Commit b66b333f authored by Evan Hunt's avatar Evan Hunt

[master] dnstap

4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
parent a2390443
4235. [func] Added support in named for "dnstap", a fast method of
capturing and logging DNS traffic, and a new command
"dnstap-read" to read a dnstap log file. Use
"configure --enable-dnstap" to enable this
feature (note that this requires libprotobuf-c
and libfstrm). See the ARM for configuration details.
Thanks to Robert Edmonds of Farsight Security.
[RT #40211]
4234. [func] Add deflate compression in statistics channel HTTP
server. [RT #40861]
......
......@@ -551,3 +551,51 @@ INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------------------
Copyright (c) 2013-2014, Farsight Security, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-----------------------------------------------------------------------------
Copyright (c) 2014 by Farsight Security, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
......@@ -56,6 +56,11 @@ BIND 9.11.0
BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
releases. New features include:
- Added support for "dnstap", a fast and flexible method of
capturing and logging DNS traffic.
- Added support for "dyndb", a new API for loading zone data
from an external database, developed by Red Hat for the FreeIPA
project.
- New "fetchlimit" quotas are now available for the use of
recursive resolvers that are are under high query load for
domains whose authoritative servers are nonresponsive or are
......
......@@ -139,6 +139,11 @@ config.@O@: config.c
-DNS_SYSCONFDIR=\"${sysconfdir}\" \
-c ${srcdir}/config.c
server.@O@: server.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \
......
......@@ -38,6 +38,7 @@
#include <dns/badcache.h>
#include <dns/db.h>
#include <dns/dispatch.h>
#include <dns/dnstap.h>
#include <dns/edns.h>
#include <dns/events.h>
#include <dns/message.h>
......@@ -985,6 +986,11 @@ client_send(ns_client_t *client) {
unsigned int preferred_glue;
isc_boolean_t opt_included = ISC_FALSE;
size_t respsize;
#ifdef HAVE_DNSTAP
unsigned char zone[DNS_NAME_MAXWIRE];
dns_dtmsgtype_t dtmsgtype;
isc_region_t zr;
#endif /* HAVE_DNSTAP */
REQUIRE(NS_CLIENT_VALID(client));
......@@ -1123,6 +1129,28 @@ client_send(ns_client_t *client) {
if (result != ISC_R_SUCCESS)
goto done;
#ifdef HAVE_DNSTAP
memset(&zr, 0, sizeof(zr));
if (((client->message->flags & DNS_MESSAGEFLAG_AA) != 0) &&
(client->query.authzone != NULL))
{
isc_buffer_t b;
dns_name_t *zo =
dns_zone_getorigin(client->query.authzone);
isc_buffer_init(&b, zone, sizeof(zone));
dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE);
result = dns_name_towire(zo, &cctx, &b);
if (result == ISC_R_SUCCESS)
isc_buffer_usedregion(&b, &zr);
}
if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0)
dtmsgtype = DNS_DTTYPE_CR;
else
dtmsgtype = DNS_DTTYPE_AR;
#endif /* HAVE_DNSTAP */
if (cleanup_cctx) {
dns_compress_invalidate(&cctx);
cleanup_cctx = ISC_FALSE;
......@@ -1136,12 +1164,28 @@ client_send(ns_client_t *client) {
respsize = isc_buffer_usedlength(&tcpbuffer);
result = client_sendpkg(client, &tcpbuffer);
#ifdef HAVE_DNSTAP
if (client->view != NULL) {
dns_dt_send(client->view, dtmsgtype,
&client->peeraddr, ISC_TRUE, &zr,
&client->requesttime, NULL, &buffer);
}
#endif /* HAVE_DNSTAP */
isc_stats_increment(ns_g_server->tcpoutstats,
ISC_MIN(respsize / 16, 256));
} else {
respsize = isc_buffer_usedlength(&buffer);
result = client_sendpkg(client, &buffer);
#ifdef HAVE_DNSTAP
if (client->view != NULL) {
dns_dt_send(client->view, dtmsgtype,
&client->peeraddr, ISC_FALSE, &zr,
&client->requesttime, NULL, &buffer);
}
#endif /* HAVE_DNSTAP */
isc_stats_increment(ns_g_server->udpoutstats,
