Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
582
Issues
582
List
Boards
Labels
Service Desk
Milestones
Merge Requests
110
Merge Requests
110
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
5bd85525
Commit
5bd85525
authored
Dec 07, 2018
by
Tinderbox User
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
prep 9.13.5
parent
cbde34e7
Changes
76
Hide whitespace changes
Inline
Side-by-side
Showing
76 changed files
with
560 additions
and
345 deletions
+560
-345
CHANGES
CHANGES
+2
-0
README
README
+4
-0
README.md
README.md
+3
-0
bin/check/named-checkconf.8
bin/check/named-checkconf.8
+8
-1
bin/check/named-checkconf.html
bin/check/named-checkconf.html
+9
-1
bin/dnssec/dnssec-keygen.8
bin/dnssec/dnssec-keygen.8
+5
-5
bin/dnssec/dnssec-keygen.html
bin/dnssec/dnssec-keygen.html
+5
-5
bin/dnssec/dnssec-signzone.8
bin/dnssec/dnssec-signzone.8
+3
-3
bin/dnssec/dnssec-signzone.html
bin/dnssec/dnssec-signzone.html
+5
-4
bin/plugins/filter-aaaa.8
bin/plugins/filter-aaaa.8
+6
-6
bin/plugins/filter-aaaa.c
bin/plugins/filter-aaaa.c
+1
-1
bin/plugins/filter-aaaa.html
bin/plugins/filter-aaaa.html
+50
-30
configure
configure
+1
-13
doc/arm/Bv9ARM.ch01.html
doc/arm/Bv9ARM.ch01.html
+1
-1
doc/arm/Bv9ARM.ch02.html
doc/arm/Bv9ARM.ch02.html
+1
-1
doc/arm/Bv9ARM.ch03.html
doc/arm/Bv9ARM.ch03.html
+105
-1
doc/arm/Bv9ARM.ch04.html
doc/arm/Bv9ARM.ch04.html
+1
-1
doc/arm/Bv9ARM.ch05.html
doc/arm/Bv9ARM.ch05.html
+1
-67
doc/arm/Bv9ARM.ch06.html
doc/arm/Bv9ARM.ch06.html
+1
-1
doc/arm/Bv9ARM.ch07.html
doc/arm/Bv9ARM.ch07.html
+1
-1
doc/arm/Bv9ARM.ch08.html
doc/arm/Bv9ARM.ch08.html
+42
-3
doc/arm/Bv9ARM.ch09.html
doc/arm/Bv9ARM.ch09.html
+1
-1
doc/arm/Bv9ARM.ch10.html
doc/arm/Bv9ARM.ch10.html
+1
-1
doc/arm/Bv9ARM.ch11.html
doc/arm/Bv9ARM.ch11.html
+1
-1
doc/arm/Bv9ARM.ch12.html
doc/arm/Bv9ARM.ch12.html
+5
-1
doc/arm/Bv9ARM.html
doc/arm/Bv9ARM.html
+11
-3
doc/arm/Bv9ARM.pdf
doc/arm/Bv9ARM.pdf
+0
-0
doc/arm/man.arpaname.html
doc/arm/man.arpaname.html
+1
-1
doc/arm/man.ddns-confgen.html
doc/arm/man.ddns-confgen.html
+1
-1
doc/arm/man.delv.html
doc/arm/man.delv.html
+1
-1
doc/arm/man.dig.html
doc/arm/man.dig.html
+1
-1
doc/arm/man.dnssec-cds.html
doc/arm/man.dnssec-cds.html
+1
-1
doc/arm/man.dnssec-checkds.html
doc/arm/man.dnssec-checkds.html
+1
-1
doc/arm/man.dnssec-coverage.html
doc/arm/man.dnssec-coverage.html
+1
-1
doc/arm/man.dnssec-dsfromkey.html
doc/arm/man.dnssec-dsfromkey.html
+1
-1
doc/arm/man.dnssec-importkey.html
doc/arm/man.dnssec-importkey.html
+1
-1
doc/arm/man.dnssec-keyfromlabel.html
doc/arm/man.dnssec-keyfromlabel.html
+1
-1
doc/arm/man.dnssec-keygen.html
doc/arm/man.dnssec-keygen.html
+6
-6
doc/arm/man.dnssec-keymgr.html
doc/arm/man.dnssec-keymgr.html
+1
-1
doc/arm/man.dnssec-revoke.html
doc/arm/man.dnssec-revoke.html
+1
-1
doc/arm/man.dnssec-settime.html
doc/arm/man.dnssec-settime.html
+1
-1
doc/arm/man.dnssec-signzone.html
doc/arm/man.dnssec-signzone.html
+6
-5
doc/arm/man.dnssec-verify.html
doc/arm/man.dnssec-verify.html
+1
-1
doc/arm/man.dnstap-read.html
doc/arm/man.dnstap-read.html
