diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
commit | ea648e70a989cca190cd7403fe892fd2dcc290b4 (patch) | |
tree | e2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/rndc | |
parent | Initial commit. (diff) | |
download | bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip |
Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | bin/rndc/Makefile.in | 91 | ||||
-rw-r--r-- | bin/rndc/include/rndc/os.h | 33 | ||||
-rw-r--r-- | bin/rndc/rndc.8 | 629 | ||||
-rw-r--r-- | bin/rndc/rndc.c | 984 | ||||
-rw-r--r-- | bin/rndc/rndc.conf | 39 | ||||
-rw-r--r-- | bin/rndc/rndc.conf.5 | 234 | ||||
-rw-r--r-- | bin/rndc/rndc.conf.docbook | 241 | ||||
-rw-r--r-- | bin/rndc/rndc.conf.html | 234 | ||||
-rw-r--r-- | bin/rndc/rndc.docbook | 1014 | ||||
-rw-r--r-- | bin/rndc/rndc.html | 860 | ||||
-rw-r--r-- | bin/rndc/util.c | 51 | ||||
-rw-r--r-- | bin/rndc/util.h | 46 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.dsp.in | 107 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.dsw | 29 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.mak.in | 425 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.vcxproj.filters.in | 27 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.vcxproj.in | 113 | ||||
-rw-r--r-- | bin/rndc/win32/rndc.vcxproj.user | 3 | ||||
-rw-r--r-- | bin/rndc/win32/rndcutil.dsp.in | 119 | ||||
-rw-r--r-- | bin/rndc/win32/rndcutil.dsw | 29 | ||||
-rw-r--r-- | bin/rndc/win32/rndcutil.vcxproj.filters.in | 27 | ||||
-rw-r--r-- | bin/rndc/win32/rndcutil.vcxproj.in | 104 | ||||
-rw-r--r-- | bin/rndc/win32/rndcutil.vcxproj.user | 3 |
23 files changed, 5442 insertions, 0 deletions
diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in new file mode 100644 index 0000000..67c7b7d --- /dev/null +++ b/bin/rndc/Makefile.in @@ -0,0 +1,91 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# $Id: Makefile.in,v 1.49 2009/12/05 23:31:40 each Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +VERSION=@BIND9_VERSION@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \ + ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} + +CDEFINES = +CWARNINGS = + +ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ +ISCCCLIBS = ../../lib/isccc/libisccc.@A@ +ISCLIBS = ../../lib/isc/libisc.@A@ +ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ +DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ +BIND9LIBS = ../../lib/bind9/libbind9.@A@ + +ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ +ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ +ISCDEPLIBS = ../../lib/isc/libisc.@A@ +DNSDEPLIBS = ../../lib/dns/libdns.@A@ +BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ + +LIBS = ${ISCLIBS} @LIBS@ +NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@ + +RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS} + +CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} + +SRCS= rndc.c + +TARGETS = rndc@EXEEXT@ + +MANPAGES = rndc.8 rndc.conf.5 + +HTMLPAGES = rndc.html rndc.conf.html + +MANOBJS = ${MANPAGES} ${HTMLPAGES} + +@BIND9_MAKE_RULES@ + +rndc.@O@: rndc.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DVERSION=\"${VERSION}\" \ + -DRNDC_CONFFILE=\"${sysconfdir}/rndc.conf\" \ + -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ + -c ${srcdir}/rndc.c + +rndc@EXEEXT@: rndc.@O@ util.@O@ ${RNDCDEPLIBS} + export BASEOBJS="rndc.@O@ util.@O@"; \ + export LIBS0="${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS}"; \ + ${FINALBUILDCMD} + +doc man:: ${MANOBJS} + +docclean manclean maintainer-clean:: + rm -f ${MANOBJS} + +installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5 + +install:: rndc@EXEEXT@ installdirs + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc@EXEEXT@ ${DESTDIR}${sbindir} + ${INSTALL_DATA} ${srcdir}/rndc.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/rndc.conf.5 ${DESTDIR}${mandir}/man5 + +uninstall:: + rm -f ${DESTDIR}${mandir}/man5/rndc.conf.5 + rm -f ${DESTDIR}${mandir}/man8/rndc.8 + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/rndc@EXEEXT@ + +clean distclean maintainer-clean:: + rm -f ${TARGETS} diff --git a/bin/rndc/include/rndc/os.h b/bin/rndc/include/rndc/os.h new file mode 100644 index 0000000..6346b2b --- /dev/null +++ b/bin/rndc/include/rndc/os.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +/*! \file */ + +#ifndef RNDC_OS_H +#define RNDC_OS_H 1 + +#include <isc/lang.h> +#include <stdio.h> + +ISC_LANG_BEGINDECLS + +int set_user(FILE *fd, const char *user); +/*%< + * Set the owner of the file referenced by 'fd' to 'user'. + * Returns: + * 0 success + * -1 insufficient permissions, or 'user' does not exist. + */ + +ISC_LANG_ENDDECLS + +#endif diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 new file mode 100644 index 0000000..315a1b4 --- /dev/null +++ b/bin/rndc/rndc.8 @@ -0,0 +1,629 @@ +.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" +.hy 0 +.ad l +'\" t +.\" Title: rndc +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-08-15 +.\" Manual: BIND9 +.\" Source: ISC +.\" Language: English +.\" +.TH "RNDC" "8" "2014\-08\-15" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +rndc \- name server control utility +.SH "SYNOPSIS" +.HP \w'\fBrndc\fR\ 'u +\fBrndc\fR [\fB\-b\ \fR\fB\fIsource\-address\fR\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-q\fR] [\fB\-r\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command} +.SH "DESCRIPTION" +.PP +\fBrndc\fR +controls the operation of a name server\&. It supersedes the +\fBndc\fR +utility that was provided in old BIND releases\&. If +\fBrndc\fR +is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments\&. +.PP +\fBrndc\fR +communicates with the name server over a TCP connection, sending commands authenticated with digital signatures\&. In the current versions of +\fBrndc\fR +and +\fBnamed\fR, the only supported authentication algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384 and HMAC\-SHA512\&. They use a shared secret on each end of the connection\&. This provides TSIG\-style authentication for the command request and the name server\*(Aqs response\&. All commands sent over the channel must be signed by a key_id known to the server\&. +.PP +\fBrndc\fR +reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use\&. +.SH "OPTIONS" +.PP +\-b \fIsource\-address\fR +.RS 4 +Use +\fIsource\-address\fR +as the source address for the connection to the server\&. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses\&. +.RE +.PP +\-c \fIconfig\-file\fR +.RS 4 +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +/etc/rndc\&.conf\&. +.RE +.PP +\-k \fIkey\-file\fR +.RS 4 +Use +\fIkey\-file\fR +as the key file instead of the default, +/etc/rndc\&.key\&. The key in +/etc/rndc\&.key +will be used to authenticate commands sent to the server if the +\fIconfig\-file\fR +does not exist\&. +.RE +.PP +\-s \fIserver\fR +.RS 4 +\fIserver\fR +is the name or address of the server which matches a server statement in the configuration file for +\fBrndc\fR\&. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the +\fBrndc\fR +configuration file will be used\&. +.RE +.PP +\-p \fIport\fR +.RS 4 +Send commands to TCP port +\fIport\fR +instead of BIND 9\*(Aqs default control channel port, 953\&. +.RE +.PP +\-q +.RS 4 +Quiet mode: Message text returned by the server will not be printed except when there is an error\&. +.RE +.PP +\-r +.RS 4 +Instructs +\fBrndc\fR +to print the result code returned by +\fBnamed\fR +after executing the requested command (e\&.g\&., ISC_R_SUCCESS, ISC_R_FAILURE, etc)\&. +.RE +.PP +\-V +.RS 4 +Enable verbose logging\&. +.RE +.PP +\-y \fIkey_id\fR +.RS 4 +Use the key +\fIkey_id\fR +from the configuration file\&. +\fIkey_id\fR +must be known by +\fBnamed\fR +with the same algorithm and secret string in order for control message validation to succeed\&. If no +\fIkey_id\fR +is specified, +\fBrndc\fR +will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement\&. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers\&. It should therefore not have general read or write access\&. +.RE +.SH "COMMANDS" +.PP +A list of commands supported by +\fBrndc\fR +can be seen by running +\fBrndc\fR +without arguments\&. +.PP +Currently supported commands are: +.PP +\fBaddzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR\fB\fIconfiguration\fR\fR\fB \fR +.RS 4 +Add a zone while the server is running\&. This command requires the +\fBallow\-new\-zones\fR +option to be set to +\fByes\fR\&. The +\fIconfiguration\fR +string specified on the command line is the zone configuration text that would ordinarily be placed in +named\&.conf\&. +.sp +The configuration is saved in a file called +\fIname\fR\&.nzf, where +\fIname\fR +is the name of the view, or if it contains characters that are incompatible with use as a file name, a cryptographic hash generated from the name of the view\&. When +\fBnamed\fR +is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart\&. +.sp +This sample +\fBaddzone\fR +command would add the zone +example\&.com +to the default view: +.sp +$\fBrndc addzone example\&.com \*(Aq{ type master; file "example\&.com\&.db"; };\*(Aq\fR +.sp +(Note the brackets and semi\-colon around the zone configuration text\&.) +.sp +See also +\fBrndc delzone\fR +and +\fBrndc modzone\fR\&. +.RE +.PP +\fBdelzone \fR\fB[\-clean]\fR\fB \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR +.RS 4 +Delete a zone while the server is running\&. +.sp +If the +\fB\-clean\fR +argument is specified, the zone\*(Aqs master file (and journal file, if any) will be deleted along with the zone\&. Without the +\fB\-clean\fR +option, zone files must be cleaned up by hand\&. (If the zone is of type "slave" or "stub", the files needing to be cleaned up will be reported in the output of the +\fBrndc delzone\fR +command\&.) +.sp +If the zone was originally added via +\fBrndc addzone\fR, then it will be removed permanently\&. However, if it was originally configured in +named\&.conf, then that original configuration is still in place; when the server is restarted or reconfigured, the zone will come back\&. To remove it permanently, it must also be removed from +named\&.conf +.sp +See also +\fBrndc addzone\fR +and +\fBrndc modzone\fR\&. +.RE +.PP +\fBdnstap ( \-reopen | \-roll \fR\fB[\fInumber\fR]\fR\fB )\fR +.RS 4 +Close and re\-open DNSTAP output files\&. +\fBrndc dnstap \-reopen\fR +allows the output file to be renamed externally, so that +\fBnamed\fR +can truncate and re\-open it\&. +\fBrndc dnstap \-roll\fR +causes the output file to be rolled automatically, similar to log files; the most recent output file has "\&.0" appended to its name; the previous most recent output file is moved to "\&.1", and so on\&. If +\fInumber\fR +is specified, then the number of backup log files is limited to that number\&. +.RE +.PP +\fBdumpdb \fR\fB[\-all|\-cache|\-zones|\-adb|\-bad|\-fail]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR +.RS 4 +Dump the server\*(Aqs caches (default) and/or zones to the dump file for the specified views\&. If no view is specified, all views are dumped\&. (See the +\fBdump\-file\fR +option in the BIND 9 Administrator Reference Manual\&.) +.RE +.PP +\fBflush\fR +.RS 4 +Flushes the server\*(Aqs cache\&. +.RE +.PP +\fBflushname\fR \fIname\fR [\fIview\fR] +.RS 4 +Flushes the given name from the view\*(Aqs DNS cache and, if applicable, from the view\*(Aqs nameserver address database, bad server cache and SERVFAIL cache\&. +.RE +.PP +\fBflushtree\fR \fIname\fR [\fIview\fR] +.RS 4 +Flushes the given name, and all of its subdomains, from the view\*(Aqs DNS cache, address database, bad server cache, and SERVFAIL cache\&. +.RE +.PP +\fBfreeze \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR +.RS 4 +Suspend updates to a dynamic zone\&. If no zone is specified, then all zones are suspended\&. This allows manual edits to be made to a zone normally updated by dynamic update\&. It also causes changes in the journal file to be synced into the master file\&. All dynamic update attempts will be refused while the zone is frozen\&. +.sp +See also +\fBrndc thaw\fR\&. +.RE +.PP +\fBhalt \fR\fB[\-p]\fR +.RS 4 +Stop the server immediately\&. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted\&. If +\fB\-p\fR +is specified +\fBnamed\fR\*(Aqs process id is returned\&. This allows an external process to determine when +\fBnamed\fR +had completed halting\&. +.sp +See also +\fBrndc stop\fR\&. +.RE +.PP +\fBloadkeys \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Fetch all DNSSEC keys for the given zone from the key directory\&. If they are within their publication period, merge them into the zone\*(Aqs DNSKEY RRset\&. Unlike +\fBrndc sign\fR, however, the zone is not immediately re\-signed by the new keys, but is allowed to incrementally re\-sign over time\&. +.sp +This command requires that the +\fBauto\-dnssec\fR +zone option be set to +maintain, and also requires the zone to be configured to allow dynamic DNS\&. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details\&.) +.RE +.PP +\fBmanaged\-keys \fR\fB\fI(status | refresh | sync)\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +When run with the "status" keyword, print the current status of the managed\-keys database for the specified view, or for all views if none is specified\&. When run with the "refresh" keyword, force an immediate refresh of all the managed\-keys in the specified view, or all views\&. When run with the "sync" keyword, force an immediate dump of the managed\-keys database to disk (in the file +managed\-keys\&.bind +or (\fIviewname\fR\&.mkeys)\&. +.RE +.PP +\fBmodzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR\fB\fIconfiguration\fR\fR\fB \fR +.RS 4 +Modify the configuration of a zone while the server is running\&. This command requires the +\fBallow\-new\-zones\fR +option to be set to +\fByes\fR\&. As with +\fBaddzone\fR, the +\fIconfiguration\fR +string specified on the command line is the zone configuration text that would ordinarily be placed in +named\&.conf\&. +.sp +If the zone was originally added via +\fBrndc addzone\fR, the configuration changes will be recorded permanently and will still be in effect after the server is restarted or reconfigured\&. However, if it was originally configured in +named\&.conf, then that original configuration is still in place; when the server is restarted or reconfigured, the zone will revert to its original configuration\&. To make the changes permanent, it must also be modified in +named\&.conf +.sp +See also +\fBrndc addzone\fR +and +\fBrndc delzone\fR\&. +.RE +.PP +\fBnotify \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Resend NOTIFY messages for the zone\&. +.RE +.PP +\fBnotrace\fR +.RS 4 +Sets the server\*(Aqs debugging level to 0\&. +.sp +See also +\fBrndc trace\fR\&. +.RE +.PP +\fBnta \fR\fB[( \-class \fIclass\fR | \-dump | \-force | \-remove | \-lifetime \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR +.RS 4 +Sets a DNSSEC negative trust anchor (NTA) for +\fBdomain\fR, with a lifetime of +\fBduration\fR\&. The default lifetime is configured in +named\&.conf +via the +\fBnta\-lifetime\fR +option, and defaults to one hour\&. The lifetime cannot exceed one week\&. +.sp +A negative trust anchor selectively disables DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack\&. When data to be validated is at or below an active NTA (and above any other configured trust anchors), +\fBnamed\fR +will abort the DNSSEC validation process and treat the data as insecure rather than bogus\&. This continues until the NTA\*(Aqs lifetime is elapsed\&. +.sp +NTAs persist across restarts of the +\fBnamed\fR +server\&. The NTAs for a view are saved in a file called +\fIname\fR\&.nta, where +\fIname\fR +is the name of the view, or if it contains characters that are incompatible with use as a file name, a cryptographic hash generated from the name of the view\&. +.sp +An existing NTA can be removed by using the +\fB\-remove\fR +option\&. +.sp +An NTA\*(Aqs lifetime can be specified with the +\fB\-lifetime\fR +option\&. TTL\-style suffixes can be used to specify the lifetime in seconds, minutes, or hours\&. If the specified NTA already exists, its lifetime will be updated to the new value\&. Setting +\fBlifetime\fR +to zero is equivalent to +\fB\-remove\fR\&. +.sp +If the +\fB\-dump\fR +is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up)\&. +.sp +Normally, +\fBnamed\fR +will periodically test to see whether data below an NTA can now be validated (see the +\fBnta\-recheck\fR +option in the Administrator Reference Manual for details)\&. If data can be validated, then the NTA is regarded as no longer necessary, and will be allowed to expire early\&. The +\fB\-force\fR +overrides this behavior and forces an NTA to persist for its entire lifetime, regardless of whether data could be validated if the NTA were not present\&. +.sp +The view class can be specified with +\fB\-class\fR\&. The default is class +\fBIN\fR, which is the only class for which DNSSEC is currently supported\&. +.sp +All of these options can be shortened, i\&.e\&., to +\fB\-l\fR, +\fB\-r\fR, +\fB\-d\fR, +\fB\-f\fR, and +\fB\-c\fR\&. +.RE +.PP +\fBquerylog\fR [ on | off ] +.RS 4 +Enable or disable query logging\&. (For backward compatibility, this command can also be used without an argument to toggle query logging on and off\&.) +.sp +Query logging can also be enabled by explicitly directing the +\fBqueries\fR\fBcategory\fR +to a +\fBchannel\fR +in the +\fBlogging\fR +section of +named\&.conf +or by specifying +\fBquerylog yes;\fR +in the +\fBoptions\fR +section of +named\&.conf\&. +.RE +.PP +\fBreconfig\fR +.RS 4 +Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed\&. This is faster than a full +\fBreload\fR +when there is a large number of zones because it avoids the need to examine the modification times of the zones files\&. +.RE +.PP +\fBrecursing\fR +.RS 4 +Dump the list of queries +\fBnamed\fR +is currently recursing on, and the list of domains to which iterative queries are currently being sent\&. (The second list includes the number of fetches currently active for the given domain, and how many have been passed or dropped because of the +\fBfetches\-per\-zone\fR +option\&.) +.RE +.PP +\fBrefresh \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Schedule zone maintenance for the given zone\&. +.RE +.PP +\fBreload\fR +.RS 4 +Reload configuration file and zones\&. +.RE +.PP +\fBreload \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Reload the given zone\&. +.RE +.PP +\fBretransfer \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Retransfer the given slave zone from the master server\&. +.sp +If the zone is configured to use +\fBinline\-signing\fR, the signed version of the zone is discarded; after the retransfer of the unsigned version is complete, the signed version will be regenerated with all new signatures\&. +.RE +.PP +\fBscan\fR +.RS 4 +Scan the list of available network interfaces for changes, without performing a full +\fBreconfig\fR +or waiting for the +\fBinterface\-interval\fR +timer\&. +.RE +.PP +\fBsecroots \fR\fB[\-]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR +.RS 4 +Dump the server\*(Aqs security roots and negative trust anchors for the specified views\&. If no view is specified, all views are dumped\&. +.sp +If the first argument is "\-", then the output is returned via the +\fBrndc\fR +response channel and printed to the standard output\&. Otherwise, it is written to the secroots dump file, which defaults to +named\&.secroots, but can be overridden via the +\fBsecroots\-file\fR +option in +named\&.conf\&. +.sp +See also +\fBrndc managed\-keys\fR\&. +.RE +.PP +\fBshowzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR +.RS 4 +Print the configuration of a running zone\&. +.sp +See also +\fBrndc zonestatus\fR\&. +.RE +.PP +\fBsign \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Fetch all DNSSEC keys for the given zone from the key directory (see the +\fBkey\-directory\fR +option in the BIND 9 Administrator Reference Manual)\&. If they are within their publication period, merge them into the zone\*(Aqs DNSKEY RRset\&. If the DNSKEY RRset is changed, then the zone is automatically re\-signed with the new key set\&. +.sp +This command requires that the +\fBauto\-dnssec\fR +zone option be set to +allow +or +maintain, and also requires the zone to be configured to allow dynamic DNS\&. