diff options
Diffstat (limited to 'bin/delv')
-rw-r--r-- | bin/delv/Makefile.in | 81 | ||||
-rw-r--r-- | bin/delv/delv.1 | 441 | ||||
-rw-r--r-- | bin/delv/delv.c | 1707 | ||||
-rw-r--r-- | bin/delv/delv.docbook | 701 | ||||
-rw-r--r-- | bin/delv/delv.html | 592 | ||||
-rw-r--r-- | bin/delv/win32/delv.dsp.in | 103 | ||||
-rw-r--r-- | bin/delv/win32/delv.dsw | 29 | ||||
-rw-r--r-- | bin/delv/win32/delv.mak.in | 299 | ||||
-rw-r--r-- | bin/delv/win32/delv.vcxproj.filters.in | 22 | ||||
-rw-r--r-- | bin/delv/win32/delv.vcxproj.in | 110 | ||||
-rw-r--r-- | bin/delv/win32/delv.vcxproj.user | 3 |
11 files changed, 4088 insertions, 0 deletions
diff --git a/bin/delv/Makefile.in b/bin/delv/Makefile.in new file mode 100644 index 0000000..e2d2802 --- /dev/null +++ b/bin/delv/Makefile.in @@ -0,0 +1,81 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +VERSION=@BIND9_VERSION@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \ + ${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@ + +CDEFINES = @CRYPTO@ -DVERSION=\"${VERSION}\" \ + -DSYSCONFDIR=\"${sysconfdir}\" +CWARNINGS = + +ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ +DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ +ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ +ISCLIBS = ../../lib/isc/libisc.@A@ +IRSLIBS = ../../lib/irs/libirs.@A@ + +ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ +DNSDEPLIBS = ../../lib/dns/libdns.@A@ +ISCDEPLIBS = ../../lib/isc/libisc.@A@ +IRSDEPLIBS = ../../lib/irs/libirs.@A@ + +DEPLIBS = ${DNSDEPLIBS} ${IRSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS} + +LIBS = ${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@ +NOSYMLIBS = ${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@ + +SUBDIRS = + +TARGETS = delv@EXEEXT@ + +OBJS = delv.@O@ + +SRCS = delv.c + +MANPAGES = delv.1 + +HTMLPAGES = delv.html + +MANOBJS = ${MANPAGES} ${HTMLPAGES} + +@BIND9_MAKE_RULES@ + +delv@EXEEXT@: delv.@O@ ${DEPLIBS} + export BASEOBJS="delv.@O@"; \ + export LIBS0="${DNSLIBS}"; \ + ${FINALBUILDCMD} + +installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 + +install:: delv@EXEEXT@ installdirs + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \ + delv@EXEEXT@ ${DESTDIR}${bindir} + ${INSTALL_DATA} ${srcdir}/delv.1 ${DESTDIR}${mandir}/man1 + +uninstall:: + rm -f ${DESTDIR}${mandir}/man1/delv.1 + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/delv@EXEEXT@ + +doc man:: ${MANOBJS} + +docclean manclean maintainer-clean:: + rm -f ${MANOBJS} + +clean distclean maintainer-clean:: + rm -f ${TARGETS} diff --git a/bin/delv/delv.1 b/bin/delv/delv.1 new file mode 100644 index 0000000..f8e0da5 --- /dev/null +++ b/bin/delv/delv.1 @@ -0,0 +1,441 @@ +.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" +.hy 0 +.ad l +'\" t +.\" Title: delv +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-04-23 +.\" Manual: BIND9 +.\" Source: ISC +.\" Language: English +.\" +.TH "DELV" "1" "2014\-04\-23" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +delv \- DNS lookup and validation utility +.SH "SYNOPSIS" +.HP \w'\fBdelv\fR\ 'u +\fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...] +.HP \w'\fBdelv\fR\ 'u +\fBdelv\fR [\fB\-h\fR] +.HP \w'\fBdelv\fR\ 'u +\fBdelv\fR [\fB\-v\fR] +.HP \w'\fBdelv\fR\ 'u +\fBdelv\fR [queryopt...] [query...] +.SH "DESCRIPTION" +.PP +\fBdelv\fR +is a tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as +\fBnamed\fR\&. +.PP +\fBdelv\fR +will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&. +.PP +By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by +\fBdelv\fR +are either fully validated or were not signed\&. If validation fails, an explanation of the failure is included in the output; the validation process can be traced in detail\&. Because +\fBdelv\fR +does not rely on an external server to carry out validation, it can be used to check the validity of DNS responses in environments where local name servers may not be trustworthy\&. +.PP +Unless it is told to query a specific name server, +\fBdelv\fR +will try each of the servers listed in +/etc/resolv\&.conf\&. If no usable server addresses are found, +\fBdelv\fR +will send queries to the localhost addresses (127\&.0\&.0\&.1 for IPv4, ::1 for IPv6)\&. +.PP +When no command line arguments or options are given, +\fBdelv\fR +will perform an NS query for "\&." (the root zone)\&. +.SH "SIMPLE USAGE" +.PP +A typical invocation of +\fBdelv\fR +looks like: +.sp +.if n \{\ +.RS 4 +.\} +.nf + delv @server name type +.fi +.if n \{\ +.RE +.\} +.sp +where: +.PP +\fBserver\fR +.RS 4 +is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied +\fIserver\fR +argument is a hostname, +\fBdelv\fR +resolves that name before querying that name server (note, however, that this initial lookup is +\fInot\fR +validated by DNSSEC)\&. +.sp +If no +\fIserver\fR +argument is provided, +\fBdelv\fR +consults +/etc/resolv\&.conf; if an address is found there, it queries the name server at that address\&. If either of the +\fB\-4\fR +or +\fB\-6\fR +options are in use, then only addresses for the corresponding transport will be tried\&. If no usable addresses are found, +\fBdelv\fR +will send queries to the localhost addresses (127\&.0\&.0\&.1 for IPv4, ::1 for IPv6)\&. +.RE +.PP +\fBname\fR +.RS 4 +is the domain name to be looked up\&. +.RE +.PP +\fBtype\fR +.RS 4 +indicates what type of query is required \(em ANY, A, MX, etc\&. +\fItype\fR +can be any valid query type\&. If no +\fItype\fR +argument is supplied, +\fBdelv\fR +will perform a lookup for an A record\&. +.RE +.SH "OPTIONS" +.PP +\-a \fIanchor\-file\fR +.RS 4 +Specifies a file from which to read DNSSEC trust anchors\&. The default is +/etc/bind\&.keys, which is included with +BIND +9 and contains one or more trust anchors for the root zone ("\&.")\&. +.sp +Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the +\fB+root=NAME\fR +options\&. DNSSEC Lookaside Validation can also be turned on by using the +\fB+dlv=NAME\fR +to specify the name of a zone containing DLV records\&. +.sp +Note: When reading the trust anchor file, +\fBdelv\fR +treats +\fBmanaged\-keys\fR +statements and +\fBtrusted\-keys\fR +statements identically\&. That is, for a managed key, it is the +\fIinitial\fR +key that is trusted; RFC 5011 key management is not supported\&. +\fBdelv\fR +will not consult the managed\-keys database maintained by +\fBnamed\fR\&. This means that if either of the keys in +/etc/bind\&.keys +is revoked and rolled over, it will be necessary to update +/etc/bind\&.keys +to use DNSSEC validation in +\fBdelv\fR\&. +.RE +.PP +\-b \fIaddress\fR +.RS 4 +Sets the source IP address of the query to +\fIaddress\fR\&. This must be a valid address on one of the host\*(Aqs network interfaces or "0\&.0\&.0\&.0" or "::"\&. An optional source port may be specified by appending "#<port>" +.RE +.PP +\-c \fIclass\fR +.RS 4 +Sets the query class for the requested data\&. Currently, only class "IN" is supported in +\fBdelv\fR +and any other value is ignored\&. +.RE +.PP +\-d \fIlevel\fR +.RS 4 +Set the systemwide debug level to +\fBlevel\fR\&. The allowed range is from 0 to 99\&. The default is 0 (no debugging)\&. Debugging traces from +\fBdelv\fR +become more verbose as the debug level increases\&. See the +\fB+mtrace\fR, +\fB+rtrace\fR, and +\fB+vtrace\fR +options below for additional debugging details\&. +.RE +.PP +\-h +.RS 4 +Display the +\fBdelv\fR +help usage output and exit\&. +.RE +.PP +\-i +.RS 4 +Insecure mode\&. This disables internal DNSSEC validation\&. (Note, however, this does not set the CD bit on upstream queries\&. If the server being queried is performing DNSSEC validation, then it will not return invalid data; this can cause +\fBdelv\fR +to time out\&. When it is necessary to examine invalid data to debug a DNSSEC problem, use +\fBdig +cd\fR\&.) +.RE +.PP +\-m +.RS 4 +Enables memory usage debugging\&. +.RE +.PP +\-p \fIport#\fR +.RS 4 +Specifies a destination port to use for queries instead of the standard DNS port number 53\&. This option would be used with a name server that has been configured to listen for queries on a non\-standard port number\&. +.RE +.PP +\-q \fIname\fR +.RS 4 +Sets the query name to +\fIname\fR\&. While the query name can be specified without using the +\fB\-q\fR, it is sometimes necessary to disambiguate names from types or classes (for example, when looking up the name "ns", which could be misinterpreted as the type NS, or "ch", which could be misinterpreted as class CH)\&. +.RE +.PP +\-t \fItype\fR +.RS 4 +Sets the query type to +\fItype\fR, which can be any valid query type supported in BIND 9 except for zone transfer types AXFR and IXFR\&. As with +\fB\-q\fR, this is useful to distinguish query name type or class when they are ambiguous\&. it is sometimes necessary to disambiguate names from types\&. +.sp +The default query type is "A", unless the +\fB\-x\fR +option is supplied to indicate a reverse lookup, in which case it is "PTR"\&. +.RE +.PP +\-v +.RS 4 +Print the +\fBdelv\fR +version and exit\&. +.RE +.PP +\-x \fIaddr\fR +.RS 4 +Performs a reverse lookup, mapping an addresses to a name\&. +\fIaddr\fR +is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When +\fB\-x\fR +is used, there is no need to provide the +\fIname\fR +or +\fItype\fR +arguments\&. +\fBdelv\fR +automatically performs a lookup for a name like +11\&.12\&.13\&.10\&.in\-addr\&.arpa +and sets the query type to PTR\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&. +.RE +.PP +\-4 +.RS 4 +Forces +\fBdelv\fR +to only use IPv4\&. +.RE +.PP +\-6 +.RS 4 +Forces +\fBdelv\fR +to only use IPv6\&. +.RE +.SH "QUERY OPTIONS" +.PP +\fBdelv\fR +provides a number of query options which affect the way results are displayed, and in some cases the way lookups are performed\&. +.PP +Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string +no +to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form +\fB+keyword=value\fR\&. The query options are: +.PP +\fB+[no]cdflag\fR +.RS 4 +Controls whether to set the CD (checking disabled) bit in queries sent by +\fBdelv\fR\&. This may be useful when troubleshooting DNSSEC problems from behind a validating resolver\&. A validating resolver will block invalid responses, making it difficult to retrieve them for analysis\&. Setting the CD flag on queries will cause the resolver to return invalid responses, which +\fBdelv\fR +can then validate internally and report the errors in detail\&. +.RE +.PP +\fB+[no]class\fR +.RS 4 +Controls whether to display the CLASS when printing a record\&. The default is to display the CLASS\&. +.RE +.PP +\fB+[no]ttl\fR +.RS 4 +Controls whether to display the TTL when printing a record\&. The default is to display the TTL\&. +.RE +.PP +\fB+[no]rtrace\fR +.RS 4 +Toggle resolver fetch logging\&. This reports the name and type of each query sent by +\fBdelv\fR +in the process of carrying out the resolution and validation process: this includes including the original query and all subsequent queries to follow CNAMEs and to establish a chain of trust for DNSSEC validation\&. +.sp +This is equivalent to setting the debug level to 1 in the "resolver" logging category\&. Setting the systemwide debug level to 1 using the +\fB\-d\fR +option will product the same output (but will affect other logging categories as well)\&. +.RE +.PP +\fB+[no]mtrace\fR +.RS 4 +Toggle message logging\&. This produces a detailed dump of the responses received by +\fBdelv\fR +in the process of carrying out the resolution and validation process\&. +.sp +This is equivalent to setting the debug level to 10 for the "packets" module of the "resolver" logging category\&. Setting the systemwide debug level to 10 using the +\fB\-d\fR +option will produce the same output (but will affect other logging categories as well)\&. +.RE +.PP +\fB+[no]vtrace\fR +.RS 4 +Toggle validation logging\&. This shows the internal process of the validator as it determines whether an answer is validly signed, unsigned, or invalid\&. +.sp +This is equivalent to setting the debug level to 3 for the "validator" module of the "dnssec" logging category\&. Setting the systemwide debug level to 3 using the +\fB\-d\fR +option will produce the same output (but will affect other logging categories as well)\&. +.RE +.PP +\fB+[no]short\fR +.RS 4 +Provide a terse answer\&. The default is to print the answer in a verbose form\&. +.RE +.PP +\fB+[no]comments\fR +.RS 4 +Toggle the display of comment lines in the output\&. The default is to print comments\&. +.RE +.PP +\fB+[no]rrcomments\fR +.RS 4 +Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is to print per\-record comments\&. +.RE +.PP +\fB+[no]crypto\fR +.RS 4 +Toggle the display of cryptographic fields in DNSSEC records\&. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures\&. The default is to display the fields\&. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e\&.g\&. "[ key id = value ]"\&. +.RE +.PP +\fB+[no]trust\fR +.RS 4 +Controls whether to display the trust level when printing a record\&. The default is to display the trust level\&. +.RE +.PP +\fB+[no]split[=W]\fR +.RS 4 +Split long hex\- or base64\-formatted fields in resource records into chunks of +\fIW\fR +characters (where +\fIW\fR +is rounded up to the nearest multiple of 4)\&. +\fI+nosplit\fR +or +\fI+split=0\fR +causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&. +.RE +.PP +\fB+[no]all\fR +.RS 4 +Set or clear the display options +\fB+[no]comments\fR, +\fB+[no]rrcomments\fR, and +\fB+[no]trust\fR +as a group\&. +.RE +.PP +\fB+[no]multiline\fR +.RS 4 +Print long records (such as RRSIG, DNSKEY, and SOA records) in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the +\fBdelv\fR +output\&. +.RE +.PP +\fB+[no]dnssec\fR +.RS 4 +Indicates whether to display RRSIG records in the +\fBdelv\fR +output\&. The default is to do so\&. Note that (unlike in +\fBdig\fR) this does +\fInot\fR +control whether to request DNSSEC records or whether to validate them\&. DNSSEC records are always requested, and validation will always occur unless suppressed by the use of +\fB\-i\fR +or +\fB+noroot\fR +and +\fB+nodlv\fR\&. +.RE +.PP +\fB+[no]root[=ROOT]\fR +.RS 4 +Indicates whether to perform conventional (non\-lookaside) DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then +\fB\-a\fR +must be used to specify a file containing the key\&. +.RE +.PP +\fB+[no]dlv[=DLV]\fR +.RS 4 +Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The +\fB\-a\fR +option must also be used to specify a file containing the DLV key\&. +.RE +.PP +\fB+[no]tcp\fR +.RS 4 +Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&. +.RE +.PP +\fB+[no]unknownformat\fR +.RS 4 +Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&. +.RE +.SH "FILES" +.PP +/etc/bind\&.keys +.PP +/etc/resolv\&.conf +.SH "SEE ALSO" +.PP +\fBdig\fR(1), +\fBnamed\fR(8), +RFC4034, +RFC4035, +RFC4431, +RFC5074, +RFC5155\&. +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR +.SH "COPYRIGHT" +.br +Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/delv/delv.c b/bin/delv/delv.c new file mode 100644 index 0000000..d0b5515 --- /dev/null +++ b/bin/delv/delv.c @@ -0,0 +1,1707 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include <config.h> +#include <bind.keys.h> + +#ifndef WIN32 +#include <sys/types.h> +#include <sys/socket.h> +#include <signal.h> + +#include <netinet/in.h> + +#include <arpa/inet.h> + +#include <netdb.h> +#endif + +#include <stdbool.h> +#include <stdio.h> +#include <inttypes.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <isc/app.h> +#include <isc/base64.h> +#include <isc/buffer.h> +#include <isc/lib.h> +#include <isc/log.h> +#include <isc/mem.h> +#ifdef WIN32 +#include <isc/ntpaths.h> +#endif +#include <isc/parseint.h> +#include <isc/print.h> +#include <isc/sockaddr.h> +#include <isc/socket.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <irs/resconf.h> +#include <irs/netdb.h> + +#include <isccfg/log.h> +#include <isccfg/namedconf.h> + +#include <dns/byaddr.h> +#include <dns/client.h> +#include <dns/fixedname.h> +#include <dns/keytable.h> +#include <dns/keyvalues.h> +#include <dns/lib.h> +#include <dns/log.h> +#include <dns/masterdump.h> +#include <dns/name.h> +#include <dns/rdata.h> +#include <dns/rdataclass.h> +#include <dns/rdataset.h> +#include <dns/rdatastruct.h> +#include <dns/rdatatype.h> +#include <dns/result.h> +#include <dns/secalg.h> +#include <dns/view.h> + +#include <dst/dst.h> +#include <dst/result.h> + +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ + } while (0) + +#define MAXNAME (DNS_NAME_MAXTEXT+1) + +/* Variables used internally by delv. */ +char *progname; +static isc_mem_t *mctx = NULL; +static isc_log_t *lctx = NULL; + +/* Configurables */ +static char *server = NULL; +static const char *port = "53"; +static isc_sockaddr_t *srcaddr4 = NULL, *srcaddr6 = NULL; +static isc_sockaddr_t a4, a6; +static char *curqname = NULL, *qname = NULL; +static bool classset = false; +static dns_rdatatype_t qtype = dns_rdatatype_none; +static bool typeset = false; + +static unsigned int styleflags = 0; +static uint32_t splitwidth = 0xffffffff; +static bool + showcomments = true, + showdnssec = true, + showtrust = true, + rrcomments = true, + noclass = false, + nocrypto = false, + nottl = false, + multiline = false, + short_form = false, + print_unknown_format = false; + +static bool + resolve_trace = false, + validator_trace = false, + message_trace = false; + +static bool + use_ipv4 = true, + use_ipv6 = true; + +static bool + cdflag = false, + no_sigs = false, + root_validation = true, + dlv_validation = true; + +static bool use_tcp = false; + +static char *anchorfile = NULL; +static char *trust_anchor = NULL; +static char *dlv_anchor = NULL; +static int trusted_keys = 0; + +static dns_fixedname_t afn, dfn; +static dns_name_t *anchor_name = NULL, *dlv_name = NULL; + +/* Default bind.keys contents */ +static char anchortext[] = MANAGED_KEYS; + +/* + * Static function prototypes + */ +static isc_result_t +get_reverse(char *reverse, size_t len, char *value, bool strict); + +static isc_result_t +parse_uint(uint32_t *uip, const char *value, uint32_t max, + const char *desc); + +static void +usage(void) { + fputs( +"Usage: delv [@server] {q-opt} {d-opt} [domain] [q-type] [q-class]\n" +"Where: domain is in the Domain Name System\n" +" q-class is one of (in,hs,ch,...) [default: in]\n" +" q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n" +" q-opt is one of:\n" +" -x dot-notation (shortcut for reverse lookups)\n" +" -d level (set debugging level)\n" +" -a anchor-file (specify root and dlv trust anchors)\n" +" -b address[#port] (bind to source address/port)\n" +" -p port (specify port number)\n" +" -q name (specify query name)\n" +" -t type (specify query type)\n" +" -c class (option included for compatibility;\n" +" only IN is supported)\n" +" -4 (use IPv4 query transport only)\n" +" -6 (use IPv6 query transport only)\n" +" -i (disable DNSSEC validation)\n" +" -m (enable memory usage debugging)\n" +" d-opt is of the form +keyword[=value], where keyword is:\n" +" +[no]all (Set or clear all display flags)\n" +" +[no]class (Control display of class)\n" +" +[no]crypto (Control display of cryptographic\n" +" fields in records)\n" +" +[no]multiline (Print records in an expanded format)\n" +" +[no]comments (Control display of comment lines)\n" +" +[no]rrcomments (Control display of per-record " + "comments)\n" +" +[no]unknownformat (Print RDATA in RFC 3597 \"unknown\" format)\n" +" +[no]short (Short form answer)\n" +" +[no]split=## (Split hex/base64 fields into chunks)\n" +" +[no]tcp (TCP mode)\n" +" +[no]ttl (Control display of ttls in records)\n" +" +[no]trust (Control display of trust level)\n" +" +[no]rtrace (Trace resolver fetches)\n" +" +[no]mtrace (Trace messages received)\n" +" +[no]vtrace (Trace validation process)\n" +" +[no]dlv (DNSSEC lookaside validation anchor)\n" +" +[no]root (DNSSEC validation trust anchor)\n" +" +[no]dnssec (Display DNSSEC records)\n" +" -h (print help and exit)\n" +" -v (print version and exit)\n", + stderr); + exit(1); +} + +ISC_PLATFORM_NORETURN_PRE static void +fatal(const char *format, ...) +ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST; + +static void +fatal(const char *format, ...) { + va_list args; + + fflush(stdout); + fprintf(stderr, "%s: ", progname); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} + +static void +warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); + +static void +warn(const char *format, ...) { + va_list args; + + fflush(stdout); + fprintf(stderr, "%s: warning: ", progname); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); +} + +static isc_logcategory_t categories[] = { + { "delv", 0 }, + { NULL, 0 } +}; +#define LOGCATEGORY_DEFAULT (&categories[0]) +#define LOGMODULE_DEFAULT (&modules[0]) + +static isc_logmodule_t modules[] = { + { "delv", 0 }, + { NULL, 0 } +}; + +static void +delv_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3); + +static void +delv_log(int level, const char *fmt, ...) { + va_list ap; + char msgbuf[2048]; + + if (! isc_log_wouldlog(lctx, level)) + return; + + va_start(ap, fmt); + + vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); + isc_log_write(lctx, LOGCATEGORY_DEFAULT, LOGMODULE_DEFAULT, + level, "%s", msgbuf); + va_end(ap); +} + +static int loglevel = 0; + +static void +setup_logging(FILE *errout) { + isc_result_t result; + isc_logdestination_t destination; + isc_logconfig_t *logconfig = NULL; + + result = isc_log_create(mctx, &lctx, &logconfig); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set up logging"); + + isc_log_registercategories(lctx, categories); + isc_log_registermodules(lctx, modules); + isc_log_setcontext(lctx); + dns_log_init(lctx); + dns_log_setcontext(lctx); + cfg_log_init(lctx); + + destination.file.stream = errout; + destination.file.name = NULL; + destination.file.versions = ISC_LOG_ROLLNEVER; + destination.file.maximum_size = 0; + + result = isc_log_createchannel(logconfig, "stderr", + ISC_LOG_TOFILEDESC, ISC_LOG_DYNAMIC, + &destination, ISC_LOG_PRINTPREFIX); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set up log channel 'stderr'"); + + isc_log_setdebuglevel(lctx, loglevel); + + result = isc_log_settag(logconfig, ";; "); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set log tag"); + + result = isc_log_usechannel(logconfig, "stderr", + ISC_LOGCATEGORY_DEFAULT, NULL); + if (result != ISC_R_SUCCESS) + fatal("Couldn't attach to log channel 'stderr'"); + + if (resolve_trace && loglevel < 1) { + result = isc_log_createchannel(logconfig, "resolver", + ISC_LOG_TOFILEDESC, + ISC_LOG_DEBUG(1), + &destination, + ISC_LOG_PRINTPREFIX); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set up log channel 'resolver'"); + + result = isc_log_usechannel(logconfig, "resolver", + DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_RESOLVER); + if (result != ISC_R_SUCCESS) + fatal("Couldn't attach to log channel 'resolver'"); + } + + if (validator_trace && loglevel < 3) { + result = isc_log_createchannel(logconfig, "validator", + ISC_LOG_TOFILEDESC, + ISC_LOG_DEBUG(3), + &destination, + ISC_LOG_PRINTPREFIX); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set up log channel 'validator'"); + + result = isc_log_usechannel(logconfig, "validator", + DNS_LOGCATEGORY_DNSSEC, + DNS_LOGMODULE_VALIDATOR); + if (result != ISC_R_SUCCESS) + fatal("Couldn't attach to log channel 'validator'"); + } + + if (message_trace && loglevel < 10) { + result = isc_log_createchannel(logconfig, "messages", + ISC_LOG_TOFILEDESC, + ISC_LOG_DEBUG(10), + &destination, + ISC_LOG_PRINTPREFIX); + if (result != ISC_R_SUCCESS) + fatal("Couldn't set up log channel 'messages'"); + + result = isc_log_usechannel(logconfig, "messages", + DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_PACKETS); + if (result != ISC_R_SUCCESS) + fatal("Couldn't attach to log channel 'messagse'"); + } +} + +static void +print_status(dns_rdataset_t *rdataset) { + const char *astr = "", *tstr = ""; + + REQUIRE(rdataset != NULL); + + if (!showtrust || !dns_rdataset_isassociated(rdataset)) + return; + + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + astr = "negative response, "; + + switch (rdataset->trust) { + case dns_trust_none: + tstr = "untrusted"; + break; + case dns_trust_pending_additional: + tstr = "signed additional data, pending validation"; + break; + case dns_trust_pending_answer: + tstr = "signed answer, pending validation"; + break; + case dns_trust_additional: + tstr = "unsigned additional data"; + break; + case dns_trust_glue: + tstr = "glue data"; + break; + case dns_trust_answer: + if (root_validation || dlv_validation) + tstr = "unsigned answer"; + else + tstr = "answer not validated"; + break; + case dns_trust_authauthority: + tstr = "authority data"; + break; + case dns_trust_authanswer: + tstr = "authoritative"; + break; + case dns_trust_secure: + tstr = "fully validated"; + break; + case dns_trust_ultimate: + tstr = "ultimate trust"; + break; + } + + printf("; %s%s\n", astr, tstr); +} + +static isc_result_t +printdata(dns_rdataset_t *rdataset, dns_name_t *owner, + dns_master_style_t *style) +{ + isc_result_t result = ISC_R_SUCCESS; + static dns_trust_t trust; + static bool first = true; + isc_buffer_t target; + isc_region_t r; + char *t = NULL; + int len = 2048; + + if (!dns_rdataset_isassociated(rdataset)) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(owner, namebuf, sizeof(namebuf)); + delv_log(ISC_LOG_DEBUG(4), + "WARN: empty rdataset %s", namebuf); + return (ISC_R_SUCCESS); + } + + if (!showdnssec && rdataset->type == dns_rdatatype_rrsig) + return (ISC_R_SUCCESS); + + if (first || rdataset->trust != trust) { + if (!first && showtrust && !short_form) + putchar('\n'); + print_status(rdataset); + trust = rdataset->trust; + first = false; + } + + do { + t = isc_mem_get(mctx, len); + if (t == NULL) + return (ISC_R_NOMEMORY); + + isc_buffer_init(&target, t, len); + if (short_form) { + dns_rdata_t rdata = DNS_RDATA_INIT; + for (result = dns_rdataset_first(rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(rdataset)) + { + if ((rdataset->attributes & + DNS_RDATASETATTR_NEGATIVE) != 0) + continue; + + dns_rdataset_current(rdataset, &rdata); + result = dns_rdata_tofmttext(&rdata, + dns_rootname, + styleflags, 0, + splitwidth, " ", + &target); + if (result != ISC_R_SUCCESS) + break; + + if (isc_buffer_availablelength(&target) < 1) { + result = ISC_R_NOSPACE; + break; + } + + isc_buffer_putstr(&target, "\n"); + + dns_rdata_reset(&rdata); + } + } else { + if ((rdataset->attributes & + DNS_RDATASETATTR_NEGATIVE) != 0) + isc_buffer_putstr(&target, "; "); + + result = dns_master_rdatasettotext(owner, rdataset, + style, &target); + } + + if (result == ISC_R_NOSPACE) { + isc_mem_put(mctx, t, len); + len += 1024; + } else if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + else + CHECK(result); + } while (result == ISC_R_NOSPACE); + + isc_buffer_usedregion(&target, &r); + printf("%.