diff options
| author |   jakob <jakob@openbsd.org> | 2010-08-22 09:21:36 +0000 |
|---|---|---|
| committer | jakob <jakob@openbsd.org> | 2010-08-22 09:21:36 +0000 |
| commit | d65f35231973c60840c8bd5c8ee72db650286b24 (patch) | |
| tree | 6ce21d3f9dc34819ae706507f78a0038caee2f16 | |
| parent | mirror new flags to vis(3): -a to encode all characters, -h to use (diff) | |
| download | wireguard-openbsd-d65f35231973c60840c8bd5c8ee72db650286b24.tar.xz wireguard-openbsd-d65f35231973c60840c8bd5c8ee72db650286b24.zip | |
NSD v3.2.6
| -rw-r--r-- | usr.sbin/nsd/acx_nlnetlabs.m4 | 53 | ||||
| -rw-r--r-- | usr.sbin/nsd/buffer.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/compat/.c-mode-rc.el | 5 | ||||
| -rw-r--r-- | usr.sbin/nsd/dbaccess.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/difffile.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/dns.h | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/makedist.sh | 211 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8 | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-notify.8 | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-patch.8 | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-patch.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-xfer.8 | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.8 | 15 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5 | 13 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.sample.in | 21 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.c | 12 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.h | 5 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.c | 25 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/rdata.c | 20 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig-openssl.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig-openssl.h | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-notify.c | 16 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-notify.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd.c | 18 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd.h | 4 |
28 files changed, 331 insertions, 132 deletions
diff --git a/usr.sbin/nsd/acx_nlnetlabs.m4 b/usr.sbin/nsd/acx_nlnetlabs.m4 index bb7ac286722..50a4c69a3d8 100644 --- a/usr.sbin/nsd/acx_nlnetlabs.m4 +++ b/usr.sbin/nsd/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 8 +# Version 10 +# 2010-07-02 Add check for ss_family (for minix). +# 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. # 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. # 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS seperate, -ldl # 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN @@ -73,6 +75,7 @@ # AHX_CONFIG_EXT_FLAGS - define the stripped extension flags # ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. # AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. +# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family # dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. @@ -102,7 +105,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_prog_cc_flag_$cache, [ echo 'void f(){}' >conftest.c -if test -z "`$CC -$1 -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS -$1 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else eval "cv_prog_cc_flag_$cache=no" @@ -146,18 +149,18 @@ AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c echo 'void f(){}' >>conftest.c -if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else [ -if test -z "`$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=yes" else eval "cv_prog_cc_flag_needed_$cache=fail" #echo 'Test with flag fails too!' #cat conftest.c -#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` #exit 1 fi ] @@ -173,8 +176,8 @@ if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then AC_MSG_RESULT(no) #echo 'Test with flag is no!' #cat conftest.c -#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` #exit 1 : $4 @@ -1269,4 +1272,38 @@ int memcmp(const void *x, const void *y, size_t n); #endif ]) +dnl ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +AC_DEFUN([ACX_CHECK_SS_FAMILY], +[AC_CHECK_MEMBER([struct sockaddr_storage.ss_family], [], [ + AC_CHECK_MEMBER([struct sockaddr_storage.