Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
93d6dfaf
Commit
93d6dfaf
authored
Sep 30, 2003
by
Mark Andrews
Browse files
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
parent
4102f254
Changes
91
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
93d6dfaf
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
1515. [func] Allow transfer source to be set in a server statement.
[RT #6496]
...
...
bin/dnssec/dnssec-makekeyset.c
View file @
93d6dfaf
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-makekeyset.c,v 1.
59
200
2/12/03 05:01:34
marka Exp $ */
/* $Id: dnssec-makekeyset.c,v 1.
60
200
3/09/30 05:55:59
marka Exp $ */
#include <config.h>
...
...
@@ -296,7 +296,7 @@ main(int argc, char *argv[]) {
fatal
(
"failed to convert key %s to a DNS KEY: %s"
,
argv
[
i
],
isc_result_totext
(
result
));
isc_buffer_usedregion
(
&
b
,
&
r
);
dns_rdata_fromregion
(
&
rdata
,
rdclass
,
dns_rdatatype_key
,
&
r
);
dns_rdata_fromregion
(
&
rdata
,
rdclass
,
dns_rdatatype_
dns
key
,
&
r
);
tuple
=
NULL
;
result
=
dns_difftuple_create
(
mctx
,
DNS_DIFFOP_ADD
,
domain
,
ttl
,
&
rdata
,
&
tuple
);
...
...
@@ -319,7 +319,7 @@ main(int argc, char *argv[]) {
dns_fixedname_init
(
&
tname
);
dns_rdataset_init
(
&
rdataset
);
result
=
dns_db_find
(
db
,
domain
,
version
,
dns_rdatatype_key
,
0
,
0
,
result
=
dns_db_find
(
db
,
domain
,
version
,
dns_rdatatype_
dns
key
,
0
,
0
,
NULL
,
dns_fixedname_name
(
&
tname
),
&
rdataset
,
NULL
);
check_result
(
result
,
"dns_db_find"
);
...
...
bin/dnssec/dnssec-signkey.c
View file @
93d6dfaf
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signkey.c,v 1.
59
2003/0
7/25 00:01:04
marka Exp $ */
/* $Id: dnssec-signkey.c,v 1.
60
2003/0
9/30 05:55:59
marka Exp $ */
#include <config.h>
...
...
@@ -135,7 +135,7 @@ loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
}
static
dst_key_t
*
findkey
(
dns_rdata_sig_t
*
sig
)
{
findkey
(
dns_rdata_
rr
sig_t
*
sig
)
{
keynode_t
*
keynode
;
for
(
keynode
=
ISC_LIST_HEAD
(
keylist
);
keynode
!=
NULL
;
...
...
@@ -172,7 +172,7 @@ main(int argc, char *argv[]) {
dns_rdata_t
rdata
=
DNS_RDATA_INIT
;
dns_rdata_t
sigrdata
=
DNS_RDATA_INIT
;
dns_rdataset_t
rdataset
,
sigrdataset
;
dns_rdata_sig_t
sig
;
dns_rdata_
rr
sig_t
sig
;
isc_result_t
result
;
isc_buffer_t
b
;
isc_log_t
*
log
=
NULL
;
...
...
@@ -315,7 +315,7 @@ main(int argc, char *argv[]) {
dns_rdataset_init
(
&
rdataset
);
dns_rdataset_init
(
&
sigrdataset
);
result
=
dns_db_findrdataset
(
db
,
node
,
version
,
dns_rdatatype_key
,
0
,
result
=
dns_db_findrdataset
(
db
,
node
,
version
,
dns_rdatatype_
dns
key
,
0
,
0
,
&
rdataset
,
&
sigrdataset
);
if
(
result
!=
ISC_R_SUCCESS
)
{
char
domainstr
[
DNS_NAME_FORMATSIZE
];
...
...
