Commit 61bcc232 authored by Evan Hunt's avatar Evan Hunt

3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and

			dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
parent 0e095727
3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
dnssec-keyfromlabel sets the default TTL of the
key. When possible, automatic signing will use that
TTL when the key is published. [RT #23304]
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
timestamp when determining which keys are active.
[RT #23642]
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.34 2011/03/12 04:59:46 tbox Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.35 2011/03/17 01:40:34 each Exp $ */
/*! \file */
......@@ -84,6 +84,7 @@ usage(void) {
fprintf(stderr, " -K directory: directory in which to place "
"key files\n");
fprintf(stderr, " -k: generate a TYPE=KEY key\n");
fprintf(stderr, " -L ttl: default key TTL\n");
fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
......@@ -137,12 +138,13 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
char *label = NULL;
dns_ttl_t ttl;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
isc_stdtime_t now;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
......@@ -164,7 +166,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
while ((ch = isc_commandline_parse(argc, argv,
"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
{
switch (ch) {
case '3':
......@@ -202,6 +204,13 @@ main(int argc, char **argv) {
case 'k':
options |= DST_TYPE_KEY;
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'l':
label = isc_mem_strdup(mctx, isc_commandline_argument);
break;
......@@ -509,6 +518,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key. Warn LOUDLY if there
* is a risk of ID collision due to this key or another key
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.20 2011/02/03 12:18:10 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
......@@ -59,6 +59,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
......@@ -234,6 +235,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>
......
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.117 2011/03/12 04:59:46 tbox Exp $ */
/* $Id: dnssec-keygen.c,v 1.118 2011/03/17 01:40:34 each Exp $ */
/*! \file */
......@@ -125,7 +125,9 @@ usage(void) {
fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n");
fprintf(stderr, " -g <generator>: use specified generator "
"(DH only)\n");
fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
......@@ -134,8 +136,6 @@ usage(void) {
fprintf(stderr, " -t <type>: "
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
fprintf(stderr, " usage | trace | record | size | mctx\n");
......@@ -227,6 +227,7 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0;
dns_ttl_t ttl = 0;
isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
......@@ -234,7 +235,7 @@ main(int argc, char **argv) {
int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
......@@ -253,7 +254,7 @@ main(int argc, char **argv) {
/*
* Process memory debugging argument first.
*/
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
......@@ -336,6 +337,13 @@ main(int argc, char **argv) {
"To generate a key-signing key, use -f KSK.\n"
"To generate a key with TYPE=KEY, use -T KEY.\n");
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'n':
nametype = isc_commandline_argument;
break;
......@@ -960,6 +968,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set the default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key, or create a key
* if there is a risk of ID collision due to this key
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.36 2010/12/23 04:07:59 marka Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.37 2011/03/17 01:40:34 each Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
......@@ -74,6 +74,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
......@@ -296,6 +297,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-settime.c,v 1.28 2010/12/19 07:29:36 each Exp $ */
/* $Id: dnssec-settime.c,v 1.29 2011/03/17 01:40:35 each Exp $ */
/*! \file */
......@@ -66,6 +66,7 @@ usage(void) {
fprintf(stderr, " -f: force update of old-style "
"keys\n");
fprintf(stderr, " -K directory: set key file location\n");
fprintf(stderr, " -L ttl: set default key TTL\n");
fprintf(stderr, " -v level: set level of verbosity\n");
fprintf(stderr, " -h: help\n");
fprintf(stderr, "Timing options:\n");
......@@ -138,11 +139,12 @@ main(int argc, char **argv) {
unsigned int size = 0;
isc_uint16_t flags = 0;
int prepub = -1;
dns_ttl_t ttl = 0;
isc_stdtime_t now;
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
......@@ -166,7 +168,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:P:p:R:S:uv:"
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'E':
......@@ -230,6 +232,14 @@ main(int argc, char **argv) {
"directory");
}
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
changed = ISC_TRUE;
setttl = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
......@@ -513,6 +523,9 @@ main(int argc, char **argv) {
else if (unsetdel)
dst_key_unsettime(key, DST_TIME_DELETE);
if (setttl)
dst_key_setttl(key, ttl);
/*
* Print out time values, if -p was used.
*/
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.docbook,v 1.11 2010/08/16 22:21:06 marka Exp $ -->
<!-- $Id: dnssec-settime.docbook,v 1.12 2011/03/17 01:40:35 each Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
......@@ -47,6 +47,7 @@
<command>dnssec-settime</command>
<arg><option>-f</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
......@@ -112,6 +113,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<listitem>
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.47 2011/03/05 23:52:29 tbox Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.48 2011/03/17 01:40:35 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 05, 2009</date>
......@@ -552,15 +552,17 @@
<term>-T <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Specifies the TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not specified,
the default is the minimum TTL value from the zone's SOA
Specifies a TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not
specified, the default is the TTL value from the zone's SOA
record. This option is ignored when signing without
<option>-S</option>, since DNSKEY records are not imported
from the key repository in that case. It is also ignored if
there are any pre-existing DNSKEY records at the zone apex,
in which case new records' TTL values will be set to match
them.
them, or if any of the imported DNSKEY records had a default
TTL value. In the event of a a conflict between TTL values in
imported keys, the shortest one is used.