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details\&.) +.sp +See also +\fBrndc loadkeys\fR\&. +.RE +.PP +\fBsigning \fR\fB[( \-list | \-clear \fIkeyid/algorithm\fR | \-clear all | \-nsec3param ( \fIparameters\fR | none ) | \-serial \fIvalue\fR ) ]\fR\fB \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR +.RS 4 +List, edit, or remove the DNSSEC signing state records for the specified zone\&. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type +\fBsig\-signing\-type\fR\&. +\fBrndc signing \-list\fR +converts these records into a human\-readable form, indicating which keys are currently signing or have finished signing the zone, and which NSEC3 chains are being created or removed\&. +.sp +\fBrndc signing \-clear\fR +can remove a single key (specified in the same format that +\fBrndc signing \-list\fR +uses to display it), or all keys\&. In either case, only completed keys are removed; any record indicating that a key has not yet finished signing the zone will be retained\&. +.sp +\fBrndc signing \-nsec3param\fR +sets the NSEC3 parameters for a zone\&. This is the only supported mechanism for using NSEC3 with +\fBinline\-signing\fR +zones\&. Parameters are specified in the same format as an NSEC3PARAM resource record: hash algorithm, flags, iterations, and salt, in that order\&. +.sp +Currently, the only defined value for hash algorithm is +1, representing SHA\-1\&. The +\fBflags\fR +may be set to +0 +or +1, depending on whether you wish to set the opt\-out bit in the NSEC3 chain\&. +\fBiterations\fR +defines the number of additional times to apply the algorithm when generating an NSEC3 hash\&. The +\fBsalt\fR +is a string of data expressed in hexadecimal, a hyphen (`\-\*(Aq) if no salt is to be used, or the keyword +auto, which causes +\fBnamed\fR +to generate a random 64\-bit salt\&. +.sp +So, for example, to create an NSEC3 chain using the SHA\-1 hash algorithm, no opt\-out flag, 10 iterations, and a salt value of "FFFF", use: +\fBrndc signing \-nsec3param 1 0 10 FFFF \fR\fB\fIzone\fR\fR\&. To set the opt\-out flag, 15 iterations, and no salt, use: +\fBrndc signing \-nsec3param 1 1 15 \- \fR\fB\fIzone\fR\fR\&. +.sp +\fBrndc signing \-nsec3param none\fR +removes an existing NSEC3 chain and replaces it with NSEC\&. +.sp +\fBrndc signing \-serial value\fR +sets the serial number of the zone to value\&. If the value would cause the serial number to go backwards it will be rejected\&. The primary use is to set the serial on inline signed zones\&. +.RE +.PP +\fBstats\fR +.RS 4 +Write server statistics to the statistics file\&. (See the +\fBstatistics\-file\fR +option in the BIND 9 Administrator Reference Manual\&.) +.RE +.PP +\fBstatus\fR +.RS 4 +Display status of the server\&. Note that the number of zones includes the internal +\fBbind/CH\fR +zone and the default +\fB\&./IN\fR +hint zone if there is not an explicit root zone configured\&. +.RE +.PP +\fBstop \fR\fB[\-p]\fR +.RS 4 +Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones\&. If +\fB\-p\fR +is specified +\fBnamed\fR\*(Aqs process id is returned\&. This allows an external process to determine when +\fBnamed\fR +had completed stopping\&. +.sp +See also +\fBrndc halt\fR\&. +.RE +.PP +\fBsync \fR\fB[\-clean]\fR\fB \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR +.RS 4 +Sync changes in the journal file for a dynamic zone to the master file\&. If the "\-clean" option is specified, the journal file is also removed\&. If no zone is specified, then all zones are synced\&. +.RE +.PP +\fBthaw \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR +.RS 4 +Enable updates to a frozen dynamic zone\&. If no zone is specified, then all frozen zones are enabled\&. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed\&. After a zone is thawed, dynamic updates will no longer be refused\&. If the zone has changed and the +\fBixfr\-from\-differences\fR +option is in use, then the journal file will be updated to reflect changes in the zone\&. Otherwise, if the zone has changed, any existing journal file will be removed\&. +.sp +See also +\fBrndc freeze\fR\&. +.RE +.PP +\fBtrace\fR +.RS 4 +Increment the servers debugging level by one\&. +.RE +.PP +\fBtrace \fR\fB\fIlevel\fR\fR +.RS 4 +Sets the server\*(Aqs debugging level to an explicit value\&. +.sp +See also +\fBrndc notrace\fR\&. +.RE +.PP +\fBtsig\-delete\fR \fIkeyname\fR [\fIview\fR] +.RS 4 +Delete a given TKEY\-negotiated key from the server\&. (This does not apply to statically configured TSIG keys\&.) +.RE +.PP +\fBtsig\-list\fR +.RS 4 +List the names of all TSIG keys currently configured for use by +\fBnamed\fR +in each view\&. The list both statically configured keys and dynamic TKEY\-negotiated keys\&. +.RE +.PP +\fBvalidation ( on | off | status ) \fR\fB[\fIview \&.\&.\&.\fR]\fR\fB \fR +.RS 4 +Enable, disable, or check the current status of DNSSEC validation\&. Note +\fBdnssec\-enable\fR +also needs to be set to +\fByes\fR +or +\fBauto\fR +to be effective\&. It defaults to enabled\&. +.RE +.PP +\fBzonestatus \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Displays the current status of the given zone, including the master file name and any include files from which it was loaded, when it was most recently loaded, the current serial number, the number of nodes, whether the zone supports dynamic updates, whether the zone is DNSSEC signed, whether it uses automatic DNSSEC key management or inline signing, and the scheduled refresh or expiry times for the zone\&. +.sp +See also +\fBrndc showzone\fR\&. +.RE +.SH "LIMITATIONS" +.PP +There is currently no way to provide the shared secret for a +\fBkey_id\fR +without using the configuration file\&. +.PP +Several error messages could be clearer\&. +.SH "SEE ALSO" +.PP +\fBrndc.conf\fR(5), +\fBrndc-confgen\fR(8), +\fBnamed\fR(8), +\fBnamed.conf\fR(5), +\fBndc\fR(8), +BIND 9 Administrator Reference Manual\&. +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR +.SH "COPYRIGHT" +.br +Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c new file mode 100644 index 0000000..9eb0ce0 --- /dev/null +++ b/bin/rndc/rndc.c @@ -0,0 +1,984 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/*! \file */ + +#include <config.h> + +#include <inttypes.h> +#include <stdbool.h> +#include <stdlib.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/commandline.h> +#include <isc/file.h> +#include <isc/log.h> +#include <isc/net.h> +#include <isc/mem.h> +#include <isc/print.h> +#include <isc/random.h> +#include <isc/socket.h> +#include <isc/stdtime.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/thread.h> +#include <isc/util.h> + +#include <pk11/site.h> + +#include <isccfg/namedconf.h> + +#include <isccc/alist.h> +#include <isccc/base64.h> +#include <isccc/cc.h> +#include <isccc/ccmsg.h> +#include <isccc/result.h> +#include <isccc/sexpr.h> +#include <isccc/types.h> +#include <isccc/util.h> + +#include <dns/name.h> + +#include <bind9/getaddresses.h> + +#include "util.h" + +#define SERVERADDRS 10 + +const char *progname; +bool verbose; + +static const char *admin_conffile; +static const char *admin_keyfile; +static const char *version = VERSION; +static const char *servername = NULL; +static isc_sockaddr_t serveraddrs[SERVERADDRS]; +static isc_sockaddr_t local4, local6; +static bool local4set = false, local6set = false; +static int nserveraddrs; +static int currentaddr = 0; +static unsigned int remoteport = 0; +static isc_socketmgr_t *socketmgr = NULL; +static isc_buffer_t *databuf; +static isccc_ccmsg_t ccmsg; +static uint32_t algorithm; +static isccc_region_t secret; +static bool failed = false; +static bool c_flag = false; +static isc_mem_t *rndc_mctx; +static int sends, recvs, connects; +static char *command; +static char *args; +static char program[256]; +static isc_socket_t *sock = NULL; +static uint32_t serial; +static bool quiet = false; +static bool showresult = false; + +static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task); + +ISC_PLATFORM_NORETURN_PRE static void +usage(int status) ISC_PLATFORM_NORETURN_POST; + +static void +usage(int status) { + fprintf(stderr, "\ +Usage: %s [-b address] [-c config] [-s server] [-p port]\n\ + [-k key-file ] [-y key] [-r] [-V] command\n\ +\n\ +command is one of the following:\n\ +\n\ + addzone zone [class [view]] { zone-options }\n\ + Add zone to given view. Requires allow-new-zones option.\n\ + delzone [-clean] zone [class [view]]\n\ + Removes zone from given view.\n\ + dnstap -reopen\n\ + Close, truncate and re-open the DNSTAP output file.\n\ + dnstap -roll count\n\ + Close, rename and re-open the DNSTAP output file(s).\n\ + dumpdb [-all|-cache|-zones|-adb|-bad|-fail] [view ...]\n\ + Dump cache(s) to the dump file (named_dump.db).\n\ + flush Flushes all of the server's caches.\n\ + flush [view] Flushes the server's cache for a view.\n\ + flushname name [view]\n\ + Flush the given name from the server's cache(s)\n\ + flushtree name [view]\n\ + Flush all names under the given name from the server's cache(s)\n\ + freeze Suspend updates to all dynamic zones.\n\ + freeze zone [class [view]]\n\ + Suspend updates to a dynamic zone.\n\ + halt Stop the server without saving pending updates.\n\ + halt -p Stop the server without saving pending updates reporting\n\ + process id.\n\ + loadkeys zone [class [view]]\n\ + Update keys without signing immediately.\n\ + managed-keys refresh [class [view]]\n\ + Check trust anchor for RFC 5011 key changes\n\ + managed-keys status [class [view]]\n\ + Display RFC 5011 managed keys information\n\ + managed-keys sync [class [view]]\n\ + Write RFC 5011 managed keys to disk\n\ + modzone zone [class [view]] { zone-options }\n\ + Modify a zone's configuration.\n\ + Requires allow-new-zones option.\n\ + notify zone [class [view]]\n\ + Resend NOTIFY messages for the zone.\n\ + notrace Set debugging level to 0.\n\ + nta -dump\n\ + List all negative trust anchors.\n\ + nta [-lifetime duration] [-force] domain [view]\n\ + Set a negative trust anchor, disabling DNSSEC validation\n\ + for the given domain.\n\ + Using -lifetime specifies the duration of the NTA, up\n\ + to one week.\n\ + Using -force prevents the NTA from expiring before its\n\ + full lifetime, even if the domain can validate sooner.\n\ + nta -remove domain [view]\n\ + Remove a negative trust anchor, re-enabling validation\n\ + for the given domain.\n\ + querylog [ on | off ]\n\ + Enable / disable query logging.\n\ + reconfig Reload configuration file and new zones only.\n\ + recursing Dump the queries that are currently recursing (named.recursing)\n\ + refresh zone [class [view]]\n\ + Schedule immediate maintenance for a zone.\n\ + reload Reload configuration file and zones.\n\ + reload zone [class [view]]\n\ + Reload a single zone.\n\ + retransfer zone [class [view]]\n\ + Retransfer a single zone without checking serial number.\n\ + scan Scan available network interfaces for changes.\n\ + secroots [view ...]\n\ + Write security roots to the secroots file.\n\ + showzone zone [class [view]]\n\ + Print a zone's configuration.\n\ + sign zone [class [view]]\n\ + Update zone keys, and sign as needed.\n\ + signing -clear all zone [class [view]]\n\ + Remove the private records for all keys that have\n\ + finished signing the given zone.\n\ + signing -clear <keyid>/<algorithm> zone [class [view]]\n\ + Remove the private record that indicating the given key\n\ + has finished signing the given zone.\n\ + signing -list zone [class [view]]\n\ + List the private records showing the state of DNSSEC\n\ + signing in the given zone.\n\ + signing -nsec3param hash flags iterations salt zone [class [view]]\n\ + Add NSEC3 chain to zone if already signed.\n\ + Prime zone with NSEC3 chain if not yet signed.\n\ + signing -nsec3param none zone [class [view]]\n\ + Remove NSEC3 chains from zone.\n\ + signing -serial <value> zone [class [view]]\n\ + Set the zones's serial to <value>.\n\ + stats Write server statistics to the statistics file.\n\ + status Display status of the server.\n\ + stop Save pending updates to master files and stop the server.\n\ + stop -p Save pending updates to master files and stop the server\n\ + reporting process id.\n\ + sync [-clean] Dump changes to all dynamic zones to disk, and optionally\n\ + remove their journal files.\n\ + sync [-clean] zone [class [view]]\n\ + Dump a single zone's changes to disk, and optionally\n\ + remove its journal file.\n\ + thaw Enable updates to all dynamic zones and reload them.\n\ + thaw zone [class [view]]\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ + trace Increment debugging level by one.\n\ + trace level Change the debugging level.\n\ + tsig-delete keyname [view]\n\ + Delete a TKEY-negotiated TSIG key.\n\ + tsig-list List all currently active TSIG keys, including both statically\n\ + configured and TKEY-negotiated keys.\n\ + validation [ yes | no | status ] [view]\n\ + Enable / disable DNSSEC validation.\n\ + zonestatus zone [class [view]]\n\ + Display the current status of a zone.\n\ +\n\ +Version: %s\n", + progname, version); + + exit(status); +} + +static void +get_addresses(const char *host, in_port_t port) { + isc_result_t result; + int found = 0, count; + + if (*host == '/') { + result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs], + host); + if (result == ISC_R_SUCCESS) + nserveraddrs++; + } else { + count = SERVERADDRS - nserveraddrs; + result = bind9_getaddresses(host, port, + &serveraddrs[nserveraddrs], + count, &found); + nserveraddrs += found; + } + if (result != ISC_R_SUCCESS) + fatal("couldn't get address for '%s': %s", + host, isc_result_totext(result)); + INSIST(nserveraddrs > 0); +} + +static void +rndc_senddone(isc_task_t *task, isc_event_t *event) { + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + + UNUSED(task); + + sends--; + if (sevent->result != ISC_R_SUCCESS) + fatal("send failed: %s", isc_result_totext(sevent->result)); + isc_event_free(&event); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } +} + +static void +rndc_recvdone(isc_task_t *task, isc_event_t *event) { + isccc_sexpr_t *response = NULL; + isccc_sexpr_t *data; + isccc_region_t source; + char *errormsg = NULL; + char *textmsg = NULL; + isc_result_t result; + + recvs--; + + if (ccmsg.result == ISC_R_EOF) + fatal("connection to remote host closed\n" + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not synchronized, or\n" + "* the key is invalid."); + + if (ccmsg.result != ISC_R_SUCCESS) + fatal("recv failed: %s", isc_result_totext(ccmsg.result)); + + source.rstart = isc_buffer_base(&ccmsg.buffer); + source.rend = isc_buffer_used(&ccmsg.buffer); + + DO("parse message", + isccc_cc_fromwire(&source, &response, algorithm, &secret)); + + data = isccc_alist_lookup(response, "_data"); + if (!isccc_alist_alistp(data)) + fatal("bad or missing data section in response"); + result = isccc_cc_lookupstring(data, "err", &errormsg); + if (result == ISC_R_SUCCESS) { + failed = true; + fprintf(stderr, "%s: '%s' failed: %s\n", + progname, command, errormsg); + } + else if (result != ISC_R_NOTFOUND) + fprintf(stderr, "%s: parsing response failed: %s\n", + progname, isc_result_totext(result)); + + result = isccc_cc_lookupstring(data, "text", &textmsg); + if (result == ISC_R_SUCCESS) { + if ((!quiet || failed) && strlen(textmsg) != 0U) + fprintf(failed ? stderr : stdout, "%s\n", textmsg); + } else if (result != ISC_R_NOTFOUND) + fprintf(stderr, "%s: parsing response failed: %s\n", + progname, isc_result_totext(result)); + + if (showresult) { + isc_result_t eresult; + + result = isccc_cc_lookupuint32(data, "result", &eresult); + if (result == ISC_R_SUCCESS) + printf("%s %u\n", isc_result_toid(eresult), eresult); + else + printf("NONE -1\n"); + } + + isc_event_free(&event); + isccc_sexpr_free(&response); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } +} + +static void +rndc_recvnonce(isc_task_t *task, isc_event_t *event) { + isccc_sexpr_t *response = NULL; + isccc_sexpr_t *_ctrl; + isccc_region_t source; + isc_result_t result; + uint32_t nonce; + isccc_sexpr_t *request = NULL; + isccc_time_t now; + isc_region_t r; + isccc_sexpr_t *data; + isc_buffer_t b; + + recvs--; + + if (ccmsg.result == ISC_R_EOF) + fatal("connection to remote host closed\n" + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not synchronized,\n" + "* the key signing algorithm is incorrect, or\n" + "* the key is invalid."); + + if (ccmsg.result != ISC_R_SUCCESS) + fatal("recv failed: %s", isc_result_totext(ccmsg.result)); + + source.rstart = isc_buffer_base(&ccmsg.buffer); + source.rend = isc_buffer_used(&ccmsg.buffer); + + DO("parse message", + isccc_cc_fromwire(&source, &response, algorithm, &secret)); + + _ctrl = isccc_alist_lookup(response, "_ctrl"); + if (!isccc_alist_alistp(_ctrl)) + fatal("bad or missing ctrl section in response"); + nonce = 0; + if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) + nonce = 0; + + isc_stdtime_get(&now); + + DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, + now, now + 60, &request)); + data = isccc_alist_lookup(request, "_data"); + if (data == NULL) + fatal("_data section missing"); + if (isccc_cc_definestring(data, "type", args) == NULL) + fatal("out of memory"); + if (nonce != 0) { + _ctrl = isccc_alist_lookup(request, "_ctrl"); + if (_ctrl == NULL) + fatal("_ctrl section missing"); + if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) + fatal("out of memory"); + } + + isc_buffer_clear(databuf); + /* Skip the length field (4 bytes) */ + isc_buffer_add(databuf, 