@@ -407,8 +407,8 @@ main(int argc, char *argv[]) {
dst_key_free
(
&
key
);
}
result
=
dns_db_deleterdataset
(
db
,
node
,
version
,
dns_rdatatype_sig
,
dns_rdatatype_key
);
result
=
dns_db_deleterdataset
(
db
,
node
,
version
,
dns_rdatatype_
rr
sig
,
dns_rdatatype_
dns
key
);
check_result
(
result
,
"dns_db_deleterdataset"
);
result
=
dns_diff_apply
(
&
diff
,
db
,
version
);
...
...
bin/dnssec/dnssec-signzone.c
View file @
93d6dfaf
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.16
8
2003/0
4/17 03:45:49
marka Exp $ */
/* $Id: dnssec-signzone.c,v 1.16
9
2003/0
9/30 05:56:00
marka Exp $ */
#include <config.h>
...
...
@@ -49,7 +49,7 @@
#include <dns/log.h>
#include <dns/master.h>
#include <dns/masterdump.h>
#include <dns/n
xt
.h>
#include <dns/n
sec
.h>
#include <dns/rdata.h>
#include <dns/rdataset.h>
#include <dns/rdataclass.h>
...
...
@@ -254,7 +254,7 @@ iszonekey(signer_key_t *key) {
* that we've loaded already, and then see if there's a key on disk.
*/
static
signer_key_t
*
keythatsigned
(
dns_rdata_sig_t
*
sig
)
{
keythatsigned
(
dns_rdata_
rr
sig_t
*
sig
)
{
isc_result_t
result
;
dst_key_t
*
pubkey
=
NULL
,
*
privkey
=
NULL
;
signer_key_t
*
key
;
...
...
@@ -298,7 +298,7 @@ expecttofindkey(dns_name_t *name) {
char
namestr
[
DNS_NAME_FORMATSIZE
];
dns_fixedname_init
(
&
fname
);
result
=
dns_db_find
(
gdb
,
name
,
gversion
,
dns_rdatatype_key
,
options
,
result
=
dns_db_find
(
gdb
,
name
,
gversion
,
dns_rdatatype_
dns
key
,
options
,
0
,
NULL
,
dns_fixedname_name
(
&
fname
),
NULL
,
NULL
);
switch
(
result
)
{
case
ISC_R_SUCCESS
:
...
...
@@ -342,7 +342,7 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
{
dns_rdataset_t
sigset
;
dns_rdata_t
sigrdata
=
DNS_RDATA_INIT
;
dns_rdata_sig_t
sig
;
dns_rdata_
rr
sig_t
sig
;
signer_key_t
*
key
;
isc_result_t
result
;
isc_boolean_t
nosigs
=
ISC_FALSE
;
...
...
@@ -361,7 +361,7 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
ttl
=
ISC_MIN
(
set
->
ttl
,
endtime
-
starttime
);
dns_rdataset_init
(
&
sigset
);
result
=
dns_db_findrdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_sig
,
result
=
dns_db_findrdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_
rr
sig
,
set
->
type
,
0
,
&
sigset
,
NULL
);
if
(
result
==
ISC_R_NOTFOUND
)
{
result
=
ISC_R_SUCCESS
;
...
...
@@ -519,7 +519,7 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
continue
;
if
(
!
(
ignoreksk
||
key
->
isdsk
||
(
key
->
isksk
&&
set
->
type
==
dns_rdatatype_key
&&
set
->
type
==
dns_rdatatype_
dns
key
&&
dns_name_equal
(
name
,
gorigin
))))
continue
;
...
...
@@ -597,7 +597,7 @@ loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) {
return
(
DNS_R_BADDB
);
}
dns_rdataset_init
(
&
keyset
);
result
=
dns_db_findrdataset
(
db
,
node
,
NULL
,
dns_rdatatype_key
,
0
,
0
,
result
=
dns_db_findrdataset
(
db
,
node
,
NULL
,
dns_rdatatype_
dns
key
,
0
,
0
,
&
keyset
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
{
dns_db_detachnode
(
db
,
&
node
);
...