*s", (int)r.length, (char *)r.base); + + cleanup: + if (t != NULL) + isc_mem_put(mctx, t, len); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +setup_style(dns_master_style_t **stylep) { + isc_result_t result; + dns_master_style_t *style = NULL; + + REQUIRE(stylep != NULL || *stylep == NULL); + + styleflags |= DNS_STYLEFLAG_REL_OWNER; + if (showcomments) + styleflags |= DNS_STYLEFLAG_COMMENT; + if (print_unknown_format) + styleflags |= DNS_STYLEFLAG_UNKNOWNFORMAT; + if (rrcomments) + styleflags |= DNS_STYLEFLAG_RRCOMMENT; + if (nottl) + styleflags |= DNS_STYLEFLAG_NO_TTL; + if (noclass) + styleflags |= DNS_STYLEFLAG_NO_CLASS; + if (nocrypto) + styleflags |= DNS_STYLEFLAG_NOCRYPTO; + if (multiline) { + styleflags |= DNS_STYLEFLAG_MULTILINE; + styleflags |= DNS_STYLEFLAG_COMMENT; + } + + if (multiline || (nottl && noclass)) + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 24, 32, 80, 8, + splitwidth, mctx); + else if (nottl || noclass) + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 32, 40, 80, 8, + splitwidth, mctx); + else + result = dns_master_stylecreate2(&style, styleflags, + 24, 32, 40, 48, 80, 8, + splitwidth, mctx); + + if (result == ISC_R_SUCCESS) + *stylep = style; + return (result); +} + +static isc_result_t +convert_name(dns_fixedname_t *fn, dns_name_t **name, const char *text) { + isc_result_t result; + isc_buffer_t b; + dns_name_t *n; + unsigned int len; + + REQUIRE(fn != NULL && name != NULL && text != NULL); + len = strlen(text); + + isc_buffer_constinit(&b, text, len); + isc_buffer_add(&b, len); + n = dns_fixedname_initname(fn); + + result = dns_name_fromtext(n, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) { + delv_log(ISC_LOG_ERROR, "failed to convert QNAME %s: %s", + text, isc_result_totext(result)); + return (result); + } + + *name = n; + return (ISC_R_SUCCESS); +} + +static isc_result_t +key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { + dns_rdata_dnskey_t keystruct; + uint32_t flags, proto, alg; + const char *keystr, *keynamestr; + unsigned char keydata[4096]; + isc_buffer_t keydatabuf; + unsigned char rrdata[4096]; + isc_buffer_t rrdatabuf; + isc_region_t r; + dns_fixedname_t fkeyname; + dns_name_t *keyname; + isc_result_t result; + bool match_root = false, match_dlv = false; + + keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name")); + CHECK(convert_name(&fkeyname, &keyname, keynamestr)); + + if (!root_validation && !dlv_validation) + return (ISC_R_SUCCESS); + + if (anchor_name) + match_root = dns_name_equal(keyname, anchor_name); + if (dlv_name) + match_dlv = dns_name_equal(keyname, dlv_name); + + if (!match_root && !match_dlv) + return (ISC_R_SUCCESS); + if ((!root_validation && match_root) || (!dlv_validation && match_dlv)) + return (ISC_R_SUCCESS); + + if (match_root) + delv_log(ISC_LOG_DEBUG(3), "adding trust anchor %s", + trust_anchor); + if (match_dlv) + delv_log(ISC_LOG_DEBUG(3), "adding DLV trust anchor %s", + dlv_anchor); + + flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags")); + proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol")); + alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm")); + + keystruct.common.rdclass = dns_rdataclass_in; + keystruct.common.rdtype = dns_rdatatype_dnskey; + /* + * The key data in keystruct is not dynamically allocated. + */ + keystruct.mctx = NULL; + + ISC_LINK_INIT(&keystruct.common, link); + + if (flags > 0xffff) + CHECK(ISC_R_RANGE); + if (proto > 0xff) + CHECK(ISC_R_RANGE); + if (alg > 0xff) + CHECK(ISC_R_RANGE); + + keystruct.flags = (uint16_t)flags; + keystruct.protocol = (uint8_t)proto; + keystruct.algorithm = (uint8_t)alg; + + isc_buffer_init(&keydatabuf, keydata, sizeof(keydata)); + isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata)); + + keystr = cfg_obj_asstring(cfg_tuple_get(key, "key")); + CHECK(isc_base64_decodestring(keystr, &keydatabuf)); + isc_buffer_usedregion(&keydatabuf, &r); + keystruct.datalen = r.length; + keystruct.data = r.base; + + CHECK(dns_rdata_fromstruct(NULL, + keystruct.common.rdclass, + keystruct.common.rdtype, + &keystruct, &rrdatabuf)); + + CHECK(dns_client_addtrustedkey(client, dns_rdataclass_in, + keyname, &rrdatabuf)); + trusted_keys++; + + cleanup: + if (result == DST_R_NOCRYPTO) + cfg_obj_log(key, lctx, ISC_LOG_ERROR, "no crypto support"); + else if (result == DST_R_UNSUPPORTEDALG) { + cfg_obj_log(key, lctx, ISC_LOG_WARNING, + "skipping trusted key '%s': %s", + keynamestr, isc_result_totext(result)); + result = ISC_R_SUCCESS; + } else if (result != ISC_R_SUCCESS) { + cfg_obj_log(key, lctx, ISC_LOG_ERROR, + "failed to add trusted key '%s': %s", + keynamestr, isc_result_totext(result)); + result = ISC_R_FAILURE; + } + + return (result); +} + +static isc_result_t +load_keys(const cfg_obj_t *keys, dns_client_t *client) { + const cfg_listelt_t *elt, *elt2; + const cfg_obj_t *key, *keylist; + isc_result_t result = ISC_R_SUCCESS; + + for (elt = cfg_list_first(keys); + elt != NULL; + elt = cfg_list_next(elt)) + { + keylist = cfg_listelt_value(elt); + + for (elt2 = cfg_list_first(keylist); + elt2 != NULL; + elt2 = cfg_list_next(elt2)) + { + key = cfg_listelt_value(elt2); + CHECK(key_fromconfig(key, client)); + } + } + + cleanup: + if (result == DST_R_NOCRYPTO) + result = ISC_R_SUCCESS; + return (result); +} + +static isc_result_t +setup_dnsseckeys(dns_client_t *client) { + isc_result_t result; + cfg_parser_t *parser = NULL; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *managed_keys = NULL; + cfg_obj_t *bindkeys = NULL; + const char *filename = anchorfile; + + if (!root_validation && !dlv_validation) + return (ISC_R_SUCCESS); + + if (filename == NULL) { +#ifndef WIN32 + filename = SYSCONFDIR "/bind.keys"; +#else + static char buf[MAX_PATH]; + strlcpy(buf, isc_ntpaths_get(SYS_CONF_DIR), sizeof(buf)); + strlcat(buf, "\\bind.keys", sizeof(buf)); + filename = buf; +#endif + } + + if (trust_anchor == NULL) { + trust_anchor = isc_mem_strdup(mctx, "."); + if (trust_anchor == NULL) + fatal("out of memory"); + } + + if (trust_anchor != NULL) + CHECK(convert_name(&afn, &anchor_name, trust_anchor)); + if (dlv_anchor != NULL) + CHECK(convert_name(&dfn, &dlv_name, dlv_anchor)); + + CHECK(cfg_parser_create(mctx, dns_lctx, &parser)); + + if (access(filename, R_OK) != 0) { + if (anchorfile != NULL) + fatal("Unable to read key file '%s'", anchorfile); + } else { + result = cfg_parse_file(parser, filename, + &cfg_type_bindkeys, &bindkeys); + if (result != ISC_R_SUCCESS) + if (anchorfile != NULL) + fatal("Unable to load keys from '%s'", + anchorfile); + } + + if (bindkeys == NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, anchortext, sizeof(anchortext) - 1); + isc_buffer_add(&b, sizeof(anchortext) - 1); + result = cfg_parse_buffer(parser, &b, &cfg_type_bindkeys, + &bindkeys); + if (result != ISC_R_SUCCESS) + fatal("Unable to parse built-in keys"); + } + + INSIST(bindkeys != NULL); + cfg_map_get(bindkeys, "trusted-keys", &keys); + cfg_map_get(bindkeys, "managed-keys", &managed_keys); + + if (keys != NULL) + CHECK(load_keys(keys, client)); + if (managed_keys != NULL) + CHECK(load_keys(managed_keys, client)); + result = ISC_R_SUCCESS; + + if (trusted_keys == 0) + fatal("No trusted keys were loaded"); + + if (dlv_validation) + dns_client_setdlv(client, dns_rdataclass_in, dlv_anchor); + + cleanup: + if (result != ISC_R_SUCCESS) + delv_log(ISC_LOG_ERROR, "setup_dnsseckeys: %s", + isc_result_totext(result)); + return (result); +} + +static isc_result_t +addserver(dns_client_t *client) { + struct addrinfo hints, *res, *cur; + int gaierror; + struct in_addr in4; + struct in6_addr in6; + isc_sockaddr_t *sa; + isc_sockaddrlist_t servers; + uint32_t destport; + isc_result_t result; + dns_name_t *name = NULL; + + result = parse_uint(&destport, port, 0xffff, "port"); + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse port number"); + + ISC_LIST_INIT(servers); + + if (inet_pton(AF_INET, server, &in4) == 1) { + if (!use_ipv4) { + fatal("Use of IPv4 disabled by -6"); + } + sa = isc_mem_get(mctx, sizeof(*sa)); + if (sa == NULL) + return (ISC_R_NOMEMORY); + ISC_LINK_INIT(sa, link); + isc_sockaddr_fromin(sa, &in4, destport); + ISC_LIST_APPEND(servers, sa, link); + } else if (inet_pton(AF_INET6, server, &in6) == 1) { + if (!use_ipv6) { + fatal("Use of IPv6 disabled by -4"); + } + sa = isc_mem_get(mctx, sizeof(*sa)); + if (sa == NULL) + return (ISC_R_NOMEMORY); + ISC_LINK_INIT(sa, link); + isc_sockaddr_fromin6(sa, &in6, destport); + ISC_LIST_APPEND(servers, sa, link); + } else { + memset(&hints, 0, sizeof(hints)); + if (!use_ipv6) + hints.ai_family = AF_INET; + else if (!use_ipv4) + hints.ai_family = AF_INET6; + else + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + gaierror = getaddrinfo(server, port, &hints, &res); + if (gaierror != 0) { + delv_log(ISC_LOG_ERROR, + "getaddrinfo failed: %s", + gai_strerror(gaierror)); + return (ISC_R_FAILURE); + } + + result = ISC_R_SUCCESS; + for (cur = res; cur != NULL; cur = cur->ai_next) { + if (cur->ai_family != AF_INET && + cur->ai_family != AF_INET6) + continue; + sa = isc_mem_get(mctx, sizeof(*sa)); + if (sa == NULL) { + result = ISC_R_NOMEMORY; + break; + } + memset(sa, 0, sizeof(*sa)); + ISC_LINK_INIT(sa, link); + memmove(&sa->type, cur->ai_addr, cur->ai_addrlen); + sa->length = (unsigned int)cur->ai_addrlen; + ISC_LIST_APPEND(servers, sa, link); + } + freeaddrinfo(res); + CHECK(result); + } + + + CHECK(dns_client_setservers(client, dns_rdataclass_in, name, &servers)); + + cleanup: + while (!ISC_LIST_EMPTY(servers)) { + sa = ISC_LIST_HEAD(servers); + ISC_LIST_UNLINK(servers, sa, link); + isc_mem_put(mctx, sa, sizeof(*sa)); + } + + if (result != ISC_R_SUCCESS) + delv_log(ISC_LOG_ERROR, "addserver: %s", + isc_result_totext(result)); + + return (result); +} + +static isc_result_t +findserver(dns_client_t *client) { + isc_result_t result; + irs_resconf_t *resconf = NULL; + isc_sockaddrlist_t *nameservers; + isc_sockaddr_t *sa, *next; + uint32_t destport; + + result = parse_uint(&destport, port, 0xffff, "port"); + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse port number"); + + result = irs_resconf_load(mctx, "/etc/resolv.conf", &resconf); + if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) { + delv_log(ISC_LOG_ERROR, "irs_resconf_load: %s", + isc_result_totext(result)); + goto cleanup; + } + + /* Get nameservers from resolv.conf */ + nameservers = irs_resconf_getnameservers(resconf); + for (sa = ISC_LIST_HEAD(*nameservers); sa != NULL; sa = next) { + next = ISC_LIST_NEXT(sa, link); + + /* Set destination port */ + if (sa->type.sa.sa_family == AF_INET && use_ipv4) { + sa->type.sin.sin_port = htons(destport); + continue; + } + if (sa->type.sa.sa_family == AF_INET6 && use_ipv6) { + sa->type.sin6.sin6_port = htons(destport); + continue; + } + + /* Incompatible protocol family */ + ISC_LIST_UNLINK(*nameservers, sa, link); + isc_mem_put(mctx, sa, sizeof(*sa)); + } + + /* None found, use localhost */ + if (ISC_LIST_EMPTY(*nameservers)) { + if (use_ipv4) { + struct in_addr localhost; + localhost.s_addr = htonl(INADDR_LOOPBACK); + sa = isc_mem_get(mctx, sizeof(*sa)); + if (sa == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + isc_sockaddr_fromin(sa, &localhost, destport); + + ISC_LINK_INIT(sa, link); + ISC_LIST_APPEND(*nameservers, sa, link); + } + + if (use_ipv6) { + sa = isc_mem_get(mctx, sizeof(*sa)); + if (sa == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + isc_sockaddr_fromin6(sa, &in6addr_loopback, destport); + + ISC_LINK_INIT(sa, link); + ISC_LIST_APPEND(*nameservers, sa, link); + } + } + + result = dns_client_setservers(client, dns_rdataclass_in, NULL, + nameservers); + if (result != ISC_R_SUCCESS) + delv_log(ISC_LOG_ERROR, "dns_client_setservers: %s", + isc_result_totext(result)); + +cleanup: + if (resconf != NULL) + irs_resconf_destroy(&resconf); + return (result); +} + +static char * +next_token(char **stringp, const char *delim) { + char *res; + + do { + res = strsep(stringp, delim); + if (res == NULL) + break; + } while (*res == '\0'); + return (res); +} + +static isc_result_t +parse_uint(uint32_t *uip, const char *value, uint32_t max, + const char *desc) { + uint32_t n; + isc_result_t result = isc_parse_uint32(&n, value, 10); + if (result == ISC_R_SUCCESS && n > max) + result = ISC_R_RANGE; + if (result != ISC_R_SUCCESS) { + printf("invalid %s '%s': %s\n", desc, + value, isc_result_totext(result)); + return (result); + } + *uip = n; + return (ISC_R_SUCCESS); +} + +static void +plus_option(char *option) { + isc_result_t result; + char option_store[256]; + char *cmd, *value, *ptr; + bool state = true; + + strlcpy(option_store, option, sizeof(option_store)); + ptr = option_store; + cmd = next_token(&ptr,"="); + if (cmd == NULL) { + printf(";; Invalid option %s\n", option_store); + return; + } + value = ptr; + if (strncasecmp(cmd, "no", 2)==0) { + cmd += 2; + state = false; + } + +#define FULLCHECK(A) \ + do { \ + size_t _l = strlen(cmd); \ + if (_l >= sizeof(A) || strncasecmp(cmd, A, _l) != 0) \ + goto invalid_option; \ + } while (0) + + switch (cmd[0]) { + case 'a': /* all */ + FULLCHECK("all"); + showcomments = state; + rrcomments = state; + showtrust = state; + break; + case 'c': + switch (cmd[1]) { + case 'd': /* cdflag */ + FULLCHECK("cdflag"); + cdflag = state; + break; + case 'l': /* class */ + FULLCHECK("class"); + noclass = !state; + break; + case 'o': /* comments */ + FULLCHECK("comments"); + showcomments = state; + break; + case 'r': /* crypto */ + FULLCHECK("crypto"); + nocrypto = !state; + break; + default: + goto invalid_option; + } + break; + case 'd': + switch (cmd[1]) { + case 'l': /* dlv */ + FULLCHECK("dlv"); + if (state && no_sigs) + break; + dlv_validation = state; + if (value != NULL) { + dlv_anchor = isc_mem_strdup(mctx, value); + if (dlv_anchor == NULL) + fatal("out of memory"); + } + break; + case 'n': /* dnssec */ + FULLCHECK("dnssec"); + showdnssec = state; + break; + default: + goto invalid_option; + } + break; + case 'm': + switch (cmd[1]) { + case 't': /* mtrace */ + message_trace = state; + if (state) + resolve_trace = state; + break; + case 'u': /* multiline */ + FULLCHECK("multiline"); + multiline = state; + break; + default: + goto invalid_option; + } + break; + case 'r': + switch (cmd[1]) { + case 'o': /* root */ + FULLCHECK("root"); + if (state && no_sigs) + break; + root_validation = state; + if (value != NULL) { + trust_anchor = isc_mem_strdup(mctx, value); + if (trust_anchor == NULL) + fatal("out of memory"); + } + break; + case 'r': /* rrcomments */ + FULLCHECK("rrcomments"); + rrcomments = state; + break; + case 't': /* rtrace */ + FULLCHECK("rtrace"); + resolve_trace = state; + break; + default: + goto invalid_option; + } + break; + case 's': + switch (cmd[1]) { + case 'h': /* short */ + FULLCHECK("short"); + short_form = state; + if (short_form) { + multiline = false; + showcomments = false; + showtrust = false; + showdnssec = false; + } + break; + case 'p': /* split */ + FULLCHECK("split"); + if (value != NULL && !state) + goto invalid_option; + if (!state) { + splitwidth = 0; + break; + } else if (value == NULL) + break; + + result = parse_uint(&splitwidth, value, + 1023, "split"); + if (splitwidth % 4 != 0) { + splitwidth = ((splitwidth + 3) / 4) * 4; + warn("split must be a multiple of 4; " + "adjusting to %d", splitwidth); + } + /* + * There is an adjustment done in the + * totext_<rrtype>() functions which causes + * splitwidth to shrink. This is okay when we're + * using the default width but incorrect in this + * case, so we correct for it + */ + if (splitwidth) + splitwidth += 3; + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse split"); + break; + default: + goto invalid_option; + } + break; + case 'u': + FULLCHECK("unknownformat"); + print_unknown_format = state; + break; + case 't': + switch (cmd[1]) { + case 'c': /* tcp */ + FULLCHECK("tcp"); + use_tcp = state; + break; + case 'r': /* trust */ + FULLCHECK("trust"); + showtrust = state; + break; + case 't': /* ttl */ + FULLCHECK("ttl"); + nottl = !state; + break; + default: + goto invalid_option; + } + break; + case 'v': /* vtrace */ + FULLCHECK("vtrace"); + validator_trace = state; + if (state) + resolve_trace = state; + break; + default: + invalid_option: + /* + * We can also add a "need_value:" case here if we ever + * add a plus-option that requires a specified value + */ + fprintf(stderr, "Invalid option: +%s\n", option); + usage(); + } + return; +} + +/* + * options: "46a:b:c:d:himp:q:t:vx:"; + */ +static const char *single_dash_opts = "46himv"; +static bool +dash_option(char *option, char *next, bool *open_type_class) { + char opt, *value; + isc_result_t result; + bool value_from_next; + isc_textregion_t tr; + dns_rdatatype_t rdtype; + dns_rdataclass_t rdclass; + char textname[MAXNAME]; + struct in_addr in4; + struct in6_addr in6; + in_port_t srcport; + uint32_t num; + char *hash; + + while (strpbrk(option, single_dash_opts) == &option[0]) { + /* + * Since the -[46himv] options do not take an argument, + * account for them (in any number and/or combination) + * if they appear as the first character(s) of a q-opt. + */ + opt = option[0]; + switch (opt) { + case '4': + if (isc_net_probeipv4() != ISC_R_SUCCESS) + fatal("IPv4 networking not available"); + if (use_ipv6) { + isc_net_disableipv6(); + use_ipv6 = false; + } + break; + case '6': + if (isc_net_probeipv6() != ISC_R_SUCCESS) + fatal("IPv6 networking not available"); + if (use_ipv4) { + isc_net_disableipv4(); + use_ipv4 = false; + } + break; + case 'h': + usage(); + exit(0); + /* NOTREACHED */ + case 'i': + no_sigs = true; + dlv_validation = false; + root_validation = false; + break; + case 'm': + /* handled in preparse_args() */ + break; + case 'v': + fputs("delv " VERSION "\n", stderr); + exit(0); + /* NOTREACHED */ + default: + INSIST(0); + } + if (strlen(option) > 1U) + option = &option[1]; + else + return (false); + } + opt = option[0]; + if (strlen(option) > 1U) { + value_from_next = false; + value = &option[1]; + } else { + value_from_next = true; + value = next; + } + if (value == NULL) + goto invalid_option; + switch (opt) { + case 'a': + anchorfile = isc_mem_strdup(mctx, value); + if (anchorfile == NULL) + fatal("out of memory"); + return (value_from_next); + case 'b': + hash = strchr(value, '#'); + if (hash != NULL) { + result = parse_uint(&num, hash + 1, 0xffff, "port"); + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse port number"); + srcport = num; + *hash = '\0'; + } else + srcport = 0; + + if (inet_pton(AF_INET, value, &in4) == 1) { + if (srcaddr4 != NULL) + fatal("Only one local address per family " + "can be specified\n"); + isc_sockaddr_fromin(&a4, &in4, srcport); + srcaddr4 = &a4; + } else if (inet_pton(AF_INET6, value, &in6) == 1) { + if (srcaddr6 != NULL) + fatal("Only one local address per family " + "can be specified\n"); + isc_sockaddr_fromin6(&a6, &in6, srcport); + srcaddr6 = &a6; + } else { + if (hash != NULL) + *hash = '#'; + fatal("Invalid address %s", value); + } + if (hash != NULL) + *hash = '#'; + return (value_from_next); + case 'c': + if (classset) + warn("extra query class"); + + *open_type_class = false; + tr.base = value; + tr.length = strlen(value); + result = dns_rdataclass_fromtext(&rdclass, + (isc_textregion_t *)&tr); + if (result == ISC_R_SUCCESS) + classset = true; + else if (rdclass != dns_rdataclass_in) + warn("ignoring non-IN query class"); + else + warn("ignoring invalid class"); + return (value_from_next); + case 'd': + result = parse_uint(&num, value, 99, "debug level"); + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse debug level"); + loglevel = num; + return (value_from_next); + case 'p': + port = value; + return (value_from_next); + case 'q': + if (curqname != NULL) { + warn("extra query name"); + isc_mem_free(mctx, curqname); + } + curqname = isc_mem_strdup(mctx, value); + if (curqname == NULL) + fatal("out of memory"); + return (value_from_next); + case 't': + *open_type_class = false; + tr.base = value; + tr.length = strlen(value); + result = dns_rdatatype_fromtext(&rdtype, + (isc_textregion_t *)&tr); + if (result == ISC_R_SUCCESS) { + if (typeset) + warn("extra query type"); + if (rdtype == dns_rdatatype_ixfr || + rdtype == dns_rdatatype_axfr) + fatal("Transfer not supported"); + qtype = rdtype; + typeset = true; + } else + warn("ignoring invalid type"); + return (value_from_next); + case 'x': + result = get_reverse(textname, sizeof(textname), value, + false); + if (result == ISC_R_SUCCESS) { + if (curqname != NULL) { + isc_mem_free(mctx, curqname); + warn("extra query name"); + } + curqname = isc_mem_strdup(mctx, textname); + if (curqname == NULL) + fatal("out of memory"); + if (typeset) + warn("extra query type"); + qtype = dns_rdatatype_ptr; + typeset = true; + } else { + fprintf(stderr, "Invalid IP address %s\n", value); + exit(1); + } + return (value_from_next); + invalid_option: + default: + fprintf(stderr, "Invalid option: -%s\n", option); + usage(); + } + /* NOTREACHED */ + return (false); +} + +/* + * Check for -m first to determine whether to enable + * memory debugging when setting up the memory context. + */ +static void +preparse_args(int argc, char **argv) { + bool ipv4only = false, ipv6only = false; + char *option; + + for (argc--, argv++; argc > 0; argc--, argv++) { + if (argv[0][0] != '-') + continue; + option = &argv[0][1]; + while (strpbrk(option, single_dash_opts) == &option[0]) { + switch (option[0]) { + case 'm': + isc_mem_debugging = ISC_MEM_DEBUGTRACE | + ISC_MEM_DEBUGRECORD; + break; + case '4': + if (ipv6only) { + fatal("only one of -4 and -6 allowed"); + } + ipv4only = true; + break; + case '6': + if (ipv4only) { + fatal("only one of -4 and -6 allowed"); + } + ipv6only = true; + break; + } + option = &option[1]; + } + } +} + +/* + * Argument parsing is based on dig, but simplified: only one + * QNAME/QCLASS/QTYPE tuple can be specified, and options have + * been removed that aren't applicable to delv. The interface + * should be familiar to dig users, however. + */ +static void +parse_args(int argc, char **argv) { + isc_result_t result; + isc_textregion_t tr; + dns_rdatatype_t rdtype; + dns_rdataclass_t rdclass; + bool open_type_class = true; + + for (; argc > 0; argc--, argv++) { + if (argv[0][0] == '@') { + server = &argv[0][1]; + } else if (argv[0][0] == '+') { + plus_option(&argv[0][1]); + } else if (argv[0][0] == '-') { + if (argc <= 1) { + if (dash_option(&argv[0][1], NULL, + &open_type_class)) + { + argc--; + argv++; + } + } else { + if (dash_option(&argv[0][1], argv[1], + &open_type_class)) + { + argc--; + argv++; + } + } + } else { + /* + * Anything which isn't an option + */ + if (open_type_class) { + tr.base = argv[0]; + tr.length = strlen(argv[0]); + result = dns_rdatatype_fromtext(&rdtype, + (isc_textregion_t *)&tr); + if (result == ISC_R_SUCCESS) { + if (typeset) + warn("extra query type"); + if (rdtype == dns_rdatatype_ixfr || + rdtype == dns_rdatatype_axfr) + fatal("Transfer not supported"); + qtype = rdtype; + typeset = true; + continue; + } + result = dns_rdataclass_fromtext(&rdclass, + (isc_textregion_t *)&tr); + if (result == ISC_R_SUCCESS) { + if (classset) + warn("extra query class"); + else if (rdclass != dns_rdataclass_in) + warn("ignoring non-IN " + "query class"); + continue; + } + } + + if (curqname == NULL) { + curqname = isc_mem_strdup(mctx, argv[0]); + if (curqname == NULL) + fatal("out of memory"); + } + } + } + + /* + * If no qname or qtype specified, search for root/NS + * If no qtype specified, use A + */ + if (!typeset) + qtype = dns_rdatatype_a; + + if (curqname == NULL) { + qname = isc_mem_strdup(mctx, "."); + if (qname == NULL) + fatal("out of memory"); + + if (!typeset) + qtype = dns_rdatatype_ns; + } else + qname = curqname; +} + +static isc_result_t +append_str(const char *text, int len, char **p, char *end) { + if (len > end - *p) + return (ISC_R_NOSPACE); + memmove(*p, text, len); + *p += len; + return (ISC_R_SUCCESS); +} + +static isc_result_t +reverse_octets(const char *in, char **p, char *end) { + char *dot = strchr(in, '.'); + int len; + if (dot != NULL) { + isc_result_t result; + result = reverse_octets(dot + 1, p, end); + if (result != ISC_R_SUCCESS) + return (result); + result = append_str(".", 1, p, end); + if (result != ISC_R_SUCCESS) + return (result); + len = (int)(dot - in); + } else + len = strlen(in); + return (append_str(in, len, p, end)); +} + +static isc_result_t +get_reverse(char *reverse, size_t len, char *value, bool strict) { + int r; + isc_result_t result; + isc_netaddr_t addr; + + addr.family = AF_INET6; + r = inet_pton(AF_INET6, value, &addr.type.in6); + if (r > 0) { + /* This is a valid IPv6 address. */ + dns_fixedname_t fname; + dns_name_t *name; + unsigned int options = 0; + + name = dns_fixedname_initname(&fname); + result = dns_byaddr_createptrname2(&addr, options, name); + if (result != ISC_R_SUCCESS) + return (result); + dns_name_format(name, reverse, (unsigned int)len); + return (ISC_R_SUCCESS); + } else { + /* + * Not a valid IPv6 address. Assume IPv4. + * If 'strict' is not set, construct the + * in-addr.arpa name by blindly reversing + * octets whether or not they look like integers, + * so that this can be used for RFC2317 names + * and such. + */ + char *p = reverse; + char *end = reverse + len; + if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1) + return (DNS_R_BADDOTTEDQUAD); + result = reverse_octets(value, &p, end); + if (result != ISC_R_SUCCESS) + return (result); + result = append_str(".in-addr.arpa.", 15, &p, end); + if (result != ISC_R_SUCCESS) + return (result); + return (ISC_R_SUCCESS); + } +} + +int +main(int argc, char *argv[]) { + dns_client_t *client = NULL; + isc_result_t result; + dns_fixedname_t qfn; + dns_name_t *query_name, *response_name; + dns_rdataset_t *rdataset; + dns_namelist_t namelist; + unsigned int resopt, clopt; + isc_appctx_t *actx = NULL; + isc_taskmgr_t *taskmgr = NULL; + isc_socketmgr_t *socketmgr = NULL; + isc_timermgr_t *timermgr = NULL; + dns_master_style_t *style = NULL; +#ifndef WIN32 + struct sigaction sa; +#endif + + progname = argv[0]; + preparse_args(argc, argv); + + argc--; + argv++; + + isc_lib_register(); + result = dns_lib_init(); + if (result != ISC_R_SUCCESS) + fatal("dns_lib_init failed: %d", result); + + result = isc_mem_create(0, 0, &mctx); + if (result != ISC_R_SUCCESS) + fatal("failed to create mctx"); + + CHECK(isc_appctx_create(mctx, &actx)); + CHECK(isc_taskmgr_createinctx(mctx, actx, 1, 0, &taskmgr)); + CHECK(isc_socketmgr_createinctx(mctx, actx, &socketmgr)); + CHECK(isc_timermgr_createinctx(mctx, actx, &timermgr)); + + parse_args(argc, argv); + + CHECK(setup_style(&style)); + + setup_logging(stderr); + + CHECK(isc_app_ctxstart(actx)); + +#ifndef WIN32 + /* Unblock SIGINT if it's been blocked by isc_app_ctxstart() */ + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + if (sigfillset(&sa.sa_mask) != 0 || sigaction(SIGINT, &sa, NULL) < 0) + fatal("Couldn't set up signal handler"); +#endif + + /* Create client */ + clopt = DNS_CLIENTCREATEOPT_USECACHE; + result = dns_client_createx2(mctx, actx, taskmgr, socketmgr, timermgr, + clopt, &client, srcaddr4, srcaddr6); + if (result != ISC_R_SUCCESS) { + delv_log(ISC_LOG_ERROR, "dns_client_create: %s", + isc_result_totext(result)); + goto cleanup; + } + + /* Set the nameserver */ + if (server != NULL) + addserver(client); + else + findserver(client); + + CHECK(setup_dnsseckeys(client)); + + /* Construct QNAME */ + CHECK(convert_name(&qfn, &query_name, qname)); + + /* Set up resolution options */ + resopt = DNS_CLIENTRESOPT_ALLOWRUN | DNS_CLIENTRESOPT_NOCDFLAG; + if (no_sigs) + resopt |= DNS_CLIENTRESOPT_NODNSSEC; + if (!root_validation && !dlv_validation) + resopt |= DNS_CLIENTRESOPT_NOVALIDATE; + if (cdflag) + resopt &= ~DNS_CLIENTRESOPT_NOCDFLAG; + if (use_tcp) + resopt |= DNS_CLIENTRESOPT_TCP; + + /* Perform resolution */ + ISC_LIST_INIT(namelist); + result = dns_client_resolve(client, query_name, dns_rdataclass_in, + qtype, resopt, &namelist); + if (result != ISC_R_SUCCESS) + delv_log(ISC_LOG_ERROR, "resolution failed: %s", + isc_result_totext(result)); + + for (response_name = ISC_LIST_HEAD(namelist); + response_name != NULL; + response_name = ISC_LIST_NEXT(response_name, link)) { + for (rdataset = ISC_LIST_HEAD(response_name->list); + rdataset != NULL; + rdataset = ISC_LIST_NEXT(rdataset, link)) { + result = printdata(rdataset, response_name, style); + if (result != ISC_R_SUCCESS) + delv_log(ISC_LOG_ERROR, "print data failed"); + } + } + + dns_client_freeresanswer(client, &namelist); + +cleanup: + if (dlv_anchor != NULL) + isc_mem_free(mctx, dlv_anchor); + if (trust_anchor != NULL) + isc_mem_free(mctx, trust_anchor); + if (anchorfile != NULL) + isc_mem_free(mctx, anchorfile); + if (qname != NULL) + isc_mem_free(mctx, qname); + if (style != NULL) + dns_master_styledestroy(&style, mctx); + if (client != NULL) + dns_client_destroy(&client); + if (taskmgr != NULL) + isc_taskmgr_destroy(&taskmgr); + if (timermgr != NULL) + isc_timermgr_destroy(&timermgr); + if (socketmgr != NULL) + isc_socketmgr_destroy(&socketmgr); + if (actx != NULL) + isc_appctx_destroy(&actx); + if (lctx != NULL) + isc_log_destroy(&lctx); + isc_mem_detach(&mctx); + + dns_lib_shutdown(); + + return (0); +} diff --git a/bin/delv/delv.docbook b/bin/delv/delv.docbook new file mode 100644 index 0000000..f8c4f79 --- /dev/null +++ b/bin/delv/delv.docbook @@ -0,0 +1,701 @@ +<!DOCTYPE book [ +<!ENTITY mdash "—">]> +<!-- + - Copyright (C) Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. + - + - See the COPYRIGHT file distributed with this work for additional + - information regarding copyright ownership. +--> + +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv"> + <info> + <date>2014-04-23</date> + </info> + <refentryinfo> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> + </refentryinfo> + + <refmeta> + <refentrytitle>delv</refentrytitle> + <manvolnum>1</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname>delv</refname> + <refpurpose>DNS lookup and validation utility</refpurpose> + </refnamediv> + + <docinfo> + <copyright> + <year>2014</year> + <year>2015</year> + <year>2016</year> + <year>2017</year> + <year>2018</year> + <year>2019</year> + <holder>Internet Systems Consortium, Inc. ("ISC")</holder> + </copyright> + </docinfo> + + <refsynopsisdiv> + <cmdsynopsis sepchar=" "> + <command>delv</command> + <arg choice="opt" rep="norepeat">@server</arg> + <group choice="opt" rep="norepeat"> + <arg choice="opt" rep="norepeat"><option>-4</option></arg> + <arg choice="opt" rep="norepeat"><option>-6</option></arg> + </group> + <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">anchor-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">level</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-i</option></arg> + <arg choice="opt" rep="norepeat"><option>-m</option></arg> + <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg> + <arg choice="opt" rep="norepeat">name</arg> + <arg choice="opt" rep="norepeat">type</arg> + <arg choice="opt" rep="norepeat">class</arg> + <arg choice="opt" rep="repeat">queryopt</arg> + </cmdsynopsis> + + <cmdsynopsis sepchar=" "> + <command>delv</command> + <arg choice="opt" rep="norepeat"><option>-h</option></arg> + </cmdsynopsis> + + <cmdsynopsis sepchar=" "> + <command>delv</command> + <arg choice="opt" rep="norepeat"><option>-v</option></arg> + </cmdsynopsis> + + <cmdsynopsis sepchar=" "> + <command>delv</command> + <arg choice="opt" rep="repeat">queryopt</arg> + <arg choice="opt" rep="repeat">query</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsection><info><title>DESCRIPTION</title></info> + + <para><command>delv</command> + is a tool for sending + DNS queries and validating the results, using the same internal + resolver and validator logic as <command>named</command>. + </para> + <para> + <command>delv</command> will send to a specified name server all + queries needed to fetch and validate the requested data; this + includes the original requested query, subsequent queries to follow + CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records + to establish a chain of trust for DNSSEC validation. + It does not perform iterative resolution, but simulates the + behavior of a name server configured for DNSSEC validating and + forwarding. + </para> + <para> + By default, responses are validated using built-in DNSSEC trust + anchor for the root zone ("."). Records returned by + <command>delv</command> are either fully validated or + were not signed. If validation fails, an explanation of + the failure is included in the output; the validation process + can be traced in detail. Because <command>delv</command> does + not rely on an external server to carry out validation, it can + be used to check the validity of DNS responses in environments + where local name servers may not be trustworthy. + </para> + <para> + Unless it is told to query a specific name server, + <command>delv</command> will try each of the servers listed in + <filename>/etc/resolv.conf</filename>. If no usable server + addresses are found, <command>delv</command> will send + queries to the localhost addresses (127.0.0.1 for IPv4, ::1 + for IPv6). + </para> + <para> + When no command line arguments or options are given, + <command>delv</command> will perform an NS query for "." + (the root zone). + </para> + </refsection> + + <refsection><info><title>SIMPLE USAGE</title></info> + + + <para> + A typical invocation of <command>delv</command> looks like: + <programlisting> delv @server name type </programlisting> + where: + + <variablelist> + <varlistentry> + <term><constant>server</constant></term> + <listitem> + <para> + is the name or IP address of the name server to query. This + can be an IPv4 address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + <parameter>server</parameter> argument is a hostname, + <command>delv</command> resolves that name before + querying that name server (note, however, that this + initial lookup is <emphasis>not</emphasis> validated + by DNSSEC). + </para> + <para> + If no <parameter>server</parameter> argument is + provided, <command>delv</command> consults + <filename>/etc/resolv.conf</filename>; if an + address is found there, it queries the name server at + that address. If either of the <option>-4</option> or + <option>-6</option> options are in use, then + only addresses for the corresponding transport + will be tried. If no usable addresses are found, + <command>delv</command> will send queries to + the localhost addresses (127.0.0.1 for IPv4, + ::1 for IPv6). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><constant>name</constant></term> + <listitem> + <para> + is the domain name to be looked up. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><constant>type</constant></term> + <listitem> + <para> + indicates what type of query is required — + ANY, A, MX, etc. + <parameter>type</parameter> can be any valid query + type. If no + <parameter>type</parameter> argument is supplied, + <command>delv</command> will perform a lookup for an + A record. + </para> + </listitem> + </varlistentry> + + </variablelist> + </para> + + </refsection> + + <refsection><info><title>OPTIONS</title></info> + + <variablelist> + + <varlistentry> + <term>-a <replaceable class="parameter">anchor-file</replaceable></term> + <listitem> + <para> + Specifies a file from which to read DNSSEC trust anchors. + The default is <filename>/etc/bind.keys</filename>, which + is included with <acronym>BIND</acronym> 9 and contains + one or more trust anchors for the root zone ("."). + </para> + <para> + Keys that do not match the root zone name are ignored. + An alternate key name can be specified using the + <option>+root=NAME</option> options. DNSSEC Lookaside + Validation can also be turned on by using the + <option>+dlv=NAME</option> to specify the name of a + zone containing DLV records. + </para> + <para> + Note: When reading the trust anchor file, + <command>delv</command> treats <option>managed-keys</option> + statements and <option>trusted-keys</option> statements + identically. That is, for a managed key, it is the + <emphasis>initial</emphasis> key that is trusted; RFC 5011 + key management is not supported. <command>delv</command> + will not consult the managed-keys database maintained by + <command>named</command>. This means that if either of the + keys in <filename>/etc/bind.keys</filename> is revoked + and rolled over, it will be necessary to update + <filename>/etc/bind.keys</filename> to use DNSSEC + validation in <command>delv</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-b <replaceable class="parameter">address</replaceable></term> + <listitem> + <para> + Sets the source IP address of the query to + <parameter>address</parameter>. This must be a valid address + on one of the host's network interfaces or "0.0.0.0" or "::". + An optional source port may be specified by appending + "#<port>" + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-c <replaceable class="parameter">class</replaceable></term> + <listitem> + <para> + Sets the query class for the requested data. Currently, + only class "IN" is supported in <command>delv</command> + and any other value is ignored. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-d <replaceable class="parameter">level</replaceable></term> + <listitem> + <para> + Set the systemwide debug level to <option>level</option>. + The allowed range is from 0 to 99. + The default is 0 (no debugging). + Debugging traces from <command>delv</command> become + more verbose as the debug level increases. + See the <option>+mtrace</option>, <option>+rtrace</option>, + and <option>+vtrace</option> options below for additional + debugging details. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem> + <para> + Display the <command>delv</command> help usage output and exit. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem> + <para> + Insecure mode. This disables internal DNSSEC validation. + (Note, however, this does not set the CD bit on upstream + queries. If the server being queried is performing DNSSEC + validation, then it will not return invalid data; this + can cause <command>delv</command> to time out. When it + is necessary to examine invalid data to debug a DNSSEC + problem, use <command>dig +cd</command>.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-m</term> + <listitem> + <para> + Enables memory usage debugging. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-p <replaceable class="parameter">port#</replaceable></term> + <listitem> + <para> + Specifies a destination port to use for queries instead of + the standard DNS port number 53. This option would be used + with a name server that has been configured to listen + for queries on a non-standard port number. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-q <replaceable class="parameter">name</replaceable></term> + <listitem> + <para> + Sets the query name to <parameter>name</parameter>. + While the query name can be specified without using the + <option>-q</option>, it is sometimes necessary to disambiguate + names from types or classes (for example, when looking up the + name "ns", which could be misinterpreted as the type NS, + or "ch", which could be misinterpreted as class CH). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-t <replaceable class="parameter">type</replaceable></term> + <listitem> + <para> + Sets the query type to <parameter>type</parameter>, which + can be any valid query type supported in BIND 9 except + for zone transfer types AXFR and IXFR. As with + <option>-q</option>, this is useful to distinguish + query name type or class when they are ambiguous. + it is sometimes necessary to disambiguate names from types. + </para> + <para> + The default query type is "A", unless the <option>-x</option> + option is supplied to indicate a reverse lookup, in which case + it is "PTR". + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-v</term> + <listitem> + <para> + Print the <command>delv</command> version and exit. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-x <replaceable class="parameter">addr</replaceable></term> + <listitem> + <para> + Performs a reverse lookup, mapping an addresses to + a name. <parameter>addr</parameter> is an IPv4 address in + dotted-decimal notation, or a colon-delimited IPv6 address. + When <option>-x</option> is used, there is no need to provide + the <parameter>name</parameter> or <parameter>type</parameter> + arguments. <command>delv</command> automatically performs a + lookup for a name like <literal>11.12.13.10.in-addr.arpa</literal> + and sets the query type to PTR. IPv6 addresses are looked up + using nibble format under the IP6.ARPA domain. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-4</term> + <listitem> + <para> + Forces <command>delv</command> to only use IPv4. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-6</term> + <listitem> + <para> + Forces <command>delv</command> to only use IPv6. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsection> + + <refsection><info><title>QUERY OPTIONS</title></info> + + + <para><command>delv</command> + provides a number of query options which affect the way results are + displayed, and in some cases the way lookups are performed. + </para> + + <para> + Each query option is identified by a keyword preceded by a plus sign + (<literal>+</literal>). Some keywords set or reset an + option. These may be preceded by the string + <literal>no</literal> to negate the meaning of that keyword. + Other keywords assign values to options like the timeout interval. + They have the form <option>+keyword=value</option>. + The query options are: + + <variablelist> + <varlistentry> + <term><option>+[no]cdflag</option></term> + <listitem> + <para> + Controls whether to set the CD (checking disabled) bit in + queries sent by <command>delv</command>. This may be useful + when troubleshooting DNSSEC problems from behind a validating + resolver. A validating resolver will block invalid responses, + making it difficult to retrieve them for analysis. Setting + the CD flag on queries will cause the resolver to return + invalid responses, which <command>delv</command> can then + validate internally and report the errors in detail. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]class</option></term> + <listitem> + <para> + Controls whether to display the CLASS when printing + a record. The default is to display the CLASS. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]ttl</option></term> + <listitem> + <para> + Controls whether to display the TTL when printing + a record. The default is to display the TTL. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]rtrace</option></term> + <listitem> + <para> + Toggle resolver fetch logging. This reports the + name and type of each query sent by <command>delv</command> + in the process of carrying out the resolution and validation + process: this includes including the original query and + all subsequent queries to follow CNAMEs and to establish a + chain of trust for DNSSEC validation. + </para> + <para> + This is equivalent to setting the debug level to 1 in + the "resolver" logging category. Setting the systemwide + debug level to 1 using the <option>-d</option> option will + product the same output (but will affect other logging + categories as well). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]mtrace</option></term> + <listitem> + <para> + Toggle message logging. This produces a detailed dump of + the responses received by <command>delv</command> in the + process of carrying out the resolution and validation process. + </para> + <para> + This is equivalent to setting the debug level to 10 + for the "packets" module of the "resolver" logging + category. Setting the systemwide debug level to 10 using + the <option>-d</option> option will produce the same output + (but will affect other logging categories as well). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]vtrace</option></term> + <listitem> + <para> + Toggle validation logging. This shows the internal + process of the validator as it determines whether an + answer is validly signed, unsigned, or invalid. + </para> + <para> + This is equivalent to setting the debug level to 3 + for the "validator" module of the "dnssec" logging + category. Setting the systemwide debug level to 3 using + the <option>-d</option> option will produce the same output + (but will affect other logging categories as well). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]short</option></term> + <listitem> + <para> + Provide a terse answer. The default is to print the answer in a + verbose form. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]comments</option></term> + <listitem> + <para> + Toggle the display of comment lines in the output. The default + is to print comments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]rrcomments</option></term> + <listitem> + <para> + Toggle the display of per-record comments in the output (for + example, human-readable key information about DNSKEY records). + The default is to print per-record comments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]crypto</option></term> + <listitem> + <para> + Toggle the display of cryptographic fields in DNSSEC records. + The contents of these field are unnecessary to debug most DNSSEC + validation failures and removing them makes it easier to see + the common failures. The default is to display the fields. + When omitted they are replaced by the string "[omitted]" or + in the DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]trust</option></term> + <listitem> + <para> + Controls whether to display the trust level when printing + a record. The default is to display the trust level. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]split[=W]</option></term> + <listitem> + <para> + Split long hex- or base64-formatted fields in resource + records into chunks of <parameter>W</parameter> characters + (where <parameter>W</parameter> is rounded up to the nearest + multiple of 4). + <parameter>+nosplit</parameter> or + <parameter>+split=0</parameter> causes fields not to be + split at all. The default is 56 characters, or 44 characters + when multiline mode is active. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]all</option></term> + <listitem> + <para> + Set or clear the display options + <option>+[no]comments</option>, + <option>+[no]rrcomments</option>, and + <option>+[no]trust</option> as a group. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]multiline</option></term> + <listitem> + <para> + Print long records (such as RRSIG, DNSKEY, and SOA records) + in a verbose multi-line format with human-readable comments. + The default is to print each record on a single line, to + facilitate machine parsing of the <command>delv</command> + output. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]dnssec</option></term> + <listitem> + <para> + Indicates whether to display RRSIG records in the + <command>delv</command> output. The default is to + do so. Note that (unlike in <command>dig</command>) + this does <emphasis>not</emphasis> control whether to + request DNSSEC records or whether to validate them. + DNSSEC records are always requested, and validation + will always occur unless suppressed by the use of + <option>-i</option> or <option>+noroot</option> and + <option>+nodlv</option>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]root[=ROOT]</option></term> + <listitem> + <para> + Indicates whether to perform conventional (non-lookaside) + DNSSEC validation, and if so, specifies the + name of a trust anchor. The default is to validate using + a trust anchor of "." (the root zone), for which there is + a built-in key. If specifying a different trust anchor, + then <option>-a</option> must be used to specify a file + containing the key. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]dlv[=DLV]</option></term> + <listitem> + <para> + Indicates whether to perform DNSSEC lookaside validation, + and if so, specifies the name of the DLV trust anchor. + The <option>-a</option> option must also be used to specify + a file containing the DLV key. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]tcp</option></term> + <listitem> + <para> + Controls whether to use TCP when sending queries. + The default is to use UDP unless a truncated + response has been received. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]unknownformat</option></term> + <listitem> + <para> + Print all RDATA in unknown RR type presentation format + (RFC 3597). The default is to print RDATA for known types + in the type's presentation format. + </para> + </listitem> + </varlistentry> + </variablelist> + + </para> + </refsection> + + <refsection><info><title>FILES</title></info> + + <para><filename>/etc/bind.keys</filename></para> + <para><filename>/etc/resolv.conf</filename></para> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> + + <para><citerefentry> + <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>RFC4034</citetitle>, + <citetitle>RFC4035</citetitle>, + <citetitle>RFC4431</citetitle>, + <citetitle>RFC5074</citetitle>, + <citetitle>RFC5155</citetitle>. + </para> + </refsection> + +</refentry> diff --git a/bin/delv/delv.html b/bin/delv/delv.html new file mode 100644 index 0000000..22c70cd --- /dev/null +++ b/bin/delv/delv.html @@ -0,0 +1,592 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<!-- + - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. +--> +<html lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>delv</title> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +</head> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<a name="man.delv"></a><div class="titlepage"></div> + + + + + + <div class="refnamediv"> +<h2>Name</h2> +<p> + delv + — DNS lookup and validation utility + </p> +</div> + + + + <div class="refsynopsisdiv"> +<h2>Synopsis</h2> + <div class="cmdsynopsis"><p> + <code class="command">delv</code> + [@server] + [ + [<code class="option">-4</code>] + | [<code class="option">-6</code>] + ] + [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] + [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] + [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] + [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] + [<code class="option">-i</code>] + [<code class="option">-m</code>] + [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] + [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] + [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] + [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] + [name] + [type] + [class] + [queryopt...] + </p></div> + + <div class="cmdsynopsis"><p> + <code class="command">delv</code> + [<code class="option">-h</code>] + </p></div> + + <div class="cmdsynopsis"><p> + <code class="command">delv</code> + [<code class="option">-v</code>] + </p></div> + + <div class="cmdsynopsis"><p> + <code class="command">delv</code> + [queryopt...] + [query...] + </p></div> + </div> + + <div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> + + <p><span class="command"><strong>delv</strong></span> + is a tool for sending + DNS queries and validating the results, using the same internal + resolver and validator logic as <span class="command"><strong>named</strong></span>. + </p> + <p> + <span class="command"><strong>delv</strong></span> will send to a specified name server all + queries needed to fetch and validate the requested data; this + includes the original requested query, subsequent queries to follow + CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records + to establish a chain of trust for DNSSEC validation. + It does not perform iterative resolution, but simulates the + behavior of a name server configured for DNSSEC validating and + forwarding. + </p> + <p> + By default, responses are validated using built-in DNSSEC trust + anchor for the root zone ("."). Records returned by + <span class="command"><strong>delv</strong></span> are either fully validated or + were not signed. If validation fails, an explanation of + the failure is included in the output; the validation process + can be traced in detail. Because <span class="command"><strong>delv</strong></span> does + not rely on an external server to carry out validation, it can + be used to check the validity of DNS responses in environments + where local name servers may not be trustworthy. + </p> + <p> + Unless it is told to query a specific name server, + <span class="command"><strong>delv</strong></span> will try each of the servers listed in + <code class="filename">/etc/resolv.conf</code>. If