4); + + DO("render message", + isccc_cc_towire(request, &databuf, algorithm, &secret)); + + isc_buffer_init(&b, databuf->base, 4); + isc_buffer_putuint32(&b, databuf->used - 4); + + r.base = databuf->base; + r.length = databuf->used; + + isccc_ccmsg_cancelread(&ccmsg); + DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, + rndc_recvdone, NULL)); + recvs++; + DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, + NULL)); + sends++; + + isc_event_free(&event); + isccc_sexpr_free(&response); + isccc_sexpr_free(&request); + return; +} + +static void +rndc_connected(isc_task_t *task, isc_event_t *event) { + char socktext[ISC_SOCKADDR_FORMATSIZE]; + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + isccc_sexpr_t *request = NULL; + isccc_sexpr_t *data; + isccc_time_t now; + isc_region_t r; + isc_buffer_t b; + isc_result_t result; + + connects--; + + if (sevent->result != ISC_R_SUCCESS) { + isc_sockaddr_format(&serveraddrs[currentaddr], socktext, + sizeof(socktext)); + if (sevent->result != ISC_R_CANCELED && + ++currentaddr < nserveraddrs) + { + notify("connection failed: %s: %s", socktext, + isc_result_totext(sevent->result)); + isc_socket_detach(&sock); + isc_event_free(&event); + rndc_startconnect(&serveraddrs[currentaddr], task); + return; + } else + fatal("connect failed: %s: %s", socktext, + isc_result_totext(sevent->result)); + } + + isc_stdtime_get(&now); + DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, + now, now + 60, &request)); + data = isccc_alist_lookup(request, "_data"); + if (data == NULL) + fatal("_data section missing"); + if (isccc_cc_definestring(data, "type", "null") == NULL) + fatal("out of memory"); + + isc_buffer_clear(databuf); + /* Skip the length field (4 bytes) */ + isc_buffer_add(databuf, 4); + + DO("render message", + isccc_cc_towire(request, &databuf, algorithm, &secret)); + + isc_buffer_init(&b, databuf->base, 4); + isc_buffer_putuint32(&b, databuf->used - 4); + + r.base = databuf->base; + r.length = databuf->used; + + isccc_ccmsg_init(rndc_mctx, sock, &ccmsg); + isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024); + + DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, + rndc_recvnonce, NULL)); + recvs++; + DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, + NULL)); + sends++; + isc_event_free(&event); + isccc_sexpr_free(&request); +} + +static void +rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { + isc_result_t result; + int pf; + isc_sockettype_t type; + + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(addr, socktext, sizeof(socktext)); + + notify("using server %s (%s)", servername, socktext); + + pf = isc_sockaddr_pf(addr); + if (pf == AF_INET || pf == AF_INET6) + type = isc_sockettype_tcp; + else + type = isc_sockettype_unix; + DO("create socket", isc_socket_create(socketmgr, pf, type, &sock)); + switch (isc_sockaddr_pf(addr)) { + case AF_INET: + DO("bind socket", isc_socket_bind(sock, &local4, 0)); + break; + case AF_INET6: + DO("bind socket", isc_socket_bind(sock, &local6, 0)); + break; + default: + break; + } + DO("connect", isc_socket_connect(sock, addr, task, rndc_connected, + NULL)); + connects++; +} + +static void +rndc_start(isc_task_t *task, isc_event_t *event) { + isc_event_free(&event); + + currentaddr = 0; + rndc_startconnect(&serveraddrs[currentaddr], task); +} + +static void +parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, + cfg_parser_t **pctxp, cfg_obj_t **configp) +{ + isc_result_t result; + const char *conffile = admin_conffile; + const cfg_obj_t *addresses = NULL; + const cfg_obj_t *defkey = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *servers = NULL; + const cfg_obj_t *server = NULL; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *key = NULL; + const cfg_obj_t *defport = NULL; + const cfg_obj_t *secretobj = NULL; + const cfg_obj_t *algorithmobj = NULL; + cfg_obj_t *config = NULL; + const cfg_obj_t *address = NULL; + const cfg_listelt_t *elt; + const char *secretstr; + const char *algorithmstr; + static char secretarray[1024]; + const cfg_type_t *conftype = &cfg_type_rndcconf; + bool key_only = false; + const cfg_listelt_t *element; + + if (! isc_file_exists(conffile)) { + conffile = admin_keyfile; + conftype = &cfg_type_rndckey; + + if (c_flag) + fatal("%s does not exist", admin_conffile); + + if (! isc_file_exists(conffile)) + fatal("neither %s nor %s was found", + admin_conffile, admin_keyfile); + key_only = true; + } else if (! c_flag && isc_file_exists(admin_keyfile)) { + fprintf(stderr, "WARNING: key file (%s) exists, but using " + "default configuration file (%s)\n", + admin_keyfile, admin_conffile); + } + + DO("create parser", cfg_parser_create(mctx, log, pctxp)); + + /* + * The parser will output its own errors, so DO() is not used. + */ + result = cfg_parse_file(*pctxp, conffile, conftype, &config); + if (result != ISC_R_SUCCESS) + fatal("could not load rndc configuration"); + + if (!key_only) + (void)cfg_map_get(config, "options", &options); + + if (key_only && servername == NULL) + servername = "127.0.0.1"; + else if (servername == NULL && options != NULL) { + const cfg_obj_t *defserverobj = NULL; + (void)cfg_map_get(options, "default-server", &defserverobj); + if (defserverobj != NULL) + servername = cfg_obj_asstring(defserverobj); + } + + if (servername == NULL) + fatal("no server specified and no default"); + + if (!key_only) { + (void)cfg_map_get(config, "server", &servers); + if (servers != NULL) { + for (elt = cfg_list_first(servers); + elt != NULL; + elt = cfg_list_next(elt)) + { + const char *name; + server = cfg_listelt_value(elt); + name = cfg_obj_asstring(cfg_map_getname(server)); + if (strcasecmp(name, servername) == 0) + break; + server = NULL; + } + } + } + + /* + * Look for the name of the key to use. + */ + if (keyname != NULL) + ; /* Was set on command line, do nothing. */ + else if (server != NULL) { + DO("get key for server", cfg_map_get(server, "key", &defkey)); + keyname = cfg_obj_asstring(defkey); + } else if (options != NULL) { + DO("get default key", cfg_map_get(options, "default-key", + &defkey)); + keyname = cfg_obj_asstring(defkey); + } else if (!key_only) + fatal("no key for server and no default"); + + /* + * Get the key's definition. + */ + if (key_only) + DO("get key", cfg_map_get(config, "key", &key)); + else { + DO("get config key list", cfg_map_get(config, "key", &keys)); + for (elt = cfg_list_first(keys); + elt != NULL; + elt = cfg_list_next(elt)) + { + key = cfg_listelt_value(elt); + if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)), + keyname) == 0) + break; + } + if (elt == NULL) + fatal("no key definition for name %s", keyname); + } + (void)cfg_map_get(key, "secret", &secretobj); + (void)cfg_map_get(key, "algorithm", &algorithmobj); + if (secretobj == NULL || algorithmobj == NULL) + fatal("key must have algorithm and secret"); + + secretstr = cfg_obj_asstring(secretobj); + algorithmstr = cfg_obj_asstring(algorithmobj); + +#ifndef PK11_MD5_DISABLE + if (strcasecmp(algorithmstr, "hmac-md5") == 0) + algorithm = ISCCC_ALG_HMACMD5; + else +#endif + if (strcasecmp(algorithmstr, "hmac-sha1") == 0) + algorithm = ISCCC_ALG_HMACSHA1; + else if (strcasecmp(algorithmstr, "hmac-sha224") == 0) + algorithm = ISCCC_ALG_HMACSHA224; + else if (strcasecmp(algorithmstr, "hmac-sha256") == 0) + algorithm = ISCCC_ALG_HMACSHA256; + else if (strcasecmp(algorithmstr, "hmac-sha384") == 0) + algorithm = ISCCC_ALG_HMACSHA384; + else if (strcasecmp(algorithmstr, "hmac-sha512") == 0) + algorithm = ISCCC_ALG_HMACSHA512; + else + fatal("unsupported algorithm: %s", algorithmstr); + + secret.rstart = (unsigned char *)secretarray; + secret.rend = (unsigned char *)secretarray + sizeof(secretarray); + DO("decode base64 secret", isccc_base64_decode(secretstr, &secret)); + secret.rend = secret.rstart; + secret.rstart = (unsigned char *)secretarray; + + /* + * Find the port to connect to. + */ + if (remoteport != 0) + ; /* Was set on command line, do nothing. */ + else { + if (server != NULL) + (void)cfg_map_get(server, "port", &defport); + if (defport == NULL && options != NULL) + (void)cfg_map_get(options, "default-port", &defport); + } + if (defport != NULL) { + remoteport = cfg_obj_asuint32(defport); + if (remoteport > 65535 || remoteport == 0) + fatal("port %u out of range", remoteport); + } else if (remoteport == 0) + remoteport = NS_CONTROL_PORT; + + if (server != NULL) + result = cfg_map_get(server, "addresses", &addresses); + else + result = ISC_R_NOTFOUND; + if (result == ISC_R_SUCCESS) { + for (element = cfg_list_first(addresses); + element != NULL; + element = cfg_list_next(element)) + { + isc_sockaddr_t sa; + + address = cfg_listelt_value(element); + if (!cfg_obj_issockaddr(address)) { + unsigned int myport; + const char *name; + const cfg_obj_t *obj; + + obj = cfg_tuple_get(address, "name"); + name = cfg_obj_asstring(obj); + obj = cfg_tuple_get(address, "port"); + if (cfg_obj_isuint32(obj)) { + myport = cfg_obj_asuint32(obj); + if (myport > UINT16_MAX || + myport == 0) + fatal("port %u out of range", + myport); + } else + myport = remoteport; + if (nserveraddrs < SERVERADDRS) + get_addresses(name, (in_port_t) myport); + else + fprintf(stderr, "too many address: " + "%s: dropped\n", name); + continue; + } + sa = *cfg_obj_assockaddr(address); + if (isc_sockaddr_getport(&sa) == 0) + isc_sockaddr_setport(&sa, remoteport); + if (nserveraddrs < SERVERADDRS) + serveraddrs[nserveraddrs++] = sa; + else { + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(&sa, socktext, + sizeof(socktext)); + fprintf(stderr, + "too many address: %s: dropped\n", + socktext); + } + } + } + + if (!local4set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = true; + } + } + if (!local4set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = true; + } + } + + if (!local6set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = true; + } + } + if (!local6set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = true; + } + } + + *configp = config; +} + +int +main(int argc, char **argv) { + isc_result_t result = ISC_R_SUCCESS; + bool show_final_mem = false; + isc_taskmgr_t *taskmgr = NULL; + isc_task_t *task = NULL; + isc_log_t *log = NULL; + isc_logconfig_t *logconfig = NULL; + isc_logdestination_t logdest; + cfg_parser_t *pctx = NULL; + cfg_obj_t *config = NULL; + const char *keyname = NULL; + struct in_addr in; + struct in6_addr in6; + char *p; + size_t argslen; + int ch; + int i; + + result = isc_file_progname(*argv, program, sizeof(program)); + if (result != ISC_R_SUCCESS) + memmove(program, "rndc", 5); + progname = program; + + admin_conffile = RNDC_CONFFILE; + admin_keyfile = RNDC_KEYFILE; + + isc_sockaddr_any(&local4); + isc_sockaddr_any6(&local6); + + result = isc_app_start(); + if (result != ISC_R_SUCCESS) + fatal("isc_app_start() failed: %s", isc_result_totext(result)); + + isc_commandline_errprint = false; + + while ((ch = isc_commandline_parse(argc, argv, "b:c:hk:Mmp:qrs:Vy:")) + != -1) { + switch (ch) { + case 'b': + if (inet_pton(AF_INET, isc_commandline_argument, + &in) == 1) { + isc_sockaddr_fromin(&local4, &in, 0); + local4set = true; + } else if (inet_pton(AF_INET6, isc_commandline_argument, + &in6) == 1) { + isc_sockaddr_fromin6(&local6, &in6, 0); + local6set = true; + } + break; + + case 'c': + admin_conffile = isc_commandline_argument; + c_flag = true; + break; + + case 'k': + admin_keyfile = isc_commandline_argument; + break; + + case 'M': + isc_mem_debugging = ISC_MEM_DEBUGTRACE; + break; + + case 'm': + show_final_mem = true; + break; + + case 'p': + remoteport = atoi(isc_commandline_argument); + if (remoteport > 65535 || remoteport == 0) + fatal("port '%s' out of range", + isc_commandline_argument); + break; + + case 'q': + quiet = true; + break; + + case 'r': + showresult = true; + break; + + case 's': + servername = isc_commandline_argument; + break; + + case 'V': + verbose = true; + break; + + case 'y': + keyname = isc_commandline_argument; + break; + + case '?': + if (isc_commandline_option != '?') { + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); + usage(1); + } + /* FALLTHROUGH */ + case 'h': + usage(0); + break; + default: + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); + } + } + + argc -= isc_commandline_index; + argv += isc_commandline_index; + + if (argc < 1) + usage(1); + + isc_random_get(&serial); + + DO("create memory context", isc_mem_create(0, 0, &rndc_mctx)); + DO("create socket manager", isc_socketmgr_create(rndc_mctx, &socketmgr)); + DO("create task manager", isc_taskmgr_create(rndc_mctx, 1, 0, &taskmgr)); + DO("create task", isc_task_create(taskmgr, 0, &task)); + + DO("create logging context", isc_log_create(rndc_mctx, &log, &logconfig)); + isc_log_setcontext(log); + DO("setting log tag", isc_log_settag(logconfig, progname)); + logdest.file.stream = stderr; + logdest.file.name = NULL; + logdest.file.versions = ISC_LOG_ROLLNEVER; + logdest.file.maximum_size = 0; + DO("creating log channel", + isc_log_createchannel(logconfig, "stderr", + ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, + ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL)); + DO("enabling log channel", isc_log_usechannel(logconfig, "stderr", + NULL, NULL)); + + parse_config(rndc_mctx, log, keyname, &pctx, &config); + + isccc_result_register(); + + command = *argv; + + DO("allocate data buffer", + isc_buffer_allocate(rndc_mctx, &databuf, 2048)); + + /* + * Convert argc/argv into a space-delimited command string + * similar to what the user might enter in interactive mode + * (if that were implemented). + */ + argslen = 0; + for (i = 0; i < argc; i++) + argslen += strlen(argv[i]) + 1; + + args = isc_mem_get(rndc_mctx, argslen); + if (args == NULL) + DO("isc_mem_get", ISC_R_NOMEMORY); + + p = args; + for (i = 0; i < argc; i++) { + size_t len = strlen(argv[i]); + memmove(p, argv[i], len); + p += len; + *p++ = ' '; + } + + p--; + *p++ = '\0'; + INSIST(p == args + argslen); + + notify("%s", command); + + if (strcmp(command, "restart") == 0) + fatal("'%s' is not implemented", command); + + if (nserveraddrs == 0) + get_addresses(servername, (in_port_t) remoteport); + + DO("post event", isc_app_onrun(rndc_mctx, task, rndc_start, NULL)); + + result = isc_app_run(); + if (result != ISC_R_SUCCESS) + fatal("isc_app_run() failed: %s", isc_result_totext(result)); + + if (connects > 0 || sends > 0 || recvs > 0) + isc_socket_cancel(sock, task, ISC_SOCKCANCEL_ALL); + + isc_task_detach(&task); + isc_taskmgr_destroy(&taskmgr); + isc_socketmgr_destroy(&socketmgr); + isc_log_destroy(&log); + isc_log_setcontext(NULL); + + cfg_obj_destroy(pctx, &config); + cfg_parser_destroy(&pctx); + + isc_mem_put(rndc_mctx, args, argslen); + isccc_ccmsg_invalidate(&ccmsg); + + dns_name_destroy(); + + isc_buffer_free(&databuf); + + if (show_final_mem) + isc_mem_stats(rndc_mctx, stderr); + + isc_mem_destroy(&rndc_mctx); + + if (failed) + return (1); + + return (0); +} diff --git a/bin/rndc/rndc.conf b/bin/rndc/rndc.conf new file mode 100644 index 0000000..6800331 --- /dev/null +++ b/bin/rndc/rndc.conf @@ -0,0 +1,39 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Sample rndc configuration file. + */ + +options { + default-server localhost; + default-key "key"; +}; + +server localhost { + key "key"; +}; + +key "cc64b3d1db63fc88d7cb5d2f9f57d258" { + algorithm hmac-sha256; + secret "34f88008d07deabbe65bd01f1d233d47"; +}; + +server "test1" { + key "cc64b3d1db63fc88d7cb5d2f9f57d258"; + port 5353; + addresses { 10.53.0.1; }; +}; + +key "key" { + algorithm hmac-sha256; + secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; +}; diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 new file mode 100644 index 0000000..056ea6c --- /dev/null +++ b/bin/rndc/rndc.conf.5 @@ -0,0 +1,234 @@ +.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" +.hy 0 +.ad l +'\" t +.\" Title: rndc.conf +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2013-03-14 +.\" Manual: BIND9 +.\" Source: ISC +.\" Language: English +.\" +.TH "RNDC\&.CONF" "5" "2013\-03\-14" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +rndc.conf \- rndc configuration file +.SH "SYNOPSIS" +.HP \w'\fBrndc\&.conf\fR\ 'u +\fBrndc\&.conf\fR +.SH "DESCRIPTION" +.PP +rndc\&.conf +is the configuration file for +\fBrndc\fR, the BIND 9 name server control utility\&. This file has a similar structure and syntax to +named\&.conf\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: +.PP +C style: /* */ +.PP +C++ style: // to end of line +.PP +Unix style: # to end of line +.PP +rndc\&.conf +is much simpler than +named\&.conf\&. The file uses three statements: an options statement, a server statement and a key statement\&. +.PP +The +\fBoptions\fR +statement contains five clauses\&. The +\fBdefault\-server\fR +clause is followed by the name or address of a name server\&. This host will be used when no name server is given as an argument to +\fBrndc\fR\&. The +\fBdefault\-key\fR +clause is followed by the name of a key which is identified by a +\fBkey\fR +statement\&. If no +\fBkeyid\fR +is provided on the rndc command line, and no +\fBkey\fR +clause is found in a matching +\fBserver\fR +statement, this default key will be used to authenticate the server\*(Aqs commands and responses\&. The +\fBdefault\-port\fR +clause is followed by the port to connect to on the remote name server\&. If no +\fBport\fR +option is provided on the rndc command line, and no +\fBport\fR +clause is found in a matching +\fBserver\fR +statement, this default port will be used to connect\&. The +\fBdefault\-source\-address\fR +and +\fBdefault\-source\-address\-v6\fR +clauses which can be used to set the IPv4 and IPv6 source addresses respectively\&. +.PP +After the +\fBserver\fR +keyword, the server statement includes a string which is the hostname or address for a name server\&. The statement has three possible clauses: +\fBkey\fR, +\fBport\fR +and +\fBaddresses\fR\&. The key name must match the name of a key statement in the file\&. The port number specifies the port to connect to\&. If an +\fBaddresses\fR +clause is supplied these addresses will be used instead of the server name\&. Each address can take an optional port\&. If an +\fBsource\-address\fR +or +\fBsource\-address\-v6\fR +of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively\&. +.PP +The +\fBkey\fR +statement begins with an identifying string, the name of the key\&. The statement has two clauses\&. +\fBalgorithm\fR +identifies the authentication algorithm for +\fBrndc\fR +to use; currently only HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384 and HMAC\-SHA512 are supported\&. This is followed by a secret clause which contains the base\-64 encoding of the algorithm\*(Aqs authentication key\&. The base\-64 string is enclosed in double quotes\&. +.PP +There are two common ways to generate the base\-64 string for the secret\&. The BIND 9 program +\fBrndc\-confgen\fR +can be used to generate a random key, or the +\fBmmencode\fR +program, also known as +\fBmimencode\fR, can be used to generate a base\-64 string from known input\&. +\fBmmencode\fR +does not ship with BIND 9 but is available on many systems\&. See the EXAMPLE section for sample command lines for each\&. +.SH "EXAMPLE" +.PP +.if n \{\ +.RS 4 +.