...
@@ -645,15 +645,15 @@ loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) {
}
static
isc_boolean_t
n
xt
_setbit
(
dns_name_t
*
name
,
dns_rdataset_t
*
rdataset
,
dns_rdatatype_t
type
,
n
sec
_setbit
(
dns_name_t
*
name
,
dns_rdataset_t
*
rdataset
,
dns_rdatatype_t
type
,
unsigned
int
val
)
{
isc_result_t
result
;
dns_rdata_t
rdata
=
DNS_RDATA_INIT
;
dns_rdata_n
xt
_t
n
xt
;
dns_rdata_n
sec
_t
n
sec
;
unsigned
int
newlen
;
unsigned
char
bitmap
[
16
];
unsigned
char
n
xt
data
[
16
+
DNS_NAME_MAXWIRE
];
unsigned
char
n
sec
data
[
16
+
DNS_NAME_MAXWIRE
];
isc_boolean_t
answer
=
ISC_FALSE
;
INSIST
(
type
<
128
);
...
...
@@ -661,22 +661,22 @@ nxt_setbit(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdatatype_t type,
result
=
dns_rdataset_first
(
rdataset
);
check_result
(
result
,
"dns_rdataset_first()"
);
dns_rdataset_current
(
rdataset
,
&
rdata
);
result
=
dns_rdata_tostruct
(
&
rdata
,
&
n
xt
,
NULL
);
result
=
dns_rdata_tostruct
(
&
rdata
,
&
n
sec
,
NULL
);
check_result
(
result
,
"dns_rdata_tostruct"
);
newlen
=
type
/
8
+
1
;
INSIST
(
n
xt
.
len
<
sizeof
(
bitmap
));
INSIST
(
n
sec
.
len
<
sizeof
(
bitmap
));
INSIST
(
newlen
<
sizeof
(
bitmap
));
memset
(
bitmap
,
0
,
sizeof
(
bitmap
));
memcpy
(
bitmap
,
n
xt
.
typebits
,
n
xt
.
len
);
memcpy
(
bitmap
,
n
sec
.
typebits
,
n
sec
.
len
);
set_bit
(
bitmap
,
type
,
val
);
while
(
newlen
>
0
&&
bitmap
[
newlen
-
1
]
==
0
)
newlen
--
;
if
(
newlen
!=
n
xt
.
len
||
memcmp
(
n
xt
.
typebits
,
bitmap
,
newlen
)
!=
0
)
{
if
(
newlen
!=
n
sec
.
len
||
memcmp
(
n
sec
.
typebits
,
bitmap
,
newlen
)
!=
0
)
{
dns_rdata_t
newrdata
=
DNS_RDATA_INIT
;
isc_buffer_t
b
;
dns_diff_t
diff
;
...
...
@@ -688,11 +688,11 @@ nxt_setbit(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdatatype_t type,
check_result
(
result
,
"dns_difftuple_create"
);
dns_diff_append
(
&
diff
,
&
tuple
);
n
xt
.
typebits
=
bitmap
;
n
xt
.
len
=
newlen
;
isc_buffer_init
(
&
b
,
n
xt
data
,
sizeof
(
n
xt
data
));
n
sec
.
typebits
=
bitmap
;
n
sec
.
len
=
newlen
;
isc_buffer_init
(
&
b
,
n
sec
data
,
sizeof
(
n
sec
data
));
result
=
dns_rdata_fromstruct
(
&
newrdata
,
rdata
.
rdclass
,
dns_rdatatype_n
xt
,
&
n
xt
,
dns_rdatatype_n
sec
,
&
n
sec
,
&
b
);
check_result
(
result
,
"dns_rdata_fromstruct"
);
...
...
@@ -706,7 +706,7 @@ nxt_setbit(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdatatype_t type,
dns_diff_clear
(
&
diff
);
answer
=
ISC_TRUE
;
}
dns_rdata_freestruct
(
&
n
xt
);
dns_rdata_freestruct
(
&
n
sec
);
return
(
answer
);
}
...