+6
-5
doc/arm/man.filter-aaaa.html
doc/arm/man.filter-aaaa.html
+52
-32
doc/arm/man.host.html
doc/arm/man.host.html
+10
-10
doc/arm/man.mdig.html
doc/arm/man.mdig.html
+6
-6
doc/arm/man.named-checkconf.html
doc/arm/man.named-checkconf.html
+14
-6
doc/arm/man.named-checkzone.html
doc/arm/man.named-checkzone.html
+5
-5
doc/arm/man.named-journalprint.html
doc/arm/man.named-journalprint.html
+3
-3
doc/arm/man.named-nzd2nzf.html
doc/arm/man.named-nzd2nzf.html
+5
-5
doc/arm/man.named-rrchecker.html
doc/arm/man.named-rrchecker.html
+3
-3
doc/arm/man.named.conf.html
doc/arm/man.named.conf.html
+18
-18
doc/arm/man.named.html
doc/arm/man.named.html
+7
-7
doc/arm/man.nsec3hash.html
doc/arm/man.nsec3hash.html
+4
-4
doc/arm/man.nslookup.html
doc/arm/man.nslookup.html
+8
-8
doc/arm/man.nsupdate.html
doc/arm/man.nsupdate.html
+8
-8
doc/arm/man.pkcs11-destroy.html
doc/arm/man.pkcs11-destroy.html
+4
-4
doc/arm/man.pkcs11-keygen.html
doc/arm/man.pkcs11-keygen.html
+4
-4
doc/arm/man.pkcs11-list.html
doc/arm/man.pkcs11-list.html
+4
-4
doc/arm/man.pkcs11-tokens.html
doc/arm/man.pkcs11-tokens.html
+4
-4
doc/arm/man.rndc-confgen.html
doc/arm/man.rndc-confgen.html
+5
-5
doc/arm/man.rndc.conf.html
doc/arm/man.rndc.conf.html
+5
-5
doc/arm/man.rndc.html
doc/arm/man.rndc.html
+6
-6
doc/arm/notes.html
doc/arm/notes.html
+40
-1
doc/arm/notes.pdf
doc/arm/notes.pdf
+0
-0
doc/arm/notes.txt
doc/arm/notes.txt
+24
-1
doc/misc/options
doc/misc/options
+5
-5
lib/bind9/api
lib/bind9/api
+2
-2
lib/dns/api
lib/dns/api
+1
-1
lib/irs/api
lib/irs/api
+1
-1
lib/isc/api
lib/isc/api
+1
-1
lib/isccfg/parser.c
lib/isccfg/parser.c
+1
-1
lib/isccfg/win32/libisccfg.def
lib/isccfg/win32/libisccfg.def
+1
-0
lib/ns/api
lib/ns/api
+2
-2
version
version
+1
-1
No files found.
CHANGES
View file @
5bd85525
--- 9.13.5 released ---
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
...
...
README
View file @
5bd85525
...
...
@@ -104,6 +104,10 @@ BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
...
...
README.md
View file @
5bd85525
...
...
@@ -122,6 +122,9 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features
include:
*
A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a plugin.
*
Socket and task code has been refactored to improve performance.
*
QNAME minimization, as described in RFC 7816, is now supported.
*
"Root key sentinel" support, enabling validating resolvers to indicate
...
...
bin/check/named-checkconf.8
View file @
5bd85525
...
...
@@ -39,7 +39,7 @@
named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
.HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
\fBnamed\-checkconf\fR [\fB\-
c
hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkconf\fR
...
...
@@ -79,6 +79,13 @@ When loading a zonefile read the journal if it exists\&.
List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
.RE
.PP
\-c
.RS 4
Check "core" configuration only\&. This suppresses the loading of plugin modules, and causes all parameters to
\fBplugin\fR
statements to be ignored\&.
.RE
.PP
\-p
.RS 4
Print out the
...