__ss_family], [ + AC_DEFINE([ss_family], [__ss_family], [Fallback member name for socket family in struct sockaddr_storage]) + ],, [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + ]) +], [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +]) ]) + dnl End of file diff --git a/usr.sbin/nsd/buffer.c b/usr.sbin/nsd/buffer.c index 67b11183309..e0f9859a24e 100644 --- a/usr.sbin/nsd/buffer.c +++ b/usr.sbin/nsd/buffer.c @@ -28,7 +28,7 @@ buffer_create(region_type *region, size_t capacity) = (buffer_type *) region_alloc(region, sizeof(buffer_type)); if (!buffer) return NULL; - + buffer->_data = (uint8_t *) xalloc(capacity); buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; diff --git a/usr.sbin/nsd/compat/.c-mode-rc.el b/usr.sbin/nsd/compat/.c-mode-rc.el new file mode 100644 index 00000000000..c667228b18f --- /dev/null +++ b/usr.sbin/nsd/compat/.c-mode-rc.el @@ -0,0 +1,5 @@ +;;; Override Emacs c-mode settings to use NSD conventions. + +(c-set-style "bsd") +(set-variable 'c-basic-offset 8) +(set-variable 'indent-tabs-mode t) diff --git a/usr.sbin/nsd/dbaccess.c b/usr.sbin/nsd/dbaccess.c index fccee760988..09281aeabb4 100644 --- a/usr.sbin/nsd/dbaccess.c +++ b/usr.sbin/nsd/dbaccess.c @@ -217,7 +217,6 @@ read_rrset(namedb_type *db, rrset->zone->ns_rrset = rrset; } -#ifdef DNSSEC if (rrset_rrtype(rrset) == TYPE_RRSIG && owner == rrset->zone->apex) { for (i = 0; i < rrset->rr_count; ++i) { if (rr_rrsig_type_covered(&rrset->rrs[i]) == TYPE_SOA) { @@ -226,7 +225,6 @@ read_rrset(namedb_type *db, } } } -#endif return rrset; } diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c index ccc993a5276..76203718fb5 100644 --- a/usr.sbin/nsd/difffile.c +++ b/usr.sbin/nsd/difffile.c @@ -294,7 +294,6 @@ rrset_delete(namedb_type* db, domain_type* domain, rrset_type* rrset) if(rrset->zone->ns_rrset == rrset) { rrset->zone->ns_rrset = 0; } -#ifdef DNSSEC if(domain == rrset->zone->apex && rrset_rrtype(rrset) == TYPE_RRSIG) { for (i = 0; i < rrset->rr_count; ++i) { if (rr_rrsig_type_covered(&rrset->rrs[i]) == TYPE_SOA) { @@ -303,7 +302,6 @@ rrset_delete(namedb_type* db, domain_type* domain, rrset_type* rrset) } } } -#endif /* recycle the memory space of the rrset */ for (i = 0; i < rrset->rr_count; ++i) add_rdata_to_recyclebin(db, &rrset->rrs[i]); @@ -543,7 +541,6 @@ add_RR(namedb_type* db, const dname_type* dname, if(type == TYPE_NS) { zone->ns_rrset = rrset; } -#ifdef DNSSEC if(type == TYPE_RRSIG) { int i; for (i = 0; i < rrset->rr_count; ++i) { @@ -553,7 +550,6 @@ add_RR(namedb_type* db, const dname_type* dname, } } } -#endif } return 1; } diff --git a/usr.sbin/nsd/dns.h b/usr.sbin/nsd/dns.h index 650d6fa8883..31c699686cd 100644 --- a/usr.sbin/nsd/dns.h +++ b/usr.sbin/nsd/dns.h @@ -146,7 +146,7 @@ typedef enum nsd_rc nsd_rc_type; #define MAXLABELLEN 63 #define MAXDOMAINLEN 255 -#define MAXRDATALEN 64 /* This is more than enough, think multiple TXT. */ +#define MAXRDATALEN 64 /* This is more than enough, think multiple TXT. */ #define MAX_RDLENGTH 65535 /* Maximum size of a single RR. */ @@ -215,8 +215,8 @@ struct rrtype_descriptor uint16_t type; /* RR type */ const char *name; /* Textual name. */ int token; /* Parser token. */ - uint8_t minimum; /* Minimum number of RDATAs. */ - uint8_t maximum; /* Maximum number of RDATAs. */ + uint32_t minimum; /* Minimum number of RDATAs. */ + uint32_t maximum; /* Maximum number of RDATAs. */ uint8_t wireformat[MAXRDATALEN]; /* rdata_wireformat_type */ uint8_t zoneformat[MAXRDATALEN]; /* rdata_zoneformat_type */ }; diff --git a/usr.sbin/nsd/makedist.sh b/usr.sbin/nsd/makedist.sh new file mode 100644 index 00000000000..1771f22bd05 --- /dev/null +++ b/usr.sbin/nsd/makedist.sh @@ -0,0 +1,211 @@ +#!/bin/sh + +# Build a NSD distribution tar from the SVN repository. + +# Abort script on unexpected errors. +set -e + +# Remember the current working directory. +cwd=`pwd` + +# Utility functions. +usage () { + cat >&2 <<EOF +Usage $0: [-h] [-s] [-d SVN_root] +Generate a distribution tar file for NSD. + + -h This usage information. + -s Build a snapshot distribution file. The current date is + automatically appended to the current NSD version number. + -rc <nr> Build a release candidate, the given string will be added + to the version number (nsd-<version>rc<number>). + -d SVN_root Retrieve the NSD source from the specified repository. +EOF + exit 1 +} + +info () { + echo "$0: info: $1" +} + +error () { + echo "$0: error: $1" >&2 + exit 1 +} + +question () { + printf "%s (y/n) " "$*" + read answer + case "$answer" in + [Yy]|[Yy][Ee][Ss]) + return 0 + ;; + *) + return 1 + ;; + esac +} + +# Only use cleanup and error_cleanup after generating the temporary +# working directory. +cleanup () { + info "Deleting temporary working directory." + cd $cwd && rm -rf $temp_dir +} + +error_cleanup () { + echo "$0: error: $1" >&2 + cleanup + exit 1 +} + +replace_text () { + (cp "$1" "$1".orig && \ + sed -e "s/$2/$3/g" < "$1".orig > "$1" && \ + rm "$1".orig) || error_cleanup "Replacement for $1 failed." +} + +replace_all () { + info "Updating '$1' with the version number." + replace_text "$1" "@version@" "$version" + info "Updating '$1' with today's date." + replace_text "$1" "@date@" "`date +'%b %e, %Y'`" +} + + +SNAPSHOT="no" +RC="no" + +# Parse the command line arguments. +while [ "$1" ]; do + case "$1" in + "-h") + usage + ;; + "-d") + SVNROOT="$2" + shift + ;; + "-rc") + RC="$2" + shift + ;; + "-s") + SNAPSHOT="yes" + ;; + *) + error "Unrecognized argument -- $1" + ;; + esac + shift +done + +# Check if SVNROOT is specified. +if [ -z "$SVNROOT" ]; then + error "SVNROOT must be specified (using -d)" +fi + +# Start the packaging process. +info "SVNROOT is $SVNROOT" +info "SNAPSHOT is $SNAPSHOT" +info "RELEASE CANDIDATE is $RC" + +#question "Do you wish to continue with these settings?" || error "User abort." + + +# Creating temp directory +info "Creating temporary working directory" +temp_dir=`mktemp -d nsd-dist-XXXXXX` +info "Directory '$temp_dir' created." +cd $temp_dir + +info "Exporting source from SVN." +svn export "$SVNROOT" nsd || error_cleanup "SVN command failed" + +cd nsd || error_cleanup "NSD not exported correctly from SVN" + +info "Building configure script (autoconf)." +autoconf || error_cleanup "Autoconf failed." + +info "Building config.h.in (autoheader)." +autoheader || error_cleanup "Autoheader failed." + +rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." + +info "Building lexer and parser." +echo "#include <config.h>" > zlexer.c || error_cleanup "Failed to create lexer." +flex -i -t zlexer.lex >> zlexer.c || error_cleanup "Failed to create lexer." +bison -y -d -o zparser.c zparser.y || error_cleanup "Failed to create parser." +echo "#include \"configyyrename.h\"" > configlexer.c || error_cleanup "Failed to create configlexer" +flex -i -t configlexer.lex >> configlexer.c || error_cleanup "Failed to create configlexer" +bison -y -d -o configparser.c configparser.y || error_cleanup "Failed to create configparser" + +find . -name .c-mode-rc.el -exec rm {} \; +find . -name .cvsignore -exec rm {} \; +rm makedist.sh || error_cleanup "Failed to remove makedist.sh." + +info "Determining NSD version." +version=`./configure --version | head -1 | awk '{ print $3 }'` || \ + error_cleanup "Cannot determine version number." + +info "NSD version: $version" + +if [ "$RC" != "no" ]; then + info "Building NSD release candidate." + version="${version}rc$RC" + info "Release candidate version number: $version" +fi + +if [ "$SNAPSHOT" = "yes" ]; then + info "Building NSD snapshot." + version="$version-`date +%Y%m%d`" + info "Snapshot version number: $version" +fi + + + +replace_all doc/README +replace_all nsd.8 +replace_all nsdc.8 +replace_all nsd-notify.8 +replace_all nsd-checkconf.8 +replace_all nsd-patch.8 +replace_all nsd-xfer.8 +replace_all zonec.8 +replace_all nsd.conf.5 + +info "Renaming NSD directory to nsd-$version." +cd .. +mv nsd nsd-$version || error_cleanup "Failed to rename NSD directory." + +tarfile="../nsd-$version.tar.gz" + +if [ -f $tarfile ]; then + (question "The file $tarfile already exists. Overwrite?" \ + && rm -f $tarfile) || error_cleanup "User abort." +fi + +info "Deleting the tpkg directory" +rm -rf nsd-$version/tpkg/ + +info "Creating tar nsd-$version.tar.gz" +tar czf ../nsd-$version.tar.gz nsd-$version || error_cleanup "Failed to create tar file." + +cleanup + +case $OSTYPE in + linux*) + sha=`sha1sum nsd-$version.tar.gz | awk '{ print $1 }'` + ;; + FreeBSD*) + sha=`sha1 nsd-$version.tar.gz | awk '{ print $5 }'` + ;; + *) + sha=`sha1sum nsd-$version.tar.gz | awk '{ print $1 }'` + ;; +esac +echo $sha > nsd-$version.tar.gz.sha1 + +info "NSD distribution created successfully." +info "SHA1sum: $sha" + diff --git a/usr.sbin/nsd/nsd-checkconf.8 b/usr.sbin/nsd/nsd-checkconf.8 index 40847c911b2..182c1a275c7 100644 --- a/usr.sbin/nsd/nsd-checkconf.8 +++ b/usr.sbin/nsd/nsd-checkconf.8 @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" +.TH "nsd\-checkconf" "8" "@date@" "NLnet Labs" "nsd @version@" ."\ Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. ."