -67,6 +70,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE, ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE, multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE; +/*% opcode text */ static const char *opcodetext[] = { "QUERY", "IQUERY", @@ -86,6 +90,7 @@ static const char *opcodetext[] = { "RESERVED15" }; +/*% return code text */ static const char *rcodetext[] = { "NOERROR", "FORMERR", @@ -106,6 +111,7 @@ static const char *rcodetext[] = { "BADVERS" }; +/*% print usage */ static void print_usage(FILE *fp) { fputs( @@ -122,11 +128,13 @@ usage(void) { exit(1); } +/*% version */ static void version(void) { fputs("DiG " VERSION "\n", stderr); } +/*% help */ static void help(void) { print_usage(stdout); @@ -141,10 +149,11 @@ help(void) { " -f filename (batch mode)\n" " -b address[#port] (bind to source address/port)\n" " -p port (specify port number)\n" +" -q name (specify query name)\n" " -t type (specify query type)\n" " -c class (specify query class)\n" " -k keyfile (specify tsig key file)\n" -" -y name:key (specify named base64 tsig key)\n" +" -y [hmac:]name:key (specify named base64 tsig key)\n" " -4 (use IPv4 query transport only)\n" " -6 (use IPv6 query transport only)\n" " d-opt is of the form +keyword[=value], where keyword is:\n" @@ -156,7 +165,9 @@ help(void) { " +domain=### (Set default domainname)\n" " +bufsize=### (Set EDNS0 Max UDP packet size)\n" " +ndots=### (Set NDOTS value)\n" +" +edns=### (Set EDNS version)\n" " +[no]search (Set whether to use searchlist)\n" +" +[no]showsearch (Search with intermediate results)\n" " +[no]defname (Ditto)\n" " +[no]recurse (Recursive mode)\n" " +[no]ignore (Don't revert to TCP for TC responses.)" @@ -198,7 +209,7 @@ help(void) { stdout); } -/* +/*% * Callback from dighost.c to print the received message. */ void @@ -219,10 +230,12 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { time(&tnow); printf(";; WHEN: %s", ctime(&tnow)); if (query->lookup->doing_xfr) { - printf(";; XFR size: %u records (messages %u)\n", - query->rr_count, query->msg_count); + printf(";; XFR size: %u records (messages %u, " + "bytes %" ISC_PRINT_QUADFORMAT "u)\n", + query->rr_count, query->msg_count, + query->byte_count); } else { - printf(";; MSG SIZE rcvd: %d\n", bytes); + printf(";; MSG SIZE rcvd: %u\n", bytes); } if (key != NULL) { @@ -236,8 +249,11 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { puts(""); } else if (query->lookup->identify && !short_form) { diff = isc_time_microdiff(&now, &query->time_sent); - printf(";; Received %u bytes from %s(%s) in %d ms\n\n", - bytes, fromtext, query->servname, + printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes " + "from %s(%s) in %d ms\n\n", + query->lookup->doing_xfr ? + query->byte_count : (isc_uint64_t)bytes, + fromtext, query->servname, (int)diff/1000); } } @@ -253,7 +269,7 @@ trying(char *frm, dig_lookup_t *lookup) { UNUSED(lookup); } -/* +/*% * Internal print routine used to print short form replies. */ static isc_result_t @@ -283,7 +299,7 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) { return (ISC_R_SUCCESS); } -/* +/*% * short_form message print handler. Calls above say_message() */ static isc_result_t @@ -475,7 +491,16 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { msg->counts[DNS_SECTION_ANSWER], msg->counts[DNS_SECTION_AUTHORITY], msg->counts[DNS_SECTION_ADDITIONAL]); + + if (msg != query->lookup->sendmsg && + (msg->flags & DNS_MESSAGEFLAG_RD) != 0 && + (msg->flags & DNS_MESSAGEFLAG_RA) == 0) + printf(";; WARNING: recursion requested " + "but not available\n"); } + if (msg != query->lookup->sendmsg && extrabytes != 0U) + printf(";; WARNING: Messages has %u extra byte%s at " + "end\n", extrabytes, extrabytes != 0 ? "s" : ""); } repopulate_buffer: @@ -578,7 +603,7 @@ cleanup: return (result); } -/* +/*% * print the greeting message when the program first starts up. */ static void @@ -616,42 +641,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { } } -/* - * Reorder an argument list so that server names all come at the end. - * This is a bit of a hack, to allow batch-mode processing to properly - * handle the server options. - */ -static void -reorder_args(int argc, char *argv[]) { - int i, j; - char *ptr; - int end; - - debug("reorder_args()"); - end = argc - 1; - while (argv[end][0] == '@') { - end--; - if (end == 0) - return; - } - debug("arg[end]=%s", argv[end]); - for (i = 1; i < end - 1; i++) { - if (argv[i][0] == '@') { - debug("arg[%d]=%s", i, argv[i]); - ptr = argv[i]; - for (j = i + 1; j < end; j++) { - debug("Moving %s to %d", argv[j], j - 1); - argv[j - 1] = argv[j]; - } - debug("moving %s to end, %d", ptr, end - 1); - argv[end - 1] = ptr; - end--; - if (end < 1) - return; - } - } -} - static isc_uint32_t parse_uint(char *arg, const char *desc, isc_uint32_t max) { isc_result_t result; @@ -665,7 +654,7 @@ parse_uint(char *arg, const char *desc, isc_uint32_t max) { return (tmp); } -/* +/*% * We're not using isc_commandline_parse() here since the command line * syntax of dig is quite a bit different from that which can be described * by that routine. @@ -804,6 +793,8 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; case 'n': /* dnssec */ FULLCHECK("dnssec"); + if (state && lookup->edns == -1) + lookup->edns = 0; lookup->dnssec = state; break; case 'o': /* domain */ @@ -818,6 +809,16 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; } break; + case 'e': + FULLCHECK("edns"); + if (!state) { + lookup->edns = -1; + break; + } + if (value == NULL) + goto need_value; + lookup->edns = (isc_int16_t) parse_uint(value, "edns", 255); + break; case 'f': /* fail */ FULLCHECK("fail"); lookup->servfail_stops = state; @@ -917,17 +918,30 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK("search"); usesearch = state; break; - case 'h': /* short */ - FULLCHECK("short"); - short_form = state; - if (state) { - printcmd = ISC_FALSE; - lookup->section_additional = ISC_FALSE; - lookup->section_answer = ISC_TRUE; - lookup->section_authority = ISC_FALSE; - lookup->section_question = ISC_FALSE; - lookup->comments = ISC_FALSE; - lookup->stats = ISC_FALSE; + case 'h': + if (cmd[2] != 'o') + goto invalid_option; + switch (cmd[3]) { + case 'r': /* short */ + FULLCHECK("short"); + short_form = state; + if (state) { + printcmd = ISC_FALSE; + lookup->section_additional = ISC_FALSE; + lookup->section_answer = ISC_TRUE; + lookup->section_authority = ISC_FALSE; + lookup->section_question = ISC_FALSE; + lookup->comments = ISC_FALSE; + lookup->stats = ISC_FALSE; + } + break; + case 'w': /* showsearch */ + FULLCHECK("showsearch"); + showsearch = state; + usesearch = state; + break; + default: + goto invalid_option; } break; #ifdef DIG_SIGCHASE @@ -1036,16 +1050,18 @@ plus_option(char *option, isc_boolean_t is_batchfile, return; } -/* - * ISC_TRUE returned if value was used +/*% + * #ISC_TRUE returned if value was used */ static const char *single_dash_opts = "46dhimnv"; static const char *dash_opts = "46bcdfhikmnptvyx"; static isc_boolean_t dash_option(char *option, char *next, dig_lookup_t **lookup, - isc_boolean_t *open_type_class) + isc_boolean_t *open_type_class, isc_boolean_t *need_clone, + isc_boolean_t config_only, int argc, char **argv, + isc_boolean_t *firstarg) { - char opt, *value, *ptr; + char opt, *value, *ptr, *ptr2, *ptr3; isc_result_t result; isc_boolean_t value_from_next; isc_textregion_t tr; @@ -1177,6 +1193,26 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, case 'p': port = (in_port_t) parse_uint(value, "port number", MAXPORT); return (value_from_next); + case 'q': + if (!config_only) { + if (*need_clone) + (*lookup) = clone_lookup(default_lookup, + ISC_TRUE); + *need_clone = ISC_TRUE; + strncpy((*lookup)->textname, value, + sizeof((*lookup)->textname)); + (*lookup)->textname[sizeof((*lookup)->textname)-1]=0; + (*lookup)->trace_root = ISC_TF((*lookup)->trace || + (*lookup)->ns_search_only); + (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } + ISC_LIST_APPEND(lookup_list, (*lookup), link); + debug("looking up %s", (*lookup)->textname); + } + return (value_from_next); case 't': *open_type_class = ISC_FALSE; if (strncasecmp(value, "ixfr=", 5) == 0) { @@ -1220,18 +1256,89 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, value); return (value_from_next); case 'y': - ptr = next_token(&value,":"); + ptr = next_token(&value,":"); /* hmac type or name */ if (ptr == NULL) { usage(); } - strlcpy(keynametext, ptr, sizeof(keynametext)); - ptr = next_token(&value, ""); - if (ptr == NULL) + ptr2 = next_token(&value, ":"); /* name or secret */ + if (ptr2 == NULL) usage(); - strlcpy(keysecret, ptr, sizeof(keysecret)); + ptr3 = next_token(&value,":"); /* secret or NULL */ + if (ptr3 != NULL) { + if (strcasecmp(ptr, "hmac-md5") == 0) { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-md5-", 9) == 0) { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = parse_uint(&ptr[9], + "digest-bits [0..128]", + 128); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha1") == 0) { + hmacname = DNS_TSIG_HMACSHA1_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha1-", 10) == 0) { + hmacname = DNS_TSIG_HMACSHA1_NAME; + digestbits = parse_uint(&ptr[10], + "digest-bits [0..160]", + 160); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha224") == 0) { + hmacname = DNS_TSIG_HMACSHA224_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha224-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA224_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..224]", + 224); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha256") == 0) { + hmacname = DNS_TSIG_HMACSHA256_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha256-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA256_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..256]", + 256); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha384") == 0) { + hmacname = DNS_TSIG_HMACSHA384_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha384-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA384_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..384]", + 384); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha512") == 0) { + hmacname = DNS_TSIG_HMACSHA512_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha512-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA512_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..512]", + 512); + digestbits = (digestbits + 7) & ~0x7U; + } else { + fprintf(stderr, ";; Warning, ignoring " + "invalid TSIG algorithm %s\n", ptr); + return (value_from_next); + } + ptr = ptr2; + ptr2 = ptr3; + } else { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = 0; + } + strlcpy(keynametext, ptr, sizeof(keynametext)); + keynametext[sizeof(keynametext)-1]=0; + strlcpy(keysecret, ptr2, sizeof(keysecret)); + keysecret[sizeof(keysecret)-1]=0; return (value_from_next); case 'x': - *lookup = clone_lookup(default_lookup, ISC_TRUE); + if (*need_clone) + *lookup = clone_lookup(default_lookup, ISC_TRUE); + *need_clone = ISC_TRUE; if (get_reverse(textname, sizeof(textname), value, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { strlcpy((*lookup)->textname, textname, @@ -1245,6 +1352,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, if (!(*lookup)->rdclassset) (*lookup)->rdclass = dns_rdataclass_in; (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, *lookup, link); } else { fprintf(stderr, "Invalid IP address %s\n", value); @@ -1259,10 +1370,11 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, return (ISC_FALSE); } -/* +/*% * Because we may be trying to do memory allocation recording, we're going * to need to parse the arguments for the -m *before* we start the main * argument parsing routine. + * * I'd prefer not to have to do this, but I am not quite sure how else to * fix the problem. Argument parsing in dig involves memory allocation * by its nature, so it can't be done in the main argument parser. @@ -1335,6 +1447,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, char rcfile[256]; #endif char *input; + int i; + isc_boolean_t need_clone = ISC_TRUE; /* * The semantics for parsing the args is a bit complex; if @@ -1382,7 +1496,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug(".digrc argv %d: %s", + i, bargv[i]); parse_args(ISC_TRUE, ISC_TRUE, bargc, (char **)bargv); } @@ -1391,7 +1507,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, #endif } - lookup = default_lookup; + if (is_batchfile && !config_only) { + /* Processing '-f batchfile'. */ + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_FALSE; + } else + lookup = default_lookup; rc = argc; rv = argv; @@ -1407,13 +1528,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, } else if (rv[0][0] == '-') { if (rc <= 1) { if (dash_option(&rv[0][1], NULL, - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, config_only, + argc, argv, &firstarg)) { rc--; rv++; } } else { if (dash_option(&rv[0][1], rv[1], - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, config_only, + argc, argv, &firstarg)) { rc--; rv++; } @@ -1481,20 +1606,28 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, continue; } } + if (!config_only) { - lookup = clone_lookup(default_lookup, - ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, + ISC_TRUE); + need_clone = ISC_TRUE; strlcpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; + if (firstarg) { + printgreeting(argc, argv, lookup); + firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, lookup, link); debug("looking up %s", lookup->textname); } /* XXX Error message */ } } + /* * If we have a batchfile, seed the lookup list with the * first entry, then trust the callback in dighost_shutdown @@ -1529,15 +1662,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); + return; } + return; } /* * If no lookup specified, search for root */ if ((lookup_list.head == NULL) && !config_only) { - lookup = clone_lookup(default_lookup, ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_TRUE; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; @@ -1549,10 +1687,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, firstarg = ISC_FALSE; } ISC_LIST_APPEND(lookup_list, lookup, link); - } else if (!config_only && firstarg) { - printgreeting(argc, argv, lookup); - firstarg = ISC_FALSE; } + if (!need_clone) + destroy_lookup(lookup); } /* @@ -1566,7 +1703,7 @@ dighost_shutdown(void) { int bargc; char *bargv[16]; char *input; - + int i; if (batchname == NULL) { isc_app_shutdown(); @@ -1594,7 +1731,8 @@ dighost_shutdown(void) { bargv[0] = argv0; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); start_lookup(); } else { @@ -1606,10 +1744,10 @@ dighost_shutdown(void) { } } +/*% Main processing routine for dig */ int main(int argc, char **argv) { isc_result_t result; - dig_server_t *s, *s2; ISC_LIST_INIT(lookup_list); ISC_LIST_INIT(server_list); @@ -1630,16 +1768,7 @@ main(int argc, char **argv) { result = isc_app_onrun(mctx, global_task, onrun_callback, NULL); check_result(result, "isc_app_onrun"); isc_app_run(); - s = ISC_LIST_HEAD(default_lookup->my_server_list); - while (s != NULL) { - debug("freeing server %p belonging to %p", - s, default_lookup); - s2 = s; - s = ISC_LIST_NEXT(s, link); - ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link); - isc_mem_free(mctx, s2); - } - isc_mem_free(mctx, default_lookup); + destroy_lookup(default_lookup); if (batchname != NULL) { if (batchfp != stdin) fclose(batchfp); diff --git a/usr.sbin/bind/bin/dig/dig.docbook b/usr.sbin/bind/bin/dig/dig.docbook index 57984c186a8..9019bb929dc 100644 --- a/usr.sbin/bind/bin/dig/dig.docbook +++ b/usr.sbin/bind/bin/dig/dig.docbook @@ -1,11 +1,11 @@ -]> - + + - + + Jun 30, 2000 + - -Jun 30, 2000 - + + dig + 1 + BIND9 + - -dig -1 -BIND9 - + + dig + DNS lookup utility + 2004 2005 + 2006 + 2007 Internet Systems Consortium, Inc. ("ISC") @@ -47,595 +53,884 @@ - -dig -DNS lookup utility - - - - -dig -@server - - - - - - - - - - -name -type -class -queryopt - - - -dig - - - - -dig -global-queryopt -query - - - - -DESCRIPTION - -dig (domain information groper) is a flexible tool -for interrogating DNS name servers. It performs DNS lookups and -displays the answers that are returned from the name server(s) that -were queried. Most DNS administrators use dig to -troubleshoot DNS problems because of its flexibility, ease of use and -clarity of output. Other lookup tools tend to have less functionality -than dig. - - - -Although dig is normally used with command-line -arguments, it also has a batch mode of operation for reading lookup -requests from a file. A brief summary of its command-line arguments -and options is printed when the option is given. -Unlike earlier versions, the BIND9 implementation of -dig allows multiple lookups to be issued from the -command line. - - - -Unless it is told to query a specific name server, -dig will try each of the servers listed in -/etc/resolv.conf. - - - -When no command line arguments or options are given, will perform an -NS query for "." (the root). - - - -It is possible to set per-user defaults for dig via -${HOME}/.digrc. This file is read and any options in it -are applied before the command line arguments. - - - - - -SIMPLE USAGE - - -A typical invocation of dig looks like: - dig @server name type where: - - - -server - -is the name or IP address of the name server to query. This can be an IPv4 -address in dotted-decimal notation or an IPv6 -address in colon-delimited notation. When the supplied -server argument is a hostname, -dig resolves that name before querying that name -server. If no server argument is provided, -dig consults /etc/resolv.conf -and queries the name servers listed there. The reply from the name -server that responds is displayed. - - -name - -is the name of the resource record that is to be looked up. - - -type - -indicates what type of query is required — -ANY, A, MX, SIG, etc. -type can be any valid query type. If no -type argument is supplied, -dig will perform a lookup for an A record. - - - - - - - - -OPTIONS - - -The option sets the source IP address of the query -to address. This must be a valid address on -one of the host's network interfaces or "0.0.0.0" or "::". An optional port -may be specified by appending "#<port>" - - - -The default query class (IN for internet) is overridden by the - option. class is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. - - - -The option makes dig operate -in batch mode by reading a list of lookup requests to process from the -file filename. The file contains a number of -queries, one per line. Each entry in the file should be organised in -the same way they would be presented as queries to -dig using the command-line interface. - - - -If a non-standard port number is to be queried, the - option is used. port# is -the port number that dig will send its queries -instead of the standard DNS port number 53. This option would be used -to test a name server that has been configured to listen for queries -on a non-standard port number. - - - -The option forces dig to only -use IPv4 query transport. The option forces -dig to only use IPv6 query transport. - - - -The option sets the query type to -type. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the - option is supplied to indicate a reverse lookup. -A zone transfer can be requested by specifying a type of AXFR. When -an incremental zone transfer (IXFR) is required, -type is set to ixfr=N. -The incremental zone transfer will contain the changes made to the zone -since the serial number in the zone's SOA record was -N. - - - -Reverse lookups - mapping addresses to names - are simplified by the - option. addr is an IPv4 -address in dotted-decimal notation, or a colon-delimited IPv6 address. -When this option is used, there is no need to provide the -name, class and -type arguments. dig -automatically performs a lookup for a name like -11.12.13.10.in-addr.arpa and sets the query type and -class to PTR and IN respectively. By default, IPv6 addresses are -looked up using nibble format under the IP6.ARPA domain. -To use the older RFC1886 method using the IP6.INT domain -specify the option. Bit string labels (RFC2874) -are now experimental and are not attempted. - - - -To sign the DNS queries sent by dig and their -responses using transaction signatures (TSIG), specify a TSIG key file -using the option. You can also specify the TSIG -key itself on the command line using the option; -name is the name of the TSIG key and -key is the actual key. The key is a base-64 -encoded string, typically generated by -dnssec-keygen8 -. - -Caution should be taken when using the option on -multi-user systems as the key can be visible in the output from - ps1 - or in the shell's history file. When -using TSIG authentication with dig, the name -server that is queried needs to know the key and algorithm that is -being used. In BIND, this is done by providing appropriate -key and server statements in -named.conf. - - - - - -QUERY OPTIONS - - -dig provides a number of query options which affect -the way in which lookups are made and the results displayed. Some of -these set or reset flag bits in the query header, some determine which -sections of the answer get printed, and others determine the timeout -and retry strategies. - - - -Each query option is identified by a keyword preceded by a plus sign -(+). Some keywords set or reset an option. These may be preceded -by the string no to negate the meaning of that keyword. Other -keywords assign values to options like the timeout interval. They -have the form . -The query options are: - - - - - -Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in -which case a TCP connection is used. - - - - -Use [do not use] TCP when querying name servers. This alternate -syntax to +[no]tcp is provided for backwards -compatibility. The "vc" stands for "virtual circuit". - - - - -Ignore truncation in UDP responses instead of retrying with TCP. By -default, TCP retries are performed. - - - - -Set the search list to contain the single domain -somename, as if specified in a -domain directive in -/etc/resolv.conf, and enable search list -processing as if the +search option were given. - - - - -Use [do not use] the search list defined by the searchlist or domain -directive in resolv.conf (if any). -The search list is not used by default. - - - - -Deprecated, treated as a synonym for +[no]search - - - - -Sets the "aa" flag in the query. - - - - -A synonym for +[no]aaonly. - - - - -Set [do not set] the AD (authentic data) bit in the query. The AD bit -currently has a standard meaning only in responses, not in queries, -but the ability to set the bit in the query is provided for -completeness. - - - - -Set [do not set] the CD (checking disabled) bit in the query. This -requests the server to not perform DNSSEC validation of responses. - - - - -Display [do not display] the CLASS when printing the record. - - - - -Display [do not display] the TTL when printing the record. - - - - -Toggle the setting of the RD (recursion desired) bit in the query. -This bit is set by default, which means dig -normally sends recursive queries. Recursion is automatically disabled -when the +nssearch or -+trace query options are used. - - - - -When this option is set, dig attempts to find the -authoritative name servers for the zone containing the name being -looked up and display the SOA record that each name server has for the -zone. - - - - -Toggle tracing of the delegation path from the root name servers for -the name being looked up. Tracing is disabled by default. When -tracing is enabled, dig makes iterative queries to -resolve the name being looked up. It will follow referrals from the -root servers, showing the answer from each server that was used to -resolve the lookup. - - - - -toggles the printing of the initial comment in the output identifying -the version of dig and the query options that have -been applied. This comment is printed by default. - - - - -Provide a terse answer. The default is to print the answer in a -verbose form. - - - - -Show [or do not show] the IP address and port number that supplied the -answer when the +short option is enabled. If -short form answers are requested, the default is not to show the -source address and port number of the server that provided the answer. - - - - -Toggle the display of comment lines in the output. The default is to -print comments. - - - - -This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is -to print the query statistics. - - - - -Print [do not print] the query as it is sent. -By default, the query is not printed. - - - - -Print [do not print] the question section of a query when an answer is -returned. The default is to print the question section as a comment. - - - - -Display [do not display] the answer section of a reply. The default -is to display it. - - - - -Display [do not display] the authority section of a reply. The -default is to display it. - - - - -Display [do not display] the additional section of a reply. -The default is to display it. - - - - -Set or clear all display flags. - - - - - -Sets the timeout for a query to -T seconds. The default time out is 5 seconds. -An attempt to set T to less than 1 will result -in a query timeout of 1 second being applied. - - - - -Sets the number of times to try UDP queries to server to -T instead of the default, 3. If -T is less than or equal to zero, the number of -tries is silently rounded up to 1. - - - - -Sets the number of times to retry UDP queries to server to -T instead of the default, 2. Unlike -+tries, this does not include the initial -query. - - - - -Set the number of dots that have to appear in -name to D for it to be -considered absolute. The default value is that defined using the -ndots statement in /etc/resolv.conf, or 1 if no -ndots statement is present. Names with fewer dots are interpreted as -relative names and will be searched for in the domains listed in the - or directive in -/etc/resolv.conf. - - - - -Set the UDP message buffer size advertised using EDNS0 to -B bytes. The maximum and minimum sizes of this -buffer are 65535 and 0 respectively. Values outside this range are -rounded up or down appropriately. - - - - - -Print records like the SOA records in a verbose multi-line -format with human-readable comments. The default is to print -each record on a single line, to facilitate machine parsing -of the dig output. - - - - -Do not try the next server if you receive a SERVFAIL. The default is -to not try the next server which is the reverse of normal stub resolver -behaviour. - - - - -Attempt to display the contents of messages which are malformed. -The default is to not display malformed answers. - - - - -Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) -in the OPT record in the additional section of the query. - - - - -Chase DNSSEC signature chains. Requires dig be compiled with --DDIG_SIGCHASE. - + + + dig + @server + + + + + + + + + + + + name + type + class + queryopt + + + + dig + + + + + dig + global-queryopt + query + + + + + DESCRIPTION + dig + (domain information groper) is a flexible tool + for interrogating DNS name servers. It performs DNS lookups and + displays the answers that are returned from the name server(s) that + were queried. Most DNS administrators use dig to + troubleshoot DNS problems because of its flexibility, ease of use and + clarity of output. Other lookup tools tend to have less functionality + than dig. + + + + Although dig is normally used with + command-line + arguments, it also has a batch mode of operation for reading lookup + requests from a file. A brief summary of its command-line arguments + and options is printed when the option is given. + Unlike earlier versions, the BIND 9 implementation of + dig allows multiple lookups to be issued + from the + command line. + + + + Unless it is told to query a specific name server, + dig will try each of the servers listed + in + /etc/resolv.conf. + + + + When no command line arguments or options are given, will perform an + NS query for "." (the root). + + + + It is possible to set per-user defaults for dig via + ${HOME}/.digrc. This file is read and + any options in it + are applied before the command line arguments. + + + + The IN and CH class names overlap with the IN and CH top level + domains names. Either use the and + options to specify the type and class or + use the the specify the domain name or + use "IN." and "CH." when looking up these top level domains. + + + + + + SIMPLE USAGE + + + A typical invocation of dig looks like: + dig @server name type + where: + + + + + server + + + is the name or IP address of the name server to query. This can + be an IPv4 + address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + server argument is a + hostname, + dig resolves that name before + querying that name + server. If no server + argument is provided, + dig consults /etc/resolv.conf + and queries the name servers listed there. The reply from the + name + server that responds is displayed. + + + + + + name + + + is the name of the resource record that is to be looked up. + + + + + + type + + + indicates what type of query is required — + ANY, A, MX, SIG, etc. + type can be any valid query + type. If no + type argument is supplied, + dig will perform a lookup for an + A record. + + + + + + + + + + + OPTIONS + + + The option sets the source IP address of the query + to address. This must be a valid + address on + one of the host's network interfaces or "0.0.0.0" or "::". An optional + port + may be specified by appending "#<port>" + + + + The default query class (IN for internet) is overridden by the + option. class is + any valid + class, such as HS for Hesiod records or CH for Chaosnet records. + + + + The option makes dig + operate + in batch mode by reading a list of lookup requests to process from the + file filename. The file contains a + number of + queries, one per line. Each entry in the file should be organized in + the same way they would be presented as queries to + dig using the command-line interface. + + + + If a non-standard port number is to be queried, the + option is used. port# is + the port number that dig will send its + queries + instead of the standard DNS port number 53. This option would be used + to test a name server that has been configured to listen for queries + on a non-standard port number. + + + + The option forces dig + to only + use IPv4 query transport. The option forces + dig to only use IPv6 query transport. + + + + The option sets the query type to + type. It can be any valid query type + which is + supported in BIND 9. The default query type is "A", unless the + option is supplied to indicate a reverse lookup. + A zone transfer can be requested by specifying a type of AXFR. When + an incremental zone transfer (IXFR) is required, + type is set to ixfr=N. + The incremental zone transfer will contain the changes made to the zone + since the serial number in the zone's SOA record was + N. + + + + The option sets the query name to + name. This useful do distinguish the + name from other arguments. + + + + Reverse lookups — mapping addresses to names — are simplified by the + option. addr is + an IPv4 + address in dotted-decimal notation, or a colon-delimited IPv6 address. + When this option is used, there is no need to provide the + name, class and + type arguments. dig + automatically performs a lookup for a name like + 11.12.13.10.in-addr.arpa and sets the + query type and + class to PTR and IN respectively. By default, IPv6 addresses are + looked up using nibble format under the IP6.ARPA domain. + To use the older RFC1886 method using the IP6.INT domain + specify the option. Bit string labels (RFC2874) + are now experimental and are not attempted. + + + + To sign the DNS queries sent by dig and + their + responses using transaction signatures (TSIG), specify a TSIG key file + using the option. You can also specify the TSIG + key itself on the command line using the option; + hmac is the type of the TSIG, default HMAC-MD5, + name is the name of the TSIG key and + key is the actual key. The key is a + base-64 + encoded string, typically generated by + + dnssec-keygen8 + . + + Caution should be taken when using the option on + multi-user systems as the key can be visible in the output from + + ps1 + + or in the shell's history file. When + using TSIG authentication with dig, the name + server that is queried needs to know the key and algorithm that is + being used. In BIND, this is done by providing appropriate + key and server statements in + named.conf. + + + + + + QUERY OPTIONS + + dig + provides a number of query options which affect + the way in which lookups are made and the results displayed. Some of + these set or reset flag bits in the query header, some determine which + sections of the answer get printed, and others determine the timeout + and retry strategies. + + + + Each query option is identified by a keyword preceded by a plus sign + (+). Some keywords set or reset an + option. These may be preceded + by the string no to negate the meaning of + that keyword. Other + keywords assign values to options like the timeout interval. They + have the form . + The query options are: + + + + + + + + Use [do not use] TCP when querying name servers. The default + behavior is to use UDP unless an AXFR or IXFR query is + requested, in + which case a TCP connection is used. + + + + + + + + + Use [do not use] TCP when querying name servers. This alternate + syntax to +[no]tcp is + provided for backwards + compatibility. The "vc" stands for "virtual circuit". + + + + + + + + + Ignore truncation in UDP responses instead of retrying with TCP. + By + default, TCP retries are performed. + + + + + + + + + Set the search list to contain the single domain + somename, as if specified in + a + domain directive in + /etc/resolv.conf, and enable + search list + processing as if the +search + option were given. + + + + + + + + + Use [do not use] the search list defined by the searchlist or + domain + directive in resolv.conf (if + any). + The search list is not used by default. + + + + + + + + + Perform [do not perform] a search showing intermediate + results. + + + + + + + + + Deprecated, treated as a synonym for +[no]search + + + + + + + + + Sets the "aa" flag in the query. + + + + + + + + + A synonym for +[no]aaonly. + + + + + + + + + Set [do not set] the AD (authentic data) bit in the query. The + AD bit + currently has a standard meaning only in responses, not in + queries, + but the ability to set the bit in the query is provided for + completeness. + + + + + + + + + Set [do not set] the CD (checking disabled) bit in the query. + This + requests the server to not perform DNSSEC validation of + responses. + + + + + + + + + Display [do not display] the CLASS when printing the record. + + + + + + + + + Display [do not display] the TTL when printing the record. + + + + + + + + + Toggle the setting of the RD (recursion desired) bit in the + query. + This bit is set by default, which means dig + normally sends recursive queries. Recursion is automatically + disabled + when the +nssearch or + +trace query options are + used. + + + + + + + + + When this option is set, dig + attempts to find the + authoritative name servers for the zone containing the name + being + looked up and display the SOA record that each name server has + for the + zone. + + + + + + + + + Toggle tracing of the delegation path from the root name servers + for + the name being looked up. Tracing is disabled by default. When + tracing is enabled, dig makes + iterative queries to + resolve the name being looked up. It will follow referrals from + the + root servers, showing the answer from each server that was used + to + resolve the lookup. + + + + + + + + + Toggles the printing of the initial comment in the output + identifying + the version of dig and the query + options that have + been applied. This comment is printed by default. + + + + + + + + + Provide a terse answer. The default is to print the answer in a + verbose form. + + + + + + + + + Show [or do not show] the IP address and port number that + supplied the + answer when the +short option + is enabled. If + short form answers are requested, the default is not to show the + source address and port number of the server that provided the + answer. + + + + + + + + + Toggle the display of comment lines in the output. The default + is to + print comments. + + + + + + + + + This query option toggles the printing of statistics: when the + query + was made, the size of the reply and so on. The default + behavior is + to print the query statistics. + + + + + + + + + Print [do not print] the query as it is sent. + By default, the query is not printed. + + + + + + + + + Print [do not print] the question section of a query when an + answer is + returned. The default is to print the question section as a + comment. + + + + + + + + + Display [do not display] the answer section of a reply. The + default + is to display it. + + + + + + + + + Display [do not display] the authority section of a reply. The + default is to display it. + + + + + + + + + Display [do not display] the additional section of a reply. + The default is to display it. + + + + + + + + + Set or clear all display flags. + + + + + + + + + + Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied. + + + + + + + + + Sets the number of times to try UDP queries to server to + T instead of the default, 3. + If + T is less than or equal to + zero, the number of + tries is silently rounded up to 1. + + + + + + + + + Sets the number of times to retry UDP queries to server to + T instead of the default, 2. + Unlike + +tries, this does not include + the initial + query. + + + + + + + + + Set the number of dots that have to appear in + name to D for it to be + considered absolute. The default value is that defined using + the + ndots statement in /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots are + interpreted as + relative names and will be searched for in the domains listed in + the + or directive in + /etc/resolv.conf. + + + + + + + + + Set the UDP message buffer size advertised using EDNS0 to + B bytes. The maximum and minimum sizes + of this buffer are 65535 and 0 respectively. Values outside + this range are rounded up or down appropriately. + Values other than zero will cause a EDNS query to be sent. + + + - + - Specifies a file containing trusted keys to be used with + Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause a + EDNS query to be sent. clears the + remembered EDNS version. + + + + + + + + + Print records like the SOA records in a verbose multi-line + format with human-readable comments. The default is to print + each record on a single line, to facilitate machine parsing + of the dig output. + + + + + + + + + Do not try the next server if you receive a SERVFAIL. The + default is + to not try the next server which is the reverse of normal stub + resolver + behavior. + + + + + + + + + Attempt to display the contents of messages which are malformed. + The default is to not display malformed answers. + + + + + + + + + Requests DNSSEC records be sent by setting the DNSSEC OK bit + (DO) + in the OPT record in the additional section of the query. + + + + + + + + + Chase DNSSEC signature chains. Requires dig be compiled with + -DDIG_SIGCHASE. + + + + + + + + + Specifies a file containing trusted keys to be used with . Each DNSKEY record must be on its own line. - + If not specified dig will look for /etc/trusted-key.key then trusted-key.key in the current directory. - Requires dig be compiled with -DDIG_SIGCHASE. + Requires dig be compiled with -DDIG_SIGCHASE. - - - - - -When chasing DNSSEC signature chains perform a top down validation. -Requires dig be compiled with -DDIG_SIGCHASE. - - - - - - - - - - -MULTIPLE QUERIES - - -The BIND 9 implementation of dig supports -specifying multiple queries on the command line (in addition to -supporting the batch file option). Each of those -queries can be supplied with its own set of flags, options and query -options. - - - -In this case, each query argument represent an -individual query in the command-line syntax described above. Each -consists of any of the standard options and flags, the name to be -looked up, an optional query type and class and any query options that -should be applied to that query. - - - -A global set of query options, which should be applied to all queries, -can also be supplied. These global query options must precede the -first tuple of name, class, type, options, flags, and query options -supplied on the command line. Any global query options (except -the option) can be -overridden by a query-specific set of query options. For example: - + + + + + + + + When chasing DNSSEC signature chains perform a top-down + validation. + Requires dig be compiled with -DDIG_SIGCHASE. + + + + + + + + + + + + + MULTIPLE QUERIES + + + The BIND 9 implementation of dig + supports + specifying multiple queries on the command line (in addition to + supporting the batch file option). Each of those + queries can be supplied with its own set of flags, options and query + options. + + + + In this case, each query argument + represent an + individual query in the command-line syntax described above. Each + consists of any of the standard options and flags, the name to be + looked up, an optional query type and class and any query options that + should be applied to that query. + + + + A global set of query options, which should be applied to all queries, + can also be supplied. These global query options must precede the + first tuple of name, class, type, options, flags, and query options + supplied on the command line. Any global query options (except + the option) can be + overridden by a query-specific set of query options. For example: + dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -shows how dig could be used from the command line -to make three lookups: an ANY query for www.isc.org, a -reverse lookup of 127.0.0.1 and a query for the NS records of -isc.org. - -A global query option of +qr is applied, so -that dig shows the initial query it made for each -lookup. The final query has a local query option of -+noqr which means that dig -will not print the initial query when it looks up the NS records for -isc.org. - - - - - -FILES - -/etc/resolv.conf - - -${HOME}/.digrc - - - - -SEE ALSO - - -host1 -, - -named8 -, - -dnssec-keygen8 -, -RFC1035. - - - - -BUGS - -There are probably too many query options. - - - + shows how dig could be used from the + command line + to make three lookups: an ANY query for www.isc.org, a + reverse lookup of 127.0.0.1 and a query for the NS records of + isc.org. + + A global query option of +qr is + applied, so + that dig shows the initial query it made + for each + lookup. The final query has a local query option of + +noqr which means that dig + will not print the initial query when it looks up the NS records for + isc.org. + + + + + + IDN SUPPORT + + If dig has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + dig appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + dig runs. + + + + + FILES + /etc/resolv.conf + + ${HOME}/.digrc + + + + + SEE ALSO + + host1 + , + + named8 + , + + dnssec-keygen8 + , + RFC1035. + + + + + BUGS + + There are probably too many query options. + + + diff --git a/usr.sbin/bind/bin/dig/dig.html b/usr.sbin/bind/bin/dig/dig.html index 71d76149e75..1065d138203 100644 --- a/usr.sbin/bind/bin/dig/dig.html +++ b/usr.sbin/bind/bin/dig/dig.html @@ -1,5 +1,5 @@ - + dig - +
-
+