...
bin/check/named-checkconf.html
View file @
5bd85525
...
...
@@ -33,7 +33,7 @@
<h2>
Synopsis
</h2>
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
named-checkconf
</code>
[
<code
class=
"option"
>
-hjlvz
</code>
]
[
<code
class=
"option"
>
-
c
hjlvz
</code>
]
[
<code
class=
"option"
>
-p
</code>
[
<code
class=
"option"
>
-x
</code>
]]
...
...
@@ -88,6 +88,14 @@
(e.g. master or slave).
</p>
</dd>
<dt><span
class=
"term"
>
-c
</span></dt>
<dd>
<p>
Check "core" configuration only. This suppresses the loading
of plugin modules, and causes all parameters to
<span
class=
"command"
><strong>
plugin
</strong></span>
statements to be ignored.
</p>
</dd>
<dt><span
class=
"term"
>
-p
</span></dt>
<dd>
<p>
...
...
bin/dnssec/dnssec-keygen.8
View file @
5bd85525
...
...
@@ -327,21 +327,21 @@ and
files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
.SH "EXAMPLE"
.PP
To generate a
768\-bit DSA
key for the domain
To generate a
n ECDSAP256SHA256
key for the domain
\fBexample\&.com\fR, the following command would be issued:
.PP
\fBdnssec\-keygen \-a
DSA \-b 768
\-n ZONE example\&.com\fR
\fBdnssec\-keygen \-a
ECDSAP256SHA256
\-n ZONE example\&.com\fR
.PP
The command would print a string of the form:
.PP
\fBKexample\&.com\&.+0
0
3+26160\fR
\fBKexample\&.com\&.+0
1
3+26160\fR
.PP
In this example,
\fBdnssec\-keygen\fR
creates the files
Kexample\&.com\&.+0
0
3+26160\&.key
Kexample\&.com\&.+0
1
3+26160\&.key
and
Kexample\&.com\&.+0
0
3+26160\&.private\&.
Kexample\&.com\&.+0
1
3+26160\&.private\&.
.SH "SEE ALSO"
.PP
\fBdnssec-signzone\fR(8),
...
...
bin/dnssec/dnssec-keygen.html
View file @
5bd85525
...
...
@@ -498,22 +498,22 @@
<a
name=
"id-1.11"
></a><h2>
EXAMPLE
</h2>
<p>
To generate a
768-bit DSA
key for the domain
To generate a
n ECDSAP256SHA256
key for the domain
<strong
class=
"userinput"
><code>
example.com
</code></strong>
, the following command would be
issued:
</p>
<p><strong
class=
"userinput"
><code>
dnssec-keygen -a
DSA -b 768
-n ZONE example.com
</code></strong>
<p><strong
class=
"userinput"
><code>
dnssec-keygen -a
ECDSAP256SHA256
-n ZONE example.com
</code></strong>
</p>
<p>
The command would print a string of the form:
</p>
<p><strong
class=
"userinput"
><code>
Kexample.com.+0
0
3+26160
</code></strong>
<p><strong
class=
"userinput"
><code>
Kexample.com.+0
1
3+26160
</code></strong>
</p>
<p>
In this example,
<span
class=
"command"
><strong>
dnssec-keygen
</strong></span>
creates
the files
<code
class=
"filename"
>
Kexample.com.+0
0
3+26160.key
</code>
the files
<code
class=
"filename"
>
Kexample.com.+0
1
3+26160.key
</code>
and
<code
class=
"filename"
>
Kexample.com.+0
0
3+26160.private
</code>
.
<code
class=
"filename"
>
Kexample.com.+0
1
3+26160.private
</code>
.
</p>
</div>
...
...
bin/dnssec/dnssec-signzone.8
View file @
5bd85525
...
...
@@ -415,9 +415,9 @@ Specify which keys should be used to sign the zone\&. If no keys are specified,
.PP
The following command signs the
\fBexample\&.com\fR
zone with the
DSA
key generated by
zone with the
ECDSAP256SHA256 key generated by
key generated by
\fBdnssec\-keygen\fR
(Kexample\&.com\&.+0
0
3+17247)\&. Because the
(Kexample\&.com\&.+0
1
3+17247)\&. Because the
\fB\-S\fR
option is not being used, the zone\*(Aqs keys must be in the master file (db\&.example\&.com)\&. This invocation looks for
dsset
...
...