\ See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-notify.8 b/usr.sbin/nsd/nsd-notify.8 index dc205e0f468..dcd1c5d5581 100644 --- a/usr.sbin/nsd/nsd-notify.8 +++ b/usr.sbin/nsd/nsd-notify.8 @@ -1,4 +1,4 @@ -.TH "nsd\-notify" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" +.TH "nsd\-notify" "8" "@date@" "NLnet Labs" "nsd @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-patch.8 b/usr.sbin/nsd/nsd-patch.8 index 5d2f425ebdb..77d3c908410 100644 --- a/usr.sbin/nsd/nsd-patch.8 +++ b/usr.sbin/nsd/nsd-patch.8 @@ -1,10 +1,10 @@ -.TH "nsd\-patch" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" +.TH "nsd\-patch" "8" "@date@" "NLnet Labs" "nsd @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .LP .B nsd\-patch -\- NSD zone patcher version 3.2.5. +\- NSD zone patcher version @version@. .SH "SYNOPSIS" .B nsd\-patch .RB [ \-c diff --git a/usr.sbin/nsd/nsd-patch.c b/usr.sbin/nsd/nsd-patch.c index 46d4afeebc6..d13c06b48f0 100644 --- a/usr.sbin/nsd/nsd-patch.c +++ b/usr.sbin/nsd/nsd-patch.c @@ -57,7 +57,7 @@ list_xfr(FILE *in) return; } skiplen = len - (sizeof(uint32_t)*3 + sizeof(uint16_t) + strlen(zone_name)); - fprintf(stdout, "zone %s transfer id %x serial %d timestamp %u.%u: " + fprintf(stdout, "zone %s transfer id %x serial %u timestamp %u.%u: " "seq_nr %d of %d bytes\n", zone_name, id, new_serial, timestamp[0], timestamp[1], seq_nr, skiplen); diff --git a/usr.sbin/nsd/nsd-xfer.8 b/usr.sbin/nsd/nsd-xfer.8 index a252c0c8aae..0a8f62f6cf5 100644 --- a/usr.sbin/nsd/nsd-xfer.8 +++ b/usr.sbin/nsd/nsd-xfer.8 @@ -1,4 +1,4 @@ -.TH "nsd\-xfer" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" +.TH "nsd\-xfer" "8" "@date@" "NLnet Labs" "nsd @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd.8 b/usr.sbin/nsd/nsd.8 index d924c2f56a1..b24d78b2ba8 100644 --- a/usr.sbin/nsd/nsd.8 +++ b/usr.sbin/nsd/nsd.8 @@ -1,17 +1,17 @@ -.TH "NSD" "8" "Apr 14, 2010" "NLnet Labs" "NSD 3.2.5" +.TH "NSD" "8" "@date@" "NLnet Labs" "NSD @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .LP .B nsd -\- Name Server Daemon (NSD) version 3.2.5. +\- Name Server Daemon (NSD) version @version@. .SH "SYNOPSIS" .LP .B nsd .RB [ \-4 ] .RB [ \-6 ] .RB [ \-a -.IR ip\-address ] +.IR ip\-address[@port] ] .RB [ \-c .IR configfile ] .RB [ \-d ] @@ -60,7 +60,7 @@ must be generated beforehand with zonec(8). By default, .B NSD will bind to all local interfaces available. Use the .B \-a -.I ip\-address +.I ip\-address[@port] option to specify a single particular interface address to be bound. If this option is given more than once, .B NSD @@ -93,16 +93,17 @@ Only listen to IPv4 connections. .B \-6 Only listen to IPv6 connections. .TP -.B \-a\fI ip\-address +.B \-a\fI ip\-address[@port] Listen to the specified .IR ip\-address . The .I ip\-address must be specified in numeric format (using the standard IPv4 or IPv6 -notation). This flag can be specified multiple times to listen to +notation). Optionally, a port number can be given. +This flag can be specified multiple times to listen to multiple IP addresses. If this flag is not specified, .B NSD -listens to all IP addresses. +listens to the wildcard interface. .TP .B \-c\fI configfile Read specified diff --git a/usr.sbin/nsd/nsd.conf.5 b/usr.sbin/nsd/nsd.conf.5 index b937e1377b3..3a95fd7b667 100644 --- a/usr.sbin/nsd/nsd.conf.5 +++ b/usr.sbin/nsd/nsd.conf.5 @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5" +.TH "nsd.conf" "5" "@date@" "NLnet Labs" "nsd @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" @@ -101,10 +101,10 @@ clause. There may only be one .B server: clause. .TP -.B ip\-address:\fR <ip4 or ip6> +.B ip\-address:\fR <ip4 or ip6>[@port] NSD will bind to the listed ip\-address. Can be give multiple times -to bind multiple ip\-addresses. If none are given NSD listens to all -IP addresses. Same as commandline option +to bind multiple ip\-addresses. Optionally, a port number can be given. +If none are given NSD listens to the wildcard interface. Same as commandline option .BR \-a. .TP .B debug\-mode:\fR <yes or no> @@ -142,7 +142,7 @@ with an NSID EDNS enabled packet. Same as commandline option .TP .B logfile:\fR <filename> Log messages to the logfile. The default is to log to stderr and -syslog. Same as commandline option +syslog (with facility LOG_DAEMON). Same as commandline option .BR \-l . .TP .B server\-count:\fR <number> @@ -238,7 +238,8 @@ queries. For every zone the options need to be specified in one .B zone: clause. The access control list elements can be given multiple -times to add multiple servers. +times to add multiple servers. These elements need to be added +explicitly. .TP .B name:\fR <string> The name of the zone. This is the domain name of the apex of the diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in