Name

dig — DNS lookup utility

Synopsis

-

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-t type] [-x addr] [-y name:key] [-4] [-6] [name] [type] [class] [queryopt...]

+

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

dig [-h]

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

+

dig + (domain information groper) is a flexible tool + for interrogating DNS name servers. It performs DNS lookups and + displays the answers that are returned from the name server(s) that + were queried. Most DNS administrators use dig to + troubleshoot DNS problems because of its flexibility, ease of use and + clarity of output. Other lookup tools tend to have less functionality + than dig. +

-dig (domain information groper) is a flexible tool -for interrogating DNS name servers. It performs DNS lookups and -displays the answers that are returned from the name server(s) that -were queried. Most DNS administrators use dig to -troubleshoot DNS problems because of its flexibility, ease of use and -clarity of output. Other lookup tools tend to have less functionality -than dig. -

+ Although dig is normally used with + command-line + arguments, it also has a batch mode of operation for reading lookup + requests from a file. A brief summary of its command-line arguments + and options is printed when the -h option is given. + Unlike earlier versions, the BIND 9 implementation of + dig allows multiple lookups to be issued + from the + command line. +

-Although dig is normally used with command-line -arguments, it also has a batch mode of operation for reading lookup -requests from a file. A brief summary of its command-line arguments -and options is printed when the -h option is given. -Unlike earlier versions, the BIND9 implementation of -dig allows multiple lookups to be issued from the -command line. -

+ Unless it is told to query a specific name server, + dig will try each of the servers listed + in + /etc/resolv.conf. +

-Unless it is told to query a specific name server, -dig will try each of the servers listed in -/etc/resolv.conf. -

+ When no command line arguments or options are given, will perform an + NS query for "." (the root). +

-When no command line arguments or options are given, will perform an -NS query for "." (the root). -

+ It is possible to set per-user defaults for dig via + ${HOME}/.digrc. This file is read and + any options in it + are applied before the command line arguments. +

-It is possible to set per-user defaults for dig via -${HOME}/.digrc. This file is read and any options in it -are applied before the command line arguments. -

+ The IN and CH class names overlap with the IN and CH top level + domains names. Either use the -t and + -c options to specify the type and class or + use the -q the specify the domain name or + use "IN." and "CH." when looking up these top level domains. +

-

SIMPLE USAGE

+

SIMPLE USAGE

-A typical invocation of dig looks like: -

+ A typical invocation of dig looks like: +

 dig @server name type 
-

where: +

+ where: -

+

server

-is the name or IP address of the name server to query. This can be an IPv4 -address in dotted-decimal notation or an IPv6 -address in colon-delimited notation. When the supplied -server argument is a hostname, -dig resolves that name before querying that name -server. If no server argument is provided, -dig consults /etc/resolv.conf -and queries the name servers listed there. The reply from the name -server that responds is displayed. -

+ is the name or IP address of the name server to query. This can + be an IPv4 + address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + server argument is a + hostname, + dig resolves that name before + querying that name + server. If no server + argument is provided, + dig consults /etc/resolv.conf + and queries the name servers listed there. The reply from the + name + server that responds is displayed. +

name

-is the name of the resource record that is to be looked up. -

+ is the name of the resource record that is to be looked up. +

type

-indicates what type of query is required — -ANY, A, MX, SIG, etc. -type can be any valid query type. If no -type argument is supplied, -dig will perform a lookup for an A record. -

+ indicates what type of query is required — + ANY, A, MX, SIG, etc. + type can be any valid query + type. If no + type argument is supplied, + dig will perform a lookup for an + A record. +

-

+

-

OPTIONS

+

OPTIONS

+

+ The -b option sets the source IP address of the query + to address. This must be a valid + address on + one of the host's network interfaces or "0.0.0.0" or "::". An optional + port + may be specified by appending "#<port>" +

-The -b option sets the source IP address of the query -to address. This must be a valid address on -one of the host's network interfaces or "0.0.0.0" or "::". An optional port -may be specified by appending "#<port>" -

+ The default query class (IN for internet) is overridden by the + -c option. class is + any valid + class, such as HS for Hesiod records or CH for Chaosnet records. +

-The default query class (IN for internet) is overridden by the --c option. class is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. -

+ The -f option makes dig + operate + in batch mode by reading a list of lookup requests to process from the + file filename. The file contains a + number of + queries, one per line. Each entry in the file should be organized in + the same way they would be presented as queries to + dig using the command-line interface. +

-The -f option makes dig operate -in batch mode by reading a list of lookup requests to process from the -file filename. The file contains a number of -queries, one per line. Each entry in the file should be organised in -the same way they would be presented as queries to -dig using the command-line interface. -

+ If a non-standard port number is to be queried, the + -p option is used. port# is + the port number that dig will send its + queries + instead of the standard DNS port number 53. This option would be used + to test a name server that has been configured to listen for queries + on a non-standard port number. +

-If a non-standard port number is to be queried, the --p option is used. port# is -the port number that dig will send its queries -instead of the standard DNS port number 53. This option would be used -to test a name server that has been configured to listen for queries -on a non-standard port number. -

+ The -4 option forces dig + to only + use IPv4 query transport. The -6 option forces + dig to only use IPv6 query transport. +

-The -4 option forces dig to only -use IPv4 query transport. The -6 option forces -dig to only use IPv6 query transport. -

+ The -t option sets the query type to + type. It can be any valid query type + which is + supported in BIND 9. The default query type is "A", unless the + -x option is supplied to indicate a reverse lookup. + A zone transfer can be requested by specifying a type of AXFR. When + an incremental zone transfer (IXFR) is required, + type is set to ixfr=N. + The incremental zone transfer will contain the changes made to the zone + since the serial number in the zone's SOA record was + N. +

-The -t option sets the query type to -type. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the --x option is supplied to indicate a reverse lookup. -A zone transfer can be requested by specifying a type of AXFR. When -an incremental zone transfer (IXFR) is required, -type is set to ixfr=N. -The incremental zone transfer will contain the changes made to the zone -since the serial number in the zone's SOA record was -N. -

+ The -q option sets the query name to + name. This useful do distinguish the + name from other arguments. +

-Reverse lookups - mapping addresses to names - are simplified by the --x option. addr is an IPv4 -address in dotted-decimal notation, or a colon-delimited IPv6 address. -When this option is used, there is no need to provide the -name, class and -type arguments. dig -automatically performs a lookup for a name like -11.12.13.10.in-addr.arpa and sets the query type and -class to PTR and IN respectively. By default, IPv6 addresses are -looked up using nibble format under the IP6.ARPA domain. -To use the older RFC1886 method using the IP6.INT domain -specify the -i option. Bit string labels (RFC2874) -are now experimental and are not attempted. -

+ Reverse lookups — mapping addresses to names — are simplified by the + -x option. addr is + an IPv4 + address in dotted-decimal notation, or a colon-delimited IPv6 address. + When this option is used, there is no need to provide the + name, class and + type arguments. dig + automatically performs a lookup for a name like + 11.12.13.10.in-addr.arpa and sets the + query type and + class to PTR and IN respectively. By default, IPv6 addresses are + looked up using nibble format under the IP6.ARPA domain. + To use the older RFC1886 method using the IP6.INT domain + specify the -i option. Bit string labels (RFC2874) + are now experimental and are not attempted. +

-To sign the DNS queries sent by dig and their -responses using transaction signatures (TSIG), specify a TSIG key file -using the -k option. You can also specify the TSIG -key itself on the command line using the -y option; -name is the name of the TSIG key and -key is the actual key. The key is a base-64 -encoded string, typically generated by dnssec-keygen(8). + To sign the DNS queries sent by dig and + their + responses using transaction signatures (TSIG), specify a TSIG key file + using the -k option. You can also specify the TSIG + key itself on the command line using the -y option; + hmac is the type of the TSIG, default HMAC-MD5, + name is the name of the TSIG key and + key is the actual key. The key is a + base-64 + encoded string, typically generated by + dnssec-keygen(8). -Caution should be taken when using the -y option on -multi-user systems as the key can be visible in the output from -ps(1 -) or in the shell's history file. When -using TSIG authentication with dig, the name -server that is queried needs to know the key and algorithm that is -being used. In BIND, this is done by providing appropriate -key and server statements in -named.conf. -

+ Caution should be taken when using the -y option on + multi-user systems as the key can be visible in the output from + ps(1) + or in the shell's history file. When + using TSIG authentication with dig, the name + server that is queried needs to know the key and algorithm that is + being used. In BIND, this is done by providing appropriate + key and server statements in + named.conf. +

-

QUERY OPTIONS

+

QUERY OPTIONS

+

dig + provides a number of query options which affect + the way in which lookups are made and the results displayed. Some of + these set or reset flag bits in the query header, some determine which + sections of the answer get printed, and others determine the timeout + and retry strategies. +

-dig provides a number of query options which affect -the way in which lookups are made and the results displayed. Some of -these set or reset flag bits in the query header, some determine which -sections of the answer get printed, and others determine the timeout -and retry strategies. -

-

-Each query option is identified by a keyword preceded by a plus sign -(+). Some keywords set or reset an option. These may be preceded -by the string no to negate the meaning of that keyword. Other -keywords assign values to options like the timeout interval. They -have the form +keyword=value. -The query options are: + Each query option is identified by a keyword preceded by a plus sign + (+). Some keywords set or reset an + option. These may be preceded + by the string no to negate the meaning of + that keyword. Other + keywords assign values to options like the timeout interval. They + have the form +keyword=value. + The query options are: -

+

+[no]tcp

-Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in -which case a TCP connection is used. -

+ Use [do not use] TCP when querying name servers. The default + behavior is to use UDP unless an AXFR or IXFR query is + requested, in + which case a TCP connection is used. +

+[no]vc

-Use [do not use] TCP when querying name servers. This alternate -syntax to +[no]tcp is provided for backwards -compatibility. The "vc" stands for "virtual circuit". -

+ Use [do not use] TCP when querying name servers. This alternate + syntax to +[no]tcp is + provided for backwards + compatibility. The "vc" stands for "virtual circuit". +

+[no]ignore

-Ignore truncation in UDP responses instead of retrying with TCP. By -default, TCP retries are performed. -

+ Ignore truncation in UDP responses instead of retrying with TCP. + By + default, TCP retries are performed. +

+domain=somename

-Set the search list to contain the single domain -somename, as if specified in a -domain directive in -/etc/resolv.conf, and enable search list -processing as if the +search option were given. -

+ Set the search list to contain the single domain + somename, as if specified in + a + domain directive in + /etc/resolv.conf, and enable + search list + processing as if the +search + option were given. +

+[no]search

-Use [do not use] the search list defined by the searchlist or domain -directive in resolv.conf (if any). -The search list is not used by default. -

+ Use [do not use] the search list defined by the searchlist or + domain + directive in resolv.conf (if + any). + The search list is not used by default. +

+
+[no]showsearch
+

+ Perform [do not perform] a search showing intermediate + results. +

+[no]defname

-Deprecated, treated as a synonym for +[no]search -

+ Deprecated, treated as a synonym for +[no]search +

+[no]aaonly

-Sets the "aa" flag in the query. -

+ Sets the "aa" flag in the query. +

+[no]aaflag

-A synonym for +[no]aaonly. -

+ A synonym for +[no]aaonly. +

+[no]adflag

-Set [do not set] the AD (authentic data) bit in the query. The AD bit -currently has a standard meaning only in responses, not in queries, -but the ability to set the bit in the query is provided for -completeness. -

+ Set [do not set] the AD (authentic data) bit in the query. The + AD bit + currently has a standard meaning only in responses, not in + queries, + but the ability to set the bit in the query is provided for + completeness. +

+[no]cdflag

-Set [do not set] the CD (checking disabled) bit in the query. This -requests the server to not perform DNSSEC validation of responses. -

+ Set [do not set] the CD (checking disabled) bit in the query. + This + requests the server to not perform DNSSEC validation of + responses. +

+[no]cl

-Display [do not display] the CLASS when printing the record. -

+ Display [do not display] the CLASS when printing the record. +

+[no]ttlid

-Display [do not display] the TTL when printing the record. -

+ Display [do not display] the TTL when printing the record. +

+[no]recurse

-Toggle the setting of the RD (recursion desired) bit in the query. -This bit is set by default, which means dig -normally sends recursive queries. Recursion is automatically disabled -when the +nssearch or -+trace query options are used. -

+ Toggle the setting of the RD (recursion desired) bit in the + query. + This bit is set by default, which means dig + normally sends recursive queries. Recursion is automatically + disabled + when the +nssearch or + +trace query options are + used. +

+[no]nssearch

-When this option is set, dig attempts to find the -authoritative name servers for the zone containing the name being -looked up and display the SOA record that each name server has for the -zone. -

+ When this option is set, dig + attempts to find the + authoritative name servers for the zone containing the name + being + looked up and display the SOA record that each name server has + for the + zone. +

+[no]trace

-Toggle tracing of the delegation path from the root name servers for -the name being looked up. Tracing is disabled by default. When -tracing is enabled, dig makes iterative queries to -resolve the name being looked up. It will follow referrals from the -root servers, showing the answer from each server that was used to -resolve the lookup. -

+ Toggle tracing of the delegation path from the root name servers + for + the name being looked up. Tracing is disabled by default. When + tracing is enabled, dig makes + iterative queries to + resolve the name being looked up. It will follow referrals from + the + root servers, showing the answer from each server that was used + to + resolve the lookup. +

+[no]cmd

-toggles the printing of the initial comment in the output identifying -the version of dig and the query options that have -been applied. This comment is printed by default. -

+ Toggles the printing of the initial comment in the output + identifying + the version of dig and the query + options that have + been applied. This comment is printed by default. +

+[no]short

-Provide a terse answer. The default is to print the answer in a -verbose form. -

+ Provide a terse answer. The default is to print the answer in a + verbose form. +

+[no]identify

-Show [or do not show] the IP address and port number that supplied the -answer when the +short option is enabled. If -short form answers are requested, the default is not to show the -source address and port number of the server that provided the answer. -

+ Show [or do not show] the IP address and port number that + supplied the + answer when the +short option + is enabled. If + short form answers are requested, the default is not to show the + source address and port number of the server that provided the + answer. +