\} +.nf + options { + default\-server localhost; + default\-key samplekey; + }; +.fi +.if n \{\ +.RE +.\} +.PP +.if n \{\ +.RS 4 +.\} +.nf + server localhost { + key samplekey; + }; +.fi +.if n \{\ +.RE +.\} +.PP +.if n \{\ +.RS 4 +.\} +.nf + server testserver { + key testkey; + addresses { localhost port 5353; }; + }; +.fi +.if n \{\ +.RE +.\} +.PP +.if n \{\ +.RS 4 +.\} +.nf + key samplekey { + algorithm hmac\-sha256; + secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz"; + }; +.fi +.if n \{\ +.RE +.\} +.PP +.if n \{\ +.RS 4 +.\} +.nf + key testkey { + algorithm hmac\-sha256; + secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; + }; +.fi +.if n \{\ +.RE +.\} +.PP +In the above example, +\fBrndc\fR +will by default use the server at localhost (127\&.0\&.0\&.1) and the key called samplekey\&. Commands to the localhost server will use the samplekey key, which must also be defined in the server\*(Aqs configuration file with the same name and secret\&. The key statement indicates that samplekey uses the HMAC\-SHA256 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-SHA256 secret enclosed in double quotes\&. +.PP +If +\fBrndc \-s testserver\fR +is used then +\fBrndc\fR +will connect to server on localhost port 5353 using the key testkey\&. +.PP +To generate a random secret with +\fBrndc\-confgen\fR: +.PP +\fBrndc\-confgen\fR +.PP +A complete +rndc\&.conf +file, including the randomly generated key, will be written to the standard output\&. Commented\-out +\fBkey\fR +and +\fBcontrols\fR +statements for +named\&.conf +are also printed\&. +.PP +To generate a base\-64 secret with +\fBmmencode\fR: +.PP +\fBecho "known plaintext for a secret" | mmencode\fR +.SH "NAME SERVER CONFIGURATION" +.PP +The name server must be configured to accept rndc connections and to recognize the key specified in the +rndc\&.conf +file, using the controls statement in +named\&.conf\&. See the sections on the +\fBcontrols\fR +statement in the BIND 9 Administrator Reference Manual for details\&. +.SH "SEE ALSO" +.PP +\fBrndc\fR(8), +\fBrndc-confgen\fR(8), +\fBmmencode\fR(1), +BIND 9 Administrator Reference Manual\&. +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR +.SH "COPYRIGHT" +.br +Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook new file mode 100644 index 0000000..a021526 --- /dev/null +++ b/bin/rndc/rndc.conf.docbook @@ -0,0 +1,241 @@ +<!-- + - Copyright (C) Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. + - + - See the COPYRIGHT file distributed with this work for additional + - information regarding copyright ownership. +--> + +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc.conf"> + <info> + <date>2013-03-14</date> + </info> + <refentryinfo> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> + </refentryinfo> + + <refmeta> + <refentrytitle><filename>rndc.conf</filename></refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname><filename>rndc.conf</filename></refname> + <refpurpose>rndc configuration file</refpurpose> + </refnamediv> + + <docinfo> + <copyright> + <year>2000</year> + <year>2001</year> + <year>2004</year> + <year>2005</year> + <year>2007</year> + <year>2013</year> + <year>2014</year> + <year>2015</year> + <year>2016</year> + <year>2018</year> + <year>2019</year> + <holder>Internet Systems Consortium, Inc. ("ISC")</holder> + </copyright> + </docinfo> + + <refsynopsisdiv> + <cmdsynopsis sepchar=" "> + <command>rndc.conf</command> + </cmdsynopsis> + </refsynopsisdiv> + + <refsection><info><title>DESCRIPTION</title></info> + + <para><filename>rndc.conf</filename> is the configuration file + for <command>rndc</command>, the BIND 9 name server control + utility. This file has a similar structure and syntax to + <filename>named.conf</filename>. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + </para> + <para> + C style: /* */ + </para> + <para> + C++ style: // to end of line + </para> + <para> + Unix style: # to end of line + </para> + <para><filename>rndc.conf</filename> is much simpler than + <filename>named.conf</filename>. The file uses three + statements: an options statement, a server statement + and a key statement. + </para> + <para> + The <option>options</option> statement contains five clauses. + The <option>default-server</option> clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + <command>rndc</command>. The <option>default-key</option> + clause is followed by the name of a key which is identified by + a <option>key</option> statement. If no + <option>keyid</option> is provided on the rndc command line, + and no <option>key</option> clause is found in a matching + <option>server</option> statement, this default key will be + used to authenticate the server's commands and responses. The + <option>default-port</option> clause is followed by the port + to connect to on the remote name server. If no + <option>port</option> option is provided on the rndc command + line, and no <option>port</option> clause is found in a + matching <option>server</option> statement, this default port + will be used to connect. + The <option>default-source-address</option> and + <option>default-source-address-v6</option> clauses which + can be used to set the IPv4 and IPv6 source addresses + respectively. + </para> + <para> + After the <option>server</option> keyword, the server + statement includes a string which is the hostname or address + for a name server. The statement has three possible clauses: + <option>key</option>, <option>port</option> and + <option>addresses</option>. The key name must match the + name of a key statement in the file. The port number + specifies the port to connect to. If an <option>addresses</option> + clause is supplied these addresses will be used instead of + the server name. Each address can take an optional port. + If an <option>source-address</option> or <option>source-address-v6</option> + of supplied then these will be used to specify the IPv4 and IPv6 + source addresses respectively. + </para> + <para> + The <option>key</option> statement begins with an identifying + string, the name of the key. The statement has two clauses. + <option>algorithm</option> identifies the authentication algorithm + for <command>rndc</command> to use; currently only HMAC-MD5 + (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 + (default), HMAC-SHA384 and HMAC-SHA512 are + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's authentication key. The + base-64 string is enclosed in double quotes. + </para> + <para> + There are two common ways to generate the base-64 string for the + secret. The BIND 9 program <command>rndc-confgen</command> + can + be used to generate a random key, or the + <command>mmencode</command> program, also known as + <command>mimencode</command>, can be used to generate a + base-64 + string from known input. <command>mmencode</command> does + not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. + </para> + </refsection> + + <refsection><info><title>EXAMPLE</title></info> + + + <para><programlisting> + options { + default-server localhost; + default-key samplekey; + }; +</programlisting> + </para> + <para><programlisting> + server localhost { + key samplekey; + }; +</programlisting> + </para> + <para><programlisting> + server testserver { + key testkey; + addresses { localhost port 5353; }; + }; +</programlisting> + </para> + <para><programlisting> + key samplekey { + algorithm hmac-sha256; + secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz"; + }; +</programlisting> + </para> + <para><programlisting> + key testkey { + algorithm hmac-sha256; + secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; + }; + </programlisting> + </para> + + <para> + In the above example, <command>rndc</command> will by + default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-SHA256 algorithm and its secret clause contains the + base-64 encoding of the HMAC-SHA256 secret enclosed in double quotes. + </para> + <para> + If <command>rndc -s testserver</command> is used then <command>rndc</command> will + connect to server on localhost port 5353 using the key testkey. + </para> + <para> + To generate a random secret with <command>rndc-confgen</command>: + </para> + <para><userinput>rndc-confgen</userinput> + </para> + <para> + A complete <filename>rndc.conf</filename> file, including + the + randomly generated key, will be written to the standard + output. Commented-out <option>key</option> and + <option>controls</option> statements for + <filename>named.conf</filename> are also printed. + </para> + <para> + To generate a base-64 secret with <command>mmencode</command>: + </para> + <para><userinput>echo "known plaintext for a secret" | mmencode</userinput> + </para> + </refsection> + + <refsection><info><title>NAME SERVER CONFIGURATION</title></info> + + <para> + The name server must be configured to accept rndc connections and + to recognize the key specified in the <filename>rndc.conf</filename> + file, using the controls statement in <filename>named.conf</filename>. + See the sections on the <option>controls</option> statement in the + BIND 9 Administrator Reference Manual for details. + </para> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> + + <para><citerefentry> + <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>mmencode</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle>. + </para> + </refsection> + +</refentry> diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html new file mode 100644 index 0000000..c7ca53e --- /dev/null +++ b/bin/rndc/rndc.conf.html @@ -0,0 +1,234 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<!-- + - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. +--> +<html lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>rndc.conf</title> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +</head> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<a name="man.rndc.conf"></a><div class="titlepage"></div> + + + + + + <div class="refnamediv"> +<h2>Name</h2> +<p> + <code class="filename">rndc.conf</code> + — rndc configuration file + </p> +</div> + + + + <div class="refsynopsisdiv"> +<h2>Synopsis</h2> + <div class="cmdsynopsis"><p> + <code class="command">rndc.conf</code> + </p></div> + </div> + + <div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> + + <p><code class="filename">rndc.conf</code> is the configuration file + for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control + utility. This file has a similar structure and syntax to + <code class="filename">named.conf</code>. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + </p> + <p> + C style: /* */ + </p> + <p> + C++ style: // to end of line + </p> + <p> + Unix style: # to end of line + </p> + <p><code class="filename">rndc.conf</code> is much simpler than + <code class="filename">named.conf</code>. The file uses three + statements: an options statement, a server statement + and a key statement. + </p> + <p> + The <code class="option">options</code> statement contains five clauses. + The <code class="option">default-server</code> clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + <span class="command"><strong>rndc</strong></span>. The <code class="option">default-key</code> + clause is followed by the name of a key which is identified by + a <code class="option">key</code> statement. If no + <code class="option">keyid</code> is provided on the rndc command line, + and no <code class="option">key</code> clause is found in a matching + <code class="option">server</code> statement, this default key will be + used to authenticate the server's commands and responses. The + <code class="option">default-port</code> clause is followed by the port + to connect to on the remote name server. If no + <code class="option">port</code> option is provided on the rndc command + line, and no <code class="option">port</code> clause is found in a + matching <code class="option">server</code> statement, this default port + will be used to connect. + The <code class="option">default-source-address</code> and + <code class="option">default-source-address-v6</code> clauses which + can be used to set the IPv4 and IPv6 source addresses + respectively. + </p> + <p> + After the <code class="option">server</code> keyword, the server + statement includes a string which is the hostname or address + for a name server. The statement has three possible clauses: + <code class="option">key</code>, <code class="option">port</code> and + <code class="option">addresses</code>. The key name must match the + name of a key statement in the file. The port number + specifies the port to connect to. If an <code class="option">addresses</code> + clause is supplied these addresses will be used instead of + the server name. Each address can take an optional port. + If an <code class="option">source-address</code> or <code class="option">source-address-v6</code> + of supplied then these will be used to specify the IPv4 and IPv6 + source addresses respectively. + </p> + <p> + The <code class="option">key</code> statement begins with an identifying + string, the name of the key. The statement has two clauses. + <code class="option">algorithm</code> identifies the authentication algorithm + for <span class="command"><strong>rndc</strong></span> to use; currently only HMAC-MD5 + (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 + (default), HMAC-SHA384 and HMAC-SHA512 are + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's authentication key. The + base-64 string is enclosed in double quotes. + </p> + <p> + There are two common ways to generate the base-64 string for the + secret. The BIND 9 program <span class="command"><strong>rndc-confgen</strong></span> + can + be used to generate a random key, or the + <span class="command"><strong>mmencode</strong></span> program, also known as + <span class="command"><strong>mimencode</strong></span>, can be used to generate a + base-64 + string from known input. <span class="command"><strong>mmencode</strong></span> does + not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. + </p> + </div> + + <div class="refsection"> +<a name="id-1.8"></a><h2>EXAMPLE</h2> + + + <pre class="programlisting"> + options { + default-server localhost; + default-key samplekey; + }; +</pre> +<p> + </p> + <pre class="programlisting"> + server localhost { + key samplekey; + }; +</pre> +<p> + </p> + <pre class="programlisting"> + server testserver { + key testkey; + addresses { localhost port 5353; }; + }; +</pre> +<p> + </p> + <pre class="programlisting"> + key samplekey { + algorithm hmac-sha256; + secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz"; + }; +</pre> +<p> + </p> + <pre class="programlisting"> + key testkey { + algorithm hmac-sha256; + secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; + }; + </pre> +<p> + </p> + + <p> + In the above example, <span class="command"><strong>rndc</strong></span> will by + default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-SHA256 algorithm and its secret clause contains the + base-64 encoding of the HMAC-SHA256 secret enclosed in double quotes. + </p> + <p> + If <span class="command"><strong>rndc -s testserver</strong></span> is used then <span class="command"><strong>rndc</strong></span> will + connect to server on localhost port 5353 using the key testkey. + </p> + <p> + To generate a random secret with <span class="command"><strong>rndc-confgen</strong></span>: + </p> + <p><strong class="userinput"><code>rndc-confgen</code></strong> + </p> + <p> + A complete <code class="filename">rndc.conf</code> file, including + the + randomly generated key, will be written to the standard + output. Commented-out <code class="option">key</code> and + <code class="option">controls</code> statements for + <code class="filename">named.conf</code> are also printed. + </p> + <p> + To generate a base-64 secret with <span class="command"><strong>mmencode</strong></span>: + </p> + <p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong> + </p> + </div> + + <div class="refsection"> +<a name="id-1.9"></a><h2>NAME SERVER CONFIGURATION</h2> + + <p> + The name server must be configured to accept rndc connections and + to recognize the key specified in the <code class="filename">rndc.conf</code> + file, using the controls statement in <code class="filename">named.conf</code>. + See the sections on the <code class="option">controls</code> statement in the + BIND 9 Administrator Reference Manual for details. + </p> + </div> + + <div class="refsection"> +<a name="id-1.10"></a><h2>SEE ALSO</h2> + + <p><span class="citerefentry"> + <span class="refentrytitle">rndc</span>(8) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">rndc-confgen</span>(8) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">mmencode</span>(1) + </span>, + <em class="citetitle">BIND 9 Administrator Reference Manual</em>. + </p> + </div> + +</div></body> +</html> diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook new file mode 100644 index 0000000..ddc138a --- /dev/null +++ b/bin/rndc/rndc.docbook @@ -0,0 +1,1014 @@ +<!-- + - Copyright (C) Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. + - + - See the COPYRIGHT file distributed with this work for additional + - information regarding copyright ownership. +--> + +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc"> + <info> + <date>2014-08-15</date> + </info> + <refentryinfo> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> + </refentryinfo> + + <refmeta> + <refentrytitle><application>rndc</application></refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname><application>rndc</application></refname> + <refpurpose>name server control utility</refpurpose> + </refnamediv> + + <docinfo> + <copyright> + <year>2000</year> + <year>2001</year> + <year>2004</year> + <year>2005</year> + <year>2007</year> + <year>2013</year> + <year>2014</year> + <year>2015</year> + <year>2016</year> + <year>2017</year> + <year>2018</year> + <year>2019</year> + <holder>Internet Systems Consortium, Inc. ("ISC")</holder> + </copyright> + </docinfo> + + <refsynopsisdiv> + <cmdsynopsis sepchar=" "> + <command>rndc</command> + <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">source-address</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">key-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">server</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-q</option></arg> + <arg choice="opt" rep="norepeat"><option>-r</option></arg> + <arg choice="opt" rep="norepeat"><option>-V</option></arg> + <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter">key_id</replaceable></option></arg> + <arg choice="req" rep="norepeat">command</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsection><info><title>DESCRIPTION</title></info> + + <para><command>rndc</command> + controls the operation of a name + server. It supersedes the <command>ndc</command> utility + that was provided in old BIND releases. If + <command>rndc</command> is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. + </para> + <para><command>rndc</command> + communicates with the name server over a TCP connection, sending + commands authenticated with digital signatures. In the current + versions of + <command>rndc</command> and <command>named</command>, + the only supported authentication algorithms are HMAC-MD5 + (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 + (default), HMAC-SHA384 and HMAC-SHA512. + They use a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. + </para> + <para><command>rndc</command> + reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. + </para> + </refsection> + + <refsection><info><title>OPTIONS</title></info> + + + <variablelist> + <varlistentry> + <term>-b <replaceable class="parameter">source-address</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">source-address</replaceable> + as the source address for the connection to the server. + Multiple instances are permitted to allow setting of both + the IPv4 and IPv6 source addresses. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-c <replaceable class="parameter">config-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">config-file</replaceable> + as the configuration file instead of the default, + <filename>/etc/rndc.conf</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-k <replaceable class="parameter">key-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">key-file</replaceable> + as the key file instead of the default, + <filename>/etc/rndc.key</filename>. The key in + <filename>/etc/rndc.key</filename> will be used to + authenticate + commands sent to the server if the <replaceable class="parameter">config-file</replaceable> + does not exist. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-s <replaceable class="parameter">server</replaceable></term> + <listitem> + <para><replaceable class="parameter">server</replaceable> is + the name or address of the server which matches a + server statement in the configuration file for + <command>rndc</command>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <command>rndc</command> + configuration file will be used. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-p <replaceable class="parameter">port</replaceable></term> + <listitem> + <para> + Send commands to TCP port + <replaceable class="parameter">port</replaceable> + instead + of BIND 9's default control channel port, 953. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-q</term> + <listitem> + <para> + Quiet mode: Message text returned by the server + will not be printed except when there is an error. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-r</term> + <listitem> + <para> + Instructs <command>rndc</command> to print the result code + returned by <command>named</command> after executing the + requested command (e.g., ISC_R_SUCCESS, ISC_R_FAILURE, etc). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem> + <para> + Enable verbose logging. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-y <replaceable class="parameter">key_id</replaceable></term> + <listitem> + <para> + Use the key <replaceable class="parameter">key_id</replaceable> + from the configuration file. + <replaceable class="parameter">key_id</replaceable> + must be + known by <command>named</command> with the same algorithm and secret string + in order for control message validation to succeed. + If no <replaceable class="parameter">key_id</replaceable> + is specified, <command>rndc</command> will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsection> + + <refsection><info><title>COMMANDS</title></info> + + <para> + A list of commands supported by <command>rndc</command> can + be seen by running <command>rndc</command> without arguments. + </para> + <para> + Currently supported commands are: + </para> + + <variablelist> + + <varlistentry> + <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term> + <listitem> + <para> + Add a zone while the server is running. This + command requires the + <command>allow-new-zones</command> option to be set + to <userinput>yes</userinput>. The + <replaceable>configuration</replaceable> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <filename>named.conf</filename>. + </para> + <para> + The configuration is saved in a file called + <filename><replaceable>name</replaceable>.nzf</filename>, + where <replaceable>name</replaceable> is the + name of the view, or if it contains characters + that are incompatible with use as a file name, a + cryptographic hash generated from the name + of the view. + When <command>named</command> is + restarted, the file will be loaded into the view + configuration, so that zones that were added + can persist after a restart. + </para> + <para> + This sample <command>addzone</command> command + would add the zone <literal>example.com</literal> + to the default view: + </para> + <para> +<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput> + </para> + <para> + (Note the brackets and semi-colon around the zone + configuration text.) + </para> + <para> + See also <command>rndc delzone</command> and <command>rndc modzone</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>delzone <optional>-clean</optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> + <listitem> + <para> + Delete a zone while the server is running. + </para> + <para> + If the <option>-clean</option> argument is specified, + the zone's master file (and journal file, if any) + will be deleted along with the zone. Without the + <option>-clean</option> option, zone files must + be cleaned up by hand. (If the zone is of + type "slave" or "stub", the files needing to + be cleaned up will be reported in the output + of the <command>rndc delzone</command> command.) + </para> + <para> + If the zone was originally added via + <command>rndc addzone</command>, then it will be + removed permanently. However, if it was originally + configured in <filename>named.conf</filename>, then + that original configuration is still in place; when + the server is restarted or reconfigured, the zone will + come back. To remove it permanently, it must also be + removed from <filename>named.conf</filename> + </para> + <para> + See also <command>rndc addzone</command> and <command>rndc modzone</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>dnstap ( -reopen | -roll <optional><replaceable>number</replaceable></optional> )</userinput></term> + <listitem> + <para> + Close and re-open DNSTAP output files. + <command>rndc dnstap -reopen</command> allows the output + file to be renamed externally, so + that <command>named</command> can truncate and re-open it. + <command>rndc dnstap -roll</command> causes the output file + to be rolled automatically, similar to log files; the most + recent output file has ".0" appended to its name; the + previous most recent output file is moved to ".1", and so on. + If <replaceable>number</replaceable> is specified, then the + number of backup log files is limited to that number. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>dumpdb <optional>-all|-cache|-zones|-adb|-bad|-fail</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term> + <listitem> + <para> + Dump the server's caches (default) and/or zones to + the dump file for the specified views. If no view + is specified, all views are dumped. + (See the <command>dump-file</command> option in + the BIND 9 Administrator Reference Manual.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>flush</userinput></term> + <listitem> + <para> + Flushes the server's cache. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term> + <listitem> + <para> + Flushes the given name from the view's DNS cache + and, if applicable, from the view's nameserver address + database, bad server cache and SERVFAIL cache. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>flushtree</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term> + <listitem> + <para> + Flushes the given name, and all of its subdomains, + from the view's DNS cache, address database, + bad server cache, and SERVFAIL cache. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term> + <listitem> + <para> + Suspend updates to a dynamic zone. If no zone is + specified, then all zones are suspended. This allows + manual edits to be made to a zone normally updated by + dynamic update. It also causes changes in the + journal file to be synced into the master file. + All dynamic update attempts will be refused while + the zone is frozen. + </para> + <para> + See also <command>rndc thaw</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>halt <optional>-p</optional></userinput></term> + <listitem> + <para> + Stop the server immediately. Recent changes + made through dynamic update or IXFR are not saved to + the master files, but will be rolled forward from the + journal files when the server is restarted. + If <option>-p</option> is specified <command>named</command>'s process id is returned. + This allows an external process to determine when <command>named</command> + had completed halting. + </para> + <para> + See also <command>rndc stop</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Fetch all DNSSEC keys for the given zone + from the key directory. If they are within + their publication period, merge them into the + zone's DNSKEY RRset. Unlike <command>rndc + sign</command>, however, the zone is not + immediately re-signed by the new keys, but is + allowed to incrementally re-sign over time. + </para> + <para> + This command requires that the + <command>auto-dnssec</command> zone option + be set to <literal>maintain</literal>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>managed-keys <replaceable>(status | refresh | sync)</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + When run with the "status" keyword, print the current + status of the managed-keys database for the specified + view, or for all views if none is specified. When run + with the "refresh" keyword, force an immediate refresh + of all the managed-keys in the specified view, or all + views. When run with the "sync" keyword, force an + immediate dump of the managed-keys database to disk (in + the file <filename>managed-keys.bind</filename> or + (<filename><replaceable>viewname</replaceable>.mkeys</filename>). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>modzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term> + <listitem> + <para> + Modify the configuration of a zone while the server + is running. This command requires the + <command>allow-new-zones</command> option to be + set to <userinput>yes</userinput>. As with + <command>addzone</command>, the + <replaceable>configuration</replaceable> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <filename>named.conf</filename>. + </para> + <para> + If the zone was originally added via + <command>rndc addzone</command>, the configuration + changes will be recorded permanently and will still be + in effect after the server is restarted or reconfigured. + However, if it was originally configured in + <filename>named.conf</filename>, then that original + configuration is still in place; when the server is + restarted or reconfigured, the zone will revert to + its original configuration. To make the changes + permanent, it must also be modified in + <filename>named.conf</filename> + </para> + <para> + See also <command>rndc addzone</command> and <command>rndc delzone</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Resend NOTIFY messages for the zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>notrace</userinput></term> + <listitem> + <para> + Sets the server's debugging level to 0. + </para> + <para> + See also <command>rndc trace</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>nta + <optional>( -class <replaceable>class</replaceable> | -dump | -force | -remove | -lifetime <replaceable>duration</replaceable>)</optional> + <replaceable>domain</replaceable> + <optional><replaceable>view</replaceable></optional> + </userinput></term> + <listitem> + <para> + Sets a DNSSEC negative trust anchor (NTA) + for <option>domain</option>, with a lifetime of + <option>duration</option>. The default lifetime is + configured in <filename>named.conf</filename> via the + <option>nta-lifetime</option> option, and defaults to + one hour. The lifetime cannot exceed one week. + </para> + <para> + A negative trust anchor selectively disables + DNSSEC validation for zones that are known to be + failing because of misconfiguration rather than + an attack. When data to be validated is + at or below an active NTA (and above any other + configured trust anchors), <command>named</command> will + abort the DNSSEC validation process and treat the data as + insecure rather than bogus. This continues until the + NTA's lifetime is elapsed. + </para> + <para> + NTAs persist across restarts of the <command>named</command> server. + The NTAs for a view are saved in a file called + <filename><replaceable>name</replaceable>.nta</filename>, + where <replaceable>name</replaceable> is the + name of the view, or if it contains characters + that are incompatible with use as a file name, a + cryptographic hash generated from the name + of the view. + </para> + <para> + An existing NTA can be removed by using the + <option>-remove</option> option. + </para> + <para> + An NTA's lifetime can be specified with the + <option>-lifetime</option> option. TTL-style + suffixes can be used to specify the lifetime in + seconds, minutes, or hours. If the specified NTA + already exists, its lifetime will be updated to the + new value. Setting <option>lifetime</option> to zero + is equivalent to <option>-remove</option>. + </para> + <para> + If the <option>-dump</option> is used, any other arguments + are ignored, and a list of existing NTAs is printed + (note that this may include NTAs that are expired but + have not yet been cleaned up). + </para> + <para> + Normally, <command>named</command> will periodically + test to see whether data below an NTA can now be + validated (see the <option>nta-recheck</option> option + in the Administrator Reference Manual for details). + If data can be validated, then the NTA is regarded as + no longer necessary, and will be allowed to expire + early. The <option>-force</option> overrides this + behavior and forces an NTA to persist for its entire + lifetime, regardless of whether data could be + validated if the NTA were not present. + </para> + <para> + The view class can be specified with <option>-class</option>. + The default is class <userinput>IN</userinput>, which is + the only class for which DNSSEC is currently supported. + </para> + <para> + All of these options can be shortened, i.e., to + <option>-l</option>, <option>-r</option>, <option>-d</option>, + <option>-f</option>, and <option>-c</option>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>querylog</userinput> <optional> on | off </optional> </term> + <listitem> + <para> + Enable or disable query logging. (For backward + compatibility, this command can also be used without + an argument to toggle query logging on and off.) + </para> + <para> + Query logging can also be enabled + by explicitly directing the <command>queries</command> + <command>category</command> to a + <command>channel</command> in the + <command>logging</command> section of + <filename>named.conf</filename> or by specifying + <command>querylog yes;</command> in the + <command>options</command> section of + <filename>named.conf</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>reconfig</userinput></term> + <listitem> + <para> + Reload the configuration file and load new zones, + but do not reload existing zone files even if they + have changed. + This is faster than a full <command>reload</command> when there + is a large number of zones because it avoids the need + to examine the + modification times of the zones files. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>recursing</userinput></term> + <listitem> + <para> + Dump the list of queries <command>named</command> is currently + recursing on, and the list of domains to which iterative + queries are currently being sent. (The second list includes + the number of fetches currently active for the given domain, + and how many have been passed or dropped because of the + <option>fetches-per-zone</option> option.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Schedule zone maintenance for the given zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>reload</userinput></term> + <listitem> + <para> + Reload configuration file and zones. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Reload the given zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Retransfer the given slave zone from the master server. + </para> + <para> + If the zone is configured to use + <command>inline-signing</command>, the signed + version of the zone is discarded; after the + retransfer of the unsigned version is complete, the + signed version will be regenerated with all new + signatures. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>scan</userinput></term> + <listitem> + <para> + Scan the list of available network interfaces + for changes, without performing a full + <command>reconfig</command> or waiting for the + <command>interface-interval</command> timer. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term> + <listitem> + <para> + Dump the server's security roots and negative trust anchors + for the specified views. If no view is specified, all views + are dumped. + </para> + <para> + If the first argument is "-", then the output is + returned via the <command>rndc</command> response channel + and printed to the standard output. + Otherwise, it is written to the secroots dump file, which + defaults to <filename>named.secroots</filename>, but can be + overridden via the <option>secroots-file</option> option in + <filename>named.conf</filename>. + </para> + <para> + See also <command>rndc managed-keys</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>showzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> + <listitem> + <para> + Print the configuration of a running zone. + </para> + <para> + See also <command>rndc zonestatus</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Fetch all DNSSEC keys for the given zone + from the key directory (see the + <command>key-directory</command> option in + the BIND 9 Administrator Reference Manual). If they are within + their publication period, merge them into the + zone's DNSKEY RRset. If the DNSKEY RRset + is changed, then the zone is automatically + re-signed with the new key set. + </para> + <para> + This command requires that the + <command>auto-dnssec</command> zone option be set + to <literal>allow</literal> or + <literal>maintain</literal>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </para> + <para> + See also <command>rndc loadkeys</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) | -serial <replaceable>value</replaceable> ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> + <listitem> + <para> + List, edit, or remove the DNSSEC signing state records + for the specified zone. The status of ongoing DNSSEC + operations (such as signing or generating + NSEC3 chains) is stored in the zone in the form + of DNS resource records of type + <command>sig-signing-type</command>. + <command>rndc signing -list</command> converts + these records into a human-readable form, + indicating which keys are currently signing + or have finished signing the zone, and which NSEC3 + chains are being created or removed. + </para> + <para> + <command>rndc signing -clear</command> can remove + a single key (specified in the same format that + <command>rndc signing -list</command> uses to + display it), or all keys. In either case, only + completed keys are removed; any record indicating + that a key has not yet finished signing the zone + will be retained. + </para> + <para> + <command>rndc signing -nsec3param</command> sets + the NSEC3 parameters for a zone. This is the + only supported mechanism for using NSEC3 with + <command>inline-signing</command> zones. + Parameters are specified in the same format as + an NSEC3PARAM resource record: hash algorithm, + flags, iterations, and salt, in that order. + </para> + <para> + Currently, the only defined value for hash algorithm + is <literal>1</literal>, representing SHA-1. + The <option>flags</option> may be set to + <literal>0</literal> or <literal>1</literal>, + depending on whether you wish to set the opt-out + bit in the NSEC3 chain. <option>iterations</option> + defines the number of additional times to apply + the algorithm when generating an NSEC3 hash. The + <option>salt</option> is a string of data expressed + in hexadecimal, a hyphen (`-') if no salt is + to be used, or the keyword <literal>auto</literal>, + which causes <command>named</command> to generate a + random 64-bit salt. + </para> + <para> + So, for example, to create an NSEC3 chain using + the SHA-1 hash algorithm, no opt-out flag, + 10 iterations, and a salt value of "FFFF", use: + <command>rndc signing -nsec3param 1 0 10 FFFF <replaceable>zone</replaceable></command>. + To set the opt-out flag, 15 iterations, and no + salt, use: + <command>rndc signing -nsec3param 1 1 15 - <replaceable>zone</replaceable></command>. + </para> + <para> + <command>rndc signing -nsec3param none</command> + removes an existing NSEC3 chain and replaces it + with NSEC. + </para> + <para> + <command>rndc signing -serial value</command> sets + the serial number of the zone to value. If the value + would cause the serial number to go backwards it will + be rejected. The primary use is to set the serial on + inline signed zones. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>stats</userinput></term> + <listitem> + <para> + Write server statistics to the statistics file. + (See the <command>statistics-file</command> option in + the BIND 9 Administrator Reference Manual.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>status</userinput></term> + <listitem> + <para> + Display status of the server. + Note that the number of zones includes the internal <command>bind/CH</command> zone + and the default <command>./IN</command> + hint zone if there is not an + explicit root zone configured. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>stop <optional>-p</optional></userinput></term> + <listitem> + <para> + Stop the server, making sure any recent changes + made through dynamic update or IXFR are first saved to + the master files of the updated zones. + If <option>-p</option> is specified <command>named</command>'s process id is returned. + This allows an external process to determine when <command>named</command> + had completed stopping. + </para> + <para>See also <command>rndc halt</command>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term> + <listitem> + <para> + Sync changes in the journal file for a dynamic zone + to the master file. If the "-clean" option is + specified, the journal file is also removed. If + no zone is specified, then all zones are synced. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term> + <listitem> + <para> + Enable updates to a frozen dynamic zone. If no + zone is specified, then all frozen zones are + enabled. This causes the server to reload the zone + from disk, and re-enables dynamic updates after the + load has completed. After a zone is thawed, + dynamic updates will no longer be refused. If + the zone has changed and the + <command>ixfr-from-differences</command> option is + in use, then the journal file will be updated to + reflect changes in the zone. Otherwise, if the + zone has changed, any existing journal file will be + removed. + </para> + <para>See also <command>rndc freeze</command>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>trace</userinput></term> + <listitem> + <para> + Increment the servers debugging level by one. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>trace <replaceable>level</replaceable></userinput></term> + <listitem> + <para> + Sets the server's debugging level to an explicit + value. + </para> + <para> + See also <command>rndc notrace</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term> + <listitem> + <para> + Delete a given TKEY-negotiated key from the server. + (This does not apply to statically configured TSIG + keys.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>tsig-list</userinput></term> + <listitem> + <para> + List the names of all TSIG keys currently configured + for use by <command>named</command> in each view. The + list both statically configured keys and dynamic + TKEY-negotiated keys. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>validation ( on | off | status ) <optional><replaceable>view ...</replaceable></optional> </userinput></term> + <listitem> + <para> + Enable, disable, or check the current status of + DNSSEC validation. + Note <command>dnssec-enable</command> also needs to be + set to <userinput>yes</userinput> or + <userinput>auto</userinput> to be effective. + It defaults to enabled. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>zonestatus <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Displays the current status of the given zone, + including the master file name and any include + files from which it was loaded, when it was most + recently loaded, the current serial number, the + number of nodes, whether the zone supports + dynamic updates, whether the zone is DNSSEC + signed, whether it uses automatic DNSSEC key + management or inline signing, and the scheduled + refresh or expiry times for the zone. + </para> + <para> + See also <command>rndc showzone</command>. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsection> + + <refsection><info><title>LIMITATIONS</title></info> + + <para> + There is currently no way to provide the shared secret for a + <option>key_id</option> without using the configuration file. + </para> + <para> + Several error messages could be clearer. + </para> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> + + <para><citerefentry> + <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle>. + </para> + </refsection> + +</refentry> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html new file mode 100644 index 0000000..88b046d --- /dev/null +++ b/bin/rndc/rndc.html @@ -0,0 +1,860 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<!-- + - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. +--> +<html lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>rndc</title> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +</head> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<a name="man.rndc"></a><div class="titlepage"></div> + + + + + + <div class="refnamediv"> +<h2>Name</h2> +<p> + <span class="application">rndc</span> + — name server control utility + </p> +</div> + + + + <div class="refsynopsisdiv"> +<h2>Synopsis</h2> + <div class="cmdsynopsis"><p> + <code class="command">rndc</code> + [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] + [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] + [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] + [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] + [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] + [<code class="option">-q</code>] + [<code class="option">-r</code>] + [<code class="option">-V</code>] + [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] + {command} + </p></div> + </div> + + <div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> + + <p><span class="command"><strong>rndc</strong></span> + controls the operation of a name + server. It supersedes the <span class="command"><strong>ndc</strong></span> utility + that was provided in old BIND releases. If + <span class="command"><strong>rndc</strong></span> is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. + </p> + <p><span class="command"><strong>rndc</strong></span> + communicates with the name server over a TCP connection, sending + commands authenticated with digital signatures. In the current + versions of + <span class="command"><strong>rndc</strong></span> and <span class="command"><strong>named</strong></span>, + the only supported authentication algorithms are HMAC-MD5 + (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 + (default), HMAC-SHA384 and HMAC-SHA512. + They use a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. + </p> + <p><span class="command"><strong>rndc</strong></span> + reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. + </p> + </div> + + <div class="refsection"> +<a name="id-1.8"></a><h2>OPTIONS</h2> + + + <div class="variablelist"><dl class="variablelist"> +<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> +<dd> + <p> + Use <em class="replaceable"><code>source-address</code></em> + as the source address for the connection to the server. + Multiple instances are permitted to allow setting of both + the IPv4 and IPv6 source addresses. + </p> + </dd> +<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> +<dd> + <p> + Use <em class="replaceable"><code>config-file</code></em> + as the configuration file instead of the default, + <code class="filename">/etc/rndc.conf</code>. + </p> + </dd> +<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt> +<dd> + <p> + Use <em class="replaceable"><code>key-file</code></em> + as the key file instead of the default, + <code class="filename">/etc/rndc.key</code>. The key in + <code class="filename">/etc/rndc.key</code> will be used to + authenticate + commands sent to the server if the <em class="replaceable"><code>config-file</code></em> + does not exist. + </p> + </dd> +<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt> +<dd> + <p><em class="replaceable"><code>server</code></em> is + the name or address of the server which matches a + server statement in the configuration file for + <span class="command"><strong>rndc</strong></span>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <span class="command"><strong>rndc</strong></span> + configuration file will be used. + </p> + </dd> +<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> +<dd> + <p> + Send commands to TCP port + <em class="replaceable"><code>port</code></em> + instead + of BIND 9's default control channel port, 953. + </p> + </dd> +<dt><span class="term">-q</span></dt> +<dd> + <p> + Quiet mode: Message text returned by the server + will not be printed except when there is an error. + </p> + </dd> +<dt><span class="term">-r</span></dt> +<dd> + <p> + Instructs <span class="command"><strong>rndc</strong></span> to print the result code + returned by <span class="command"><strong>named</strong></span> after executing the + requested command (e.g., ISC_R_SUCCESS, ISC_R_FAILURE, etc). + </p> + </dd> +<dt><span class="term">-V</span></dt> +<dd> + <p> + Enable verbose logging. + </p> + </dd> +<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt> +<dd> + <p> + Use the key <em class="replaceable"><code>key_id</code></em> + from the configuration file. + <em class="replaceable"><code>key_id</code></em> + must be + known by <span class="command"><strong>named</strong></span> with the same algorithm and secret string + in order for control message validation to succeed. + If no <em class="replaceable"><code>key_id</code></em> + is specified, <span class="command"><strong>rndc</strong></span> will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. + </p> + </dd> +</dl></div> + </div> + + <div class="refsection"> +<a name="id-1.9"></a><h2>COMMANDS</h2> + + <p> + A list of commands supported by <span class="command"><strong>rndc</strong></span> can + be seen by running <span class="command"><strong>rndc</strong></span> without arguments. + </p> + <p> + Currently supported commands are: + </p> + + <div class="variablelist"><dl class="variablelist"> +<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt> +<dd> + <p> + Add a zone while the server is running. This + command requires the + <span class="command"><strong>allow-new-zones</strong></span> option to be set + to <strong class="userinput"><code>yes</code></strong>. The + <em class="replaceable"><code>configuration</code></em> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <code class="filename">named.conf</code>. + </p> + <p> + The configuration is saved in a file called + <code class="filename"><em class="replaceable"><code>name</code></em>.nzf</code>, + where <em class="replaceable"><code>name</code></em> is the + name of the view, or if it contains characters + that are incompatible with use as a file name, a + cryptographic hash generated from the name + of the view. + When <span class="command"><strong>named</strong></span> is + restarted, the file will be loaded into the view + configuration, so that zones that were added + can persist after a restart. + </p> + <p> + This sample <span class="command"><strong>addzone</strong></span> command + would add the zone <code class="literal">example.com</code> + to the default view: + </p> + <p> +<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong> + </p> + <p> + (Note the brackets and semi-colon around the zone + configuration text.) + </p> + <p> + See also <span class="command"><strong>rndc delzone</strong></span> and <span class="command"><strong>rndc modzone</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>delzone [<span class="optional">-clean</span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> +<dd> + <p> + Delete a zone while the server is running. + </p> + <p> + If the <code class="option">-clean</code> argument is specified, + the zone's master file (and journal file, if any) + will be deleted along with the zone. Without the + <code class="option">-clean</code> option, zone files must + be cleaned up by hand. (If the zone is of + type "slave" or "stub", the files needing to + be cleaned up will be reported in the output + of the <span class="command"><strong>rndc delzone</strong></span> command.) + </p> + <p> + If the zone was originally added via + <span class="command"><strong>rndc addzone</strong></span>, then it will be + removed permanently. However, if it was originally + configured in <code class="filename">named.conf</code>, then + that original configuration is still in place; when + the server is restarted or reconfigured, the zone will + come back. To remove it permanently, it must also be + removed from <code class="filename">named.conf</code> + </p> + <p> + See also <span class="command"><strong>rndc addzone</strong></span> and <span class="command"><strong>rndc modzone</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>dnstap ( -reopen | -roll [<span class="optional"><em class="replaceable"><code>number</code></em></span>] )</code></strong></span></dt> +<dd> + <p> + Close and re-open DNSTAP output files. + <span class="command"><strong>rndc dnstap -reopen</strong></span> allows the output + file to be renamed externally, so + that <span class="command"><strong>named</strong></span> can truncate and re-open it. + <span class="command"><strong>rndc dnstap -roll</strong></span> causes the output file + to be rolled automatically, similar to log files; the most + recent output file has ".0" appended to its name; the + previous most recent output file is moved to ".1", and so on. + If <em class="replaceable"><code>number</code></em> is specified, then the + number of backup log files is limited to that number. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zones|-adb|-bad|-fail</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> +<dd> + <p> + Dump the server's caches (default) and/or zones to + the dump file for the specified views. If no view + is specified, all views are dumped. + (See the <span class="command"><strong>dump-file</strong></span> option in + the BIND 9 Administrator Reference Manual.) + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> +<dd> + <p> + Flushes the server's cache. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt> +<dd> + <p> + Flushes the given name from the view's DNS cache + and, if applicable, from the view's nameserver address + database, bad server cache and SERVFAIL cache. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt> +<dd> + <p> + Flushes the given name, and all of its subdomains, + from the view's DNS cache, address database, + bad server cache, and SERVFAIL cache. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> +<dd> + <p> + Suspend updates to a dynamic zone. If no zone is + specified, then all zones are suspended. This allows + manual edits to be made to a zone normally updated by + dynamic update. It also causes changes in the + journal file to be synced into the master file. + All dynamic update attempts will be refused while + the zone is frozen. + </p> + <p> + See also <span class="command"><strong>rndc thaw</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> +<dd> + <p> + Stop the server immediately. Recent changes + made through dynamic update or IXFR are not saved to + the master files, but will be rolled forward from the + journal files when the server is restarted. + If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned. + This allows an external process to determine when <span class="command"><strong>named</strong></span> + had completed halting. + </p> + <p> + See also <span class="command"><strong>rndc stop</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Fetch all DNSSEC keys for the given zone + from the key directory. If they are within + their publication period, merge them into the + zone's DNSKEY RRset. Unlike <span class="command"><strong>rndc + sign</strong></span>, however, the zone is not + immediately re-signed by the new keys, but is + allowed to incrementally re-sign over time. + </p> + <p> + This command requires that the + <span class="command"><strong>auto-dnssec</strong></span> zone option + be set to <code class="literal">maintain</code>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>managed-keys <em class="replaceable"><code>(status | refresh | sync)</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + When run with the "status" keyword, print the current + status of the managed-keys database for the specified + view, or for all views if none is specified. When run + with the "refresh" keyword, force an immediate refresh + of all the managed-keys in the specified view, or all + views. When run with the "sync" keyword, force an + immediate dump of the managed-keys database to disk (in + the file <code class="filename">managed-keys.bind</code> or + (<code class="filename"><em class="replaceable"><code>viewname</code></em>.mkeys</code>). + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>modzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt> +<dd> + <p> + Modify the configuration of a zone while the server + is running. This command requires the + <span class="command"><strong>allow-new-zones</strong></span> option to be + set to <strong class="userinput"><code>yes</code></strong>. As with + <span class="command"><strong>addzone</strong></span>, the + <em class="replaceable"><code>configuration</code></em> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <code class="filename">named.conf</code>. + </p> + <p> + If the zone was originally added via + <span class="command"><strong>rndc addzone</strong></span>, the configuration + changes will be recorded permanently and will still be + in effect after the server is restarted or reconfigured. + However, if it was originally configured in + <code class="filename">named.conf</code>, then that original + configuration is still in place; when the server is + restarted or reconfigured, the zone will revert to + its original configuration. To make the changes + permanent, it must also be modified in + <code class="filename">named.conf</code> + </p> + <p> + See also <span class="command"><strong>rndc addzone</strong></span> and <span class="command"><strong>rndc delzone</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Resend NOTIFY messages for the zone. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt> +<dd> + <p> + Sets the server's debugging level to 0. + </p> + <p> + See also <span class="command"><strong>rndc trace</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>nta + [<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>] + <em class="replaceable"><code>domain</code></em> + [<span class="optional"><em class="replaceable"><code>view</code></em></span>] + </code></strong></span></dt> +<dd> + <p> + Sets a DNSSEC negative trust anchor (NTA) + for <code class="option">domain</code>, with a lifetime of + <code class="option">duration</code>. The default lifetime is + configured in <code class="filename">named.conf</code> via the + <code class="option">nta-lifetime</code> option, and defaults to + one hour. The lifetime cannot exceed one week. + </p> + <p> + A negative trust anchor selectively disables + DNSSEC validation for zones that are known to be + failing because of misconfiguration rather than + an attack. When data to be validated is + at or below an active NTA (and above any other + configured trust anchors), <span class="command"><strong>named</strong></span> will + abort the DNSSEC validation process and treat the data as + insecure rather than bogus. This continues until the + NTA's lifetime is elapsed. + </p> + <p> + NTAs persist across restarts of the <span class="command"><strong>named</strong></span> server. + The NTAs for a view are saved in a file called + <code class="filename"><em class="replaceable"><code>name</code></em>.nta</code>, + where <em class="replaceable"><code>name</code></em> is the + name of the view, or if it contains characters + that are incompatible with use as a file name, a + cryptographic hash generated from the name + of the view. + </p> + <p> + An existing NTA can be removed by using the + <code class="option">-remove</code> option. + </p> + <p> + An NTA's lifetime can be specified with the + <code class="option">-lifetime</code> option. TTL-style + suffixes can be used to specify the lifetime in + seconds, minutes, or hours. If the specified NTA + already exists, its lifetime will be updated to the + new value. Setting <code class="option">lifetime</code> to zero + is equivalent to <code class="option">-remove</code>. + </p> + <p> + If the <code class="option">-dump</code> is used, any other arguments + are ignored, and a list of existing NTAs is printed + (note that this may include NTAs that are expired but + have not yet been cleaned up). + </p> + <p> + Normally, <span class="command"><strong>named</strong></span> will periodically + test to see whether data below an NTA can now be + validated (see the <code class="option">nta-recheck</code> option + in the Administrator Reference Manual for details). + If data can be validated, then the NTA is regarded as + no longer necessary, and will be allowed to expire + early. The <code class="option">-force</code> overrides this + behavior and forces an NTA to persist for its entire + lifetime, regardless of whether data could be + validated if the NTA were not present. + </p> + <p> + The view class can be specified with <code class="option">-class</code>. + The default is class <strong class="userinput"><code>IN</code></strong>, which is + the only class for which DNSSEC is currently supported. + </p> + <p> + All of these options can be shortened, i.e., to + <code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>, + <code class="option">-f</code>, and <code class="option">-c</code>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt> +<dd> + <p> + Enable or disable query logging. (For backward + compatibility, this command can also be used without + an argument to toggle query logging on and off.) + </p> + <p> + Query logging can also be enabled + by explicitly directing the <span class="command"><strong>queries</strong></span> + <span class="command"><strong>category</strong></span> to a + <span class="command"><strong>channel</strong></span> in the + <span class="command"><strong>logging</strong></span> section of + <code class="filename">named.conf</code> or by specifying + <span class="command"><strong>querylog yes;</strong></span> in the + <span class="command"><strong>options</strong></span> section of + <code class="filename">named.conf</code>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt> +<dd> + <p> + Reload the configuration file and load new zones, + but do not reload existing zone files even if they + have changed. + This is faster than a full <span class="command"><strong>reload</strong></span> when there + is a large number of zones because it avoids the need + to examine the + modification times of the zones files. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> +<dd> + <p> + Dump the list of queries <span class="command"><strong>named</strong></span> is currently + recursing on, and the list of domains to which iterative + queries are currently being sent. (The second list includes + the number of fetches currently active for the given domain, + and how many have been passed or dropped because of the + <code class="option">fetches-per-zone</code> option.) + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Schedule zone maintenance for the given zone. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt> +<dd> + <p> + Reload configuration file and zones. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Reload the given zone. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Retransfer the given slave zone from the master server. + </p> + <p> + If the zone is configured to use + <span class="command"><strong>inline-signing</strong></span>, the signed + version of the zone is discarded; after the + retransfer of the unsigned version is complete, the + signed version will be regenerated with all new + signatures. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>scan</code></strong></span></dt> +<dd> + <p> + Scan the list of available network interfaces + for changes, without performing a full + <span class="command"><strong>reconfig</strong></span> or waiting for the + <span class="command"><strong>interface-interval</strong></span> timer. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional">-</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> +<dd> + <p> + Dump the server's security roots and negative trust anchors + for the specified views. If no view is specified, all views + are dumped. + </p> + <p> + If the first argument is "-", then the output is + returned via the <span class="command"><strong>rndc</strong></span> response channel + and printed to the standard output. + Otherwise, it is written to the secroots dump file, which + defaults to <code class="filename">named.secroots</code>, but can be + overridden via the <code class="option">secroots-file</code> option in + <code class="filename">named.conf</code>. + </p> + <p> + See also <span class="command"><strong>rndc managed-keys</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>showzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> +<dd> + <p> + Print the configuration of a running zone. + </p> + <p> + See also <span class="command"><strong>rndc zonestatus</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Fetch all DNSSEC keys for the given zone + from the key directory (see the + <span class="command"><strong>key-directory</strong></span> option in + the BIND 9 Administrator Reference Manual). If they are within + their publication period, merge them into the + zone's DNSKEY RRset. If the DNSKEY RRset + is changed, then the zone is automatically + re-signed with the new key set. + </p> + <p> + This command requires that the + <span class="command"><strong>auto-dnssec</strong></span> zone option be set + to <code class="literal">allow</code> or + <code class="literal">maintain</code>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </p> + <p> + See also <span class="command"><strong>rndc loadkeys</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) | -serial <em class="replaceable"><code>value</code></em> ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> +<dd> + <p> + List, edit, or remove the DNSSEC signing state records + for the specified zone. The status of ongoing DNSSEC + operations (such as signing or generating + NSEC3 chains) is stored in the zone in the form + of DNS resource records of type + <span class="command"><strong>sig-signing-type</strong></span>. + <span class="command"><strong>rndc signing -list</strong></span> converts + these records into a human-readable form, + indicating which keys are currently signing + or have finished signing the zone, and which NSEC3 + chains are being created or removed. + </p> + <p> + <span class="command"><strong>rndc signing -clear</strong></span> can remove + a single key (specified in the same format that + <span class="command"><strong>rndc signing -list</strong></span> uses to + display it), or all keys. In either case, only + completed keys are removed; any record indicating + that a key has not yet finished signing the zone + will be retained. + </p> + <p> + <span class="command"><strong>rndc signing -nsec3param</strong></span> sets + the NSEC3 parameters for a zone. This is the + only supported mechanism for using NSEC3 with + <span class="command"><strong>inline-signing</strong></span> zones. + Parameters are specified in the same format as + an NSEC3PARAM resource record: hash algorithm, + flags, iterations, and salt, in that order. + </p> + <p> + Currently, the only defined value for hash algorithm + is <code class="literal">1</code>, representing SHA-1. + The <code class="option">flags</code> may be set to + <code class="literal">0</code> or <code class="literal">1</code>, + depending on whether you wish to set the opt-out + bit in the NSEC3 chain. <code class="option">iterations</code> + defines the number of additional times to apply + the algorithm when generating an NSEC3 hash. The + <code class="option">salt</code> is a string of data expressed + in hexadecimal, a hyphen (`-') if no salt is + to be used, or the keyword <code class="literal">auto</code>, + which causes <span class="command"><strong>named</strong></span> to generate a + random 64-bit salt. + </p> + <p> + So, for example, to create an NSEC3 chain using + the SHA-1 hash algorithm, no opt-out flag, + 10 iterations, and a salt value of "FFFF", use: + <span class="command"><strong>rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>. + To set the opt-out flag, 15 iterations, and no + salt, use: + <span class="command"><strong>rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>. + </p> + <p> + <span class="command"><strong>rndc signing -nsec3param none</strong></span> + removes an existing NSEC3 chain and replaces it + with NSEC. + </p> + <p> + <span class="command"><strong>rndc signing -serial value</strong></span> sets + the serial number of the zone to value. If the value + would cause the serial number to go backwards it will + be rejected. The primary use is to set the serial on + inline signed zones. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> +<dd> + <p> + Write server statistics to the statistics file. + (See the <span class="command"><strong>statistics-file</strong></span> option in + the BIND 9 Administrator Reference Manual.) + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> +<dd> + <p> + Display status of the server. + Note that the number of zones includes the internal <span class="command"><strong>bind/CH</strong></span> zone + and the default <span class="command"><strong>./IN</strong></span> + hint zone if there is not an + explicit root zone configured. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt> +<dd> + <p> + Stop the server, making sure any recent changes + made through dynamic update or IXFR are first saved to + the master files of the updated zones. + If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned. + This allows an external process to determine when <span class="command"><strong>named</strong></span> + had completed stopping. + </p> + <p>See also <span class="command"><strong>rndc halt</strong></span>.</p> + </dd> +<dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> +<dd> + <p> + Sync changes in the journal file for a dynamic zone + to the master file. If the "-clean" option is + specified, the journal file is also removed. If + no zone is specified, then all zones are synced. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> +<dd> + <p> + Enable updates to a frozen dynamic zone. If no + zone is specified, then all frozen zones are + enabled. This causes the server to reload the zone + from disk, and re-enables dynamic updates after the + load has completed. After a zone is thawed, + dynamic updates will no longer be refused. If + the zone has changed and the + <span class="command"><strong>ixfr-from-differences</strong></span> option is + in use, then the journal file will be updated to + reflect changes in the zone. Otherwise, if the + zone has changed, any existing journal file will be + removed. + </p> + <p>See also <span class="command"><strong>rndc freeze</strong></span>.</p> + </dd> +<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> +<dd> + <p> + Increment the servers debugging level by one. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt> +<dd> + <p> + Sets the server's debugging level to an explicit + value. + </p> + <p> + See also <span class="command"><strong>rndc notrace</strong></span>. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt> +<dd> + <p> + Delete a given TKEY-negotiated key from the server. + (This does not apply to statically configured TSIG + keys.) + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt> +<dd> + <p> + List the names of all TSIG keys currently configured + for use by <span class="command"><strong>named</strong></span> in each view. The + list both statically configured keys and dynamic + TKEY-negotiated keys. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>validation ( on | off | status ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt> +<dd> + <p> + Enable, disable, or check the current status of + DNSSEC validation. + Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be + set to <strong class="userinput"><code>yes</code></strong> or + <strong class="userinput"><code>auto</code></strong> to be effective. + It defaults to enabled. + </p> + </dd> +<dt><span class="term"><strong class="userinput"><code>zonestatus <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> + <p> + Displays the current status of the given zone, + including the master file name and any include + files from which it was loaded, when it was most + recently loaded, the current serial number, the + number of nodes, whether the zone supports + dynamic updates, whether the zone is DNSSEC + signed, whether it uses automatic DNSSEC key + management or inline signing, and the scheduled + refresh or expiry times for the zone. + </p> + <p> + See also <span class="command"><strong>rndc showzone</strong></span>. + </p> + </dd> +</dl></div> + </div> + + <div class="refsection"> +<a name="id-1.10"></a><h2>LIMITATIONS</h2> + + <p> + There is currently no way to provide the shared secret for a + <code class="option">key_id</code> without using the configuration file. + </p> + <p> + Several error messages could be clearer. + </p> + </div> + + <div class="refsection"> +<a name="id-1.11"></a><h2>SEE ALSO</h2> + + <p><span class="citerefentry"> + <span class="refentrytitle">rndc.conf</span>(5) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">rndc-confgen</span>(8) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">named</span>(8) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">named.conf</span>(5) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">ndc</span>(8) + </span>, + <em class="citetitle">BIND 9 Administrator Reference Manual</em>. + </p> + </div> + +</div></body> +</html> diff --git a/bin/rndc/util.c b/bin/rndc/util.c new file mode 100644 index 0000000..0066e7c --- /dev/null +++ b/bin/rndc/util.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +/*! \file */ + +#include <config.h> + +#include <stdarg.h> +#include <stdbool.h> +#include <stdlib.h> +#include <stdio.h> + +#include <isc/print.h> + +#include "util.h" + +extern bool verbose; +extern const char *progname; + +void +notify(const char *fmt, ...) { + va_list ap; + + if (verbose) { + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + fputs("\n", stderr); + } +} + +void +fatal(const char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", progname); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} diff --git a/bin/rndc/util.h b/bin/rndc/util.h new file mode 100644 index 0000000..fa4a62b --- /dev/null +++ b/bin/rndc/util.