index dc2b3b989ed..cc29880b066 100644 --- a/usr.sbin/nsd/nsd.conf.sample.in +++ b/usr.sbin/nsd/nsd.conf.sample.in @@ -11,8 +11,9 @@ # options for the nsd server server: - # uncomment to specify specific interfaces to bind (default all). + # uncomment to specify specific interfaces to bind (default wildcard interface). # ip-address: 1.2.3.4 + # ip-address: 1.2.3.4@5678 # ip-address: 12fe::8ef0 # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries @@ -36,7 +37,7 @@ server: # NSID identity (hex string). default disabled. # nsid: "aabbccdd" - # log messages to file. Default to stderr and syslog. + # log messages to file. Default to stderr and syslog (with facility LOG_DAEMON). # logfile: "/var/log/nsd.log" # Number of NSD servers to fork. @@ -107,14 +108,13 @@ zone: zonefile: "example.com.zone" # This is a slave zone. Masters are listed below. + # If no access control elements are provided, this zone + # will not be served to/from other servers. # master 1 allow-notify: 168.192.44.42 mskey request-xfr: 168.192.44.42 mskey - # set local interface for sending zone transfer requests. - outgoing-interface: 10.0.0.10 - # master 2 allow-notify: 10.0.0.11 NOKEY request-xfr: 10.0.0.11 NOKEY @@ -139,20 +139,22 @@ zone: # provide-xfr: 0.0.0.0/0 NOKEY # provide-xfr: ::0/0 NOKEY + # set local interface for sending zone transfer requests. + outgoing-interface: 10.0.0.10 + # Sample zone 2 zone: name: "example.net" zonefile: "example.net.signed.zone" # This is a master zone. Slaves are listed below. + # If no access control elements are provided, this zone + # will not be served to/from other servers. # secondary 1. Uses port 5300. notify: 10.0.0.14@5300 sec1_key provide-xfr: 10.0.0.14@5300 sec1_key - # set local interface for sending notifies - outgoing-interface: 10.0.0.15 - # secondary 2. notify: 10.11.12.14 sec2_key provide-xfr: 10.11.12.14 sec2_key @@ -165,6 +167,9 @@ zone: # set the number of retries for notify. notify-retry: 5 + # set local interface for sending notifies + outgoing-interface: 10.0.0.15 + # keys for zone 2 key: name: "sec1_key" diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h index b9678e2e8de..6432b568d90 100644 --- a/usr.sbin/nsd/nsd.h +++ b/usr.sbin/nsd/nsd.h @@ -10,9 +10,6 @@ #ifndef _NSD_H_ #define _NSD_H_ -/* disable NSID no matter what, there is no typecode yet */ -#undef NSID - #include <signal.h> #include "dns.h" diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c index 2e2720fe205..84406ef96d9 100644 --- a/usr.sbin/nsd/options.c +++ b/usr.sbin/nsd/options.c @@ -239,9 +239,7 @@ key_options_t* key_options_create(region_type* region) key->next = 0; key->algorithm = 0; key->secret = 0; -#ifdef TSIG key->tsig_key = 0; -#endif return key; } @@ -412,7 +410,6 @@ int acl_key_matches(acl_options_t* acl, struct query* q) { if(acl->blocked) return 1; -#ifdef TSIG if(acl->nokey) { if(q->tsig.status == TSIG_NOT_PRESENT) return 1; @@ -442,11 +439,6 @@ int acl_key_matches(acl_options_t* acl, struct query* q) return 0; /* no such algo */ } return 1; -#else - if(acl->nokey) - return 1; - return 0; -#endif } int @@ -484,9 +476,9 @@ acl_same_host(acl_options_t* a, acl_options_t* b) return 1; } +#if defined(HAVE_SSL) void key_options_tsig_add(nsd_options_t* opt) { -#if defined(TSIG) && defined(HAVE_SSL) key_options_t* optkey; uint8_t data[4000]; tsig_key_type* tsigkey; @@ -512,8 +504,8 @@ void key_options_tsig_add(nsd_options_t* opt) tsig_add_key(tsigkey); optkey->tsig_key = tsigkey; } -#endif } +#endif int zone_is_slave(zone_options_t* opt) { diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h index ce04e0779b3..9a86830828b 100644 --- a/usr.sbin/nsd/options.h +++ b/usr.sbin/nsd/options.h @@ -138,9 +138,7 @@ struct key_options { const char* name; const char* algorithm; const char* secret; -#ifdef TSIG struct tsig_key* tsig_key; -#endif }; /* @@ -178,8 +176,11 @@ zone_options_t* zone_options_create(region_type* region); zone_options_t* zone_options_find(nsd_options_t* opt, const struct dname* apex); key_options_t* key_options_create(region_type* region); key_options_t* key_options_find(nsd_options_t* opt, const char* name); + +#if defined(HAVE_SSL) /* tsig must be inited, adds all keys in options to tsig. */ void key_options_tsig_add(nsd_options_t* opt); +#endif /* check acl list, acl number that matches if passed(0..), * or failure (-1) if dropped */ diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index 758d6e0877e..9606ac13af9 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -176,12 +176,10 @@ query_create(region_type *region, uint16_t *compressed_dname_offsets, query->packet = buffer_create(region, QIOBUFSZ); region_add_cleanup(region, query_cleanup, query); query->compressed_dname_offsets_size = compressed_dname_size; -#ifdef TSIG tsig_create_record(&query->tsig, region); query->tsig_prepare_it = 1; query->tsig_update_it = 1; query->tsig_sign_it = 1; -#endif /* TSIG */ return query; } @@ -205,12 +203,10 @@ query_reset(query_type *q, size_t maxlen, int is_tcp) q->reserved_space = 0; buffer_clear(q->packet); edns_init_record(&q->edns); -#ifdef TSIG tsig_init_record(&q->tsig, NULL, NULL); q->tsig_prepare_it = 1; q->tsig_update_it = 1; q->tsig_sign_it = 1; -#endif /* TSIG */ q->tcp = is_tcp; q->qname = NULL; q->qtype = 0; @@ -355,7 +351,6 @@ process_edns(nsd_type* nsd, struct query *q) * Processes TSIG. * Sets error when tsig does not verify on the query. */ -#ifdef TSIG static nsd_rc_type process_tsig(struct query* q) { @@ -380,7 +375,6 @@ process_tsig(struct query* q) } return NSD_RC_OK; } -#endif /* TSIG */ /* * Check notify acl and forward to xfrd (or return an error). @@ -403,7 +397,6 @@ answer_notify(struct nsd* nsd, struct query *query) if(!nsd->this_child) /* we are in debug mode or something */ return query_error(query, NSD_RC_SERVFAIL); -#ifdef TSIG if(!tsig_find_rr(&query->tsig, query->packet)) { DEBUG(DEBUG_XFRD,2, (LOG_ERR, "bad tsig RR format")); return query_error(query, NSD_RC_FORMAT); @@ -411,7 +404,6 @@ answer_notify(struct nsd* nsd, struct query *query) rc = process_tsig(query); if(rc != NSD_RC_OK) return query_error(query, rc); -#endif /* TSIG */ /* check if it passes acl */ if((acl_num = acl_check_incoming(zone_opt->allow_notify, query, @@ -1220,9 +1212,7 @@ query_prepare_response(query_type *q) * Reserve space for the EDNS records if required. */ q->reserved_space = edns_reserved_space(&q->edns); -#ifdef TSIG q->reserved_space += tsig_reserved_space(&q->tsig); -#endif /* TSIG */ /* Update the flags. */ flags = FLAGS(q->packet); @@ -1292,7 +1282,6 @@ query_process(query_type *q, nsd_type *nsd) } arcount = ARCOUNT(q->packet); -#ifdef TSIG if (arcount > 0) { /* see if tsig is before edns record */ if (!tsig_parse_rr(&q->tsig, q->packet)) @@ -1300,12 +1289,10 @@ query_process(query_type *q, nsd_type *nsd) if(q->tsig.status != TSIG_NOT_PRESENT) --arcount; } -#endif /* TSIG */ if (arcount > 0) { if (edns_parse_record(&q->edns, q->packet)) --arcount; } -#ifdef TSIG if (arcount > 0 && q->tsig.status == TSIG_NOT_PRESENT) { /* see if tsig is after the edns record */ if (!tsig_parse_rr(&q->tsig, q->packet)) @@ -1313,7 +1300,6 @@ query_process(query_type *q, nsd_type *nsd) if(q->tsig.status != TSIG_NOT_PRESENT) --arcount; } -#endif /* TSIG */ if (arcount > 0) { return query_formerr(q); } @@ -1328,12 +1314,10 @@ query_process(query_type *q, nsd_type *nsd) /* Remove trailing garbage. */ buffer_set_limit(q->packet, buffer_position(q->packet)); -#ifdef TSIG rc = process_tsig(q); if (rc != NSD_RC_OK) { return query_error(q, rc); } -#endif /* TSIG */ rc = process_edns(nsd, q); if (rc != NSD_RC_OK) { /* We should not return FORMERR, but BADVERS (=16). @@ -1377,8 +1361,6 @@ query_add_optional(query_type *q, nsd_type *nsd) break; case EDNS_OK: buffer_write(q->packet, edns->ok, OPT_LEN); - /* check if nsid data should be written */ -#ifdef NSID if (nsd->nsid_len > 0 && q->edns.nsid == 1 && !query_overflow_nsid(q, nsd->nsid_len)) { /* rdata length */ @@ -1391,12 +1373,7 @@ query_add_optional(query_type *q, nsd_type *nsd) /* fill with NULLs */ buffer_write(q->packet, edns->rdata_none, OPT_RDATA); } -#else - buffer_write(q->packet, edns->rdata_none, OPT_RDATA); -#endif /* NSID */ - ARCOUNT_SET(q->packet, ARCOUNT(q->packet) + 1); - STATUP(nsd, edns); break; case EDNS_ERROR: @@ -1407,7 +1384,6 @@ query_add_optional(query_type *q, nsd_type *nsd) break; } -#ifdef TSIG if (q->tsig.status != TSIG_NOT_PRESENT) { if (q->tsig.status == TSIG_ERROR || q->tsig.error_code != TSIG_ERROR_NOERROR) { @@ -1428,5 +1404,4 @@ query_add_optional(query_type *q, nsd_type *nsd) } } } -#endif /* TSIG */ } diff --git a/usr.sbin/nsd/query.h b/usr.sbin/nsd/query.h index 89ea960570e..6b480604686 100644 --- a/usr.sbin/nsd/query.h +++ b/usr.sbin/nsd/query.h @@ -56,12 +56,10 @@ struct query { /* EDNS information provided by the client. */ edns_record_type edns; -#ifdef TSIG /* TSIG record information and running hash for query-response */ tsig_record_type tsig; /* tsig actions can be overridden, for axfr transfer. */ int