+[no]comments

-Toggle the display of comment lines in the output. The default is to -print comments. -

+ Toggle the display of comment lines in the output. The default + is to + print comments. +

+[no]stats

-This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is -to print the query statistics. -

+ This query option toggles the printing of statistics: when the + query + was made, the size of the reply and so on. The default + behavior is + to print the query statistics. +

+[no]qr

-Print [do not print] the query as it is sent. -By default, the query is not printed. -

+ Print [do not print] the query as it is sent. + By default, the query is not printed. +

+[no]question

-Print [do not print] the question section of a query when an answer is -returned. The default is to print the question section as a comment. -

+ Print [do not print] the question section of a query when an + answer is + returned. The default is to print the question section as a + comment. +

+[no]answer

-Display [do not display] the answer section of a reply. The default -is to display it. -

+ Display [do not display] the answer section of a reply. The + default + is to display it. +

+[no]authority

-Display [do not display] the authority section of a reply. The -default is to display it. -

+ Display [do not display] the authority section of a reply. The + default is to display it. +

+[no]additional

-Display [do not display] the additional section of a reply. -The default is to display it. -

+ Display [do not display] the additional section of a reply. + The default is to display it. +

+[no]all

-Set or clear all display flags. -

+ Set or clear all display flags. +

+time=T

-Sets the timeout for a query to -T seconds. The default time out is 5 seconds. -An attempt to set T to less than 1 will result -in a query timeout of 1 second being applied. -

+ Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied. +

+tries=T

-Sets the number of times to try UDP queries to server to -T instead of the default, 3. If -T is less than or equal to zero, the number of -tries is silently rounded up to 1. -

+ Sets the number of times to try UDP queries to server to + T instead of the default, 3. + If + T is less than or equal to + zero, the number of + tries is silently rounded up to 1. +

+retry=T

-Sets the number of times to retry UDP queries to server to -T instead of the default, 2. Unlike -+tries, this does not include the initial -query. -

+ Sets the number of times to retry UDP queries to server to + T instead of the default, 2. + Unlike + +tries, this does not include + the initial + query. +

+ndots=D

-Set the number of dots that have to appear in -name to D for it to be -considered absolute. The default value is that defined using the -ndots statement in /etc/resolv.conf, or 1 if no -ndots statement is present. Names with fewer dots are interpreted as -relative names and will be searched for in the domains listed in the -search or domain directive in -/etc/resolv.conf. -

+ Set the number of dots that have to appear in + name to D for it to be + considered absolute. The default value is that defined using + the + ndots statement in /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots are + interpreted as + relative names and will be searched for in the domains listed in + the + search or domain directive in + /etc/resolv.conf. +

+bufsize=B

-Set the UDP message buffer size advertised using EDNS0 to -B bytes. The maximum and minimum sizes of this -buffer are 65535 and 0 respectively. Values outside this range are -rounded up or down appropriately. -

+ Set the UDP message buffer size advertised using EDNS0 to + B bytes. The maximum and minimum sizes + of this buffer are 65535 and 0 respectively. Values outside + this range are rounded up or down appropriately. + Values other than zero will cause a EDNS query to be sent. +

+
+edns=#
+

+ Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause a + EDNS query to be sent. +noedns clears the + remembered EDNS version. +

+[no]multiline

-Print records like the SOA records in a verbose multi-line -format with human-readable comments. The default is to print -each record on a single line, to facilitate machine parsing -of the dig output. -

+ Print records like the SOA records in a verbose multi-line + format with human-readable comments. The default is to print + each record on a single line, to facilitate machine parsing + of the dig output. +

+[no]fail

-Do not try the next server if you receive a SERVFAIL. The default is -to not try the next server which is the reverse of normal stub resolver -behaviour. -

+ Do not try the next server if you receive a SERVFAIL. The + default is + to not try the next server which is the reverse of normal stub + resolver + behavior. +

+[no]besteffort

-Attempt to display the contents of messages which are malformed. -The default is to not display malformed answers. -

+ Attempt to display the contents of messages which are malformed. + The default is to not display malformed answers. +

+[no]dnssec

-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) -in the OPT record in the additional section of the query. -

+ Requests DNSSEC records be sent by setting the DNSSEC OK bit + (DO) + in the OPT record in the additional section of the query. +

+[no]sigchase

-Chase DNSSEC signature chains. Requires dig be compiled with --DDIG_SIGCHASE. -

+ Chase DNSSEC signature chains. Requires dig be compiled with + -DDIG_SIGCHASE. +

+trusted-key=####

- Specifies a file containing trusted keys to be used with + Specifies a file containing trusted keys to be used with +sigchase. Each DNSKEY record must be on its own line. -

+

If not specified dig will look for /etc/trusted-key.key then trusted-key.key in the current directory.

- Requires dig be compiled with -DDIG_SIGCHASE. + Requires dig be compiled with -DDIG_SIGCHASE.

+[no]topdown

-When chasing DNSSEC signature chains perform a top down validation. -Requires dig be compiled with -DDIG_SIGCHASE. -

+ When chasing DNSSEC signature chains perform a top-down + validation. + Requires dig be compiled with -DDIG_SIGCHASE. +

-

+

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

-The BIND 9 implementation of dig supports -specifying multiple queries on the command line (in addition to -supporting the -f batch file option). Each of those -queries can be supplied with its own set of flags, options and query -options. -

+ The BIND 9 implementation of dig + supports + specifying multiple queries on the command line (in addition to + supporting the -f batch file option). Each of those + queries can be supplied with its own set of flags, options and query + options. +

-In this case, each query argument represent an -individual query in the command-line syntax described above. Each -consists of any of the standard options and flags, the name to be -looked up, an optional query type and class and any query options that -should be applied to that query. -

+ In this case, each query argument + represent an + individual query in the command-line syntax described above. Each + consists of any of the standard options and flags, the name to be + looked up, an optional query type and class and any query options that + should be applied to that query. +

-A global set of query options, which should be applied to all queries, -can also be supplied. These global query options must precede the -first tuple of name, class, type, options, flags, and query options -supplied on the command line. Any global query options (except -the +[no]cmd option) can be -overridden by a query-specific set of query options. For example: -

+ A global set of query options, which should be applied to all queries, + can also be supplied. These global query options must precede the + first tuple of name, class, type, options, flags, and query options + supplied on the command line. Any global query options (except + the +[no]cmd option) can be + overridden by a query-specific set of query options. For example: +

 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 

-shows how dig could be used from the command line -to make three lookups: an ANY query for www.isc.org, a -reverse lookup of 127.0.0.1 and a query for the NS records of -isc.org. + shows how dig could be used from the + command line + to make three lookups: an ANY query for www.isc.org, a + reverse lookup of 127.0.0.1 and a query for the NS records of + isc.org. -A global query option of +qr is applied, so -that dig shows the initial query it made for each -lookup. The final query has a local query option of -+noqr which means that dig -will not print the initial query when it looks up the NS records for -isc.org. -

+ A global query option of +qr is + applied, so + that dig shows the initial query it made + for each + lookup. The final query has a local query option of + +noqr which means that dig + will not print the initial query when it looks up the NS records for + isc.org. +

-

FILES

+

IDN SUPPORT

-/etc/resolv.conf -

-

-${HOME}/.digrc -

+ If dig has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + dig appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + dig runs. +