@@ -428,7 +428,7 @@ files, in the current directory, so that DS records can be imported from them (\
.\}
.nf
% dnssec\-signzone \-g \-o example\&.com db\&.example\&.com \e
Kexample\&.com\&.+0
0
3+17247
Kexample\&.com\&.+0
1
3+17247
db\&.example\&.com\&.signed
%
.fi
...
...
bin/dnssec/dnssec-signzone.html
View file @
5bd85525
...
...
@@ -624,15 +624,16 @@
<p>
The following command signs the
<strong
class=
"userinput"
><code>
example.com
</code></strong>
zone with the DSA key generated by
<span
class=
"command"
><strong>
dnssec-keygen
</strong></span>
(Kexample.com.+003+17247). Because the
<span
class=
"command"
><strong>
-S
</strong></span>
option
is not being used, the zone's keys must be in the master file
zone with the ECDSAP256SHA256 key generated by key generated by
<span
class=
"command"
><strong>
dnssec-keygen
</strong></span>
(Kexample.com.+013+17247).
Because the
<span
class=
"command"
><strong>
-S
</strong></span>
option is not being used,
the zone's keys must be in the master file
(
<code
class=
"filename"
>
db.example.com
</code>
). This invocation looks
for
<code
class=
"filename"
>
dsset
</code>
files, in the current directory,
so that DS records can be imported from them (
<span
class=
"command"
><strong>
-g
</strong></span>
).
</p>
<pre
class=
"programlisting"
>
% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+0
0
3+17247
Kexample.com.+0
1
3+17247
db.example.com.signed
%
</pre>
<p>
...
...
bin/plugins/filter-aaaa.8
View file @
5bd85525
...
...
@@ -9,7 +9,7 @@
'\" t
.\" Title: filter-aaaa.so
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.7
9
.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.7
8
.1 <http://docbook.sf.net/>
.\" Date: 2018-08-13
.\" Manual: BIND9
.\" Source: ISC
...
...
@@ -38,12 +38,12 @@
.SH "NAME"
filter-aaaa.so \- filter AAAA in DNS responses when A is present
.SH "SYNOPSIS"
.HP
28
\fB
hook
query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
.HP
\w'\fBplugin\ query\ "filter\-aaaa\&.so"\fR\ 'u
\fB
plugin
query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
.SH "DESCRIPTION"
.PP
\fBfilter\-aaaa\&.so\fR
is a query
hook
module for
is a query
plugin
module for
\fBnamed\fR, enabling
\fBnamed\fR
to omit some IPv6 addresses when responding to clients\&.
...
...
@@ -59,13 +59,13 @@ and
options\&. These options are now deprecated in
named\&.conf, but can be passed as parameters to the
\fBfilter\-aaaa\&.so\fR
hook module
, for example:
plugin
, for example:
.sp
.if n \{\
.RS 4
.\}
.nf
hook
query "/usr/local/lib/filter\-aaaa\&.so" {
plugin
query "/usr/local/lib/filter\-aaaa\&.so" {
filter\-aaaa\-on\-v4 yes;
filter\-aaaa\-on\-v6 yes;
filter\-aaaa { 192\&.0\&.2\&.1; 2001:db8:2::1; };
...
...
bin/plugins/filter-aaaa.c
View file @
5bd85525
...
...
@@ -460,7 +460,7 @@ plugin_destroy(void **instp) {
}
/*
* Returns
hook module
API version for compatibility checks.
* Returns
plugin
API version for compatibility checks.
*/
int
plugin_version
(
void
)
{
...
...
bin/plugins/filter-aaaa.html
View file @
5bd85525
...
...