...
@@ -745,7 +745,7 @@ delegation(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp) {
/*
* Signs all records at a name. This mostly just signs each set individually,
* but also adds the SIG bit to any N
XT
s generated earlier, deals with
* but also adds the SIG bit to any N
SEC
s generated earlier, deals with
* parent/child KEY signatures, and handles other exceptional cases.
*/
static
void
...
...
@@ -811,7 +811,7 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
}
else
if
(
dns_rdataset_isassociated
(
&
sigdsset
))
{
result
=
dns_db_deleterdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_sig
,
dns_rdatatype_
rr
sig
,
dns_rdatatype_ds
);
check_result
(
result
,
"dns_db_deleterdataset"
);
dns_rdataset_disassociate
(
&
sigdsset
);
...
...
@@ -821,25 +821,25 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
}
/*
* Make sure that N
XT
bits are appropriately set.
* Make sure that N
SEC
bits are appropriately set.
*/
dns_rdataset_init
(
&
rdataset
);
RUNTIME_CHECK
(
dns_db_findrdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_n
xt
,
0
,
0
,
&
rdataset
,
dns_rdatatype_n
sec
,
0
,
0
,
&
rdataset
,
NULL
)
==
ISC_R_SUCCESS
);
if
(
!
nokeys
)
changed
=
n
xt
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_sig
,
1
);
changed
=
n
sec
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_
rr
sig
,
1
);
if
(
changed
)
{
dns_rdataset_disassociate
(
&
rdataset
);
RUNTIME_CHECK
(
dns_db_findrdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_n
xt
,
0
,
0
,
dns_rdatatype_n
sec
,
0
,
0
,
&
rdataset
,
NULL
)
==
ISC_R_SUCCESS
);
}
if
(
hasds
)
(
void
)
n
xt
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_ds
,
1
);
(
void
)
n
sec
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_ds
,
1
);
else
(
void
)
n
xt
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_ds
,
0
);
(
void
)
n
sec
_setbit
(
name
,
&
rdataset
,
dns_rdatatype_ds
,
0
);
dns_rdataset_disassociate
(
&
rdataset
);
/*
...
...
@@ -854,16 +854,16 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
dns_rdatasetiter_current
(
rdsiter
,
&
rdataset
);
/* If this is a SIG set, skip it. */
if
(
rdataset
.
type
==
dns_rdatatype_sig
)
if
(
rdataset
.
type
==
dns_rdatatype_
rr
sig
)
goto
skip
;
/*
* If this name is a delegation point, skip all records
* except N
XT
and DS sets. Otherwise check that there
* except N
SEC
and DS sets. Otherwise check that there
* isn't a DS record.
*/
if
(
isdelegation
)
{
if
(
rdataset
.
type
!=
dns_rdatatype_n
xt
&&
if
(
rdataset
.
type
!=
dns_rdatatype_n
sec
&&
rdataset
.
type
!=
dns_rdatatype_ds
)
goto
skip
;
}
else
if
(
rdataset
.
type
==
dns_rdatatype_ds
)
{
...
...
@@ -907,7 +907,7 @@ active_node(dns_dbnode_t *node) {
result
=
dns_rdatasetiter_first
(
rdsiter
);
while
(
result
==
ISC_R_SUCCESS
)
{
dns_rdatasetiter_current
(
rdsiter
,
&
rdataset
);
if
(
rdataset
.
type
!=
dns_rdatatype_n
xt
)
if
(
rdataset
.
type
!=
dns_rdatatype_n
sec
)
active
=
ISC_TRUE
;
dns_rdataset_disassociate
(
&
rdataset
);
if
(
!
active
)
...
...
@@ -922,10 +922,10 @@ active_node(dns_dbnode_t *node) {
if
(
!
active
)
{
/*
* Make sure there is no N
XT
record for this node.