-

SEE ALSO

-

-host(1), -named(8), -dnssec-keygen(8), -RFC1035. -

+

FILES

+

/etc/resolv.conf +

+

${HOME}/.digrc +

+
+
+

SEE ALSO

+

host(1), + named(8), + dnssec-keygen(8), + RFC1035. +

-

BUGS

+

BUGS

-There are probably too many query options. -

+ There are probably too many query options. +

diff --git a/usr.sbin/bind/bin/dig/dighost.c b/usr.sbin/bind/bin/dig/dighost.c index 06b0d3538c3..072a1912293 100644 --- a/usr.sbin/bind/bin/dig/dighost.c +++ b/usr.sbin/bind/bin/dig/dighost.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */ +/* $ISC: dighost.c,v 1.259.18.43 2007/08/28 07:19:55 tbox Exp $ */ -/* +/*! \file + * \note * Notice to programmers: Do not use this code as an example of how to * use the ISC library to perform DNS lookups. Dig and Host both operate * on the request level, since they allow fine-tuning of output and are @@ -32,6 +33,17 @@ #include #include +#ifdef HAVE_LOCALE_H +#include +#endif + +#ifdef WITH_IDN +#include +#include +#include +#include +#endif + #include #ifdef DIG_SIGCHASE #include @@ -95,16 +107,19 @@ dig_serverlist_t server_list; dig_searchlistlist_t search_list; isc_boolean_t + check_ra = ISC_FALSE, have_ipv4 = ISC_FALSE, have_ipv6 = ISC_FALSE, specified_source = ISC_FALSE, free_now = ISC_FALSE, cancel_now = ISC_FALSE, usesearch = ISC_FALSE, + showsearch = ISC_FALSE, qr = ISC_FALSE, is_dst_up = ISC_FALSE; in_port_t port = 53; unsigned int timeout = 0; +unsigned int extrabytes; isc_mem_t *mctx = NULL; isc_taskmgr_t *taskmgr = NULL; isc_task_t *global_task = NULL; @@ -119,20 +134,36 @@ int ndots = -1; int tries = 3; int lookup_counter = 0; -/* +#ifdef WITH_IDN +static void initialize_idn(void); +static isc_result_t output_filter(isc_buffer_t *buffer, + unsigned int used_org, + isc_boolean_t absolute); +static idn_result_t append_textname(char *name, const char *origin, + size_t namesize); +static void idn_check_result(idn_result_t r, const char *msg); + +#define MAXDLEN 256 +int idnoptions = 0; +#endif + +/*% * Exit Codes: - * 0 Everything went well, including things like NXDOMAIN - * 1 Usage error - * 7 Got too many RR's or Names - * 8 Couldn't open batch file - * 9 No reply from server - * 10 Internal error + * + *\li 0 Everything went well, including things like NXDOMAIN + *\li 1 Usage error + *\li 7 Got too many RR's or Names + *\li 8 Couldn't open batch file + *\li 9 No reply from server + *\li 10 Internal error */ int exitcode = 0; int fatalexit = 0; char keynametext[MXNAME]; char keyfile[MXNAME] = ""; char keysecret[MXNAME] = ""; +dns_name_t *hmacname = NULL; +unsigned int digestbits = 0; isc_buffer_t *namebuf = NULL; dns_tsigkey_t *key = NULL; isc_boolean_t validated = ISC_TRUE; @@ -246,7 +277,7 @@ dns_name_t chase_name; /* the query name */ /* * the current name is the parent name when we follow delegation */ -dns_name_t chase_current_name; +dns_name_t chase_current_name; /* * the child name is used for delegation (NS DS responses in AUTHORITY section) */ @@ -293,7 +324,7 @@ struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0}; #define DIG_MAX_ADDRESSES 20 -/* +/*% * Apply and clear locks at the event level in global task. * Can I get rid of these using shutdown events? XXX */ @@ -377,7 +408,7 @@ hex_dump(isc_buffer_t *b) { printf("\n"); } -/* +/*% * Append 'len' bytes of 'text' at '*p', failing with * ISC_R_NOSPACE if that would advance p past 'end'. */ @@ -493,7 +524,7 @@ check_result(isc_result_t result, const char *msg) { } } -/* +/*% * Create a server structure, which is part of the lookup structure. * This is little more than a linked list of servers to query in hopes * of finding the answer the user is looking for @@ -533,7 +564,7 @@ addr2af(int lwresaddrtype) return (af); } -/* +/*% * Create a copy of the server list from the lwres configuration structure. * The dest list must have already had ISC_LIST_INIT applied. */ @@ -583,7 +614,7 @@ set_nameserver(char *opt) { return; result = bind9_getaddresses(opt, 0, sockaddrs, - DIG_MAX_ADDRESSES, &count); + DIG_MAX_ADDRESSES, &count); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", opt, isc_result_totext(result)); @@ -628,7 +659,7 @@ add_nameserver(lwres_conf_t *confdata, const char *addr, int af) { return (ISC_R_FAILURE); } -/* +/*% * Produce a cloned server list. The dest list must have already had * ISC_LIST_INIT applied. */ @@ -646,7 +677,7 @@ clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) { } } -/* +/*% * Create an empty lookup structure, which holds all the information needed * to get an answer to a user's question. This structure contains two * linked lists: the server list (servers to query) and the query list @@ -702,6 +733,7 @@ make_empty_lookup(void) { #endif #endif looknew->udpsize = 0; + looknew->edns = -1; looknew->recurse = ISC_TRUE; looknew->aaonly = ISC_FALSE; looknew->adflag = ISC_FALSE; @@ -721,13 +753,15 @@ make_empty_lookup(void) { looknew->section_authority = ISC_TRUE; looknew->section_additional = ISC_TRUE; looknew->new_search = ISC_FALSE; + looknew->done_as_is = ISC_FALSE; + looknew->need_search = ISC_FALSE; ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->my_server_list); return (looknew); } -/* +/*% * Clone a lookup, perhaps copying the server list. This does not clone * the query list, since it will be regenerated by the setup_lookup() * function, nor does it queue up the new lookup for processing. @@ -777,6 +811,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { #endif #endif looknew->udpsize = lookold->udpsize; + looknew->edns = lookold->edns; looknew->recurse = lookold->recurse; looknew->aaonly = lookold->aaonly; looknew->adflag = lookold->adflag; @@ -791,6 +826,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->section_additional = lookold->section_additional; looknew->retries = lookold->retries; looknew->tsigctx = NULL; + looknew->need_search = lookold->need_search; + looknew->done_as_is = lookold->done_as_is; if (servers) clone_server_list(lookold->my_server_list, @@ -798,7 +835,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { return (looknew); } -/* +/*% * Requeue a lookup for further processing, perhaps copying the server * list. The new lookup structure is returned to the caller, and is * queued for processing. If servers are not cloned in the requeue, they @@ -860,14 +897,15 @@ setup_text_key(void) { if (result != ISC_R_SUCCESS) goto failure; - result = dns_tsigkey_create(&keyname, dns_tsig_hmacmd5_name, - secretstore, secretsize, - ISC_FALSE, NULL, 0, 0, mctx, + result = dns_tsigkey_create(&keyname, hmacname, secretstore, + secretsize, ISC_FALSE, NULL, 0, 0, mctx, NULL, &key); failure: if (result != ISC_R_SUCCESS) printf(";; Couldn't create key %s: %s\n", keynametext, isc_result_totext(result)); + else + dst_key_setbits(key->key, digestbits); isc_mem_free(mctx, secretstore); dns_name_invalidate(&keyname); @@ -888,8 +926,31 @@ setup_file_key(void) { goto failure; } - result = dns_tsigkey_createfromkey(dst_key_name(dstkey), - dns_tsig_hmacmd5_name, + switch (dst_key_alg(dstkey)) { + case DST_ALG_HMACMD5: + hmacname = DNS_TSIG_HMACMD5_NAME; + break; + case DST_ALG_HMACSHA1: + hmacname = DNS_TSIG_HMACSHA1_NAME; + break; + case DST_ALG_HMACSHA224: + hmacname = DNS_TSIG_HMACSHA224_NAME; + break; + case DST_ALG_HMACSHA256: + hmacname = DNS_TSIG_HMACSHA256_NAME; + break; + case DST_ALG_HMACSHA384: + hmacname = DNS_TSIG_HMACSHA384_NAME; + break; + case DST_ALG_HMACSHA512: + hmacname = DNS_TSIG_HMACSHA512_NAME; + break; + default: + printf(";; Couldn't create key %s: bad algorithm\n", + keynametext); + goto failure; + } + result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname, dstkey, ISC_FALSE, NULL, 0, 0, mctx, NULL, &key); if (result != ISC_R_SUCCESS) { @@ -929,7 +990,7 @@ create_search_list(lwres_conf_t *confdata) { } } -/* +/*% * Setup the system as a whole, reading key information and resolv.conf * settings. */ @@ -983,6 +1044,10 @@ setup_system(void) { if (ISC_LIST_EMPTY(server_list)) copy_server_list(lwconf, &server_list); +#ifdef WITH_IDN + initialize_idn(); +#endif + if (keyfile[0] != 0) setup_file_key(); else if (keysecret[0] != 0) @@ -1013,7 +1078,7 @@ clear_searchlist(void) { } } -/* +/*% * Override the search list derived from resolv.conf by 'domain'. */ void @@ -1025,7 +1090,7 @@ set_search_domain(char *domain) { ISC_LIST_APPEND(search_list, search, link); } -/* +/*% * Setup the ISC and DNS libraries for use by the system. */ void @@ -1082,12 +1147,14 @@ setup_libs(void) { dns_result_register(); } -/* +/*% * Add EDNS0 option record to a message. Currently, the only supported * options are UDP buffer size and the DO bit. */ static void -add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { +add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns, + isc_boolean_t dnssec) +{ dns_rdataset_t *rdataset = NULL; dns_rdatalist_t *rdatalist = NULL; dns_rdata_t *rdata = NULL; @@ -1106,9 +1173,9 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { rdatalist->type = dns_rdatatype_opt; rdatalist->covers = 0; rdatalist->rdclass = udpsize; - rdatalist->ttl = 0; + rdatalist->ttl = edns << 16; if (dnssec) - rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; + rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; rdata->data = NULL; rdata->length = 0; ISC_LIST_INIT(rdatalist->rdata); @@ -1118,7 +1185,7 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { check_result(result, "dns_message_setopt"); } -/* +/*% * Add a question section to a message, asking for the specified name, * type, and class. */ @@ -1138,7 +1205,7 @@ add_question(dns_message_t *message, dns_name_t *name, ISC_LIST_APPEND(name->list, rdataset, link); } -/* +/*% * Check if we're done with all the queued lookups, which is true iff * all sockets, sends, and recvs are accounted for (counters == 0), * and the lookup list is empty. @@ -1159,7 +1226,7 @@ check_if_done(void) { } } -/* +/*% * Clear out a query when we're done with it. WARNING: This routine * WILL invalidate the query pointer. */ @@ -1198,16 +1265,14 @@ clear_query(dig_query_t *query) { isc_mem_free(mctx, query); } -/* +/*% * Try and clear out a lookup if we're done with it. Return ISC_TRUE if * the lookup was successfully cleared. If ISC_TRUE is returned, the * lookup pointer has been invalidated. */ static isc_boolean_t try_clear_lookup(dig_lookup_t *lookup) { - dig_server_t *s; dig_query_t *q; - void *ptr; REQUIRE(lookup != NULL); @@ -1228,7 +1293,16 @@ try_clear_lookup(dig_lookup_t *lookup) { * At this point, we know there are no queries on the lookup, * so can make it go away also. */ - debug("cleared"); + destroy_lookup(lookup); + return (ISC_TRUE); +} + +void +destroy_lookup(dig_lookup_t *lookup) { + dig_server_t *s; + void *ptr; + + debug("destroy"); s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", s, lookup); @@ -1253,10 +1327,9 @@ try_clear_lookup(dig_lookup_t *lookup) { dst_context_destroy(&lookup->tsigctx); isc_mem_free(mctx, lookup); - return (ISC_TRUE); } -/* +/*% * If we can, start the next lookup in the queue running. * This assumes that the lookup on the head of the queue hasn't been * started yet. It also removes the lookup from the head of the queue, @@ -1332,7 +1405,7 @@ start_lookup(void) { current_lookup->qrdtype_sigchase = current_lookup->qrdtype; current_lookup->qrdtype = dns_rdatatype_ns; - + current_lookup->rdclass_sigchase = current_lookup->rdclass; current_lookup->rdclass_sigchaseset @@ -1369,7 +1442,7 @@ start_lookup(void) { } } -/* +/*% * If we can, clear the current lookup and start the next one running. * This calls try_clear_lookup, so may invalidate the lookup pointer. */ @@ -1390,7 +1463,7 @@ check_next_lookup(dig_lookup_t *lookup) { } } -/* +/*% * Create and queue a new lookup as a followup to the current lookup, * based on the supplied message and section. This is used in trace and * name server search modes to start a new lookup using servers from @@ -1407,6 +1480,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) isc_result_t result; isc_boolean_t success = ISC_FALSE; int numLookups = 0; + dns_name_t *domain; + isc_boolean_t horizontal = ISC_FALSE, bad = ISC_FALSE; INSIST(!free_now); @@ -1433,6 +1508,26 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) debug("found NS set"); + if (query->lookup->trace && !query->lookup->trace_root) { + dns_namereln_t namereln; + unsigned int nlabels; + int order; + + domain = dns_fixedname_name(&query->lookup->fdomain); + namereln = dns_name_fullcompare(name, domain, + &order, &nlabels); + if (namereln == dns_namereln_equal) { + if (!horizontal) + printf(";; BAD (HORIZONTAL) REFERRAL\n"); + horizontal = ISC_TRUE; + } else if (namereln != dns_namereln_subdomain) { + if (!bad) + printf(";; BAD REFERRAL\n"); + bad = ISC_TRUE; + continue; + } + } + for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { @@ -1470,6 +1565,9 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) lookup->trace_root = ISC_FALSE; if (lookup->ns_search_only) lookup->recurse = ISC_FALSE; + dns_fixedname_init(&lookup->fdomain); + domain = dns_fixedname_name(&lookup->fdomain); + dns_name_copy(name, domain, NULL); } srv = make_server(namestr, namestr); debug("adding server %s", srv->servername); @@ -1483,10 +1581,32 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) (query->lookup->trace || query->lookup->ns_search_only)) return (followup_lookup(msg, query, DNS_SECTION_AUTHORITY)); - return numLookups; + /* + * Randomize the order the nameserver will be tried. + */ + if (numLookups > 1) { + isc_uint32_t i, j; + dig_serverlist_t my_server_list; + + ISC_LIST_INIT(my_server_list); + + for (i = numLookups; i > 0; i--) { + isc_random_get(&j); + j %= i; + srv = ISC_LIST_HEAD(lookup->my_server_list); + while (j-- > 0) + srv = ISC_LIST_NEXT(srv, link); + ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link); + ISC_LIST_APPEND(my_server_list, srv, link); + } + ISC_LIST_APPENDLIST(lookup->my_server_list, + my_server_list, link); + } + + return (numLookups); } -/* +/*% * Create and queue a new lookup using the next origin from the search * list, read in setup_system(). * @@ -1495,6 +1615,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) static isc_boolean_t next_origin(dns_message_t *msg, dig_query_t *query) { dig_lookup_t *lookup; + dig_searchlist_t *search; UNUSED(msg); @@ -1509,18 +1630,27 @@ next_origin(dns_message_t *msg, dig_query_t *query) { * about finding the next entry. */ return (ISC_FALSE); - if (query->lookup->origin == NULL) + if (query->lookup->origin == NULL && !query->lookup->need_search) /* * Then we just did rootorg; there's nothing left. */ return (ISC_FALSE); - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link); + if (query->lookup->origin == NULL && query->lookup->need_search) { + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } else { + search = ISC_LIST_NEXT(query->lookup->origin, link); + if (search == NULL && query->lookup->done_as_is) + return (ISC_FALSE); + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = search; + } cancel_lookup(query->lookup); return (ISC_TRUE); } -/* +/*% * Insert an SOA record into the sendmessage in a lookup. Used for * creating IXFR queries. */ @@ -1586,7 +1716,7 @@ insert_soa(dig_lookup_t *lookup) { dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY); } -/* +/*% * Setup the supplied lookup structure, making it ready to start sending * queries to servers. Create and initialize the message to be sent as * well as the query structures and buffer space for the replies. If the @@ -1602,6 +1732,15 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_t b; dns_compress_t cctx; char store[MXNAME]; +#ifdef WITH_IDN + idn_result_t mr; + char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; +#endif + +#ifdef WITH_IDN + result = dns_name_settotextfilter(output_filter); + check_result(result, "dns_name_settotextfilter"); +#endif REQUIRE(lookup != NULL); INSIST(!free_now); @@ -1630,6 +1769,17 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_init(&lookup->onamebuf, lookup->onamespace, sizeof(lookup->onamespace)); +#ifdef WITH_IDN + /* + * We cannot convert `textname' and `origin' separately. + * `textname' doesn't contain TLD, but local mapping needs + * TLD. + */ + mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, + utf8_textname, sizeof(utf8_textname)); + idn_check_result(mr, "convert textname to UTF-8"); +#endif + /* * If the name has too many dots, force the origin to be NULL * (which produces an absolute lookup). Otherwise, take the origin @@ -1637,12 +1787,43 @@ setup_lookup(dig_lookup_t *lookup) { * take the first entry in the searchlist iff either usesearch * is TRUE or we got a domain line in the resolv.conf file. */ - /* XXX New search here? */ - if ((count_dots(lookup->textname) >= ndots) || !usesearch) - lookup->origin = NULL; /* Force abs lookup */ - else if (lookup->origin == NULL && lookup->new_search && usesearch) - lookup->origin = ISC_LIST_HEAD(search_list); + if (lookup->new_search) { +#ifdef WITH_IDN + if ((count_dots(utf8_textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } +#else + if ((count_dots(lookup->textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } +#endif + } +#ifdef WITH_IDN + if (lookup->origin != NULL) { + mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, + lookup->origin->origin, utf8_origin, + sizeof(utf8_origin)); + idn_check_result(mr, "convert origin to UTF-8"); + mr = append_textname(utf8_textname, utf8_origin, + sizeof(utf8_textname)); + idn_check_result(mr, "append origin to textname"); + } + mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP | + IDN_IDNCONV | IDN_LENCHECK, utf8_textname, + idn_textname, sizeof(idn_textname)); + idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); +#else if (lookup->origin != NULL) { debug("trying origin %s", lookup->origin->origin); result = dns_message_gettempname(lookup->sendmsg, @@ -1683,11 +1864,22 @@ setup_lookup(dig_lookup_t *lookup) { lookup->textname, isc_result_totext(result)); } dns_message_puttempname(lookup->sendmsg, &lookup->oname); - } else { + } else +#endif + { debug("using root origin"); if (lookup->trace && lookup->trace_root) dns_name_clone(dns_rootname, lookup->name); else { +#ifdef WITH_IDN + len = strlen(idn_textname); + isc_buffer_init(&b, idn_textname, len); + isc_buffer_add(&b, len); + result = dns_name_fromtext(lookup->name, &b, + dns_rootname, + ISC_FALSE, + &lookup->namebuf); +#else len = strlen(lookup->textname); isc_buffer_init(&b, lookup->textname, len); isc_buffer_add(&b, len); @@ -1695,6 +1887,7 @@ setup_lookup(dig_lookup_t *lookup) { dns_rootname, ISC_FALSE, &lookup->namebuf); +#endif } if (result != ISC_R_SUCCESS) { dns_message_puttempname(lookup->sendmsg, @@ -1789,10 +1982,13 @@ setup_lookup(dig_lookup_t *lookup) { result = dns_message_renderbegin(lookup->sendmsg, &cctx, &lookup->renderbuf); check_result(result, "dns_message_renderbegin"); - if (lookup->udpsize > 0 || lookup->dnssec) { + if (lookup->udpsize > 0 || lookup->dnssec || lookup->edns > -1) { if (lookup->udpsize == 0) - lookup->udpsize = 2048; - add_opt(lookup->sendmsg, lookup->udpsize, lookup->dnssec); + lookup->udpsize = 4096; + if (lookup->edns < 0) + lookup->edns = 0; + add_opt(lookup->sendmsg, lookup->udpsize, + lookup->edns, lookup->dnssec); } result = dns_message_rendersection(lookup->sendmsg, @@ -1840,6 +2036,7 @@ setup_lookup(dig_lookup_t *lookup) { query->userarg = serv->userarg; query->rr_count = 0; query->msg_count = 0; + query->byte_count = 0; ISC_LINK_INIT(query, link); ISC_LIST_INIT(query->recvlist); ISC_LIST_INIT(query->lengthlist); @@ -1858,12 +2055,13 @@ setup_lookup(dig_lookup_t *lookup) { } /* XXX qrflag, print_query, etc... */ if (!ISC_LIST_EMPTY(lookup->q) && qr) { + extrabytes = 0; printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg, ISC_TRUE); } } -/* +/*% * Event handler for send completion. Track send counter, and clear out * the query if