@@ -10,27 +10,40 @@
<head>
<meta
http-equiv=
"Content-Type"
content=
"text/html; charset=ISO-8859-1"
>
<title>
filter-aaaa.so
</title>
<meta
name=
"generator"
content=
"DocBook XSL Stylesheets V1.7
9
.1"
>
<meta
name=
"generator"
content=
"DocBook XSL Stylesheets V1.7
8
.1"
>
</head>
<body
bgcolor=
"white"
text=
"black"
link=
"#0000FF"
vlink=
"#840084"
alink=
"#0000FF"
><div
class=
"refentry"
>
<a
name=
"man.filter-aaaa"
></a><div
class=
"titlepage"
></div>
<div
class=
"refnamediv"
>
<div
class=
"refnamediv"
>
<h2>
Name
</h2>
<p><span
class=
"application"
>
filter-aaaa.so
</span>
—
filter AAAA in DNS responses when A is present
</p>
<p>
<span
class=
"application"
>
filter-aaaa.so
</span>
—
filter AAAA in DNS responses when A is present
</p>
</div>
<div
class=
"refsynopsisdiv"
>
<div
class=
"refsynopsisdiv"
>
<h2>
Synopsis
</h2>
<div
class=
"cmdsynopsis"
><p><code
class=
"command"
>
hook query "filter-aaaa.so"
</code>
[
<em
class=
"replaceable"
><code>
{ parameters }
</code></em>
];
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
plugin query "filter-aaaa.so"
</code>
[
<em
class=
"replaceable"
><code>
{ parameters }
</code></em>
];
</p></div>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.7"
></a><h2>
DESCRIPTION
</h2>
<p>
<span
class=
"command"
><strong>
filter-aaaa.so
</strong></span>
is a query
hook
module for
<p>
<span
class=
"command"
><strong>
filter-aaaa.so
</strong></span>
is a query
plugin
module for
<span
class=
"command"
><strong>
named
</strong></span>
, enabling
<span
class=
"command"
><strong>
named
</strong></span>
to omit some IPv6 addresses when responding to clients.
</p>
<p>
<p>
Until BIND 9.12, this feature was implemented natively in
<span
class=
"command"
><strong>
named
</strong></span>
and enabled with the
<span
class=
"command"
><strong>
filter-aaaa
</strong></span>
ACL and the
...
...
@@ -38,42 +51,45 @@
<span
class=
"command"
><strong>
filter-aaaa-on-v6
</strong></span>
options. These options are
now deprecated in
<code
class=
"filename"
>
named.conf
</code>
, but can be
passed as parameters to the
<span
class=
"command"
><strong>
filter-aaaa.so
</strong></span>
hook module
, for example:
plugin
, for example:
</p>
<pre
class=
"programlisting"
>
hook
query "/usr/local/lib/filter-aaaa.so" {
<pre
class=
"programlisting"
>
plugin
query "/usr/local/lib/filter-aaaa.so" {
filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes;
filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
};
</pre>
<p>
<p>
This module is intended to aid transition from IPv4 to IPv6 by
withholding IPv6 addresses from DNS clients which are not connected
to the IPv6 Internet, when the name being looked up has an IPv4
address available. Use of this module is not recommended unless
absolutely necessary.
</p>
<p>
<p>
Note: This mechanism can erroneously cause other servers not to
give AAAA records to their clients. If a recursing server with
both IPv6 and IPv4 network connections queries an authoritative
server using this mechanism via IPv4, it will be denied AAAA
records even if its client is using IPv6.
</p>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.8"
></a><h2>
OPTIONS
</h2>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<dt><span
class=
"term"
><span
class=
"command"
><strong>
filter-aaaa
</strong></span></span></dt>
<dd><p>
<dd>
<p>
Specifies a list of client addresses for which AAAA
filtering is to be applied. The default is
<strong
class=
"userinput"
><code>
any
</code></strong>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
><span
class=
"command"
><strong>
filter-aaaa-on-v4
</strong></span></span></dt>
<dd>
<p>
<p>
If set to
<strong
class=
"userinput"
><code>
yes
</code></strong>
, the DNS client is
at an IPv4 address, in
<span
class=
"command"
><strong>
filter-aaaa
</strong></span>
,
and if the response does not include DNSSEC signatures,
...
...
@@ -81,35 +97,39 @@ hook query "/usr/local/lib/filter-aaaa.so" {
This filtering applies to all responses and not only
authoritative responses.
</p>
<p>
<p>
If set to
<strong
class=
"userinput"
><code>
break-dnssec
</code></strong>
,
then AAAA records are deleted even when DNSSEC is
enabled. As suggested by the name, this causes the
response to fail to verify, because the DNSSEC protocol is
designed to detect deletions.
</p>
<p>
<p>
This mechanism can erroneously cause other servers not to
give AAAA records to their clients. A recursing server with
both IPv6 and IPv4 network connections that queries an
authoritative server using this mechanism via IPv4 will be
denied AAAA records even if its client is using IPv6.