* Make sure there is no N
SEC
record for this node.
*/
result
=
dns_db_deleterdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_n
xt
,
0
);
dns_rdatatype_n
sec
,
0
);
if
(
result
==
DNS_R_UNCHANGED
)
result
=
ISC_R_SUCCESS
;
check_result
(
result
,
"dns_db_deleterdataset"
);
...
...
@@ -983,7 +983,7 @@ cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
isc_boolean_t
destroy
=
ISC_FALSE
;
dns_rdatatype_t
covers
=
0
;
dns_rdatasetiter_current
(
rdsiter
,
&
set
);
if
(
set
.
type
==
dns_rdatatype_sig
)
{
if
(
set
.
type
==
dns_rdatatype_
rr
sig
)
{
covers
=
set
.
covers
;
destroy
=
ISC_TRUE
;
}
...
...
@@ -991,7 +991,7 @@ cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
result
=
dns_rdatasetiter_next
(
rdsiter
);
if
(
destroy
)
{
dresult
=
dns_db_deleterdataset
(
db
,
node
,
version
,
dns_rdatatype_sig
,
dns_rdatatype_
rr
sig
,
covers
);
check_result
(
dresult
,
"dns_db_deleterdataset"
);
}
...
...
@@ -1035,7 +1035,7 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
dns_name_t
*
name
;
dns_dbnode_t
*
node
;
sevent_t
*
sevent
;
dns_rdataset_t
n
xt
;
dns_rdataset_t
n
sec
;
isc_boolean_t
found
;
isc_result_t
result
;
...
...
@@ -1063,16 +1063,16 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"failure iterating database: %s"
,
isc_result_totext
(
result
));
dns_rdataset_init
(
&
n
xt
);
dns_rdataset_init
(
&
n
sec
);
result
=
dns_db_findrdataset
(
gdb
,
node
,
gversion
,
dns_rdatatype_n
xt
,
0
,
0
,
&
n
xt
,
NULL
);
dns_rdatatype_n
sec
,
0
,
0
,
&
n
sec
,
NULL
);
if
(
result
==
ISC_R_SUCCESS
)
found
=
ISC_TRUE
;
else
dumpnode
(
name
,
node
);
if
(
dns_rdataset_isassociated
(
&
n
xt
))
dns_rdataset_disassociate
(
&
n
xt
);
if
(
dns_rdataset_isassociated
(
&
n
sec
))
dns_rdataset_disassociate
(
&
n
sec
);
if
(
!
found
)
dns_db_detachnode
(
gdb
,
&
node
);
...
...
@@ -1161,10 +1161,10 @@ sign(isc_task_t *task, isc_event_t *event) {
}
/*
* Generate N
XT
records for the zone.
* Generate N
SEC
records for the zone.
*/
static
void
n
xt
ify
(
void
)
{
n
sec
ify
(
void
)
{
dns_dbiterator_t
*
dbiter
=
NULL
;
dns_dbnode_t
*
node
=
NULL
,
*
nextnode
=
NULL
;
dns_fixedname_t
fname
,
fnextname
,
fzonecut
;
...
...
@@ -1226,8 +1226,9 @@ nxtify(void) {
}
else
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"iterating through the database failed: %s"
,
isc_result_totext
(
result
));
result
=
dns_nxt_build
(
gdb
,
gversion
,
node
,
nextname
,
zonettl
);
check_result
(
result
,
"dns_nxt_build()"
);
result
=
dns_nsec_build
(
gdb
,
gversion
,
node
,
nextname
,
zonettl
);
check_result
(
result
,
"dns_nsec_build()"
);
dns_db_detachnode
(
gdb
,
&
node
);
}
...
...