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +#ifndef RNDC_UTIL_H +#define RNDC_UTIL_H 1 + +/*! \file */ + +#include <isc/lang.h> +#include <isc/platform.h> + +#include <isc/formatcheck.h> + +#define NS_CONTROL_PORT 953 + +#undef DO +#define DO(name, function) \ + do { \ + result = function; \ + if (result != ISC_R_SUCCESS) \ + fatal("%s: %s", name, isc_result_totext(result)); \ + else \ + notify("%s", name); \ + } while (0) + +ISC_LANG_BEGINDECLS + +void +notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2); + +ISC_PLATFORM_NORETURN_PRE void +fatal(const char *format, ...) +ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST; + +ISC_LANG_ENDDECLS + +#endif /* RNDC_UTIL_H */ diff --git a/bin/rndc/win32/rndc.dsp.in b/bin/rndc/win32/rndc.dsp.in new file mode 100644 index 0000000..5bee95a --- /dev/null +++ b/bin/rndc/win32/rndc.dsp.in @@ -0,0 +1,107 @@ +# Microsoft Developer Studio Project File - Name="rndc" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103 + +CFG=rndc - @PLATFORM@ Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "rndc.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - @PLATFORM@ Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rndc - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE "rndc - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c +# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@ +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/util.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile @MACHINE@ /out:"../../../Build/Release/rndc.exe" + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c +# SUBTRACT CPP /X @COPTY@ +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/util.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "rndc - @PLATFORM@ Release" +# Name "rndc - @PLATFORM@ Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\rndc.c +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# Begin Source File + +SOURCE=..\util.h +# End Source File +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/bin/rndc/win32/rndc.dsw b/bin/rndc/win32/rndc.dsw new file mode 100644 index 0000000..97d3e43 --- /dev/null +++ b/bin/rndc/win32/rndc.dsw @@ -0,0 +1,29 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndc"=".\rndc.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/rndc.mak.in b/bin/rndc/win32/rndc.mak.in new file mode 100644 index 0000000..242f0bb --- /dev/null +++ b/bin/rndc/win32/rndc.mak.in @@ -0,0 +1,425 @@ +# Microsoft Developer Studio Generated NMAKE File, Based on rndc.dsp +!IF "$(CFG)" == "" +CFG=rndc - @PLATFORM@ Debug +!MESSAGE No configuration specified. Defaulting to rndc - @PLATFORM@ Debug. +!ENDIF + +!IF "$(CFG)" != "rndc - @PLATFORM@ Release" && "$(CFG)" != "rndc - @PLATFORM@ Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - @PLATFORM@ Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rndc - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE "rndc - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF + +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" +_VC_MANIFEST_INC=0 +_VC_MANIFEST_BASENAME=__VC80 +!ELSE +_VC_MANIFEST_INC=1 +_VC_MANIFEST_BASENAME=__VC80.Debug +!ENDIF + +#################################################### +# Specifying name of temporary resource file used only in incremental builds: + +!if "$(_VC_MANIFEST_INC)" == "1" +_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res +!else +_VC_MANIFEST_AUTO_RES= +!endif + +#################################################### +# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1 + +!endif + +#################################################### +# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2 + +!endif +#################################################### +# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily: + +!if "$(_VC_MANIFEST_INC)" == "1" + +_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \ + $(_VC_MANIFEST_BASENAME).auto.rc \ + $(_VC_MANIFEST_BASENAME).auto.manifest + +!else + +_VC_MANIFEST_CLEAN= + +!endif + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +OUTDIR=.\Release +INTDIR=.\Release + +!IF "$(RECURSE)" == "0" + +ALL : "..\..\..\Build\Release\rndc.exe" + +!ELSE + +ALL : "libbind9 - @PLATFORM@ Release" "libisccfg - @PLATFORM@ Release" "libisccc - @PLATFORM@ Release" "libisc - @PLATFORM@ Release" "..\..\..\Build\Release\rndc.exe" + +!ENDIF + +!IF "$(RECURSE)" == "1" +CLEAN :"libisc - @PLATFORM@ ReleaseCLEAN" "libisccc - @PLATFORM@ ReleaseCLEAN" "libisccfg - @PLATFORM@ ReleaseCLEAN" "libbind9 - @PLATFORM@ ReleaseCLEAN" +!ELSE +CLEAN : +!ENDIF + -@erase "$(INTDIR)\rndc.obj" + -@erase "$(INTDIR)\util.obj" + -@erase "$(INTDIR)\vc60.idb" + -@erase "..\..\..\Build\Release\rndc.exe" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\rndc.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile @MACHINE@ /out:"../../../Build/Release/rndc.exe" +LINK32_OBJS= \ + "$(INTDIR)\rndc.obj" \ + "$(INTDIR)\util.obj" \ + "..\..\..\lib\isc\win32\Release\libisc.lib" \ + "..\..\..\lib\isccc\win32\Release\libisccc.lib" \ + "..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \ + "..\..\..\lib\bind9\win32\Release\libbind9.lib" + +"..\..\..\Build\Release\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_EXE) + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +OUTDIR=.\Debug +INTDIR=.\Debug +# Begin Custom Macros +OutDir=.\Debug +# End Custom Macros + +!IF "$(RECURSE)" == "0" + +ALL : "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc" + +!ELSE + +ALL : "libbind9 - @PLATFORM@ Debug" "libisccfg - @PLATFORM@ Debug" "libisccc - @PLATFORM@ Debug" "libisc - @PLATFORM@ Debug" "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc" + +!ENDIF + +!IF "$(RECURSE)" == "1" +CLEAN :"libisc - @PLATFORM@ DebugCLEAN" "libisccc - @PLATFORM@ DebugCLEAN" "libisccfg - @PLATFORM@ DebugCLEAN" "libbind9 - @PLATFORM@ DebugCLEAN" +!ELSE +CLEAN : +!ENDIF + -@erase "$(INTDIR)\rndc.obj" + -@erase "$(INTDIR)\rndc.sbr" + -@erase "$(INTDIR)\util.obj" + -@erase "$(INTDIR)\util.sbr" + -@erase "$(INTDIR)\vc60.idb" + -@erase "$(INTDIR)\vc60.pdb" + -@erase "$(OUTDIR)\rndc.bsc" + -@erase "$(OUTDIR)\rndc.pdb" + -@erase "..\..\..\Build\Debug\rndc.exe" + -@erase "..\..\..\Build\Debug\rndc.ilk" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc" +BSC32_SBRS= \ + "$(INTDIR)\rndc.sbr" \ + "$(INTDIR)\util.sbr" + +"$(OUTDIR)\rndc.bsc" : "$(OUTDIR)" $(BSC32_SBRS) + $(BSC32) @<< + $(BSC32_FLAGS) $(BSC32_SBRS) +<< + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept +LINK32_OBJS= \ + "$(INTDIR)\rndc.obj" \ + "$(INTDIR)\util.obj" \ + "..\..\..\lib\isc\win32\Debug\libisc.lib" \ + "..\..\..\lib\isccc\win32\Debug\libisccc.lib" \ + "..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \ + "..\..\..\lib\bind9\win32\Debug\libbind9.lib" + +"..\..\..\Build\Debug\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_EXE) + +!ENDIF + +.c{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + + +!IF "$(NO_EXTERNAL_DEPS)" != "1" +!IF EXISTS("rndc.dep") +!INCLUDE "rndc.dep" +!ELSE +!MESSAGE Warning: cannot find "rndc.dep" +!ENDIF +!ENDIF + + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" || "$(CFG)" == "rndc - @PLATFORM@ Debug" +SOURCE=..\rndc.c + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + + +"$(INTDIR)\rndc.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + + +"$(INTDIR)\rndc.obj" "$(INTDIR)\rndc.sbr" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +SOURCE=..\util.c + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + + +"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + + +"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +"libisc - @PLATFORM@ Release" : + cd "..\..\..\lib\isc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" + cd "..\..\..\bin\rndc\win32" + +"libisc - @PLATFORM@ ReleaseCLEAN" : + cd "..\..\..\lib\isc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +"libisc - @PLATFORM@ Debug" : + cd "..\..\..\lib\isc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" + cd "..\..\..\bin\rndc\win32" + +"libisc - @PLATFORM@ DebugCLEAN" : + cd "..\..\..\lib\isc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ENDIF + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +"libisccc - @PLATFORM@ Release" : + cd "..\..\..\lib\isccc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - @PLATFORM@ Release" + cd "..\..\..\bin\rndc\win32" + +"libisccc - @PLATFORM@ ReleaseCLEAN" : + cd "..\..\..\lib\isccc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - @PLATFORM@ Release" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +"libisccc - @PLATFORM@ Debug" : + cd "..\..\..\lib\isccc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - @PLATFORM@ Debug" + cd "..\..\..\bin\rndc\win32" + +"libisccc - @PLATFORM@ DebugCLEAN" : + cd "..\..\..\lib\isccc\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - @PLATFORM@ Debug" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ENDIF + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +"libisccfg - @PLATFORM@ Release" : + cd "..\..\..\lib\isccfg\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Release" + cd "..\..\..\bin\rndc\win32" + +"libisccfg - @PLATFORM@ ReleaseCLEAN" : + cd "..\..\..\lib\isccfg\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Release" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +"libisccfg - @PLATFORM@ Debug" : + cd "..\..\..\lib\isccfg\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Debug" + cd "..\..\..\bin\rndc\win32" + +"libisccfg - @PLATFORM@ DebugCLEAN" : + cd "..\..\..\lib\isccfg\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Debug" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ENDIF + +!IF "$(CFG)" == "rndc - @PLATFORM@ Release" + +"libbind9 - @PLATFORM@ Release" : + cd "..\..\..\lib\bind9\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - @PLATFORM@ Release" + cd "..\..\..\bin\rndc\win32" + +"libbind9 - @PLATFORM@ ReleaseCLEAN" : + cd "..\..\..\lib\bind9\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - @PLATFORM@ Release" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ELSEIF "$(CFG)" == "rndc - @PLATFORM@ Debug" + +"libbind9 - @PLATFORM@ Debug" : + cd "..\..\..\lib\bind9\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - @PLATFORM@ Debug" + cd "..\..\..\bin\rndc\win32" + +"libbind9 - @PLATFORM@ DebugCLEAN" : + cd "..\..\..\lib\bind9\win32" + $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - @PLATFORM@ Debug" RECURSE=1 CLEAN + cd "..\..\..\bin\rndc\win32" + +!ENDIF + + +!ENDIF + +#################################################### +# Commands to generate initial empty manifest file and the RC file +# that references it, and for generating the .res file: + +$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc + +$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest + type <<$@ +#include <winuser.h> +1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest" +<< KEEP + +$(_VC_MANIFEST_BASENAME).auto.manifest : + type <<$@ +<?xml version='1.0' encoding='UTF-8' standalone='yes'?> +<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> +</assembly> +<< KEEP diff --git a/bin/rndc/win32/rndc.vcxproj.filters.in b/bin/rndc/win32/rndc.vcxproj.filters.in new file mode 100644 index 0000000..5187c16 --- /dev/null +++ b/bin/rndc/win32/rndc.vcxproj.filters.in @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <ClInclude Include="..\util.h"> + <Filter>Header Files</Filter> + </ClInclude> + </ItemGroup> + <ItemGroup> + <ClCompile Include="..\rndc.c"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> +</Project>
\ No newline at end of file diff --git a/bin/rndc/win32/rndc.vcxproj.in b/bin/rndc/win32/rndc.vcxproj.in new file mode 100644 index 0000000..bdf4d32 --- /dev/null +++ b/bin/rndc/win32/rndc.vcxproj.in @@ -0,0 +1,113 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug|@PLATFORM@"> + <Configuration>Debug</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|@PLATFORM@"> + <Configuration>Release</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{39721F26-8B80-4AA9-9826-2AEF7322C3D5}</ProjectGuid> + <Keyword>Win32Proj</Keyword> + <RootNamespace>rndc</RootNamespace> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <LinkIncremental>true</LinkIncremental> + <OutDir>..\..\..\Build\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <LinkIncremental>false</LinkIncremental> + <OutDir>..\..\..\Build\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <ClCompile> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <BrowseInformation>true</BrowseInformation> + <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;..\..\..\lib\bind9\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile> + <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <AdditionalDependencies>util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader> + </PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion> + <WholeProgramOptimization>false</WholeProgramOptimization> + <StringPooling>true</StringPooling> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;..\..\..\lib\bind9\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>false</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile> + <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration> + <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <AdditionalDependencies>util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemGroup> + <ClInclude Include="..\util.h" /> + </ItemGroup> + <ItemGroup> + <ClCompile Include="..\rndc.c" /> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project> diff --git a/bin/rndc/win32/rndc.vcxproj.user b/bin/rndc/win32/rndc.vcxproj.user new file mode 100644 index 0000000..695b5c7 --- /dev/null +++ b/bin/rndc/win32/rndc.vcxproj.user @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file diff --git a/bin/rndc/win32/rndcutil.dsp.in b/bin/rndc/win32/rndcutil.dsp.in new file mode 100644 index 0000000..aafdd3c --- /dev/null +++ b/bin/rndc/win32/rndcutil.dsp.in @@ -0,0 +1,119 @@ +# Microsoft Developer Studio Project File - Name="rndcutil" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "@PLATFORM@ (x86) Static-Link Library" 0x0104 + +CFG=rndcutil - @PLATFORM@ Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "rndcutil.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rndcutil.mak" CFG="rndcutil - @PLATFORM@ Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rndcutil - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Static-Link Library") +!MESSAGE "rndcutil - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Static-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rndcutil - @PLATFORM@ Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MT /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" @COPTY@ /FD /c +# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" @COPTY@ /FD /c /Fdutil +# SUBTRACT CPP /X +# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 +# ADD LINK32 /out:"Release/util.lib" +LIB32=lib.exe +# ADD BASE LIB32 +# ADD LIB32 /out:"Release/util.lib" + +!ELSEIF "$(CFG)" == "rndcutil - @PLATFORM@ Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MTd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" @COPTY@ /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR @COPTY@ /FD /GZ /c /Fdutil +# SUBTRACT CPP /X +# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 +# ADD LINK32 /debug /out:"Debug/util.lib" +LIB32=lib.exe +# ADD BASE LIB32 +# ADD LIB32 /out:"Debug/util.lib" + +!ENDIF + +# Begin Target + +# Name "rndcutil - @PLATFORM@ Release" +# Name "rndcutil - @PLATFORM@ Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# Begin Group "Main Dns Lib" + +# PROP Default_Filter "c" +# Begin Source File + +SOURCE=..\util.c +# End Source File +# End Group +# End Target +# End Project diff --git a/bin/rndc/win32/rndcutil.dsw b/bin/rndc/win32/rndcutil.dsw new file mode 100644 index 0000000..c6d981a --- /dev/null +++ b/bin/rndc/win32/rndcutil.dsw @@ -0,0 +1,29 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndcutil"=".\rndcutil.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/rndcutil.vcxproj.filters.in b/bin/rndc/win32/rndcutil.vcxproj.filters.in new file mode 100644 index 0000000..766ea80 --- /dev/null +++ b/bin/rndc/win32/rndcutil.vcxproj.filters.in @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <ClInclude Include="..\util.h"> + <Filter>Header Files</Filter> + </ClInclude> + </ItemGroup> + <ItemGroup> + <ClCompile Include="..\util.c"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> +</Project>
\ No newline at end of file diff --git a/bin/rndc/win32/rndcutil.vcxproj.in b/bin/rndc/win32/rndcutil.vcxproj.in new file mode 100644 index 0000000..eac31af --- /dev/null +++ b/bin/rndc/win32/rndcutil.vcxproj.in @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug|@PLATFORM@"> + <Configuration>Debug</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|@PLATFORM@"> + <Configuration>Release</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{7C8681A1-E3A8-470E-9EEF-16054D111A19}</ProjectGuid> + <Keyword>Win32Proj</Keyword> + <RootNamespace>rndcutil</RootNamespace> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <LinkIncremental>true</LinkIncremental> + <OutDir>.\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + <TargetName>util</TargetName> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <LinkIncremental>false</LinkIncremental> + <OutDir>.\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + <TargetName>util</TargetName> + </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <ClCompile> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <BrowseInformation>true</BrowseInformation> + <AdditionalIncludeDirectories>.\;..\..\..\;..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Lib> + <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile> + </Lib> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader> + </PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion> + <WholeProgramOptimization>false</WholeProgramOptimization> + <StringPooling>true</StringPooling> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <AdditionalIncludeDirectories>.\;..\..\..\;..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Lib> + <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile> + </Lib> + </ItemDefinitionGroup> + <ItemGroup> + <ClInclude Include="..\util.h" /> + </ItemGroup> + <ItemGroup> + <ClCompile Include="..\util.c" /> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project> diff --git a/bin/rndc/win32/rndcutil.vcxproj.user b/bin/rndc/win32/rndcutil.vcxproj.user new file mode 100644 index 0000000..695b5c7 --- /dev/null +++ b/bin/rndc/win32/rndcutil.vcxproj.user @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file |