</p>
</dd>
</dd>
<dt><span
class=
"term"
><span
class=
"command"
><strong>
filter-aaaa-on-v6
</strong></span></span></dt>
<dd><p>
<dd>
<p>
Identical to
<span
class=
"command"
><strong>
filter-aaaa-on-v4
</strong></span>
,
except it filters AAAA responses to queries from IPv6
clients instead of IPv4 clients. To filter all
responses, set both options to
<strong
class=
"userinput"
><code>
yes
</code></strong>
.
</p></dd>
</p>
</dd>
</dl></div>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.9"
></a><h2>
SEE ALSO
</h2>
<p>
<p>
<em
class=
"citetitle"
>
BIND 9 Administrator Reference Manual
</em>
.
</p>
</div>
</div>
</div></body>
</html>
configure
View file @
5bd85525
...
...
@@ -842,7 +842,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
...
...
@@ -1002,7 +1001,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
...
...
@@ -1255,15 +1253,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
...
...
@@ -1401,7 +1390,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
...
...
@@ -1554,7 +1543,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
...
...
doc/arm/Bv9ARM.ch01.html
View file @
5bd85525
...
...
@@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
4
(Development Release)
</p>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
5
(Development Release)
</p>
</body>
</html>
doc/arm/Bv9ARM.ch02.html
View file @
5bd85525
...
...
@@ -146,6 +146,6 @@
</tr>
</table>
</div>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
4
(Development Release)
</p>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
5
(Development Release)
</p>
</body>
</html>
doc/arm/Bv9ARM.ch03.html
View file @
5bd85525
...
...
@@ -47,6 +47,11 @@
<dt><span
class=
"section"
><a
href=
"Bv9ARM.ch03.html#tools"
>
Tools for Use With the Name Server Daemon
</a></span></dt>
<dt><span
class=
"section"
><a
href=
"Bv9ARM.ch03.html#signals"
>
Signals
</a></span></dt>
</dl></dd>
<dt><span
class=
"section"
><a
href=
"Bv9ARM.ch03.html#module-info"
>
Plugins
</a></span></dt>
<dd><dl>
<dt><span
class=
"section"
><a
href=
"Bv9ARM.ch03.html#id-1.4.6.5"
>
Configuring Plugins
</a></span></dt>
<dt><span
class=
"section"
><a
href=
"Bv9ARM.ch03.html#id-1.4.6.6"
>
Developing Plugins
</a></span></dt>
</dl></dd>
</dl>
</div>
...
...
@@ -741,6 +746,105 @@ controls {
</div>
</div>
</div>
<div
class=
"section"
>
<div
class=
"titlepage"
><div><div><h2
class=
"title"
style=
"clear: both"
>
<a
name=
"module-info"
></a>
Plugins
</h2></div></div></div>
<p>
Plugins are a mechanism to extend the functionality of
<span
class=
"command"
><strong>
named
</strong></span>
using dynamically loadable libraries.
By using plugins, core server functionality can be kept simple
for the majority of users; more complex code implementing optional
features need only be installed by users that need those features.
</p>
<p>
The plugin interface is a work in progress, and is expected to evolve
as more plugins are added. Currently, only "query plugins" are supported;
these modify the name server query logic. Other plugin types may be added
in the future.
</p>
<p>
The only plugin currently included in BIND is
<code
class=
"filename"
>
filter-aaaa.so
</code>
, which replaces the
<span
class=
"command"
><strong>
filter-aaaa
</strong></span>
feature that previously existed natively
as part of
<span
class=
"command"
><strong>
named
</strong></span>
.
The code for this feature has been removed from
<span
class=
"command"
><strong>
named
</strong></span>
,
and can no longer be configured using standard
<code
class=
"filename"
>
named.conf
</code>
syntax, but linking in the
<code
class=
"filename"
>
filter-aaaa.so
</code>
plugin provides identical
functionality.
</p>
<div
class=
"section"
>
<div
class=
"titlepage"
><div><div><h3
class=
"title"
>
<a
name=
"id-1.4.6.5"
></a>
Configuring Plugins
</h3></div></div></div>
<p>
A plugin is configured with the
<span
class=
"command"
><strong>
plugin
</strong></span>
statement in
<code
class=
"filename"
>
named.conf
</code>
:
</p>
<pre
class=
"screen"
>
plugin query "library.so" {
<em
class=
"replaceable"
><code>
parameters
</code></em>
};
</pre>
<p>
In this example, file
<code
class=
"filename"
>
library.so
</code>
is the plugin
library.
<code
class=
"literal"
>
query
</code>
indicates that this is a query
plugin.