@@ -1327,7 +1328,7 @@ loadzonepubkeys(dns_db_t *db) {
dns_rdataset_init
(
&
rdataset
);
result
=
dns_db_findrdataset
(
db
,
node
,
currentversion
,
dns_rdatatype_key
,
0
,
0
,
&
rdataset
,
NULL
);
dns_rdatatype_
dns
key
,
0
,
0
,
&
rdataset
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"failed to find keys at the zone apex: %s"
,
isc_result_totext
(
result
));
...
...
@@ -1376,7 +1377,7 @@ warnifallksk(dns_db_t *db) {
dns_rdataset_init
(
&
rdataset
);
result
=
dns_db_findrdataset
(
db
,
node
,
currentversion
,
dns_rdatatype_key
,
0
,
0
,
&
rdataset
,
NULL
);
dns_rdatatype_
dns
key
,
0
,
0
,
&
rdataset
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"failed to find keys at the zone apex: %s"
,
isc_result_totext
(
result
));
...
...
@@ -1420,6 +1421,7 @@ writekeyset(void) {
isc_region_t
r
;
isc_result_t
result
;
isc_boolean_t
have_non_ksk
=
ISC_FALSE
;
isc_boolean_t
have_ksk
=
ISC_FALSE
;
isc_buffer_init
(
&
namebuf
,
namestr
,
sizeof
(
namestr
));
result
=
dns_name_tofilenametext
(
gorigin
,
ISC_FALSE
,
&
namebuf
);
...
...
@@ -1448,18 +1450,26 @@ writekeyset(void) {
break
;
}
for
(
key
=
ISC_LIST_HEAD
(
keylist
);
key
!=
NULL
;
key
=
ISC_LIST_NEXT
(
key
,
link
))
if
(
key
->
isksk
)
{
have_ksk
=
ISC_TRUE
;
break
;
}
for
(
key
=
ISC_LIST_HEAD
(
keylist
);
key
!=
NULL
;
key
=
ISC_LIST_NEXT
(
key
,
link
))
{
if
(
have_non_ksk
&&
!
key
->
isksk
)
if
(
have_ksk
&&
have_non_ksk
&&
!
key
->
isksk
)
continue
;
dns_rdata_init
(
&
rdata
);
isc_buffer_init
(
&
b
,
keybuf
,
sizeof
(
keybuf
));
result
=
dst_key_todns
(
key
->
key
,
&
b
);
check_result
(
result
,
"dst_key_todns"
);
isc_buffer_usedregion
(
&
b
,
&
r
);
dns_rdata_fromregion
(
&
rdata
,
gclass
,
dns_rdatatype_key
,
&
r
);
dns_rdata_fromregion
(
&
rdata
,
gclass
,
dns_rdatatype_
dns
key
,
&
r
);
result
=
dns_difftuple_create
(
mctx
,
DNS_DIFFOP_ADD
,
gorigin
,
zonettl
,
&
rdata
,
&
tuple
);
check_result
(
result
,
"dns_difftuple_create"
);
...
...
@@ -1824,6 +1834,7 @@ main(int argc, char *argv[]) {
dst_key_name
(
newkey
)))
{
/* Override key flags. */
key
->
issigningkey
=
ISC_TRUE
;
key
->
isksk
=
ISC_TRUE
;
key
->
isdsk
=
ISC_FALSE
;
dst_key_free
(
&
dkey
);
...
...
@@ -1853,7 +1864,7 @@ main(int argc, char *argv[]) {
result
=
dns_db_newversion
(
gdb
,
&
gversion
);
check_result
(
result
,
"dns_db_newversion()"
);
n
xt
ify
();
n
sec
ify
();
if
(
!
nokeys
)
writekeyset
();
...
...
bin/dnssec/dnssec-signzone.docbook
View file @
93d6dfaf
...
...
@@ -16,7 +16,7 @@
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.
6
2003/0
2/07 01:13:1
0 marka Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.
7
2003/0
9/30 05:56:0
0 marka Exp $ -->
<refentry>
<refentryinfo>
...
...