tsig_prepare_it, tsig_update_it, tsig_sign_it; -#endif /* TSIG */ int tcp; uint16_t tcplen; diff --git a/usr.sbin/nsd/rdata.c b/usr.sbin/nsd/rdata.c index 26f4b703b8c..792cfed2e35 100644 --- a/usr.sbin/nsd/rdata.c +++ b/usr.sbin/nsd/rdata.c @@ -87,11 +87,17 @@ rdata_dns_name_to_string(buffer_type *output, rdata_atom_type rdata, buffer_printf(output, "."); for (i = 1; i <= length; ++i) { - char ch = (char) data[i+offset]; - if (isprint((int)ch)) - buffer_printf(output, "%c", ch); - else - buffer_printf(output, "\\%03u", (unsigned) ch); + uint8_t ch = data[i+offset]; + + if (ch=='.' || ch==';' || ch=='(' || ch==')' || ch=='\\') { + buffer_printf(output, "\\%c", (char) ch); + } else if (!isgraph((int) ch)) { + buffer_printf(output, "\\%03u", (unsigned int) ch); + } else if (isprint((int) ch)) { + buffer_printf(output, "%c", (char) ch); + } else { + buffer_printf(output, "\\%03u", (unsigned int) ch); + } } /* next label */ offset = offset+length+1; @@ -549,7 +555,7 @@ rdata_wireformat_to_rdata_atoms(region_type *region, rdata_atom_type **rdatas) { size_t end = buffer_position(packet) + data_size; - ssize_t i; + size_t i; rdata_atom_type temp_rdatas[MAXRDATALEN]; rrtype_descriptor_type *descriptor = rrtype_descriptor_by_type(rrtype); region_type *temp_region; @@ -687,7 +693,7 @@ rdata_wireformat_to_rdata_atoms(region_type *region, *rdatas = (rdata_atom_type *) region_alloc_init( region, temp_rdatas, i * sizeof(rdata_atom_type)); region_destroy(temp_region); - return i; + return (ssize_t)i; } size_t diff --git a/usr.sbin/nsd/tsig-openssl.c b/usr.sbin/nsd/tsig-openssl.c index 5773fd2a674..c7a1fa33791 100644 --- a/usr.sbin/nsd/tsig-openssl.c +++ b/usr.sbin/nsd/tsig-openssl.c @@ -9,7 +9,7 @@ #include <config.h> -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) #include "tsig-openssl.h" #include "tsig.h" @@ -124,4 +124,4 @@ tsig_openssl_finalize() EVP_cleanup(); } -#endif /* defined(TSIG) && defined(HAVE_SSL) */ +#endif /* defined(HAVE_SSL) */ diff --git a/usr.sbin/nsd/tsig-openssl.h b/usr.sbin/nsd/tsig-openssl.h index 30345b6596f..859c280c4c0 100644 --- a/usr.sbin/nsd/tsig-openssl.h +++ b/usr.sbin/nsd/tsig-openssl.h @@ -10,7 +10,7 @@ #ifndef _TSIG_OPENSSL_H_ #define _TSIG_OPENSSL_H_ -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) #include "region-allocator.h" @@ -24,6 +24,6 @@ int tsig_openssl_init(region_type *region); void tsig_openssl_finalize(); -#endif /* defined(TSIG) && defined(HAVE_SSL) */ +#endif /* defined(HAVE_SSL) */ #endif /* _TSIG_H_ */ diff --git a/usr.sbin/nsd/tsig.c b/usr.sbin/nsd/tsig.c index 8b4f3249470..886d5e1f27b 100644 --- a/usr.sbin/nsd/tsig.c +++ b/usr.sbin/nsd/tsig.c @@ -103,7 +103,7 @@ tsig_init(region_type *region) tsig_key_table = NULL; tsig_algorithm_table = NULL; -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) return tsig_openssl_init(region); #endif return 1; @@ -668,7 +668,7 @@ tsig_error_reply(tsig_record_type *tsig) void tsig_finalize() { -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) tsig_openssl_finalize(); #endif } diff --git a/usr.sbin/nsd/xfrd-notify.c b/usr.sbin/nsd/xfrd-notify.c index 1ef2259cfeb..26606fb8885 100644 --- a/usr.sbin/nsd/xfrd-notify.c +++ b/usr.sbin/nsd/xfrd-notify.c @@ -95,17 +95,13 @@ init_notify_send(rbtree_t* tree, netio_type* netio, region_type* region, not->notify_send_handler.fd = -1; not->notify_send_handler.timeout = 0; not->notify_send_handler.user_data = not; - not->notify_send_handler.event_types = + not->notify_send_handler.event_types = NETIO_EVENT_READ|NETIO_EVENT_TIMEOUT; not->notify_send_handler.event_handler = xfrd_handle_notify_send; - netio_add_handler(netio, ¬->notify_send_handler); - -#ifdef TSIG - tsig_create_record_custom(¬->notify_tsig, region, 0, 0, 4); -#endif /* TSIG */ - not->notify_current = 0; - - rbtree_insert(tree, (rbnode_t*)not); + netio_add_handler(netio, ¬->notify_send_handler); + tsig_create_record_custom(¬->notify_tsig, region, 0, 0, 4); + not->notify_current = 0; + rbtree_insert(tree, (rbnode_t*)not); } static int @@ -170,11 +166,9 @@ xfrd_notify_send_udp(struct notify_zone_t* zone, buffer_type* packet) ANCOUNT_SET(packet, 1); xfrd_write_soa_buffer(packet, zone->apex, zone->current_soa); } -#ifdef TSIG if(zone->notify_current->key_options) { xfrd_tsig_sign_request(packet, &zone->notify_tsig, zone->notify_current); } -#endif /* TSIG */ buffer_flip(packet); zone->notify_send_handler.fd = xfrd_send_udp(zone->notify_current, packet, zone->options->outgoing_interface); diff --git a/usr.sbin/nsd/xfrd-notify.h