Commit 0b25d4d8 authored by Jeremy C. Reed's avatar Jeremy C. Reed
Browse files

Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9

parents 35bd3dff 7b042160
3931. [cleanup] Cleanup how dlz grammer is defined. [RT #36879]
3963. [test] Added NXRRSET test cases to the "dlzexternal"
system test. [RT #37344]
3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
conditions. [RT #34663]
3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
BADSIG. [RT #37216]
3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
3959. [bug] Updates could be lost if they arrived immediately
after a rndc thaw. [RT #37233]
3958. [bug] Detect when writeable files have multiple references
in named.conf. [RT #37172]
3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
and ECDSAP384SHA384. [RT #37183]
3956. [func] Notify messages are now rate limited by notify-rate and
startup-notify-rate instead of serial-query-rate.
[RT #24454]
3955. [bug] Notify messages due to changes are no longer queued
behind startup notify messages. [RT #24454]
3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
two name pointers were the same. [RT #37176]
3951. [func] Add the ability to set yet-to-be-defined EDNS flags
to dig (+ednsflags=#). [RT #37142]
3950. [port] Changed the bin/python Makefile to work around a
bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
3949. [experimental] Experimental support for draft-andrews-edns1 by sending
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
building). Add support for limiting the EDNS version
advertised to servers: server { edns-version 0; };
Log the EDNS version received in the query log.
[RT #35864]
3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
--with-tuning=large. [RT #37059]
3947. [cleanup] Set the executable bit on libraries when using
libtool. [RT #36786]
3946. [cleanup] Improved "configure" search for a python interpreter.
[RT #36992]
3945. [bug] Invalid wildcard expansions could be incorrectly
accepted by the validator. [RT #37093]
3944. [test] Added a regression test for "server-id". [RT #37057]
3943. [func] SERVFAIL responses can now be cached for a
limited time (configured by "servfail-ttl",
default 10 seconds, limit 30). This can reduce
the frequency of retries when an authoritative
server is known to be failing, e.g., due to
ongoing DNSSEC validation problems. [RT #21347]
3942. [bug] Wildcard responses from a optout range should be
marked as insecure. [RT #37072]
3941. [doc] Include the BIND version number in the ARM. [RT #37067]
3940. [func] "rndc nta" now allows negative trust anchors to be
set for up to one week. [RT #37069]
3939. [func] Improve UPDATE forwarding performance by allowing TCP
connections to be shared. [RT #37039]
3938. [placeholder]
3937. [func] Added some debug logging to better indicate the
conditions causing SERVFAILs when resolving.
[RT #35538]
3936. [func] Added authoritative support for the EDNS Client
Subnet (ECS) option.
ACLs can now include "ecs" elements which specify
an address or network prefix; if an ECS option is
included in a DNS query, then the address encoded
in the option will be matched against "ecs" ACL
elements.
Also, if an ECS address is included in a query,
then it will be used instead of the client source
address when matching "geoip" ACL elements. This
behavior can be overridden with "geoip-use-ecs no;".
(Note: to enable "geoip" ACLs, use "configure
--with-geoip". This requires libGeoIP version
1.5.0 or higher.)
When "ecs" or "geoip" ACL elements are used to
select a view for a query, the response will include
an ECS option to indicate which client network the
answer is valid for.
(Thanks to Vincent Bernat.) [RT #36781]
3935. [bug] "geoip asnum" ACL elements would not match unless
the full organization name was specified. They
can now match against the AS number alone (e.g.,
AS1234). [RT #36945]
3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
sit-secret documentation. [RT #36980]
3933. [bug] Corrected the implementation of dns_rdata_casecompare()
for the HIP rdata type. [RT #36911]
3932. [test] Improved named-checkconf tests. [RT #36911]
3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
3930. [bug] "rndc nta -r" could cause a server hang if the
NTA was not found. [RT #36909]
......@@ -23,7 +145,7 @@
retains DS and (if applicable) NSEC signatures.
[RT #36946]
3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833]
3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
3920. [doc] Added doc for masterfile-style. [RT #36823]
......@@ -64,7 +186,7 @@
3908. [bug] rndc now differentiates between a zone in multiple
views and a zone that doesn't exist at all. [RT #36691]
3907. [cleanup] Alphabetise rndc help. [RT #36683]
3907. [cleanup] Alphabetize rndc help. [RT #36683]
3906. [protocol] Update URI record format to comply with
draft-faltstrom-uri-08. [RT #36642]
......@@ -140,7 +262,7 @@
periodically to see whether data below them can be
validated, and if so, they will be allowed to
expire early. The "rndc nta -force" option
overrides this behvaior. The default NTA lifetime
overrides this behavior. The default NTA lifetime
and the recheck frequency can be configured by the
"nta-lifetime" and "nta-recheck" options. [RT #36146]
......
......@@ -56,6 +56,25 @@ BIND 9.11.0
BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
releases. New features include:
- SERVFAIL responses can now be cached for a limited time
(defaulting to 10 seconds, with an upper limit of 30).
This can reduce the frequency of retries when a query is
persistently failing.