@@ -62,8 +62,8 @@
<refsect1>
<title>
DESCRIPTION
</title>
<para>
<command>
dnssec-signzone
</command>
signs a zone. It generates N
XT
and SIG records and produces a signed version of the zone. If there
<command>
dnssec-signzone
</command>
signs a zone. It generates N
SEC
and
RR
SIG records and produces a signed version of the zone. If there
is a
<filename>
signedkey
</filename>
file from the zone's parent,
the parent's signatures will be incorporated into the generated
signed zone file. The security status of delegations from the the
...
...
@@ -129,7 +129,7 @@
<term>
-s
<replaceable
class=
"parameter"
>
start-time
</replaceable></term>
<listitem>
<para>
Specify the date and time when the generated SIG records
Specify the date and time when the generated
RR
SIG records
become valid. This can be either an absolute or relative
time. An absolute start time is indicated by a number
in YYYYMMDDHHMMSS notation; 20000530144500 denotes
...
...
@@ -145,7 +145,7 @@
<term>
-e
<replaceable
class=
"parameter"
>
end-time
</replaceable></term>
<listitem>
<para>
Specify the date and time when the generated SIG records
Specify the date and time when the generated
RR
SIG records
expire. As with
<option>
start-time
</option>
, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
...
...
@@ -184,7 +184,7 @@
When a previously signed zone is passed as input, records
may be resigned. The
<option>
interval
</option>
option
specifies the cycle interval as an offset from the current
time (in seconds). If a SIG record expires after the
time (in seconds). If a
RR
SIG record expires after the
cycle interval, it is retained. Otherwise, it is considered
to be expiring soon, and it will be replaced.
</para>
...
...
@@ -194,7 +194,7 @@
<option>
end-time
</option>
or
<option>
start-time
</option>
are specified,
<command>
dnssec-signzone
</command>
generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing SIG records
interval of 7.5 days. Therefore, if any existing
RR
SIG records
are due to expire in less than 7.5 days, they would be
replaced.
</para>
...
...
bin/dnssec/dnssectool.c
View file @
93d6dfaf
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.c,v 1.3
7
2003/0
7/25 00:01
:0
4
marka Exp $ */
/* $Id: dnssectool.c,v 1.3
8
2003/0
9/30 05:56
:0
0
marka Exp $ */
#include <config.h>
...
...
@@ -118,7 +118,7 @@ alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
}
void
sig_format
(
dns_rdata_sig_t
*
sig
,
char
*
cp
,
unsigned
int
size
)
{
sig_format
(
dns_rdata_
rr
sig_t
*
sig
,
char
*
cp
,
unsigned
int
size
)
{
char
namestr
[
DNS_NAME_FORMATSIZE
];
char
algstr
[
DNS_NAME_FORMATSIZE
];
...
...
bin/dnssec/dnssectool.h
View file @
93d6dfaf
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.h,v 1.1
6
200
1
/09/
21 00:17:01 bwelling
Exp $ */
/* $Id: dnssectool.h,v 1.1
7
200
3
/09/
30 05:56:00 marka
Exp $ */
#ifndef DNSSECTOOL_H
#define DNSSECTOOL_H 1
...
...
@@ -48,7 +48,7 @@ alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
#define ALG_FORMATSIZE 10
void
sig_format
(
dns_rdata_sig_t
*
sig
,
char
*
cp
,
unsigned
int
size
);
sig_format
(
dns_rdata_
rr
sig_t
*
sig
,
char
*
cp
,
unsigned
int
size
);
#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
void
...
...
bin/named/lwdgrbn.c
View file @
93d6dfaf
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwdgrbn.c,v 1.1
1
200
1
/0
1/24 01:42:41 bwelling
Exp $ */
/* $Id: lwdgrbn.c,v 1.1
2
200
3
/0
9/30 05:56:01 marka
Exp $ */
#include <config.h>
...
...