b/usr.sbin/nsd/xfrd-notify.h index b9363ae20fa..cb034698e04 100644 --- a/usr.sbin/nsd/xfrd-notify.h +++ b/usr.sbin/nsd/xfrd-notify.h @@ -32,9 +32,7 @@ struct notify_zone_t { const dname_type* apex; const char* apex_str; -#ifdef TSIG tsig_record_type notify_tsig; /* tsig state for notify */ -#endif struct zone_options* options; struct xfrd_soa *current_soa; /* current SOA in NSD */ diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c index f4ed69282ca..3fea8541628 100644 --- a/usr.sbin/nsd/xfrd.c +++ b/usr.sbin/nsd/xfrd.c @@ -281,9 +281,7 @@ xfrd_init_zones() xzone->tcp_waiting = 0; xzone->udp_waiting = 0; -#ifdef TSIG tsig_create_record_custom(&xzone->tsig, xfrd->region, 0, 0, 4); -#endif /* TSIG */ if(dbzone && dbzone->soa_rrset && dbzone->soa_rrset->rrs) { xzone->soa_nsd_acquired = xfrd_time(); @@ -890,7 +888,9 @@ int xfrd_bind_local_interface(int sockd, acl_options_t* ifc, acl_options_t* acl, int tcp) { +#ifdef SO_LINGER struct linger linger = {1, 0}; +#endif socklen_t frm_len; #ifdef INET6 struct sockaddr_storage frm; @@ -960,7 +960,6 @@ xfrd_bind_local_interface(int sockd, acl_options_t* ifc, acl_options_t* acl, return 0; } -#ifdef TSIG void xfrd_tsig_sign_request(buffer_type* packet, tsig_record_type* tsig, acl_options_t* acl) @@ -985,7 +984,6 @@ xfrd_tsig_sign_request(buffer_type* packet, tsig_record_type* tsig, /* prepare for validating tsigs */ tsig_prepare(tsig); } -#endif static int xfrd_send_ixfr_request_udp(xfrd_zone_t* zone) @@ -1009,11 +1007,9 @@ xfrd_send_ixfr_request_udp(xfrd_zone_t* zone) NSCOUNT_SET(xfrd->packet, 1); xfrd_write_soa_buffer(xfrd->packet, zone->apex, &zone->soa_disk); /* if we have tsig keys, sign the ixfr query */ -#ifdef TSIG if(zone->master->key_options && zone->master->key_options->tsig_key) { xfrd_tsig_sign_request(xfrd->packet, &zone->tsig, zone->master); } -#endif /* TSIG */ buffer_flip(xfrd->packet); xfrd_set_timer(zone, xfrd_time() + XFRD_UDP_TIMEOUT); @@ -1117,7 +1113,6 @@ xfrd_xfr_check_rrs(xfrd_zone_t* zone, buffer_type* packet, size_t count, return 1; } -#ifdef TSIG static int xfrd_xfr_process_tsig(xfrd_zone_t* zone, buffer_type* packet) { @@ -1166,7 +1161,6 @@ xfrd_xfr_process_tsig(xfrd_zone_t* zone, buffer_type* packet) } return 1; } -#endif /* parse the received packet. returns xfrd packet result code. */ static enum xfrd_packet_result @@ -1207,16 +1201,14 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, } return xfrd_packet_bad; } -#ifdef TSIG /* check TSIG */ if(zone->master->key_options) { if(!xfrd_xfr_process_tsig(zone, packet)) { DEBUG(DEBUG_XFRD,1, (LOG_ERR, "dropping xfr reply due " - "to bad TSIG")); + "to bad TSIG")); return xfrd_packet_bad; } } -#endif buffer_skip(packet, QHEADERSZ); /* skip question section */ @@ -1331,7 +1323,6 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, } if(done == 0) return xfrd_packet_more; -#ifdef TSIG if(zone->master->key_options) { if(zone->tsig.updates_since_last_prepare != 0) { log_msg(LOG_INFO, "xfrd: last packet of reply has no " @@ -1339,7 +1330,6 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, return xfrd_packet_bad; } } -#endif /* TSIG */ return xfrd_packet_transfer; } @@ -1419,12 +1409,10 @@ xfrd_handle_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet) "time %u from %s in %u parts", zone->apex_str, (int)zone->msg_new_serial, (int)xfrd_time(), zone->master->ip_address_spec, zone->msg_seq_nr); -#ifdef TSIG if(zone->master->key_options) { buffer_printf(packet, " TSIG verified with key %s", zone->master->key_options->name); } -#endif /* TSIG */ buffer_flip(packet); diff_write_commit(zone->apex_str, zone->msg_old_serial, zone->msg_new_serial, zone->query_id, zone->msg_seq_nr, 1, diff --git a/usr.sbin/nsd/xfrd.h b/usr.sbin/nsd/xfrd.h index 9b34322b67b..60338a8e0d6 100644 --- a/usr.sbin/nsd/xfrd.h +++ b/usr.sbin/nsd/xfrd.h @@ -173,9 +173,7 @@ struct xfrd_zone { uint32_t msg_old_serial, msg_new_serial; /* host byte order */ size_t msg_rr_count; uint8_t msg_is_ixfr; /* 1:IXFR detected. 2:middle IXFR SOA seen. */ -#ifdef TSIG tsig_record_type tsig; /* tsig state for IXFR/AXFR */ -#endif }; enum xfrd_packet_result { @@ -255,10 +253,8 @@ struct buffer* xfrd_get_temp_buffer(); /* * TSIG sign outgoing request. Call if acl has a key. */ -#ifdef TSIG void xfrd_tsig_sign_request(buffer_type* packet, struct tsig_record* tsig, acl_options_t* acl); -#endif /* handle incoming soa information (NSD is running it, time acquired=guess). Pass soa=NULL,acquired=now if NSD has nothing loaded for the zone |