the send was canceled. */ @@ -1910,7 +2108,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Cancel a lookup, sending isc_socket_cancel() requests to all outstanding * IO sockets. The cancel handlers should take care of cleaning up the * query and lookup structures @@ -1972,7 +2170,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) { static void connect_done(isc_task_t *task, isc_event_t *event); -/* +/*% * Unlike send_udp, this can't be called multiple times with the same * query. When we retry TCP, we requeue the whole lookup, which should * start anew. @@ -2041,7 +2239,7 @@ send_tcp_connect(dig_query_t *query) { } } -/* +/*% * Send a UDP packet to the remote nameserver, possible starting the * recv action as well. Also make sure that the timer is running and * is properly reset. @@ -2102,7 +2300,7 @@ send_udp(dig_query_t *query) { sendcount++; } -/* +/*% * IO timeout handler, used for both connect and recv timeouts. If * retries are still allowed, either resend the UDP packet or queue a * new TCP lookup. Otherwise, cancel the lookup. @@ -2161,7 +2359,7 @@ connect_timeout(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Event handler for the TCP recv which gets the length header of TCP * packets. Start the next recv of length bytes. */ @@ -2245,7 +2443,7 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * For transfers that involve multiple recvs (XFR's in particular), * launch the next recv. */ @@ -2304,7 +2502,7 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { return; } -/* +/*% * Event handler for TCP connect complete. Make sure the connection was * successful, then pass into launch_next_query to actually send the * question. @@ -2384,7 +2582,7 @@ connect_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Check if the ongoing XFR needs more data before it's complete, using * the semantics of IXFR and AXFR protocols. Much of the complexity of * this routine comes from determining when an IXFR is complete. @@ -2412,6 +2610,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, */ query->msg_count++; + query->byte_count += sevent->n; result = dns_message_firstname(msg, DNS_SECTION_ANSWER); if (result != ISC_R_SUCCESS) { puts("; Transfer failed."); @@ -2527,7 +2726,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, return (ISC_TRUE); } -/* +/*% * Event handler for recv complete. Perform whatever actions are necessary, * based on the specifics of the user's request. */ @@ -2612,36 +2811,25 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->tcp_mode && - !isc_sockaddr_equal(&sevent->address, &query->sockaddr)) { + !isc_sockaddr_compare(&sevent->address, &query->sockaddr, + ISC_SOCKADDR_CMPADDR| + ISC_SOCKADDR_CMPPORT| + ISC_SOCKADDR_CMPSCOPE| + ISC_SOCKADDR_CMPSCOPEZERO)) { char buf1[ISC_SOCKADDR_FORMATSIZE]; char buf2[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t any; - if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) + if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) isc_sockaddr_any(&any); else isc_sockaddr_any6(&any); -#ifdef ISC_PLATFORM_HAVESCOPEID - /* - * Accept answers from any scope if we havn't specified the - * scope as long as the address and port match. - */ - if (isc_sockaddr_pf(&query->sockaddr) == AF_INET6 && - query->sockaddr.type.sin6.sin6_scope_id == 0 && - memcmp(&sevent->address.type.sin6.sin6_addr, - &query->sockaddr.type.sin6.sin6_addr, - sizeof(query->sockaddr.type.sin6.sin6_addr)) == 0 && - isc_sockaddr_getport(&sevent->address) == - isc_sockaddr_getport(&query->sockaddr)) - /* empty */; - else -#endif /* - * We don't expect a match above when the packet is - * sent to 0.0.0.0, :: or to a multicast addresses. - * XXXMPA broadcast needs to be handled here as well. - */ + * We don't expect a match when the packet is + * sent to 0.0.0.0, :: or to a multicast addresses. + * XXXMPA broadcast needs to be handled here as well. + */ if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) && !isc_sockaddr_ismulticast(&query->sockaddr)) || isc_sockaddr_getport(&query->sockaddr) != @@ -2691,6 +2879,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { "(< header size) message received\n"); } + if (result == ISC_R_SUCCESS && (msgflags & DNS_MESSAGEFLAG_QR) == 0) + printf(";; Warning: query response not set\n"); + if (!match) { isc_buffer_invalidate(&query->recvbuf); isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE); @@ -2757,8 +2948,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } - if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 - && !l->ignore && !l->tcp_mode) { + if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 && + !l->ignore && !l->tcp_mode) { printf(";; Truncated, retrying in TCP mode.\n"); n = requeue_lookup(l, ISC_TRUE); n->tcp_mode = ISC_TRUE; @@ -2771,7 +2962,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } - if (msg->rcode == dns_rcode_servfail && !l->servfail_stops) { + if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) || + (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse)) + { dig_query_t *next = ISC_LIST_NEXT(query, link); if (l->current_query == query) l->current_query = NULL; @@ -2789,9 +2982,13 @@ recv_done(isc_task_t *task, isc_event_t *event) { */ if ((ISC_LIST_HEAD(l->q) != query) || (ISC_LIST_NEXT(query, link) != NULL)) { - printf(";; Got SERVFAIL reply from %s, " - "trying next server\n", - query->servname); + if( l->comments == ISC_TRUE ) + printf(";; Got %s from %s, " + "trying next server\n", + msg->rcode == dns_rcode_servfail ? + "SERVFAIL reply" : + "recursion not available", + query->servname); clear_query(query); check_next_lookup(l); dns_message_destroy(&msg); @@ -2818,6 +3015,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { check_result(result,"dns_message_getquerytsig"); } + extrabytes = isc_buffer_remaininglength(b); + debug("after parse"); if (l->doing_xfr && l->xfr_q == NULL) { l->xfr_q = query; @@ -2852,8 +3051,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->doing_xfr || l->xfr_q == query) { - if (msg->rcode != dns_rcode_noerror && l->origin != NULL) { - if (!next_origin(msg, query)) { + if (msg->rcode != dns_rcode_noerror && + (l->origin != NULL || l->need_search)) { + if (!next_origin(msg, query) || showsearch) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); } @@ -2887,7 +3087,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (l->trace_root) { /* - * This is the initial NS query. + * This is the initial NS query. */ int n; @@ -2902,7 +3102,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (!do_sigchase) #endif printmessage(query, msg, ISC_TRUE); - } + } #ifdef DIG_SIGCHASE if (do_sigchase) { chase_msg = isc_mem_allocate(mctx, @@ -2921,13 +3121,13 @@ recv_done(isc_task_t *task, isc_event_t *event) { isc_buffer_usedregion(b, &r); result = isc_buffer_allocate(mctx, &buf, r.length); - + check_result(result, "isc_buffer_allocate"); result = isc_buffer_copyregion(buf, &r); check_result(result, "isc_buffer_copyregion"); - + result = dns_message_parse(msg_temp, buf, 0); - + isc_buffer_free(&buf); chase_msg->msg = msg_temp; @@ -2942,11 +3142,10 @@ recv_done(isc_task_t *task, isc_event_t *event) { chase_msg2->msg = msg; } #endif - } - + #ifdef DIG_SIGCHASE - if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) { + if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) { sigchase(msg_temp); } #endif @@ -3005,7 +3204,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Turn a name into an address, using system-supplied routines. This is * used in looking up server names, etc... and needs to use system-supplied * routines, since they may be using a non-DNS system for these lookups. @@ -3024,7 +3223,7 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { INSIST(count == 1); } -/* +/*% * Initiate either a TCP or UDP lookup */ void @@ -3040,7 +3239,7 @@ do_lookup(dig_lookup_t *lookup) { send_udp(ISC_LIST_HEAD(lookup->q)); } -/* +/*% * Start everything in action upon task startup. */ void @@ -3053,7 +3252,7 @@ onrun_callback(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Make everything on the lookup queue go away. Mainly used by the * SIGINT handler. */ @@ -3097,16 +3296,19 @@ cancel_all(void) { UNLOCK_LOOKUP; } -/* +/*% * Destroy all of the libs we are using, and get everything ready for a * clean shutdown. */ void destroy_libs(void) { -#ifdef DIG_SIGCHASE +#ifdef DIG_SIGCHASE void * ptr; dig_message_t *chase_msg; #endif +#ifdef WITH_IDN + isc_result_t result; +#endif debug("destroy_libs()"); if (global_task != NULL) { @@ -3138,6 +3340,13 @@ destroy_libs(void) { flush_server_list(); clear_searchlist(); + +#ifdef WITH_IDN + result = dns_name_settotextfilter(NULL); + check_result(result, "dns_name_settotextfilter"); +#endif + dns_name_destroy(); + if (commctx != NULL) { debug("freeing commctx"); isc_mempool_destroy(&commctx); @@ -3214,8 +3423,104 @@ destroy_libs(void) { isc_mem_destroy(&mctx); } +#ifdef WITH_IDN +static void +initialize_idn(void) { + idn_result_t r; + isc_result_t result; +#ifdef HAVE_SETLOCALE + /* Set locale */ + (void)setlocale(LC_ALL, ""); +#endif + /* Create configuration context. */ + r = idn_nameinit(1); + if (r != idn_success) + fatal("idn api initialization failed: %s", + idn_result_tostring(r)); + + /* Set domain name -> text post-conversion filter. */ + result = dns_name_settotextfilter(output_filter); + check_result(result, "dns_name_settotextfilter"); +} +static isc_result_t +output_filter(isc_buffer_t *buffer, unsigned int used_org, + isc_boolean_t absolute) +{ + char tmp1[MAXDLEN], tmp2[MAXDLEN]; + size_t fromlen, tolen; + isc_boolean_t end_with_dot; + + /* + * Copy contents of 'buffer' to 'tmp1', supply trailing dot + * if 'absolute' is true, and terminate with NUL. + */ + fromlen = isc_buffer_usedlength(buffer) - used_org; + if (fromlen >= MAXDLEN) + return (ISC_R_SUCCESS); + memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); + end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; + if (absolute && !end_with_dot) { + fromlen++; + if (fromlen >= MAXDLEN) + return (ISC_R_SUCCESS); + tmp1[fromlen - 1] = '.'; + } + tmp1[fromlen] = '\0'; + + /* + * Convert contents of 'tmp1' to local encoding. + */ + if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success) + return (ISC_R_SUCCESS); + strcpy(tmp1, tmp2); + + /* + * Copy the converted contents in 'tmp1' back to 'buffer'. + * If we have appended trailing dot, remove it. + */ + tolen = strlen(tmp1); + if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') + tolen--; + + if (isc_buffer_length(buffer) < used_org + tolen) + return (ISC_R_NOSPACE); + + isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org); + memcpy(isc_buffer_used(buffer), tmp1, tolen); + isc_buffer_add(buffer, tolen); + + return (ISC_R_SUCCESS); +} + +static idn_result_t +append_textname(char *name, const char *origin, size_t namesize) { + size_t namelen = strlen(name); + size_t originlen = strlen(origin); + + /* Already absolute? */ + if (namelen > 0 && name[namelen - 1] == '.') + return idn_success; + + /* Append dot and origin */ + + if (namelen + 1 + originlen >= namesize) + return idn_buffer_overflow; + + name[namelen++] = '.'; + (void)strcpy(name + namelen, origin); + return idn_success; +} + +static void +idn_check_result(idn_result_t r, const char *msg) { + if (r != idn_success) { + exitcode = 1; + fatal("%s: %s", msg, idn_result_tostring(r)); + } +} +#endif /* WITH_IDN */ #ifdef DIG_SIGCHASE void @@ -3243,12 +3548,12 @@ void dump_database_section(dns_message_t *msg, int section) { dns_name_t *msg_name=NULL; - + dns_rdataset_t *rdataset; do { dns_message_currentname(msg, section, &msg_name); - + for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { dns_name_print(msg_name, stdout); @@ -3267,15 +3572,15 @@ dump_database(void) { for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL; msg = ISC_LIST_NEXT(msg, link)) { if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ANSWER); - + if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_AUTHORITY); if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL) - == ISC_R_SUCCESS) + == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL); } } @@ -3343,7 +3648,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { dns_rdataset_t *rdataset = NULL; dig_message_t * msg; - + for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL; msg = ISC_LIST_NEXT(msg, link)) { if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER) @@ -3436,7 +3741,7 @@ insert_trustedkey(dst_key_t * key) return; tk_list.key[tk_list.nb_tk++] = key; - return; + return; } void @@ -3459,7 +3764,7 @@ char alphnum[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; isc_result_t -removetmpkey(isc_mem_t *mctx, const char *file) +removetmpkey(isc_mem_t *mctx, const char *file) { char *tempnamekey = NULL; int tempnamekeylen; @@ -3513,14 +3818,14 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { isc_mem_free(mctx, tempname); return (ISC_R_FAILURE); } - + x = cp--; while (cp >= tempname && *cp == 'X') { isc_random_get(&which); *cp = alphnum[which % (sizeof(alphnum) - 1)]; x = cp--; } - + tempnamekeylen = tempnamelen+5; tempnamekey = isc_mem_allocate(mctx, tempnamekeylen); if (tempnamekey == NULL) @@ -3530,7 +3835,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { strlcpy(tempnamekey, tempname, tempnamelen); strlcat(tempnamekey ,".key", tempnamelen); - + if (isc_file_exists(tempnamekey)) { isc_mem_free(mctx, tempnamekey); isc_mem_free(mctx, tempname); @@ -3565,7 +3870,7 @@ get_trusted_key(isc_mem_t *mctx) char buf[1500]; FILE *fp, *fptemp; dst_key_t *key = NULL; - + result = isc_file_exists(trustedkey); if (result != ISC_TRUE) { result = isc_file_exists("/etc/trusted-key.key"); @@ -3643,11 +3948,11 @@ nameFromString(const char *str, dns_name_t *p_ret) { result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret); check_result(result, "nameFromString"); -} +} #if DIG_SIGCHASE_TD -isc_result_t +isc_result_t prepare_lookup(dns_name_t *name) { isc_result_t result; @@ -3665,7 +3970,7 @@ prepare_lookup(dns_name_t *name) lookup->rdtype = lookup->rdtype_sigchase; lookup->rdtypeset = ISC_TRUE; lookup->qrdtype = lookup->qrdtype_sigchase; - + s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", @@ -3699,11 +4004,11 @@ prepare_lookup(dns_name_t *name) dns_rdataset_current(chase_nsrdataset, &rdata); (void)dns_rdata_tostruct(&rdata, &ns, NULL); - - - + + + #ifdef __FOLLOW_GLUE__ - + result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_aaaa, dns_rdatatype_any, &true); @@ -3727,12 +4032,12 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } } - + rdataset = NULL; result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a, dns_rdatatype_any, &true); @@ -3754,28 +4059,28 @@ prepare_lookup(dns_name_t *name) isc_buffer_free(&b); dns_rdata_reset(&a); printf("ns name: %s\n", namestr); - + srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } } #else - + dns_name_format(&ns.name, namestr, sizeof(namestr)); printf("ns name: "); dns_name_print(&ns.name, stdout); printf("\n"); srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); -#endif +#endif dns_rdata_freestruct(&ns); dns_rdata_reset(&rdata); - + } ISC_LIST_APPEND(lookup_list, lookup, link); @@ -3829,10 +4134,10 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) do { dns_rdataset_current(sigrdataset, &sigrdata); - + result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL); check_result(result, "sigrdata tostruct siginfo"); - + if (dns_name_compare(&siginfo.signer, zone_name) == 0) { dns_rdata_freestruct(&siginfo); dns_rdata_reset(&sigrdata); @@ -3840,7 +4145,7 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) } dns_rdata_freestruct(&siginfo); - + } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&sigrdata); @@ -3870,7 +4175,7 @@ initialization(dns_name_t *name) return (ISC_R_SUCCESS); } -#endif +#endif void print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) @@ -3894,10 +4199,10 @@ print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) } -void +void dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) { - isc_result_t result; - + isc_result_t result; + if (dns_name_dynamic(target)) free_name(target, mctx); result = dns_name_dup(source, mctx, target); @@ -3941,12 +4246,12 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(rdataset, &rdata); INSIST(rdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); - + for (i = 0; i < tk_list.nb_tk; i++) { if (dst_key_compare(tk_list.key[i], dnsseckey) == ISC_TRUE) { @@ -3966,7 +4271,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, } } } - + dns_rdata_reset(&rdata); if (dnsseckey != NULL) dst_key_free(&dnsseckey); @@ -3996,7 +4301,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4028,22 +4333,22 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, result = dns_rdataset_first(sigrdataset); check_result(result, "empty RRSIG dataset"); dns_rdata_init(&sigrdata); - + do { dns_rdataset_current(sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL); check_result(result, "sigrdata tostruct siginfo"); - + /* * Test if the id of the DNSKEY is * the id of the DNSKEY signer's */ if (siginfo.keyid == dst_key_id(dnsseckey)) { - + result = dns_rdataset_first(rdataset); check_result(result, "empty DS dataset"); - + result = dns_dnssec_verify(name, rdataset, dnsseckey, ISC_FALSE, mctx, &sigrdata); @@ -4060,7 +4365,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, } } dns_rdata_freestruct(&siginfo); - + } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&sigrdata); @@ -4086,18 +4391,18 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_init(&dsrdata); do { dns_rdataset_current(dsrdataset, &dsrdata); - + result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL); check_result(result, "dns_rdata_tostruct for DS"); - + result = dns_rdataset_first(keyrdataset); check_result(result, "empty KEY dataset"); - dns_rdata_init(&keyrdata); + dns_rdata_init(&keyrdata); do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4112,14 +4417,14 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, result = dns_ds_buildrdata(name, &keyrdata, dsinfo.digest_type, dsbuf, &newdsrdata); - dns_rdata_freestruct(&dsinfo); + dns_rdata_freestruct(&dsinfo); if (result != ISC_R_SUCCESS) { dns_rdata_reset(&keyrdata); dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - dns_rdata_freestruct(&dsinfo); + dns_rdata_freestruct(&dsinfo); printf("Oops: impossible to build" " new DS rdata\n"); return (result); @@ -4133,7 +4438,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, printf(";; Now verify that this" " DNSKEY validates the " "DNSKEY RRset\n"); - + result = sigchase_verify_sig_key(name, keyrdataset, dnsseckey, @@ -4144,7 +4449,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - + return (result); } } else { @@ -4158,12 +4463,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dnsseckey = NULL; } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&keyrdata); - + } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS); #if 0 dns_rdata_reset(&dsrdata); WARNING #endif - + return (ISC_R_NOTFOUND); } @@ -4176,13 +4481,13 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, * ISC_R_SUCCESS: if we found the rrset * ISC_R_NOTFOUND: we do not found the rrset in cache * and we do a query on the net - * ISC_R_FAILURE: rrset not found + * ISC_R_FAILURE: rrset not found */ isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, isc_boolean_t *lookedup) -{ +{ isc_boolean_t tmplookedup; INSIST(rdataset != NULL); @@ -4257,7 +4562,7 @@ sigchase_td(dns_message_t *msg) } } - + if (have_answer) { chase_rdataset = chase_scanname_section(msg, &chase_name, @@ -4317,7 +4622,7 @@ sigchase_td(dns_message_t *msg) chase_dsrdataset, mctx); } - + if (result != ISC_R_SUCCESS) { printf("\n;; chain of trust can't be validated:" " FAILED\n\n"); @@ -4369,7 +4674,7 @@ sigchase_td(dns_message_t *msg) chase_sigrdataset = NULL; have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; - + dns_name_init(&tmp_name, NULL); result = child_of_zone(&chase_name, &chase_current_name, &tmp_name); @@ -4448,8 +4753,8 @@ sigchase_td(dns_message_t *msg) } chase_keyrdataset = NULL; chase_sigkeyrdataset = NULL; - - + + prepare_lookup(&chase_authority_name); have_response = ISC_FALSE; @@ -4545,7 +4850,7 @@ sigchase_td(dns_message_t *msg) } } -#endif +#endif #if DIG_SIGCHASE_BU @@ -4562,7 +4867,7 @@ getneededrr(dns_message_t *msg) if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER)) != ISC_R_SUCCESS) { printf(";; NO ANSWERS: %s\n", isc_result_totext(result)); - + if (chase_name.ndata == NULL) return (ISC_R_ADDRNOTAVAIL); } else { @@ -4605,7 +4910,7 @@ getneededrr(dns_message_t *msg) } INSIST(chase_sigrdataset != NULL); - + /* first find the DNSKEY name */ result = dns_rdataset_first(chase_sigrdataset); check_result(result, "empty RRSIG dataset"); @@ -4616,7 +4921,7 @@ getneededrr(dns_message_t *msg) dup_name(&siginfo.signer, &chase_signame, mctx); dns_rdata_freestruct(&siginfo); dns_rdata_reset(&sigrdata); - + /* Do we have a key? */ if (chase_keyrdataset == NULL) { result = advanced_rrsearch(&chase_keyrdataset, @@ -4685,7 +4990,7 @@ getneededrr(dns_message_t *msg) print_rdataset(&chase_signame, chase_dsrdataset, mctx); } } - + if (chase_dsrdataset != NULL) { /* * if there is no RRSIG of DS, @@ -4744,7 +5049,7 @@ sigchase_bu(dns_message_t *msg) dns_name_init(&query_name, NULL); dns_name_init(&rdata_name, NULL); nameFromString(current_lookup->textname, &query_name); - + result = prove_nx(msg, &query_name, current_lookup->rdclass, current_lookup->rdtype, &rdata_name, &rdataset, &sigrdataset); @@ -4847,7 +5152,7 @@ sigchase_bu(dns_message_t *msg) chase_sigdsrdataset = NULL; chase_siglookedup = chase_keylookedup = ISC_FALSE; chase_dslookedup = chase_sigdslookedup = ISC_FALSE; - + printf(";; Now, we want to validate the DS : recursive call\n"); sigchase(msg); return; @@ -4940,7 +5245,7 @@ prove_nx_domain(dns_message_t *msg, " validate the non-existence : FAILED\n"); return (ISC_R_FAILURE); } - + do { nsecname = NULL; dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname); @@ -5086,5 +5391,6 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class, rdataset, sigrdataset); return (ret); } + /* Never get here */ } #endif diff --git a/usr.sbin/bind/bin/dig/host.1 b/usr.sbin/bind/bin/dig/host.1 index 6ee75c97151..e0f9b482c49 100644 --- a/usr.sbin/bind/bin/dig/host.1 +++ b/usr.sbin/bind/bin/dig/host.