ISC_MIN(respsize / 16, 256));
}
......@@ -1396,7 +1440,9 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
if (isc_sockaddr_equal(&client->peeraddr,
&client->formerrcache.addr) &&
message->id == client->formerrcache.id &&
client->requesttime - client->formerrcache.time < 2) {
(isc_time_seconds(&client->requesttime) -
client->formerrcache.time) < 2)
{
/* Drop packet. */
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
......@@ -1406,7 +1452,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
return;
}
client->formerrcache.addr = client->peeraddr;
client->formerrcache.time = client->requesttime;
client->formerrcache.time =
isc_time_seconds(&client->requesttime);
client->formerrcache.id = message->id;
} else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
client->view != NULL && client->view->fail_ttl != 0 &&
......@@ -2036,6 +2083,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
unsigned int flags;
isc_boolean_t notimp;
size_t reqsize;
#ifdef HAVE_DNSTAP
dns_dtmsgtype_t dtmsgtype;
#endif
REQUIRE(event != NULL);
client = event->ev_arg;
......@@ -2095,9 +2145,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
goto cleanup;
client->state = client->newstate = NS_CLIENTSTATE_WORKING;
isc_task_getcurrenttime(task, &client->requesttime);
client->now = client->requesttime;
isc_time_set(&client->tnow, client->now, 0);
isc_task_getcurrenttimex(task, &client->requesttime);
client->tnow = client->requesttime;
client->now = isc_time_seconds(&client->tnow);
if (result != ISC_R_SUCCESS) {
if (TCP_CLIENT(client)) {
......@@ -2588,6 +2638,17 @@ client_request(isc_task_t *task, isc_event_t *event) {
switch (client->message->opcode) {
case dns_opcode_query:
CTRACE("query");
#ifdef HAVE_DNSTAP
if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0)
dtmsgtype = DNS_DTTYPE_CQ;
else
dtmsgtype = DNS_DTTYPE_AQ;
dns_dt_send(view, dtmsgtype, &client->peeraddr,
TCP_CLIENT(client), NULL,
&client->requesttime, NULL, buffer);
#endif /* HAVE_DNSTAP */
ns_query_start(client);
break;
case dns_opcode_update:
......@@ -3652,7 +3713,8 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
"requesttime %d\n", peerbuf, sep, name,
client->message->id, namebuf, typebuf, classbuf,
origfor, original, client->requesttime);
origfor, original,
isc_time_seconds(&client->requesttime));
client = ISC_LIST_NEXT(client, rlink);
}
UNLOCK(&manager->reclock);
......
......@@ -186,6 +186,11 @@ options {\n\
require-server-cookie no;\n\
v6-bias 50;\n\
"
#ifdef HAVE_DNSTAP
"\
dnstap-identity hostname;\n\
"
#endif
#ifdef HAVE_GEOIP
"\
geoip-use-ecs yes;\n\
......
......@@ -129,7 +129,7 @@ struct ns_client {
void (*shutdown)(void *arg, isc_result_t result);
void *shutdown_arg;
ns_query_t query;
isc_stdtime_t requesttime;
isc_time_t requesttime;
isc_stdtime_t now;
isc_time_t tnow;
dns_name_t signername; /*%< [T]SIG key name */
......
......@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.92 2011/11/09 18:44:04 each Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
......@@ -153,6 +151,14 @@ EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
"/run/lwresd.pid");
#endif
#ifdef HAVE_DNSTAP
EXTERN const char * ns_g_defaultdnstap
INIT(NS_LOCALSTATEDIR "/run/named/"
"dnstap.sock");
#else
EXTERN const char * ns_g_defaultdnstap INIT(NULL);
#endif /* HAVE_DNSTAP */
EXTERN const char * ns_g_username INIT(NULL);
#if defined(USE_PKCS11)
......
......@@ -28,6 +28,7 @@
#include <isc/xml.h>
#include <dns/acl.h>
#include <dns/dnstap.h>
#include <dns/types.h>
#include <named/types.h>
......@@ -122,6 +123,8 @@ struct ns_server {
unsigned char secret[32]; /*%< Server Cookie Secret */
ns_cookiealg_t cookiealg;
dns_dtenv_t *dtenv; /*%< Dnstap environment */
char * lockfile;
};
......