</para>
</listitem>
</varlistentry>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: t_dst.c,v 1.58 2009/09/01 00:22:25 jinmei Exp $ */
/* $Id: t_dst.c,v 1.59 2011/03/17 01:40:35 each Exp $ */
#include <config.h>
......@@ -264,8 +264,8 @@ dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
}
static void
io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
isc_result_t exp_result, int *nfails, int *nprobs)
io(dns_name_t *name, isc_uint16_t id, isc_uint16_t alg, int type,
isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs)
{
dst_key_t *key = NULL;
isc_result_t ret;
......@@ -277,7 +277,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
if (p == NULL) {
t_info("getcwd failed %d\n", errno);
++*nprobs;
return;
goto failure;
}
ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
......@@ -285,7 +285,25 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
return;
goto failure;
}
if (dst_key_id(key) != id) {
t_info("key ID incorrect\n");
++*nfails;
goto failure;
}
if (dst_key_alg(key) != alg) {
t_info("key algorithm incorrect\n");
++*nfails;
goto failure;
}
if (dst_key_getttl(key) != 0) {
t_info("initial key TTL incorrect\n");
++*nfails;
goto failure;
}
ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
......@@ -293,14 +311,14 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
t_info("isc_file_mktemplate failed %s\n",
isc_result_totext(ret));
++*nprobs;
return;
goto failure;
}
ret = isc_dir_createunique(tmp);
if (ret != ISC_R_SUCCESS) {
t_info("mkdir failed %d\n", errno);
++*nprobs;
return;
goto failure;
}
ret = dst_key_tofile(key, type, tmp);
......@@ -308,14 +326,48 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
return;
goto failure;
}
if (dst_key_alg(key) != DST_ALG_DH)
use(key, mctx, exp_result, nfails);
/*
* Skip the rest of this test if we weren't expecting
* the read to be successful.
*/
if (exp_result != ISC_R_SUCCESS)
goto cleanup;
dst_key_setttl(key, 3600);
ret = dst_key_tofile(key, type, tmp);
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
/* Reread key to confirm TTL was changed */
dst_key_free(&key);
ret = dst_key_fromfile(name, id, alg, type, tmp, mctx, &key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
if (dst_key_getttl(key) != 3600) {
t_info("modified key TTL incorrect\n");
++*nfails;
goto failure;
}
cleanup:
cleandir(tmp);
failure:
dst_key_free(&key);
}
......
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.7 2010/12/18 02:12:43 each Exp $
# $Id: clean.sh,v 1.8 2011/03/17 01:40:35 each Exp $
rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
rm -f active.key inact.key del.key unpub.key standby.key rev.key
......@@ -45,3 +45,4 @@ rm -f ns3/secure-to-insecure.example.db
rm -f ns3/prepub.example.db
rm -f ns3/prepub.example.db.in
rm -f ns3/secure-to-insecure2.example.db
rm -f ns3/ttl*.db
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: keygen.sh,v 1.8 2010/12/15 18:44:37 each Exp $
# $Id: keygen.sh,v 1.9 2011/03/17 01:40:36 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -205,3 +205,36 @@ zonefile="${zone}.db"
$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1
#
# Key TTL tests.
#
# no default key TTL; DNSKEY should get SOA TTL
zone=ttl1.example
zonefile="${zone}.db"
infile="${zonefile}.in"
$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
cp $infile $zonefile
# default key TTL should be used
zone=ttl2.example
zonefile="${zone}.db"
$KEYGEN -3 -q -r $RANDFILE -fk -L 60 $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE -L 60 $zone > /dev/null
cp $infile $zonefile
# mismatched key TTLs, should use shortest
zone=ttl3.example
zonefile="${zone}.db"
$KEYGEN -3 -q -r $RANDFILE -fk -L 30 $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE -L 60 $zone > /dev/null
cp $infile $zonefile
# existing DNSKEY RRset, should retain TTL
zone=ttl4.example
zonefile="${zone}.db"
$KEYGEN -3 -q -r $RANDFILE -L 30 -fk $zone > /dev/null
cat ${infile} K${zone}.+*.key > $zonefile
$KEYGEN -3 -q -r $RANDFILE -L 180 $zone > /dev/null
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.7 2010/12/15 18:44:37 each Exp $ */
/* $Id: named.conf,v 1.8 2011/03/17 01:40:37 each Exp $ */
// NS3
......@@ -185,4 +185,32 @@ zone "prepub.example" {
auto-dnssec maintain;
};
zone "ttl1.example" {
type master;
file "ttl1.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl2.example" {
type master;
file "ttl2.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl3.example" {
type master;
file "ttl3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl4.example" {
type master;
file "ttl4.example.db";
allow-update { any; };
auto-dnssec maintain;
};
include "trusted.conf";
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: ttl1.example.db.in,v 1.2 2011/03/17 01:40:37 each Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2009102722 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
x CNAME a
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;