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $ISC: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $ +.\" $ISC: host.1,v 1.14.18.14 2007/05/09 03:33:12 marka Exp $ .\" .hy 0 .ad l .\" Title: host .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ host \- DNS lookup utility .SH "SYNOPSIS" .HP 5 -\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] +\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] .SH "DESCRIPTION" .PP \fBhost\fR @@ -130,7 +130,7 @@ makes. This should mean that the name server receiving the query will not attemp \fB\-r\fR option enables \fBhost\fR -to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. +to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. .PP By default \fBhost\fR @@ -152,7 +152,7 @@ The \fB\-t\fR option is used to select the query type. \fItype\fR -can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, +can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR automatically selects an appropriate query type. By default it looks for A records, but if the \fB\-C\fR @@ -179,6 +179,32 @@ is less than one, the wait interval is set to one second. When the option is used, \fBhost\fR will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity. +.PP +The +\fB\-s\fR +option tells +\fBhost\fR +\fInot\fR +to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior. +.PP +The +\fB\-m\fR +can be used to set the memory usage debugging flags +\fIrecord\fR, +\fIusage\fR +and +\fItrace\fR. +.SH "IDN SUPPORT" +.PP +If +\fBhost\fR +has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names. +\fBhost\fR +appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the +\fBIDN_DISABLE\fR +environment variable. The IDN support is disabled if the variable is set when +\fBhost\fR +runs. .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -187,4 +213,7 @@ will effectively wait forever for a reply. The time to wait for a response will \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/usr.sbin/bind/bin/dig/host.c b/usr.sbin/bind/bin/dig/host.c index 0f487876016..329689cc691 100644 --- a/usr.sbin/bind/bin/dig/host.c +++ b/usr.sbin/bind/bin/dig/host.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,25 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */ +/* $ISC: host.c,v 1.94.18.19 2007/08/28 07:19:55 tbox Exp $ */ + +/*! \file */ #include +#include #include +#ifdef HAVE_LOCALE_H +#include +#endif + +#ifdef WITH_IDN +#include +#include +#include +#include +#endif + #include #include #include @@ -114,8 +128,8 @@ static void show_usage(void) { fputs( "Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n" -" [-R number] hostname [server]\n" -" -a is equivalent to -v -t *\n" +" [-R number] [-m flag] hostname [server]\n" +" -a is equivalent to -v -t ANY\n" " -c specifies query class for non-IN data\n" " -C compares SOA records on authoritative nameservers\n" " -d is equivalent to -v\n" @@ -124,13 +138,15 @@ show_usage(void) { " -N changes the number of dots allowed before root lookup is done\n" " -r disables recursive processing\n" " -R specifies number of retries for UDP packets\n" +" -s a SERVFAIL response should stop query\n" " -t specifies the query type\n" " -T enables TCP/IP mode\n" " -v enables verbose output\n" " -w specifies to wait forever for a reply\n" " -W specifies how long to wait for a reply\n" " -4 use IPv4 query transport only\n" -" -6 use IPv6 query transport only\n", stderr); +" -6 use IPv6 query transport only\n" +" -m set memory debugging flag (trace|record|usage)\n", stderr); exit(1); } @@ -410,8 +426,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (msg->rcode != 0) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, namestr, sizeof(namestr)); - printf("Host %s not found: %d(%s)\n", namestr, - msg->rcode, rcodetext[msg->rcode]); + printf("Host %s not found: %d(%s)\n", + (msg->rcode != dns_rcode_nxdomain) ? namestr : + query->lookup->textname, msg->rcode, + rcodetext[msg->rcode]); return (ISC_R_SUCCESS); } @@ -554,6 +572,53 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { return (result); } +static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:"; + +static void +pre_parse_args(int argc, char **argv) { + int c; + + while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) { + switch (c) { + case 'm': + memdebugging = ISC_TRUE; + if (strcasecmp("trace", isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGTRACE; + else if (!strcasecmp("record", + isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGRECORD; + else if (strcasecmp("usage", + isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGUSAGE; + break; + + case '4': break; + case '6': break; + case 'a': break; + case 'c': break; + case 'd': break; + case 'i': break; + case 'l': break; + case 'n': break; + case 'r': break; + case 's': break; + case 't': break; + case 'v': break; + case 'w': break; + case 'C': break; + case 'D': break; + case 'N': break; + case 'R': break; + case 'T': break; + case 'W': break; + default: + show_usage(); + } + } + isc_commandline_reset = ISC_TRUE; + isc_commandline_index = 1; +} + static void parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { char hostname[MXNAME]; @@ -570,8 +635,10 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { lookup = make_empty_lookup(); - while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46")) - != EOF) { + lookup->servfail_stops = ISC_FALSE; + lookup->comments = ISC_FALSE; + + while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) { switch (c) { case 'l': lookup->tcp_mode = ISC_TRUE; @@ -610,6 +677,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { lookup->rdtype != dns_rdatatype_axfr) lookup->rdtype = rdtype; lookup->rdtypeset = ISC_TRUE; +#ifdef WITH_IDN + idnoptions = 0; +#endif if (rdtype == dns_rdatatype_axfr) { /* -l -t any -v */ list_type = dns_rdatatype_any; @@ -618,6 +688,13 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { } else if (rdtype == dns_rdatatype_ixfr) { lookup->ixfr_serial = serial; list_type = rdtype; +#ifdef WITH_IDN + } else if (rdtype == dns_rdatatype_a || + rdtype == dns_rdatatype_aaaa || + rdtype == dns_rdatatype_mx) { + idnoptions = IDN_ASCCHECK; + list_type = rdtype; +#endif } else list_type = rdtype; list_addresses = ISC_FALSE; @@ -655,6 +732,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { case 'n': /* deprecated */ break; + case 'm': + /* Handled by pre_parse_args(). */ + break; case 'w': /* * The timer routines are coded such that @@ -708,6 +788,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { } else fatal("can't find IPv6 networking"); break; + case 's': + lookup->servfail_stops = ISC_TRUE; + break; } } @@ -721,7 +804,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { set_nameserver(argv[isc_commandline_index+1]); debug("server is %s", argv[isc_commandline_index+1]); listed_server = ISC_TRUE; - } + } else + check_ra = ISC_TRUE; lookup->pending = ISC_FALSE; if (get_reverse(store, sizeof(store), hostname, @@ -750,9 +834,13 @@ main(int argc, char **argv) { ISC_LIST_INIT(search_list); fatalexit = 1; +#ifdef WITH_IDN + idnoptions = IDN_ASCCHECK; +#endif debug("main()"); progname = argv[0]; + pre_parse_args(argc, argv); result = isc_app_start(); check_result(result, "isc_app_start"); setup_libs(); @@ -766,4 +854,3 @@ main(int argc, char **argv) { isc_app_finish(); return ((seen_error == 0) ? 0 : 1); } - diff --git a/usr.sbin/bind/bin/dig/host.docbook b/usr.sbin/bind/bin/dig/host.docbook index 12cecbf15b9..f8ec62fe415 100644 --- a/usr.sbin/bind/bin/dig/host.docbook +++ b/usr.sbin/bind/bin/dig/host.docbook @@ -1,11 +1,11 @@ -]> - + + - + + Jun 30, 2000 + - -Jun 30, 2000 - + + host + 1 + BIND9 + - -host -1 -BIND9 - + + host + DNS lookup utility + 2004 2005 + 2007 Internet Systems Consortium, Inc. ("ISC") @@ -46,183 +51,227 @@ - -host -DNS lookup utility - - - - - host - - - - - - - - - name - server - - - - -DESCRIPTION - -host -is a simple utility for performing DNS lookups. -It is normally used to convert names to IP addresses and vice versa. -When no arguments or options are given, -host -prints a short summary of its command line arguments and options. - - - -name is the domain name that is to be looked -up. It can also be a dotted-decimal IPv4 address or a colon-delimited -IPv6 address, in which case host will by default -perform a reverse lookup for that address. -server is an optional argument which is either -the name or IP address of the name server that host -should query instead of the server or servers listed in -/etc/resolv.conf. - - - -The (all) option is equivalent to setting the - option and asking host to make -a query of type ANY. - - - -When the option is used, host -will attempt to display the SOA records for zone -name from all the listed authoritative name -servers for that zone. The list of name servers is defined by the NS -records that are found for the zone. - - - -The option instructs to make a DNS query of class -class. This can be used to lookup Hesiod or -Chaosnet class resource records. The default class is IN (Internet). - - - -Verbose output is generated by host when the - or option is used. The two -options are equivalent. They have been provided for backwards -compatibility. In previous versions, the option -switched on debugging traces and enabled verbose -output. - - - -List mode is selected by the option. This makes -host perform a zone transfer for zone -name. Transfer the zone printing out the NS, PTR -and address records (A/AAAA). If combined with -all records will be printed. - - - -The -option specifies that reverse lookups of IPv6 addresses should -use the IP6.INT domain as defined in RFC1886. -The default is to use IP6.ARPA. - - - -The option sets the number of dots that have to be -in name for it to be considered absolute. The -default value is that defined using the ndots statement in -/etc/resolv.conf, or 1 if no ndots statement is -present. Names with fewer dots are interpreted as relative names and -will be searched for in the domains listed in the search -or domain directive in -/etc/resolv.conf. - - - -The number of UDP retries for a lookup can be changed with the - option. number indicates -how many times host will repeat a query that does -not get answered. The default number of retries is 1. If -number is negative or zero, the number of -retries will default to 1. - - - -Non-recursive queries can be made via the option. -Setting this option clears the RD — recursion -desired — bit in the query which host makes. -This should mean that the name server receiving the query will not -attempt to resolve name. The - option enables host to mimic -the behaviour of a name server by making non-recursive queries and -expecting to receive answers to those queries that are usually -referrals to other name servers. - - - -By default host uses UDP when making queries. The - option makes it use a TCP connection when querying -the name server. TCP will be automatically selected for queries that -require it, such as zone transfer (AXFR) requests. - - - -The option forces host to only -use IPv4 query transport. The option forces -host to only use IPv6 query transport. - - - -The option is used to select the query type. -type can be any recognised query type: CNAME, -NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, -host automatically selects an appropriate query -type. By default it looks for A records, but if the - option was given, queries will be made for SOA -records, and if name is a dotted-decimal IPv4 -address or colon-delimited IPv6 address, host will -query for PTR records. If a query type of IXFR is chosen the starting -serial number can be specified by appending an equal followed by the -starting serial number (e.g. -t IXFR=12345678). - - - -The time to wait for a reply can be controlled through the - and options. The - option makes host wait for -wait seconds. If wait -is less than one, the wait interval is set to one second. When the - option is used, host will -effectively wait forever for a reply. The time to wait for a response -will be set to the number of seconds given by the hardware's maximum -value for an integer quantity. - - - - - -FILES - -/etc/resolv.conf - - - - -SEE ALSO - - -dig1 -, - -named8 -. - - - - + + + host + + + + + + + + + + name + server + + + + + DESCRIPTION + + host + is a simple utility for performing DNS lookups. + It is normally used to convert names to IP addresses and vice versa. + When no arguments or options are given, + host + prints a short summary of its command line arguments and options. + + + name is the domain name that is to be + looked + up. It can also be a dotted-decimal IPv4 address or a colon-delimited + IPv6 address, in which case host will by + default + perform a reverse lookup for that address. + server is an optional argument which + is either + the name or IP address of the name server that host + should query instead of the server or servers listed in + /etc/resolv.conf. + + + + The (all) option is equivalent to setting the + option and asking host to make + a query of type ANY. + + + + When the option is used, host + will attempt to display the SOA records for zone + name from all the listed + authoritative name + servers for that zone. The list of name servers is defined by the NS + records that are found for the zone. + + + + The option instructs to make a DNS query of class + class. This can be used to lookup + Hesiod or + Chaosnet class resource records. The default class is IN (Internet). + + + + Verbose output is generated by host when + the + or option is used. The two + options are equivalent. They have been provided for backwards + compatibility. In previous versions, the option + switched on debugging traces and enabled verbose + output. + + + + List mode is selected by the option. This makes + host perform a zone transfer for zone + name. Transfer the zone printing out + the NS, PTR + and address records (A/AAAA). If combined with + all records will be printed. + + + + The + option specifies that reverse lookups of IPv6 addresses should + use the IP6.INT domain as defined in RFC1886. + The default is to use IP6.ARPA. + + + + The option sets the number of dots that have to be + in name for it to be considered + absolute. The + default value is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no ndots + statement is + present. Names with fewer dots are interpreted as relative names and + will be searched for in the domains listed in the search + or domain directive in + /etc/resolv.conf. + + + + The number of UDP retries for a lookup can be changed with the + option. number + indicates + how many times host will repeat a query + that does + not get answered. The default number of retries is 1. If + number is negative or zero, the + number of + retries will default to 1. + + + + Non-recursive queries can be made via the option. + Setting this option clears the RD — recursion + desired — bit in the query which host makes. + This should mean that the name server receiving the query will not + attempt to resolve name. The + option enables host + to mimic + the behavior of a name server by making non-recursive queries and + expecting to receive answers to those queries that are usually + referrals to other name servers. + + + + By default host uses UDP when making + queries. The + option makes it use a TCP connection when querying + the name server. TCP will be automatically selected for queries that + require it, such as zone transfer (AXFR) requests. + + + + The option forces host to only + use IPv4 query transport. The option forces + host to only use IPv6 query transport. + + + + The option is used to select the query type. + type can be any recognized query + type: CNAME, + NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, + host automatically selects an appropriate + query + type. By default it looks for A records, but if the + option was given, queries will be made for SOA + records, and if name is a + dotted-decimal IPv4 + address or colon-delimited IPv6 address, host will + query for PTR records. If a query type of IXFR is chosen the starting + serial number can be specified by appending an equal followed by the + starting serial number (e.g. -t IXFR=12345678). + + + + The time to wait for a reply can be controlled through the + and options. The + option makes host + wait for + wait seconds. If wait + is less than one, the wait interval is set to one second. When the + option is used, host + will + effectively wait forever for a reply. The time to wait for a response + will be set to the number of seconds given by the hardware's maximum + value for an integer quantity. + + + + The option tells host + not to send the query to the next nameserver + if any server responds with a SERVFAIL response, which is the + reverse of normal stub resolver behavior. + + + + The can be used to set the memory usage debugging + flags + record, usage and + trace. + + + + + IDN SUPPORT + + If host has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + host appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + host runs. + + + + + FILES + /etc/resolv.conf + + + + + SEE ALSO + + dig1 + , + + named8 + . + + + + diff --git a/usr.sbin/bind/bin/dig/host.html b/usr.sbin/bind/bin/dig/host.html index 7830a91dcd8..5ee597dc71d 100644 --- a/usr.sbin/bind/bin/dig/host.html +++ b/usr.sbin/bind/bin/dig/host.html @@ -1,5 +1,5 @@ - + host - +
-
+