no usable server + addresses are found, <span class="command"><strong>delv</strong></span> will send + queries to the localhost addresses (127.0.0.1 for IPv4, ::1 + for IPv6). + </p> + <p> + When no command line arguments or options are given, + <span class="command"><strong>delv</strong></span> will perform an NS query for "." + (the root zone). + </p> + </div> + + <div class="refsection"> +<a name="id-1.8"></a><h2>SIMPLE USAGE</h2> + + + <p> + A typical invocation of <span class="command"><strong>delv</strong></span> looks like: + </p> +<pre class="programlisting"> delv @server name type </pre> +<p> + where: + + </p> +<div class="variablelist"><dl class="variablelist"> +<dt><span class="term"><code class="constant">server</code></span></dt> +<dd> + <p> + is the name or IP address of the name server to query. This + can be an IPv4 address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + <em class="parameter"><code>server</code></em> argument is a hostname, + <span class="command"><strong>delv</strong></span> resolves that name before + querying that name server (note, however, that this + initial lookup is <span class="emphasis"><em>not</em></span> validated + by DNSSEC). + </p> + <p> + If no <em class="parameter"><code>server</code></em> argument is + provided, <span class="command"><strong>delv</strong></span> consults + <code class="filename">/etc/resolv.conf</code>; if an + address is found there, it queries the name server at + that address. If either of the <code class="option">-4</code> or + <code class="option">-6</code> options are in use, then + only addresses for the corresponding transport + will be tried. If no usable addresses are found, + <span class="command"><strong>delv</strong></span> will send queries to + the localhost addresses (127.0.0.1 for IPv4, + ::1 for IPv6). + </p> + </dd> +<dt><span class="term"><code class="constant">name</code></span></dt> +<dd> + <p> + is the domain name to be looked up. + </p> + </dd> +<dt><span class="term"><code class="constant">type</code></span></dt> +<dd> + <p> + indicates what type of query is required — + ANY, A, MX, etc. + <em class="parameter"><code>type</code></em> can be any valid query + type. If no + <em class="parameter"><code>type</code></em> argument is supplied, + <span class="command"><strong>delv</strong></span> will perform a lookup for an + A record. + </p> + </dd> +</dl></div> +<p> + </p> + + </div> + + <div class="refsection"> +<a name="id-1.9"></a><h2>OPTIONS</h2> + + <div class="variablelist"><dl class="variablelist"> +<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt> +<dd> + <p> + Specifies a file from which to read DNSSEC trust anchors. + The default is <code class="filename">/etc/bind.keys</code>, which + is included with <acronym class="acronym">BIND</acronym> 9 and contains + one or more trust anchors for the root zone ("."). + </p> + <p> + Keys that do not match the root zone name are ignored. + An alternate key name can be specified using the + <code class="option">+root=NAME</code> options. DNSSEC Lookaside + Validation can also be turned on by using the + <code class="option">+dlv=NAME</code> to specify the name of a + zone containing DLV records. + </p> + <p> + Note: When reading the trust anchor file, + <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code> + statements and <code class="option">trusted-keys</code> statements + identically. That is, for a managed key, it is the + <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011 + key management is not supported. <span class="command"><strong>delv</strong></span> + will not consult the managed-keys database maintained by + <span class="command"><strong>named</strong></span>. This means that if either of the + keys in <code class="filename">/etc/bind.keys</code> is revoked + and rolled over, it will be necessary to update + <code class="filename">/etc/bind.keys</code> to use DNSSEC + validation in <span class="command"><strong>delv</strong></span>. + </p> + </dd> +<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt> +<dd> + <p> + Sets the source IP address of the query to + <em class="parameter"><code>address</code></em>. This must be a valid address + on one of the host's network interfaces or "0.0.0.0" or "::". + An optional source port may be specified by appending + "#<port>" + </p> + </dd> +<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> +<dd> + <p> + Sets the query class for the requested data. Currently, + only class "IN" is supported in <span class="command"><strong>delv</strong></span> + and any other value is ignored. + </p> + </dd> +<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt> +<dd> + <p> + Set the systemwide debug level to <code class="option">level</code>. + The allowed range is from 0 to 99. + The default is 0 (no debugging). + Debugging traces from <span class="command"><strong>delv</strong></span> become + more verbose as the debug level increases. + See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>, + and <code class="option">+vtrace</code> options below for additional + debugging details. + </p> + </dd> +<dt><span class="term">-h</span></dt> +<dd> + <p> + Display the <span class="command"><strong>delv</strong></span> help usage output and exit. + </p> + </dd> +<dt><span class="term">-i</span></dt> +<dd> + <p> + Insecure mode. This disables internal DNSSEC validation. + (Note, however, this does not set the CD bit on upstream + queries. If the server being queried is performing DNSSEC + validation, then it will not return invalid data; this + can cause <span class="command"><strong>delv</strong></span> to time out. When it + is necessary to examine invalid data to debug a DNSSEC + problem, use <span class="command"><strong>dig +cd</strong></span>.) + </p> + </dd> +<dt><span class="term">-m</span></dt> +<dd> + <p> + Enables memory usage debugging. + </p> + </dd> +<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt> +<dd> + <p> + Specifies a destination port to use for queries instead of + the standard DNS port number 53. This option would be used + with a name server that has been configured to listen + for queries on a non-standard port number. + </p> + </dd> +<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt> +<dd> + <p> + Sets the query name to <em class="parameter"><code>name</code></em>. + While the query name can be specified without using the + <code class="option">-q</code>, it is sometimes necessary to disambiguate + names from types or classes (for example, when looking up the + name "ns", which could be misinterpreted as the type NS, + or "ch", which could be misinterpreted as class CH). + </p> + </dd> +<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt> +<dd> + <p> + Sets the query type to <em class="parameter"><code>type</code></em>, which + can be any valid query type supported in BIND 9 except + for zone transfer types AXFR and IXFR. As with + <code class="option">-q</code>, this is useful to distinguish + query name type or class when they are ambiguous. + it is sometimes necessary to disambiguate names from types. + </p> + <p> + The default query type is "A", unless the <code class="option">-x</code> + option is supplied to indicate a reverse lookup, in which case + it is "PTR". + </p> + </dd> +<dt><span class="term">-v</span></dt> +<dd> + <p> + Print the <span class="command"><strong>delv</strong></span> version and exit. + </p> + </dd> +<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt> +<dd> + <p> + Performs a reverse lookup, mapping an addresses to + a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in + dotted-decimal notation, or a colon-delimited IPv6 address. + When <code class="option">-x</code> is used, there is no need to provide + the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em> + arguments. <span class="command"><strong>delv</strong></span> automatically performs a + lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code> + and sets the query type to PTR. IPv6 addresses are looked up + using nibble format under the IP6.ARPA domain. + </p> + </dd> +<dt><span class="term">-4</span></dt> +<dd> + <p> + Forces <span class="command"><strong>delv</strong></span> to only use IPv4. + </p> + </dd> +<dt><span class="term">-6</span></dt> +<dd> + <p> + Forces <span class="command"><strong>delv</strong></span> to only use IPv6. + </p> + </dd> +</dl></div> + </div> + + <div class="refsection"> +<a name="id-1.10"></a><h2>QUERY OPTIONS</h2> + + + <p><span class="command"><strong>delv</strong></span> + provides a number of query options which affect the way results are + displayed, and in some cases the way lookups are performed. + </p> + + <p> + Each query option is identified by a keyword preceded by a plus sign + (<code class="literal">+</code>). Some keywords set or reset an + option. These may be preceded by the string + <code class="literal">no</code> to negate the meaning of that keyword. + Other keywords assign values to options like the timeout interval. + They have the form <code class="option">+keyword=value</code>. + The query options are: + + </p> +<div class="variablelist"><dl class="variablelist"> +<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt> +<dd> + <p> + Controls whether to set the CD (checking disabled) bit in + queries sent by <span class="command"><strong>delv</strong></span>. This may be useful + when troubleshooting DNSSEC problems from behind a validating + resolver. A validating resolver will block invalid responses, + making it difficult to retrieve them for analysis. Setting + the CD flag on queries will cause the resolver to return + invalid responses, which <span class="command"><strong>delv</strong></span> can then + validate internally and report the errors in detail. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]class</code></span></dt> +<dd> + <p> + Controls whether to display the CLASS when printing + a record. The default is to display the CLASS. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]ttl</code></span></dt> +<dd> + <p> + Controls whether to display the TTL when printing + a record. The default is to display the TTL. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt> +<dd> + <p> + Toggle resolver fetch logging. This reports the + name and type of each query sent by <span class="command"><strong>delv</strong></span> + in the process of carrying out the resolution and validation + process: this includes including the original query and + all subsequent queries to follow CNAMEs and to establish a + chain of trust for DNSSEC validation. + </p> + <p> + This is equivalent to setting the debug level to 1 in + the "resolver" logging category. Setting the systemwide + debug level to 1 using the <code class="option">-d</code> option will + product the same output (but will affect other logging + categories as well). + </p> + </dd> +<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt> +<dd> + <p> + Toggle message logging. This produces a detailed dump of + the responses received by <span class="command"><strong>delv</strong></span> in the + process of carrying out the resolution and validation process. + </p> + <p> + This is equivalent to setting the debug level to 10 + for the "packets" module of the "resolver" logging + category. Setting the systemwide debug level to 10 using + the <code class="option">-d</code> option will produce the same output + (but will affect other logging categories as well). + </p> + </dd> +<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt> +<dd> + <p> + Toggle validation logging. This shows the internal + process of the validator as it determines whether an + answer is validly signed, unsigned, or invalid. + </p> + <p> + This is equivalent to setting the debug level to 3 + for the "validator" module of the "dnssec" logging + category. Setting the systemwide debug level to 3 using + the <code class="option">-d</code> option will produce the same output + (but will affect other logging categories as well). + </p> + </dd> +<dt><span class="term"><code class="option">+[no]short</code></span></dt> +<dd> + <p> + Provide a terse answer. The default is to print the answer in a + verbose form. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]comments</code></span></dt> +<dd> + <p> + Toggle the display of comment lines in the output. The default + is to print comments. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt> +<dd> + <p> + Toggle the display of per-record comments in the output (for + example, human-readable key information about DNSKEY records). + The default is to print per-record comments. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]crypto</code></span></dt> +<dd> + <p> + Toggle the display of cryptographic fields in DNSSEC records. + The contents of these field are unnecessary to debug most DNSSEC + validation failures and removing them makes it easier to see + the common failures. The default is to display the fields. + When omitted they are replaced by the string "[omitted]" or + in the DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". + </p> + </dd> +<dt><span class="term"><code class="option">+[no]trust</code></span></dt> +<dd> + <p> + Controls whether to display the trust level when printing + a record. The default is to display the trust level. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt> +<dd> + <p> + Split long hex- or base64-formatted fields in resource + records into chunks of <em class="parameter"><code>W</code></em> characters + (where <em class="parameter"><code>W</code></em> is rounded up to the nearest + multiple of 4). + <em class="parameter"><code>+nosplit</code></em> or + <em class="parameter"><code>+split=0</code></em> causes fields not to be + split at all. The default is 56 characters, or 44 characters + when multiline mode is active. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]all</code></span></dt> +<dd> + <p> + Set or clear the display options + <code class="option">+[no]comments</code>, + <code class="option">+[no]rrcomments</code>, and + <code class="option">+[no]trust</code> as a group. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]multiline</code></span></dt> +<dd> + <p> + Print long records (such as RRSIG, DNSKEY, and SOA records) + in a verbose multi-line format with human-readable comments. + The default is to print each record on a single line, to + facilitate machine parsing of the <span class="command"><strong>delv</strong></span> + output. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt> +<dd> + <p> + Indicates whether to display RRSIG records in the + <span class="command"><strong>delv</strong></span> output. The default is to + do so. Note that (unlike in <span class="command"><strong>dig</strong></span>) + this does <span class="emphasis"><em>not</em></span> control whether to + request DNSSEC records or whether to validate them. + DNSSEC records are always requested, and validation + will always occur unless suppressed by the use of + <code class="option">-i</code> or <code class="option">+noroot</code> and + <code class="option">+nodlv</code>. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt> +<dd> + <p> + Indicates whether to perform conventional (non-lookaside) + DNSSEC validation, and if so, specifies the + name of a trust anchor. The default is to validate using + a trust anchor of "." (the root zone), for which there is + a built-in key. If specifying a different trust anchor, + then <code class="option">-a</code> must be used to specify a file + containing the key. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt> +<dd> + <p> + Indicates whether to perform DNSSEC lookaside validation, + and if so, specifies the name of the DLV trust anchor. + The <code class="option">-a</code> option must also be used to specify + a file containing the DLV key. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]tcp</code></span></dt> +<dd> + <p> + Controls whether to use TCP when sending queries. + The default is to use UDP unless a truncated + response has been received. + </p> + </dd> +<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt> +<dd> + <p> + Print all RDATA in unknown RR type presentation format + (RFC 3597). The default is to print RDATA for known types + in the type's presentation format. + </p> + </dd> +</dl></div> +<p> + + </p> + </div> + + <div class="refsection"> +<a name="id-1.11"></a><h2>FILES</h2> + + <p><code class="filename">/etc/bind.keys</code></p> + <p><code class="filename">/etc/resolv.conf</code></p> + </div> + + <div class="refsection"> +<a name="id-1.12"></a><h2>SEE ALSO</h2> + + <p><span class="citerefentry"> + <span class="refentrytitle">dig</span>(1) + </span>, + <span class="citerefentry"> + <span class="refentrytitle">named</span>(8) + </span>, + <em class="citetitle">RFC4034</em>, + <em class="citetitle">RFC4035</em>, + <em class="citetitle">RFC4431</em>, + <em class="citetitle">RFC5074</em>, + <em class="citetitle">RFC5155</em>. + </p> + </div> + +</div></body> +</html> diff --git a/bin/delv/win32/delv.dsp.in b/bin/delv/win32/delv.dsp.in new file mode 100644 index 0000000..403ec3e --- /dev/null +++ b/bin/delv/win32/delv.dsp.in @@ -0,0 +1,103 @@ +# Microsoft Developer Studio Project File - Name="delv" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103 + +CFG=delv - @PLATFORM@ Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "delv.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "delv.mak" CFG="delv - @PLATFORM@ Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "delv - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE "delv - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "delv - @PLATFORM@ Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c +# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" @CRYPTO@ /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@ +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/irs/win32/Release/libirs.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/delv.exe" + +!ELSEIF "$(CFG)" == "delv - @PLATFORM@ Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" @CRYPTO@ /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c +# SUBTRACT CPP /X @COPTY@ +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/irs/win32/Debug/libirs.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/delv.exe" /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "delv - @PLATFORM@ Release" +# Name "delv - @PLATFORM@ Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE="..\delv.c" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/bin/delv/win32/delv.dsw b/bin/delv/win32/delv.dsw new file mode 100644 index 0000000..35c8608 --- /dev/null +++ b/bin/delv/win32/delv.dsw @@ -0,0 +1,29 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "delv"=".\delv.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/delv/win32/delv.mak.in b/bin/delv/win32/delv.mak.in new file mode 100644 index 0000000..3797f97 --- /dev/null +++ b/bin/delv/win32/delv.mak.in @@ -0,0 +1,299 @@ +# Microsoft Developer Studio Generated NMAKE File, Based on delv.dsp +!IF "$(CFG)" == "" +CFG=delv - @PLATFORM@ Debug +!MESSAGE No configuration specified. Defaulting to delv - @PLATFORM@ Debug. +!ENDIF + +!IF "$(CFG)" != "delv - @PLATFORM@ Release" && "$(CFG)" != "delv - @PLATFORM@ Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "delv.mak" CFG="delv - @PLATFORM@ Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "delv - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE "delv - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF + +!IF "$(CFG)" == "delv - @PLATFORM@ Release" +_VC_MANIFEST_INC=0 +_VC_MANIFEST_BASENAME=__VC80 +!ELSE +_VC_MANIFEST_INC=1 +_VC_MANIFEST_BASENAME=__VC80.Debug +!ENDIF + +#################################################### +# Specifying name of temporary resource file used only in incremental builds: + +!if "$(_VC_MANIFEST_INC)" == "1" +_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res +!else +_VC_MANIFEST_AUTO_RES= +!endif + +#################################################### +# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1 + +!endif + +#################################################### +# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2 + +!endif +#################################################### +# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily: + +!if "$(_VC_MANIFEST_INC)" == "1" + +_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \ + $(_VC_MANIFEST_BASENAME).auto.rc \ + $(_VC_MANIFEST_BASENAME).auto.manifest + +!else + +_VC_MANIFEST_CLEAN= + +!endif + +!IF "$(CFG)" == "delv - @PLATFORM@ Release" + +OUTDIR=.\Release +INTDIR=.\Release + +ALL : "..\..\..\Build\Release\delv.exe" + + +CLEAN : + -@erase "$(INTDIR)\delv.obj" + -@erase "$(INTDIR)\vc60.idb" + -@erase "..\..\..\Build\Release\delv.exe" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP=cl.exe +CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" @CRYPTO@ /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\delv.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c + +.c{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +RSC=rc.exe +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\delv.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/irs/win32/Release/libirs.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\delv.pdb" @MACHINE@ /out:"../../../Build/Release/delv.exe" +LINK32_OBJS= \ + "$(INTDIR)\delv.obj" + +"..\..\..\Build\Release\delv.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_EXE) + +!ELSEIF "$(CFG)" == "delv - @PLATFORM@ Debug" + +OUTDIR=.\Debug +INTDIR=.\Debug +# Begin Custom Macros +OutDir=.\Debug +# End Custom Macros + +ALL : "..\..\..\Build\Debug\delv.exe" "$(OUTDIR)\delv.bsc" + + +CLEAN : + -@erase "$(INTDIR)\delv.obj" + -@erase "$(INTDIR)\delv.sbr" + -@erase "$(INTDIR)\vc60.idb" + -@erase "$(INTDIR)\vc60.pdb" + -@erase "$(OUTDIR)\delv.pdb" + -@erase "$(OUTDIR)\delv.bsc" + -@erase "..\..\..\Build\Debug\delv.exe" + -@erase "..\..\..\Build\Debug\delv.ilk" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP=cl.exe +CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" @CRYPTO@ /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c + +.c{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +RSC=rc.exe +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\delv.bsc" +BSC32_SBRS= \ + "$(INTDIR)\delv.sbr" + +"$(OUTDIR)\delv.bsc" : "$(OUTDIR)" $(BSC32_SBRS) + $(BSC32) @<< + $(BSC32_FLAGS) $(BSC32_SBRS) +<< + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/irs/win32/Debug/libirs.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\delv.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/delv.exe" /pdbtype:sept +LINK32_OBJS= \ + "$(INTDIR)\delv.obj" + +"..\..\..\Build\Debug\delv.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_EXE) + +!ENDIF + + +!IF "$(NO_EXTERNAL_DEPS)" != "1" +!IF EXISTS("delv.dep") +!INCLUDE "delv.dep" +!ELSE +!MESSAGE Warning: cannot find "delv.dep" +!ENDIF +!ENDIF + + +!IF "$(CFG)" == "delv - @PLATFORM@ Release" || "$(CFG)" == "delv - @PLATFORM@ Debug" +SOURCE="..\delv.c" + +!IF "$(CFG)" == "delv - @PLATFORM@ Release" + + +"$(INTDIR)\delv.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "delv - @PLATFORM@ Debug" + + +"$(INTDIR)\delv.obj" "$(INTDIR)\delv.sbr" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +!ENDIF + +#################################################### +# Commands to generate initial empty manifest file and the RC file +# that references it, and for generating the .res file: + +$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc + +$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest + type <<$@ +#include <winuser.h> +1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest" +<< KEEP + +$(_VC_MANIFEST_BASENAME).auto.manifest : + type <<$@ +<?xml version='1.0' encoding='UTF-8' standalone='yes'?> +<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> +</assembly> +<< KEEP diff --git a/bin/delv/win32/delv.vcxproj.filters.in b/bin/delv/win32/delv.vcxproj.filters.in new file mode 100644 index 0000000..c1af2f3 --- /dev/null +++ b/bin/delv/win32/delv.vcxproj.filters.in @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <ClCompile Include="..\delv.c"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> +</Project> diff --git a/bin/delv/win32/delv.vcxproj.in b/bin/delv/win32/delv.vcxproj.in new file mode 100644 index 0000000..da98e50 --- /dev/null +++ b/bin/delv/win32/delv.vcxproj.in @@ -0,0 +1,110 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug|@PLATFORM@"> + <Configuration>Debug</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|@PLATFORM@"> + <Configuration>Release</Configuration> + <Platform>@PLATFORM@</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{BE172EFE-C1DC-4812-BFB9-8C5F8ADB7E9F}</ProjectGuid> + <Keyword>Win32Proj</Keyword> + <RootNamespace>delv</RootNamespace> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>MultiByte</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <LinkIncremental>true</LinkIncremental> + <OutDir>..\..\..\Build\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <LinkIncremental>false</LinkIncremental> + <OutDir>..\..\..\Build\$(Configuration)\</OutDir> + <IntDir>.\$(Configuration)\</IntDir> + </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> + <ClCompile> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <BrowseInformation>true</BrowseInformation> + <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile> + <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader> + </PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion> + <WholeProgramOptimization>false</WholeProgramOptimization> + <StringPooling>true</StringPooling> + <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile> + <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation> + <ObjectFileName>.\$(Configuration)\</ObjectFileName> + <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName> + <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <CompileAs>CompileAsC</CompileAs> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>false</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile> + <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration> + <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemGroup> + <ClCompile Include="..\delv.c" /> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project> diff --git a/bin/delv/win32/delv.vcxproj.user b/bin/delv/win32/delv.vcxproj.user new file mode 100644 index 0000000..695b5c7 --- /dev/null +++ b/bin/delv/win32/delv.vcxproj.user @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file |