@@ -100,7 +100,7 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
dns_rdataset_init
(
&
set
);
dns_rdatasetiter_current
(
iter
,
&
set
);
if
(
set
.
type
!=
dns_rdatatype_sig
)
{
if
(
set
.
type
!=
dns_rdatatype_
rr
sig
)
{
dns_rdataset_disassociate
(
&
set
);
continue
;
}
...
...
bin/named/query.c
View file @
93d6dfaf
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.24
6
2003/0
7/29 22:05:01 jinmei
Exp $ */
/* $Id: query.c,v 1.24
7
2003/0
9/30 05:56:01 marka
Exp $ */
#include <config.h>
...
...
@@ -1204,7 +1204,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
* XXXRTH We should lower the priority here. Alternatively,
* we could raise the priority of glue records.
*/
eresult
=
query_addadditional
(
client
,
name
,
dns_rdatatype_key
);
eresult
=
query_addadditional
(
client
,
name
,
dns_rdatatype_
dns
key
);
}
else
if
(
type
==
dns_rdatatype_srv
&&
trdataset
!=
NULL
)
{
/*
* If we're adding SRV records to the additional data
...
...
@@ -1277,7 +1277,7 @@ query_addrdataset(ns_client_t *client, dns_name_t *fname,
* XXXRTH We should lower the priority here. Alternatively,
* we could raise the priority of glue records.
*/
(
void
)
query_addadditional
(
client
,
fname
,
dns_rdatatype_key
);
(
void
)
query_addadditional
(
client
,
fname
,
dns_rdatatype_
dns
key
);
}
CTRACE
(
"query_addrdataset: done"
);
}
...
...
@@ -1779,10 +1779,10 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) {
result
=
dns_db_findrdataset
(
db
,
node
,
NULL
,
dns_rdatatype_ds
,
0
,
client
->
now
,
rdataset
,
sigrdataset
);
/*
* If we didn't find it, look for an N
XT
. */
* If we didn't find it, look for an N
SEC
. */
if
(
result
==
ISC_R_NOTFOUND
)
result
=
dns_db_findrdataset
(
db
,
node
,
NULL
,
dns_rdatatype_n
xt
,
0
,
client
->
now
,
dns_rdatatype_n
sec
,
0
,
client
->
now
,
rdataset
,
sigrdataset
);
if
(
result
!=
ISC_R_SUCCESS
&&
result
!=
ISC_R_NOTFOUND
)
goto
cleanup
;
...
...
@@ -1855,7 +1855,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
goto
cleanup
;
result
=
dns_db_find
(
db
,
name
,
NULL
,
dns_rdatatype_n
xt
,
options
,
0
,
&
node
,
dns_rdatatype_n
sec
,
options
,
0
,
&
node
,
fname
,
rdataset
,
sigrdataset
);
if
(
node
!=
NULL
)
dns_db_detachnode
(
db
,
&
node
);
...
...
@@ -1897,7 +1897,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if
(
result
!=
ISC_R_SUCCESS
)
continue
;
result
=
dns_db_find
(
db
,
tname
,
NULL
,
dns_rdatatype_n
xt
,
result
=
dns_db_find
(
db
,
tname
,
NULL
,
dns_rdatatype_n
sec
,
client
->
query
.
dboptions
,
0
,
&
node
,
fname
,
rdataset
,
sigrdataset
);
if
(
node
!=
NULL
)
...
...
@@ -1932,13 +1932,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
}
static
void
query_addnxrrsetn
xt
(
ns_client_t
*
client
,
dns_db_t
*
db
,
dns_name_t
**
namep
,
query_addnxrrsetn
sec
(
ns_client_t
*
client
,
dns_db_t
*
db
,
dns_name_t
**
namep
,
dns_rdataset_t
**
rdatasetp
,
dns_rdataset_t
**
sigrdatasetp
)
{
dns_name_t
*
name
;
dns_rdataset_t
*
sigrdataset
;
dns_rdata_t
sigrdata
;
dns_rdata_sig_t
sig
;