Name

host — DNS lookup utility

Synopsis

-

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-4] [-6] {name} [server]

+

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

-

DESCRIPTION

-

-host -is a simple utility for performing DNS lookups. -It is normally used to convert names to IP addresses and vice versa. -When no arguments or options are given, -host -prints a short summary of its command line arguments and options. -

-

-name is the domain name that is to be looked -up. It can also be a dotted-decimal IPv4 address or a colon-delimited -IPv6 address, in which case host will by default -perform a reverse lookup for that address. -server is an optional argument which is either -the name or IP address of the name server that host -should query instead of the server or servers listed in -/etc/resolv.conf. -

-

-The -a (all) option is equivalent to setting the --v option and asking host to make -a query of type ANY. -

-

-When the -C option is used, host -will attempt to display the SOA records for zone -name from all the listed authoritative name -servers for that zone. The list of name servers is defined by the NS -records that are found for the zone. -

-

-The -c option instructs to make a DNS query of class -class. This can be used to lookup Hesiod or -Chaosnet class resource records. The default class is IN (Internet). -

-

-Verbose output is generated by host when the --d or -v option is used. The two -options are equivalent. They have been provided for backwards -compatibility. In previous versions, the -d option -switched on debugging traces and -v enabled verbose -output. -

-

-List mode is selected by the -l option. This makes -host perform a zone transfer for zone -name. Transfer the zone printing out the NS, PTR -and address records (A/AAAA). If combined with -a -all records will be printed. -

-

-The -i -option specifies that reverse lookups of IPv6 addresses should -use the IP6.INT domain as defined in RFC1886. -The default is to use IP6.ARPA. -

-

-The -N option sets the number of dots that have to be -in name for it to be considered absolute. The -default value is that defined using the ndots statement in -/etc/resolv.conf, or 1 if no ndots statement is -present. Names with fewer dots are interpreted as relative names and -will be searched for in the domains listed in the search -or domain directive in -/etc/resolv.conf. -

-

-The number of UDP retries for a lookup can be changed with the --R option. number indicates -how many times host will repeat a query that does -not get answered. The default number of retries is 1. If -number is negative or zero, the number of -retries will default to 1. -

-

-Non-recursive queries can be made via the -r option. -Setting this option clears the RD — recursion -desired — bit in the query which host makes. -This should mean that the name server receiving the query will not -attempt to resolve name. The --r option enables host to mimic -the behaviour of a name server by making non-recursive queries and -expecting to receive answers to those queries that are usually -referrals to other name servers. -

-

-By default host uses UDP when making queries. The --T option makes it use a TCP connection when querying -the name server. TCP will be automatically selected for queries that -require it, such as zone transfer (AXFR) requests. -

-

-The -4 option forces host to only -use IPv4 query transport. The -6 option forces -host to only use IPv6 query transport. -

-

-The -t option is used to select the query type. -type can be any recognised query type: CNAME, -NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, -host automatically selects an appropriate query -type. By default it looks for A records, but if the --C option was given, queries will be made for SOA -records, and if name is a dotted-decimal IPv4 -address or colon-delimited IPv6 address, host will -query for PTR records. If a query type of IXFR is chosen the starting -serial number can be specified by appending an equal followed by the -starting serial number (e.g. -t IXFR=12345678). -

-

-The time to wait for a reply can be controlled through the --W and -w options. The --W option makes host wait for -wait seconds. If wait -is less than one, the wait interval is set to one second. When the --w option is used, host will -effectively wait forever for a reply. The time to wait for a response -will be set to the number of seconds given by the hardware's maximum -value for an integer quantity. -