- The new "rndc nta" command can be used to set a "negative
trust anchor", disabling DNSSEC validation for a specific
domain; this can be used when responses from a domain are
known to be failing validation due to administrative error
rather than because of a spoofing attack. Negative trust
anchors are strictly temporary; by default they expire after
one hour, but can be configured to last up to one week.
- Update forwarding performance has been improved by allowing
a single TCP connection to be shared by multiple updates.
- The EDNS Client Subnet (ECS) option is now supported for
authoritative servers; if a query contains an ECS option
then ACLs containing "geoip" or "ecs" elements can match
against the the address encoded in the option. This can be
used to select a view for a query, so that different answers
can be provided depending on the client network.
- The EDNS EXPIRE option has been implemented on the client
side, allowing a slave server to set the expiration timer
correctly when transferring zone data from another slave
......@@ -68,12 +87,16 @@ BIND 9.11.0
- "dig +ttlunits" causes dig to print TTL values with time-unit
suffixes: w, d, h, m, s for weeks, days, hours, minutes, and
seconds.
- "serial-update-format" can now be set to "date". On update,
- "serial-update-method" can now be set to "date". On update,
the serial number will be set to the current date in YYYYMMDDNN
format.
- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
- "named -L <filename>" causes named to send log messages to
the specified file by default instead of to the system log.
- dig can now set arbitary EDNS options on requests (+ednsopt).
- dig can now set yet-to-be-defined EDNS flags on requests (+ednsflags).
- serial-query-rate no longer covers NOTIFY messages. These are
seperately controlled by notity-rate and startup-notify-rate.
This release addresses the security flaw described in
CVE-2014-3214 and CVE-2014-3859.
......@@ -479,23 +502,29 @@ Change Log
Bug Reports and Mailing Lists
Bugs reports should be sent to
Bug reports should be sent to:
bind9-bugs@isc.org
To join the BIND Users mailing list, send mail to
Feature requests can be sent to:
bind-users-request@isc.org
bind-suggest@isc.org
archives of which can be found via
To join or view the archives of the BIND Users mailing list,
visit:
http://www.isc.org/ops/lists/
https://lists.isc.org/mailman/listinfo/bind-users
If you're planning on making changes to the BIND 9 source
code, you might want to join the BIND Workers mailing list.
Send mail to
code, you may also want to join the BIND Workers mailing
list:
bind-workers-request@isc.org
https://lists.isc.org/mailman/listinfo/bind-workers
Information on read-only Git access, coding style and developer
guidelines can be found at:
http://www.isc.org/git/
Acknowledgments
......
......@@ -9,7 +9,9 @@ m4_divert_text(HELP_CANON, [[
and --localstatedir are /etc and /var, respectively.]])
m4_divert_text(HELP_END, [[
Professional support for BIND is provided by Internet Systems Consortium,
Inc., doing business as DNSco. Information about paid support options is
available at http://www.dns-co.com/solutions/. Free support is provided by
our user community via a mailing list. Information on public email lists
is available at https://www.isc.org/community/mailing-list/.]])
Inc. Information about paid support and training options is available at
https://www.isc.org/support.
Help can also often be found on the BIND Users mailing list
(https://lists.isc.org/mailman/listinfo/bind-users) or in the #bind
channel of the Freenode IRC service.]])
......@@ -70,7 +70,7 @@ named-checkzone.@O@: named-checkzone.c
-c ${srcdir}/named-checkzone.c
named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
${FINALBUILDCMD}
......
......@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543402"></a><h2>DESCRIPTION</h2>
<a name="id2543411"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
......@@ -52,7 +52,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543451"></a><h2>OPTIONS</h2>
<a name="id2543460"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
......@@ -101,21 +101,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543595"></a><h2>RETURN VALUES</h2>
<a name="id2543604"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543607"></a><h2>SEE ALSO</h2>
<a name="id2543616"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543637"></a><h2>AUTHOR</h2>
<a name="id2543645"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -266,7 +266,7 @@ so that include directives in the configuration file are processed as if run by
.PP
\-T \fImode\fR
.RS 4
Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present. Possible modes are
\fB"warn"\fR
(default),
\fB"ignore"\fR.
......
......@@ -440,10 +440,10 @@
<term>-T <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Check if Sender Policy Framework records (TXT and SPF)
both exist or both don't exist. A warning is issued
if they don't match. Possible modes are
<command>"warn"</command> (default), <command>"ignore"</command>.
Check if Sender Policy Framework (SPF) records exist
and issues a warning if an SPF-formatted TXT record is
not also present. Possible modes are <command>"warn"</command>
(default), <command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
......