</p>
<p>
</p>
<p>
Multiple
<span
class=
"command"
><strong>
plugin
</strong></span>
statements can be specified, to load
different plugins or multiple instances of the same plugin.
</p>
<p>
<em
class=
"replaceable"
><code>
parameters
</code></em>
are passed as an opaque
string to the plugin's initialization routine. Configuration
syntax will differ depending on the module.
</p>
</div>
<div
class=
"section"
>
<div
class=
"titlepage"
><div><div><h3
class=
"title"
>
<a
name=
"id-1.4.6.6"
></a>
Developing Plugins
</h3></div></div></div>
<p>
Each plugin implements four functions:
</p>
<div
class=
"itemizedlist"
><ul
class=
"itemizedlist"
style=
"list-style-type: disc; "
>
<li
class=
"listitem"
>
<span
class=
"command"
><strong>
plugin_register
</strong></span>
to allocate memory,
configure a plugin instance, and attach to hook points within
<span
class=
"command"
><strong>
named
</strong></span>
,
</li>
<li
class=
"listitem"
>
<span
class=
"command"
><strong>
plugin_destroy
</strong></span>
to tear down the plugin
instance and free memory,
</li>
<li
class=
"listitem"
>
<span
class=
"command"
><strong>
plugin_version
</strong></span>
to check that the plugin
is compatible with the current version of the plugin API,
</li>
<li
class=
"listitem"
>
<span
class=
"command"
><strong>
plugin_check
</strong></span>
to test syntactic
correctness of the plugin parameters.
</li>
</ul></div>
<p>
</p>
<p>
At various locations within the
<span
class=
"command"
><strong>
named
</strong></span>
source code,
there are "hook points" at which a plugin may register itself.
When a hook point is reached while
<span
class=
"command"
><strong>
named
</strong></span>
is
running, it is checked to see whether any plugins have registered
themselves there; if so, the associated "hook action" is called -
this is a function within the plugin library. Hook actions may
examine the runtime state and make changes - for example, modifying
the answers to be sent back to a client or forcing a query to be
aborted. More details can be found in the file
<code
class=
"filename"
>
lib/ns/include/ns/hooks.h
</code>
.
</p>
</div>
</div>
</div>
<div
class=
"navfooter"
>
<hr>
...
...
@@ -759,6 +863,6 @@ controls {
</tr>
</table>
</div>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
4
(Development Release)
</p>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
5
(Development Release)
</p>
</body>
</html>
doc/arm/Bv9ARM.ch04.html
View file @
5bd85525
...
...
@@ -2868,6 +2868,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
4
(Development Release)
</p>
<p
xmlns:db=
"http://docbook.org/ns/docbook"
style=
"text-align: center;"
>
BIND 9.13.
5
(Development Release)
</p>
</body>
</html>
doc/arm/Bv9ARM.ch05.html
View file @
5bd85525
...
...
@@ -4626,63 +4626,6 @@ options {
internally. The use of this option is discouraged.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
<dd>
<p>
This option is intended to help the
transition from IPv4 to IPv6 by not giving IPv6 addresses
to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely
necessary. The default is <strong class="userinput"><code>no</code></strong>.
The <span class="command"><strong>filter-aaaa-on-v4</strong></span> option
may also be specified in <span class="command"><strong>view</strong></span> statements
to override the global <span class="command"><strong>filter-aaaa-on-v4</strong></span>
option.
</p>
<p>
If <strong class="userinput"><code>yes</code></strong>,
the DNS client is at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
</p>
<p>
If <strong class="userinput"><code>break-dnssec</code></strong>,
then AAAA records are deleted even when DNSSEC is enabled.
As suggested by the name, this makes the response not verify,
because the DNSSEC protocol is designed detect deletions.
</p>
<p>
This mechanism can erroneously cause other servers to
not give AAAA records to their clients.
A recursing server with both IPv6 and IPv4 network connections
that queries an authoritative server using this mechanism
via IPv4 will be denied AAAA records even if its client is
using IPv6.
</p>
<p>
This mechanism is applied to authoritative as well as
non-authoritative records.
A client using IPv4 that is not allowed recursion can
erroneously be given AAAA records because the server is not
allowed to check for A records.
</p>
<p>
Some AAAA records are given to IPv4 clients in glue records.
IPv4 clients that are servers can then erroneously
answer requests for AAAA records received via IPv4.