......@@ -2398,6 +2398,122 @@ create_empty_zone(dns_zone_t *zone, dns_name_t *name, dns_view_t *view,
return (result);
}
#ifdef HAVE_DNSTAP
static isc_result_t
configure_dnstap(const cfg_obj_t **maps, dns_view_t *view) {
isc_result_t result;
const cfg_obj_t *obj, *obj2;
const cfg_listelt_t *element;
const char *dpath = ns_g_defaultdnstap;
const cfg_obj_t *dlist = NULL;
dns_dtmsgtype_t dttypes = 0;
dns_dtmode_t dmode;
result = ns_config_get(maps, "dnstap", &dlist);
if (result != ISC_R_SUCCESS)
return (ISC_R_SUCCESS);
for (element = cfg_list_first(dlist);
element != NULL;
element = cfg_list_next(element))
{
const char *str;
dns_dtmsgtype_t dt = 0;
obj = cfg_listelt_value(element);
obj2 = cfg_tuple_get(obj, "type");
str = cfg_obj_asstring(obj2);
if (strcasecmp(str, "client") == 0) {
dt |= DNS_DTTYPE_CQ|DNS_DTTYPE_CR;
} else if (strcasecmp(str, "auth") == 0) {
dt |= DNS_DTTYPE_AQ|DNS_DTTYPE_AR;
} else if (strcasecmp(str, "resolver") == 0) {
dt |= DNS_DTTYPE_RQ|DNS_DTTYPE_RR;
} else if (strcasecmp(str, "forwarder") == 0) {
dt |= DNS_DTTYPE_FQ|DNS_DTTYPE_FR;
} else if (strcasecmp(str, "all") == 0) {
dt |= DNS_DTTYPE_CQ|DNS_DTTYPE_CR|
DNS_DTTYPE_AQ|DNS_DTTYPE_AR|
DNS_DTTYPE_RQ|DNS_DTTYPE_RR|
DNS_DTTYPE_FQ|DNS_DTTYPE_FR;
}
obj2 = cfg_tuple_get(obj, "mode");
if (obj2 == NULL || cfg_obj_isvoid(obj2)) {
dttypes |= dt;
continue;
}
str = cfg_obj_asstring(obj2);
if (strcasecmp(str, "query")) {
dt &= ~DNS_DTTYPE_RESPONSE;
} else if (strcasecmp(str, "response")) {
dt &= ~DNS_DTTYPE_QUERY;
}
dttypes |= dt;
}
if (ns_g_server->dtenv == NULL && dttypes != 0) {
obj = NULL;
CHECKM(ns_config_get(maps, "dnstap-output", &obj),
"'dnstap-output' must be set if 'dnstap' is set");
obj2 = cfg_tuple_get(obj, "mode");
if (obj2 == NULL)
CHECKM(ISC_R_FAILURE, "dnstap-output mode not found");
if (strcasecmp(cfg_obj_asstring(obj2), "file") == 0)
dmode = dns_dtmode_file;
else
dmode = dns_dtmode_unix;
obj2 = cfg_tuple_get(obj, "path");
if (obj2 == NULL)
CHECKM(ISC_R_FAILURE, "dnstap-output path not found");
dpath = cfg_obj_asstring(obj2);
CHECKM(dns_dt_create(ns_g_mctx, dmode, dpath, ns_g_cpus,
&ns_g_server->dtenv),
"unable to create dnstap environment");
}
if (ns_g_server->dtenv == NULL)
return (ISC_R_SUCCESS);
obj = NULL;
result = ns_config_get(maps, "dnstap-version", &obj);
if (result != ISC_R_SUCCESS) {
/* not specified; use the product and version */
dns_dt_setversion(ns_g_server->dtenv, PRODUCT " " VERSION);
} else if (result == ISC_R_SUCCESS && !cfg_obj_isvoid(obj)) {
/* Quoted string */
dns_dt_setversion(ns_g_server->dtenv, cfg_obj_asstring(obj));
}
obj = NULL;
result = ns_config_get(maps, "dnstap-identity", &obj);
if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
/* "hostname" is interpreted as boolean ISC_TRUE */
char buf[256];
result = ns_os_gethostname(buf, sizeof(buf));
if (result == ISC_R_SUCCESS)
dns_dt_setidentity(ns_g_server->dtenv, buf);
} else if (result == ISC_R_SUCCESS && !cfg_obj_isvoid(obj)) {
/* Quoted string */
dns_dt_setidentity(ns_g_server->dtenv, cfg_obj_asstring(obj));
}
dns_dt_attach(ns_g_server->dtenv, &view->dtenv);
view->dttypes = dttypes;
result = ISC_R_SUCCESS;
cleanup:
return (result);
}
#endif /* HAVE_DNSTAP */
/*
* Configure 'view' according to 'vconfig', taking defaults from 'config'
* where values are missing in 'vconfig'.