......@@ -33,7 +33,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543776"></a><h2>DESCRIPTION</h2>
<a name="id2543784"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
......@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543811"></a><h2>OPTIONS</h2>
<a name="id2543819"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
......@@ -249,10 +249,10 @@
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if Sender Policy Framework records (TXT and SPF)
both exist or both don't exist. A warning is issued
if they don't match. Possible modes are
<span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
Check if Sender Policy Framework (SPF) records exist
and issues a warning if an SPF-formatted TXT record is
not also present. Possible modes are <span><strong class="command">"warn"</strong></span>
(default), <span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
......@@ -287,14 +287,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544633"></a><h2>RETURN VALUES</h2>
<a name="id2544710"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544713"></a><h2>SEE ALSO</h2>
<a name="id2544722"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
......@@ -302,7 +302,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544746"></a><h2>AUTHOR</h2>
<a name="id2544755"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543426"></a><h2>DESCRIPTION</h2>
<a name="id2543434"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
are invocation methods for a utility that generates keys for use
......@@ -68,7 +68,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543499"></a><h2>OPTIONS</h2>
<a name="id2543508"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
......@@ -140,7 +140,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543697"></a><h2>SEE ALSO</h2>
<a name="id2543705"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
......@@ -148,7 +148,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543735"></a><h2>AUTHOR</h2>
<a name="id2543744"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543447"></a><h2>DESCRIPTION</h2>
<a name="id2543456"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
......@@ -48,7 +48,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543492"></a><h2>OPTIONS</h2>
<a name="id2543500"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
......@@ -162,7 +162,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543822"></a><h2>EXAMPLES</h2>
<a name="id2543831"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
......@@ -179,7 +179,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543864"></a><h2>SEE ALSO</h2>
<a name="id2543873"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
......@@ -187,7 +187,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543902"></a><h2>AUTHOR</h2>
<a name="id2543911"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -35,7 +35,7 @@
<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543489"></a><h2>DESCRIPTION</h2>
<a name="id2543497"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">delv</strong></span>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the the same internal
......@@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543542"></a><h2>SIMPLE USAGE</h2>
<a name="id2543550"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">delv</strong></span> looks like:
</p>
......@@ -133,7 +133,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543651"></a><h2>OPTIONS</h2>
<a name="id2543659"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
<dd>
......@@ -267,7 +267,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544151"></a><h2>QUERY OPTIONS</h2>
<a name="id2544160"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">delv</strong></span>
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
......@@ -447,12 +447,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544637"></a><h2>FILES</h2>
<a name="id2544646"></a><h2>FILES</h2>
<p><code class="filename">/etc/bind.keys</code></p>
<p><code class="filename">/etc/resolv.conf</code></p>
</div>
<div class="refsect1" lang="en">
<a name="id2544652"></a><h2>SEE ALSO</h2>
<a name="id2544661"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC4034</em>,
......
......@@ -356,6 +356,11 @@ Specify the EDNS version to query with. Valid values are 0 to 255. Setting the E
clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]ednsflags[=#]\fR
.RS 4
Set the must\-be\-zero EDNS flags bits (Z bits) to the specified value. Decimal, hex and octal encodings are accepted. Setting a named flag (e.g. DO) will silently be ignored. By default, no Z bits are set.
.RE
.PP
\fB+[no]ednsopt[=code[:value]]\fR
.RS 4
Specify EDNS option with code point
......
......@@ -192,6 +192,7 @@ help(void) {
" +ndots=### (Set NDOTS value)\n"
" +subnet=addr (Set edns-client-subnet option)\n"
" +[no]edns[=###] (Set EDNS version) [0]\n"
" +ednsflags=### (Set EDNS flag bits)\n"
" +ednsopt=###[:value] (Send specified EDNS option)\n"
" +noednsopt (Clear list of +ednsopt options)\n"
" +[no]search (Set whether to use searchlist)\n"
......@@ -960,6 +961,25 @@ plus_option(char *option, isc_boolean_t is_batchfile,
"edns");
lookup->edns = num;
break;
case 'f':
FULLCHECK("ednsflags");
if (!state) {
lookup->ednsflags = 0;
break;
}
if (value == NULL) {
lookup->ednsflags = 0;
break;
}
result = parse_xint(&num,
value,
0xffff,
"ednsflags");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse "
"ednsflags");
lookup->ednsflags = num;
break;
case 'o':
FULLCHECK("ednsopt");
if (!state) {
......
......@@ -578,6 +578,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]ednsflags[=#]</option></term>
<listitem>
<para>
Set the must-be-zero EDNS flags bits (Z bits) to the
specified value. Decimal, hex and octal encodings are
accepted. Setting a named flag (e.g. DO) will silently be
ignored. By default, no Z bits are set.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]ednsopt[=code[:value]]</option></term>
<listitem>
......
......@@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543536"></a><h2>DESCRIPTION</h2>
<a name="id2543544"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
......@@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543614"></a><h2>SIMPLE USAGE</h2>
<a name="id2543623"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
......@@ -134,7 +134,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543718"></a><h2>OPTIONS</h2>
<a name="id2543726"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
......@@ -242,7 +242,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544009"></a><h2>QUERY OPTIONS</h2>
<a name="id2544018"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
......@@ -384,6 +384,13 @@
clears the remembered EDNS version. EDNS is set to
0 by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
<dd><p>
Set the must-be-zero EDNS flags bits (Z bits) to the
specified value. Decimal, hex and octal encodings are
accepted. Setting a named flag (e.g. DO) will silently be
ignored. By default, no Z bits are set.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
<dd><p>
Specify EDNS option with code point <code class="option">code</code>
......@@ -637,7 +644,7 @@