+

DESCRIPTION

+

host + is a simple utility for performing DNS lookups. + It is normally used to convert names to IP addresses and vice versa. + When no arguments or options are given, + host + prints a short summary of its command line arguments and options. +

+

name is the domain name that is to be + looked + up. It can also be a dotted-decimal IPv4 address or a colon-delimited + IPv6 address, in which case host will by + default + perform a reverse lookup for that address. + server is an optional argument which + is either + the name or IP address of the name server that host + should query instead of the server or servers listed in + /etc/resolv.conf. +

+

+ The -a (all) option is equivalent to setting the + -v option and asking host to make + a query of type ANY. +

+

+ When the -C option is used, host + will attempt to display the SOA records for zone + name from all the listed + authoritative name + servers for that zone. The list of name servers is defined by the NS + records that are found for the zone. +

+

+ The -c option instructs to make a DNS query of class + class. This can be used to lookup + Hesiod or + Chaosnet class resource records. The default class is IN (Internet). +

+

+ Verbose output is generated by host when + the + -d or -v option is used. The two + options are equivalent. They have been provided for backwards + compatibility. In previous versions, the -d option + switched on debugging traces and -v enabled verbose + output. +

+

+ List mode is selected by the -l option. This makes + host perform a zone transfer for zone + name. Transfer the zone printing out + the NS, PTR + and address records (A/AAAA). If combined with -a + all records will be printed. +

+

+ The -i + option specifies that reverse lookups of IPv6 addresses should + use the IP6.INT domain as defined in RFC1886. + The default is to use IP6.ARPA. +

+

+ The -N option sets the number of dots that have to be + in name for it to be considered + absolute. The + default value is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no ndots + statement is + present. Names with fewer dots are interpreted as relative names and + will be searched for in the domains listed in the search + or domain directive in + /etc/resolv.conf. +

+

+ The number of UDP retries for a lookup can be changed with the + -R option. number + indicates + how many times host will repeat a query + that does + not get answered. The default number of retries is 1. If + number is negative or zero, the + number of + retries will default to 1. +

+

+ Non-recursive queries can be made via the -r option. + Setting this option clears the RD — recursion + desired — bit in the query which host makes. + This should mean that the name server receiving the query will not + attempt to resolve name. The + -r option enables host + to mimic + the behavior of a name server by making non-recursive queries and + expecting to receive answers to those queries that are usually + referrals to other name servers. +

+

+ By default host uses UDP when making + queries. The + -T option makes it use a TCP connection when querying + the name server. TCP will be automatically selected for queries that + require it, such as zone transfer (AXFR) requests. +

+

+ The -4 option forces host to only + use IPv4 query transport. The -6 option forces + host to only use IPv6 query transport. +

+

+ The -t option is used to select the query type. + type can be any recognized query + type: CNAME, + NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, + host automatically selects an appropriate + query + type. By default it looks for A records, but if the + -C option was given, queries will be made for SOA + records, and if name is a + dotted-decimal IPv4 + address or colon-delimited IPv6 address, host will + query for PTR records. If a query type of IXFR is chosen the starting + serial number can be specified by appending an equal followed by the + starting serial number (e.g. -t IXFR=12345678). +

+

+ The time to wait for a reply can be controlled through the + -W and -w options. The + -W option makes host + wait for + wait seconds. If wait + is less than one, the wait interval is set to one second. When the + -w option is used, host + will + effectively wait forever for a reply. The time to wait for a response + will be set to the number of seconds given by the hardware's maximum + value for an integer quantity. +

+

+ The -s option tells host + not to send the query to the next nameserver + if any server responds with a SERVFAIL response, which is the + reverse of normal stub resolver behavior. +

+

+ The -m can be used to set the memory usage debugging + flags + record, usage and + trace. +

-

FILES

-

-/etc/resolv.conf -

+

IDN SUPPORT

+

+ If host has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + host appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + host runs. +

-

SEE ALSO

-

-dig(1), -named(8). -

+

FILES

+

/etc/resolv.conf +

+
+
+

SEE ALSO

+

dig(1), + named(8). +

diff --git a/usr.sbin/bind/bin/dig/include/dig/dig.h b/usr.sbin/bind/bin/dig/include/dig/dig.h index d5cab9eda83..850d7164777 100644 --- a/usr.sbin/bind/bin/dig/include/dig/dig.h +++ b/usr.sbin/bind/bin/dig/include/dig/dig.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */ +/* $ISC: dig.h,v 1.82.18.23 2007/08/28 07:19:55 tbox Exp $ */ #ifndef DIG_H #define DIG_H +/*! \file */ + #include #include @@ -38,29 +40,36 @@ #define MXSERV 20 #define MXNAME (DNS_NAME_MAXTEXT+1) #define MXRD 32 +/*% Buffer Size */ #define BUFSIZE 512 #define COMMSIZE 0xffff #ifndef RESOLV_CONF +/*% location of resolve.conf */ #define RESOLV_CONF "/etc/resolv.conf" #endif +/*% output buffer */ #define OUTPUTBUF 32767 +/*% Max RR Limit */ #define MAXRRLIMIT 0xffffffff #define MAXTIMEOUT 0xffff +/*% Max number of tries */ #define MAXTRIES 0xffffffff +/*% Max number of dots */ #define MAXNDOTS 0xffff +/*% Max number of ports */ #define MAXPORT 0xffff +/*% Max serial number */ #define MAXSERIAL 0xffffffff -/* - * Default timeout values - */ +/*% Default TCP Timeout */ #define TCP_TIMEOUT 10 +/*% Default UDP Timeout */ #define UDP_TIMEOUT 5 #define SERVER_TIMEOUT 1 #define LOOKUP_LIMIT 64 -/* +/*% * Lookup_limit is just a limiter, keeping too many lookups from being * created. It's job is mainly to prevent the program from running away * in a tight loop of constant lookups. It's value is arbitrary. @@ -90,22 +99,23 @@ typedef struct dig_message dig_message_t; typedef ISC_LIST(dig_server_t) dig_serverlist_t; typedef struct dig_searchlist dig_searchlist_t; +/*% The dig_lookup structure */ struct dig_lookup { isc_boolean_t - pending, /* Pending a successful answer */ + pending, /*%< Pending a successful answer */ waiting_connect, doing_xfr, - ns_search_only, /* dig +nssearch, host -C */ - identify, /* Append an "on server " message */ - identify_previous_line, /* Prepend a "Nameserver :" + ns_search_only, /*%< dig +nssearch, host -C */ + identify, /*%< Append an "on server " message */ + identify_previous_line, /*% Prepend a "Nameserver :" message, with newline and tab */ ignore, recurse, aaonly, adflag, cdflag, - trace, /* dig +trace */ - trace_root, /* initial query for either +trace or +nssearch */ + trace, /*% dig +trace */ + trace_root, /*% initial query for either +trace or +nssearch */ tcp_mode, ip6_int, comments, @@ -116,6 +126,8 @@ struct dig_lookup { section_additional, servfail_stops, new_search, + need_search, + done_as_is, besteffort, dnssec; #ifdef DIG_SIGCHASE @@ -130,7 +142,7 @@ isc_boolean_t sigchase; #endif #endif - char textname[MXNAME]; /* Name we're going to be looking up */ + char textname[MXNAME]; /*% Name we're going to be looking up */ char cmdline[MXNAME]; dns_rdatatype_t rdtype; dns_rdatatype_t qrdtype; @@ -162,14 +174,17 @@ isc_boolean_t sigchase; isc_uint32_t retries; int nsfound; isc_uint16_t udpsize; + isc_int16_t edns; isc_uint32_t ixfr_serial; isc_buffer_t rdatabuf; char rdatastore[MXNAME]; dst_context_t *tsigctx; isc_buffer_t *querysig; isc_uint32_t msgcounter; + dns_fixedname_t fdomain; }; +/*% The dig_query structure */ struct dig_query { dig_lookup_t *lookup; isc_boolean_t waiting_connect, @@ -200,6 +215,7 @@ struct dig_query { ISC_LINK(dig_query_t) link; isc_sockaddr_t sockaddr; isc_time_t time_sent; + isc_uint64_t byte_count; isc_buffer_t sendbuf; }; @@ -230,9 +246,10 @@ typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t; extern dig_lookuplist_t lookup_list; extern dig_serverlist_t server_list; extern dig_searchlistlist_t search_list; +extern unsigned int extrabytes; -extern isc_boolean_t have_ipv4, have_ipv6, specified_source, - usesearch, qr; +extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source, + usesearch, showsearch, qr; extern in_port_t port; extern unsigned int timeout; extern isc_mem_t *mctx; @@ -245,6 +262,8 @@ extern isc_sockaddr_t bind_address; extern char keynametext[MXNAME]; extern char keyfile[MXNAME]; extern char keysecret[MXNAME]; +extern dns_name_t *hmacname; +extern unsigned int digestbits; #ifdef DIG_SIGCHASE extern char trustedkey[MXNAME]; #endif @@ -258,6 +277,9 @@ extern isc_boolean_t debugging, memdebugging; extern char *progname; extern int tries; extern int fatalexit; +#ifdef WITH_IDN +extern int idnoptions; +#endif /* * Routines in dighost.c. @@ -281,6 +303,9 @@ check_result(isc_result_t result, const char *msg); void setup_lookup(dig_lookup_t *lookup); +void +destroy_lookup(dig_lookup_t *lookup); + void do_lookup(dig_lookup_t *lookup); @@ -346,13 +371,13 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers); -/* +/*%< * Print the final result of the lookup. */ void received(int bytes, isc_sockaddr_t *from, dig_query_t *query); -/* +/*%< * Print a message about where and when the response * was received from, like the final comment in the * output of "dig". diff --git a/usr.sbin/bind/bin/dig/nslookup.1 b/usr.sbin/bind/bin/dig/nslookup.1 index 6bb946b0e5e..d58234d32ce 100644 --- a/usr.sbin/bind/bin/dig/nslookup.1 +++ b/usr.sbin/bind/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,14 +12,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $ISC: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $ +.\" $ISC: nslookup.1,v 1.1.10.14 2007/05/16 06:11:27 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: nslookup +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -39,30 +42,34 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3 +.TP 4 1. when no arguments are given (the default name server will be used) -.TP +.TP 4 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. +.sp +.RE .PP Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.IP -.nf -nslookup \-query=hinfo \-timeout=10 -.fi +.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP -host [server] +.PP +\fBhost\fR [server] +.RS 4 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP +.RE +.PP \fBserver\fR \fIdomain\fR -.TP +.RS 4 +.RE +.PP \fBlserver\fR \fIdomain\fR +.RS 4 Change the default server to \fIdomain\fR; \fBlserver\fR @@ -70,107 +77,165 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP +.RE +.PP \fBroot\fR +.RS 4 not implemented -.TP +.RE +.PP \fBfinger\fR +.RS 4 not implemented -.TP +.RE +.PP \fBls\fR +.RS 4 not implemented -.TP +.RE +.PP \fBview\fR +.RS 4 not implemented -.TP +.RE +.PP \fBhelp\fR +.RS 4 not implemented -.TP +.RE +.PP \fB?\fR +.RS 4 not implemented -.TP +.RE +.PP \fBexit\fR +.RS 4 Exits the program. -.TP +.RE +.PP \fBset\fR \fIkeyword\fR\fI[=value]\fR +.RS 4 This command is used to change state information that affects the lookups. Valid keywords are: -.RS -.TP +.RS 4 +.PP \fBall\fR +.RS 4 Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP +.RE +.PP \fBclass=\fR\fIvalue\fR +.RS 4 Change the query class to one of: -.RS -.TP +.RS 4 +.PP \fBIN\fR +.RS 4 the Internet class -.TP +.RE +.PP \fBCH\fR +.RS 4 the Chaos class -.TP +.RE +.PP \fBHS\fR +.RS 4 the Hesiod class -.TP +.RE +.PP \fBANY\fR +.RS 4 wildcard .RE -.IP +.RE +.IP "" 4 The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP -\fB\fI[no]\fR\fR\fBdebug\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR +.RS 4 +Turn on or off the display of the full response packet and any intermediate response packets when searching. .sp (Default = nodebug; abbreviation = [no]deb) -.TP -\fB\fI[no]\fR\fR\fBd2\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBd2\fR +.RS 4 +Turn debugging mode on or off. This displays more about what nslookup is doing. .sp (Default = nod2) -.TP +.RE +.PP \fBdomain=\fR\fIname\fR +.RS 4 Sets the search list to \fIname\fR. -.TP -\fB\fI[no]\fR\fR\fBsearch\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR +.RS 4 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP +.RE +.PP \fBport=\fR\fIvalue\fR +.RS 4 Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP +.RE +.PP \fBquerytype=\fR\fIvalue\fR -.TP -\fBtype=\fIvalue\fB\fR +.RS 4 +.RE +.PP +\fBtype=\fR\fIvalue\fR +.RS 4 Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP -\fB\fI[no]\fR\fR\fBrecurse\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR +.RS 4 Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP +.RE +.PP \fBretry=\fR\fInumber\fR +.RS 4 Set the number of retries to number. -.TP +.RE +.PP \fBtimeout=\fR\fInumber\fR +.RS 4 Change the initial timeout interval for waiting for a reply to number seconds. -.TP -\fB\fI[no]\fR\fR\fBvc\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBvc\fR +.RS 4 Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP +.PP +\fB \fR\fB\fI[no]\fR\fR\fBfail\fR +.RS 4 +Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response. +.sp +(Default = nofail) +.RE +.RE +.IP "" 4 +.RE .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -182,3 +247,6 @@ Always use a virtual circuit when sending requests to the server. .SH "AUTHOR" .PP Andrew Cherenson +.SH "COPYRIGHT" +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/usr.sbin/bind/bin/dig/nslookup.c b/usr.sbin/bind/bin/dig/nslookup.c index f29890d895a..d30cc85ca81 100644 --- a/usr.sbin/bind/bin/dig/nslookup.c +++ b/usr.sbin/bind/bin/dig/nslookup.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */ +/* $ISC: nslookup.c,v 1.101.18.15 2007/08/28 07:19:55 tbox Exp $ */ #include @@ -50,7 +50,8 @@ static isc_boolean_t short_form = ISC_TRUE, comments = ISC_TRUE, section_question = ISC_TRUE, section_answer = ISC_TRUE, section_authority = ISC_TRUE, section_additional = ISC_TRUE, recurse = ISC_TRUE, - aaonly = ISC_FALSE; + aaonly = ISC_FALSE, nofail = ISC_TRUE; + static isc_boolean_t in_use = ISC_FALSE; static char defclass[MXRD] = "IN"; static char deftype[MXRD] = "A"; @@ -409,8 +410,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { char nametext[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, nametext, sizeof(nametext)); - printf("** server can't find %s: %s\n", nametext, - rcodetext[msg->rcode]); + printf("** server can't find %s: %s\n", + (msg->rcode != dns_rcode_nxdomain) ? nametext : + query->lookup->textname, rcodetext[msg->rcode]); debug("returning with rcode == 0"); return (ISC_R_SUCCESS); } @@ -618,8 +620,10 @@ setoption(char *opt) { tcpmode = ISC_FALSE; } else if (strncasecmp(opt, "deb", 3) == 0) { short_form = ISC_FALSE; + showsearch = ISC_TRUE; } else if (strncasecmp(opt, "nodeb", 5) == 0) { short_form = ISC_TRUE; + showsearch = ISC_FALSE; } else if (strncasecmp(opt, "d2", 2) == 0) { debugging = ISC_TRUE; } else if (strncasecmp(opt, "nod2", 4) == 0) { @@ -630,6 +634,10 @@ setoption(char *opt) { usesearch = ISC_FALSE; } else if (strncasecmp(opt, "sil", 3) == 0) { /* deprecation_msg = ISC_FALSE; */ + } else if (strncasecmp(opt, "fail", 3) == 0) { + nofail=ISC_FALSE; + } else if (strncasecmp(opt, "nofail", 3) == 0) { + nofail=ISC_TRUE; } else { printf("*** Invalid option: %s\n", opt); } @@ -688,6 +696,8 @@ addlookup(char *opt) { lookup->section_authority = section_authority; lookup->section_additional = section_additional; lookup->new_search = ISC_TRUE; + if (nofail) + lookup->servfail_stops = ISC_FALSE; ISC_LIST_INIT(lookup->q); ISC_LINK_INIT(lookup, link); ISC_LIST_APPEND(lookup_list, lookup, link); @@ -727,6 +737,7 @@ get_next_command(void) { (strcasecmp(ptr, "lserver") == 0)) { isc_app_block(); set_nameserver(arg); + check_ra = ISC_FALSE; isc_app_unblock(); show_settings(ISC_TRUE, ISC_TRUE); } else if (strcasecmp(ptr, "exit") == 0) { @@ -765,9 +776,10 @@ parse_args(int argc, char **argv) { have_lookup = ISC_TRUE; in_use = ISC_TRUE; addlookup(argv[0]); - } - else + } else { set_nameserver(argv[0]); + check_ra = ISC_FALSE; + } } } } @@ -843,6 +855,8 @@ main(int argc, char **argv) { ISC_LIST_INIT(server_list); ISC_LIST_INIT(search_list); + check_ra = ISC_TRUE; + result = isc_app_start(); check_result(result, "isc_app_start"); -- cgit v1.2.3