......@@ -4008,6 +4124,13 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
} else
view->redirectzone = NULL;
#ifdef HAVE_DNSTAP
/*
* Set up the dnstap environment and configure message
* types to log.
*/
CHECK(configure_dnstap(maps, view));
#endif /* HAVE_DNSTAP */
result = ISC_R_SUCCESS;
......@@ -7016,6 +7139,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
if (server->blackholeacl != NULL)
dns_acl_detach(&server->blackholeacl);
#ifdef HAVE_DNSTAP
dns_dt_shutdown();
#endif
#ifdef HAVE_GEOIP
dns_geoip_shutdown();
#endif
......@@ -7217,6 +7343,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->lockfile = NULL;
server->dtenv = NULL;
server->magic = NS_SERVER_MAGIC;
*serverp = server;
}
......@@ -7226,6 +7354,11 @@ ns_server_destroy(ns_server_t **serverp) {
ns_server_t *server = *serverp;
REQUIRE(NS_SERVER_VALID(server));
#ifdef HAVE_DNSTAP
if (server->dtenv != NULL)
dns_dt_detach(&server->dtenv);
#endif /* HAVE_DNSTAP */
ns_controls_destroy(&server->controls);
isc_stats_detach(&server->nsstats);
......
......@@ -71,6 +71,7 @@ ns_paths_init(void) {
ns_g_defaultlockfile = isc_ntpaths_get(NAMED_LOCK_PATH);
ns_g_keyfile = isc_ntpaths_get(RNDC_KEY_PATH);
ns_g_defaultsessionkeyfile = isc_ntpaths_get(SESSION_KEY_PATH);
ns_g_defaultdnstap = NULL;
Initialized = TRUE;
}
......
......@@ -58,6 +58,7 @@ RESOLVE=$TOP/lib/samples/resolve
RRCHECKER=$TOP/bin/tools/named-rrchecker
GENRANDOM=$TOP/bin/tools/genrandom
NSLOOKUP=$TOP/bin/dig/nslookup
DNSTAPREAD="$TOP/bin/tools/dnstap-read"
RANDFILE=$TOP/bin/tests/system/random.data
......@@ -67,7 +68,7 @@ RANDFILE=$TOP/bin/tests/system/random.data
SUBDIRS="acl additional allow_query addzone autosign builtin
cacheclean case checkconf @CHECKDS@ checknames checkzone
cookie @COVERAGE@ database digdelv dlv dlvauto dlz dlzexternal
dname dns64 dnssec dsdigest dscp ecdsa ednscompliance
dname dns64 dnssec dsdigest dscp @DNSTAP@ ecdsa ednscompliance
emptyzones fetchlimit filter-aaaa formerr forward geoip glue gost
ixfr inline legacy limits logfileconfig lwresd masterfile
masterformat metadata mkeys notify nslookup nsupdate pending
......
#!/bin/sh
#
# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
rm -f */named.memstats
rm -f */named.run
rm -f */named.stats
rm -f dig.out*
rm -f ns*/named.lock
rm -f ns*/dnstap.out
/*
* Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
statistics-file "named.stats";
dnstap-identity "ns1";
dnstap-version "xxx";
dnstap-output file "dnstap.out";
dnstap { all; };
send-cookie no;
require-server-cookie no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
};
zone "." {
type master;
file "root.db";
};
; Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
; Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$ORIGIN .
$TTL 300 ; 5 minutes
example IN SOA mname1. . (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
example. NS ns2.example.
ns2.example. A 10.53.0.2
$ORIGIN example.
a A 10.0.0.1
MX 10 mail.example.
mail A 10.0.0.2
/*
* Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM