Commit 055622f3 authored by Jelte Jansen's avatar Jelte Jansen
Browse files

[master] Merge branch 'master' of ssh://git.bind10.isc.org/var/bind10/git/bind10

parents a9d6dd7c a7f97869
388. [func] jreed
Use prefix "sockcreator-" for the private temporary directory
used for b10-sockcreator communication.
(git b98523c1260637cb33436964dc18e9763622a242)
387. [build] muks
Accept a --without-werror configure switch so that some builders can
disable the use of -Werror in CFLAGS when building.
......
This diff is collapsed.
......@@ -221,18 +221,22 @@ Chapter 1. Introduction
processes as needed. The processes started by the bind10 command have
names starting with "b10-", including:
o b10-msgq -- Message bus daemon. This process coordinates communication
between all of the other BIND 10 processes.
o b10-auth -- Authoritative DNS server. This process serves DNS
requests.
o b10-cfgmgr -- Configuration manager. This process maintains all of the
configuration for BIND 10.
o b10-cmdctl -- Command and control service. This process allows
external control of the BIND 10 system.
o b10-msgq -- Message bus daemon. This process coordinates communication
between all of the other BIND 10 processes.
o b10-resolver -- Recursive name server. This process handles incoming
queries.
o b10-sockcreator -- Socket creator daemon. This process creates sockets
used by network-listening BIND 10 processes.
o b10-stats -- Statistics collection daemon. This process collects and
reports statistics data.
o b10-stats-httpd -- HTTP server for statistics reporting. This process
reports statistics data in XML format over HTTP.
o b10-xfrin -- Incoming zone transfer service. This process is used to
transfer a new copy of a zone into BIND 10, when acting as a secondary
server.
......@@ -249,8 +253,9 @@ Chapter 1. Introduction
Once BIND 10 is running, a few commands are used to interact directly with
the system:
o bindctl -- interactive administration interface. This is a
command-line tool which allows an administrator to control BIND 10.
o bindctl -- interactive administration interface. This is a low-level
command-line tool which allows a developer or an experienced
administrator to control BIND 10.
o b10-loadzone -- zone file loader. This tool will load standard
masterfile-format zone files into BIND 10.
o b10-cmdctl-usermgr -- user access control. This tool allows an
......@@ -491,10 +496,11 @@ Chapter 3. Starting BIND10 with bind10
b10-sockcreator will allocate sockets for the rest of the system.
In its default configuration, the bind10 master process will also start up
b10-cmdctl for admins to communicate with the system, b10-auth for
authoritative DNS service, b10-stats for statistics collection, b10-xfrin
for inbound DNS zone transfers, b10-xfrout for outbound DNS zone
transfers, and b10-zonemgr for secondary service.
b10-cmdctl for administration tools to communicate with the system,
b10-auth for authoritative DNS service, b10-stats for statistics
collection, b10-stats-httpd for statistics reporting, b10-xfrin for
inbound DNS zone transfers, b10-xfrout for outbound DNS zone transfers,
and b10-zonemgr for secondary service.
3.1. Starting BIND 10
......@@ -600,6 +606,22 @@ Chapter 3. Starting BIND10 with bind10
In short, you should think twice before disabling something here.
It is possible to start some components multiple times (currently b10-auth
and b10-resolzer). You might want to do that to gain more performance
(each one uses only single core). Just put multiple entries under
different names, like this, with the same config:
> config add Boss/components b10-resolver-2
> config set Boss/components/b10-resolver-2/special resolver
> config set Boss/components/b10-resolver-2/kind needed
> config commit
However, this is work in progress and the support is not yet complete. For
example, each resolver will have its own cache, each authoritative server
will keep its own copy of in-memory data and there could be problems with
locking the sqlite database, if used. The configuration might be changed
to something more convenient in future.
Chapter 4. Command channel
The BIND 10 components use the b10-msgq message routing daemon to
......@@ -939,26 +961,22 @@ Chapter 10. Outbound Zone Transfers
In the above example the lines for transfer_acl were divided for
readability. In the actual input it must be in a single line.
If you want to require TSIG in access control, a separate TSIG "key ring"
must be configured specifically for b10-xfrout as well as a system wide
key ring, both containing a consistent set of keys. For example, to change
the previous example to allowing requests from 192.0.2.1 signed by a TSIG
with a key name of "key.example", you'll need to do this:
If you want to require TSIG in access control, a system wide TSIG "key
ring" must be configured. For example, to change the previous example to
allowing requests from 192.0.2.1 signed by a TSIG with a key name of
"key.example", you'll need to do this:
> config set tsig_keys/keys ["key.example:<base64-key>"]
> config set Xfrout/tsig_keys/keys ["key.example:<base64-key>"]
> config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "192.0.2.1", "key": "key.example"}]
> config commit
The first line of configuration defines a system wide key ring. This is
necessary because the b10-auth server also checks TSIGs and it uses the
system wide configuration.
Both Xfrout and Auth will use the system wide keyring to check TSIGs in
the incomming messages and to sign responses.
Note
In a future version, b10-xfrout will also use the system wide TSIG
configuration. The way to specify zone specific configuration (ACLs, etc)
is likely to be changed, too.
The way to specify zone specific configuration (ACLs, etc) is likely to be
changed.
Chapter 11. Recursive Name Server
......
......@@ -170,15 +170,6 @@
<itemizedlist>
<listitem>
<simpara>
<command>b10-msgq</command> &mdash;
Message bus daemon.
This process coordinates communication between all of the other
BIND 10 processes.
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-auth</command> &mdash;
......@@ -203,6 +194,15 @@
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-msgq</command> &mdash;
Message bus daemon.
This process coordinates communication between all of the other
BIND 10 processes.
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-resolver</command> &mdash;
......@@ -212,6 +212,15 @@
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-sockcreator</command> &mdash;
Socket creator daemon.
This process creates sockets used by
network-listening BIND 10 processes.
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-stats</command> &mdash;
......@@ -220,6 +229,14 @@
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-stats-httpd</command> &mdash;
HTTP server for statistics reporting.
This process reports statistics data in XML format over HTTP.
</simpara>
</listitem>
<listitem>
<simpara>
<command>b10-xfrin</command> &mdash;
......@@ -269,8 +286,9 @@
<simpara>
<command>bindctl</command> &mdash;
interactive administration interface.
This is a command-line tool which allows an administrator
to control BIND 10.
This is a low-level command-line tool which allows
a developer or an experienced administrator to control
BIND 10.
</simpara>
</listitem>
<listitem>
......@@ -751,9 +769,11 @@ as a dependency earlier -->
<para>
In its default configuration, the <command>bind10</command>
master process will also start up
<command>b10-cmdctl</command> for admins to communicate with the
system, <command>b10-auth</command> for authoritative DNS service,
<command>b10-cmdctl</command> for administration tools to
communicate with the system,
<command>b10-auth</command> for authoritative DNS service,
<command>b10-stats</command> for statistics collection,
<command>b10-stats-httpd</command> for statistics reporting,
<command>b10-xfrin</command> for inbound DNS zone transfers,
<command>b10-xfrout</command> for outbound DNS zone transfers,
and <command>b10-zonemgr</command> for secondary service.
......@@ -889,7 +909,7 @@ address, but the usual ones don't." mean? -->
This system allows you to start the same component multiple times
(by including it in the configuration with different names, but the
same process setting). However, the rest of the system doesn't expect
such situation, so it would probably not do what you want. Such
such a situation, so it would probably not do what you want. Such
support is yet to be implemented.
</para>
</note>
......@@ -901,10 +921,10 @@ address, but the usual ones don't." mean? -->
<command>b10-cmdctl</command>, but then you couldn't
change it back the usual way, as it would require it to
be running (you would have to find and edit the configuration
directly). Also, some modules might have dependencies
-- <command>b10-stats-httpd</command> need
directly). Also, some modules might have dependencies:
<command>b10-stats-httpd</command> needs
<command>b10-stats</command>, <command>b10-xfrout</command>
needs the <command>b10-auth</command> to be running, etc.
needs <command>b10-auth</command> to be running, etc.
<!-- TODO: should we define dependencies? -->
......
......@@ -2,12 +2,12 @@
.\" Title: b10-auth
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: December 28, 2011
.\" Date: February 28, 2012
.\" Manual: BIND10
.\" Source: BIND10
.\" Language: English
.\"
.TH "B10\-AUTH" "8" "December 28, 2011" "BIND10" "BIND10"
.TH "B10\-AUTH" "8" "February 28, 2012" "BIND10" "BIND10"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
......@@ -154,7 +154,9 @@ immediately\&.
\fBshutdown\fR
exits
\fBb10\-auth\fR\&. (Note that the BIND 10 boss process will restart this service\&.)
\fBb10\-auth\fR\&. This has an optional
\fIpid\fR
argument to select the process ID to stop\&. (Note that the BIND 10 boss process may restart this service if configured\&.)
.SH "STATISTICS DATA"
.PP
The statistics data collected by the
......@@ -198,5 +200,5 @@ The
daemon was first coded in October 2009\&.
.SH "COPYRIGHT"
.br
Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2010-2012 Internet Systems Consortium, Inc. ("ISC")
.br
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2010-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>December 28, 2011</date>
<date>February 28, 2012</date>
</refentryinfo>
<refmeta>
......@@ -36,7 +36,7 @@
<docinfo>
<copyright>
<year>2010</year>
<year>2010-2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......@@ -188,7 +188,10 @@
<para>
<command>shutdown</command> exits <command>b10-auth</command>.
(Note that the BIND 10 boss process will restart this service.)
This has an optional <varname>pid</varname> argument to
select the process ID to stop.
(Note that the BIND 10 boss process may restart this service
if configured.)
</para>
</refsect1>
......@@ -219,6 +222,8 @@
</variablelist>
<!-- TODO: missing stats docs. See ticket #1721 -->
</refsect1>
<refsect1>
......
......@@ -2,12 +2,12 @@
.\" Title: bind10
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: November 23, 2011
.\" Date: February 28, 2012
.\" Manual: BIND10
.\" Source: BIND10
.\" Language: English
.\"
.TH "BIND10" "8" "November 23, 2011" "BIND10" "BIND10"
.TH "BIND10" "8" "February 28, 2012" "BIND10" "BIND10"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
......@@ -34,9 +34,8 @@ The arguments are as follows:
.PP
\fB\-c\fR \fIconfig\-filename\fR, \fB\-\-config\-file\fR \fIconfig\-filename\fR
.RS 4
The configuration filename to use\&. Can be either absolute or relative to data path\&. In case it is absolute, value of data path is not considered\&.
.sp
Defaults to b10\-config\&.db\&.
The configuration filename to use\&. Can be either absolute or relative to data path\&. In case it is absolute, value of data path is not considered\&. Defaults to
b10\-config\&.db\&.
.RE
.PP
\fB\-\-cmdctl\-port\fR \fIport\fR
......@@ -50,7 +49,9 @@ for the default\&.)
.PP
\fB\-p\fR \fIdirectory\fR, \fB\-\-data\-path\fR \fIdirectory\fR
.RS 4
The path where BIND 10 programs look for various data files\&. Currently only b10\-cfgmgr uses it to locate the configuration file, but the usage might be extended for other programs and other types of files\&.
The path where BIND 10 programs look for various data files\&. Currently only
\fBb10-cfgmgr\fR(8)
uses it to locate the configuration file, but the usage might be extended for other programs and other types of files\&.
.RE
.PP
\fB\-m\fR \fIfile\fR, \fB\-\-msgq\-socket\-file\fR \fIfile\fR
......@@ -73,7 +74,6 @@ daemon\&.
The username for
\fBbind10\fR
to run as\&.
\fBbind10\fR
must be initially ran as the root user to use this option\&. The default is to run as the current user\&.
.RE
......@@ -82,7 +82,7 @@ must be initially ran as the root user to use this option\&. The default is to r
.RS 4
If defined, the PID of the
\fBbind10\fR
is stored in this file\&. This is used for testing purposes\&.
is stored in this file\&.
.RE
.PP
\fB\-\-pretty\-name \fR\fB\fIname\fR\fR
......@@ -103,7 +103,9 @@ and its child processes\&.
.PP
\fB\-w\fR \fIwait_time\fR, \fB\-\-wait\fR \fIwait_time\fR
.RS 4
Sets the amount of time that BIND 10 will wait for the configuration manager (a key component of BIND 10) to initialize itself before abandoning the start up and terminating with an error\&. The wait_time is specified in seconds and has a default value of 10\&.
Sets the amount of time that BIND 10 will wait for the configuration manager (a key component of BIND 10) to initialize itself before abandoning the start up and terminating with an error\&. The
\fIwait_time\fR
is specified in seconds and has a default value of 10\&.
.RE
.SH "CONFIGURATION AND COMMANDS"
.PP
......@@ -145,18 +147,6 @@ to manage under
.IP \(bu 2.3
.\}
\fI/Boss/components/setuid\fR
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fI/Boss/components/b10\-stats\fR
.RE
.sp
......@@ -212,11 +202,11 @@ to manage under
\fBb10\-sockcreator\fR,
\fBb10\-cfgmgr\fR, and
\fBb10\-msgq\fR
is not configurable\&. It is hardcoded and
is not configurable\&. They are hardcoded and
\fBbind10\fR
will not run without them\&.)
.PP
These named sets (listed above) contain the following settings:
The named sets for components contain the following settings:
.PP
\fIaddress\fR
.RS 4
......@@ -258,7 +248,7 @@ will use the component name instead\&.
.PP
\fIspecial\fR
.RS 4
This defines if the component is started a special way\&.
This defines if the component is started a special, hardcoded way\&.
.RE
.PP
The
......@@ -315,6 +305,12 @@ The date and time that the
\fBbind10\fR
process started\&. This is represented in ISO 8601 format\&.
.RE
.SH "FILES"
.PP
sockcreator\-XXXXXX/sockcreator
\(em the Unix Domain socket located in a temporary file directory for
\fBb10\-sockcreator\fR
communication\&.
.SH "SEE ALSO"
.PP
......@@ -339,5 +335,5 @@ The
daemon was initially designed by Shane Kerr of ISC\&.
.SH "COPYRIGHT"
.br
Copyright \(co 2011 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2010-2012 Internet Systems Consortium, Inc. ("ISC")
.br
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2010-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
<date>November 23, 2011</date>
<date>February 28, 2012</date>
</refentryinfo>
<refmeta>
......@@ -36,7 +36,7 @@
<docinfo>
<copyright>
<year>2011</year>
<year>2010-2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......@@ -97,8 +97,8 @@
<listitem>
<para>The configuration filename to use. Can be either absolute or
relative to data path. In case it is absolute, value of data path is
not considered.</para>
<para>Defaults to b10-config.db.</para>
not considered.
Defaults to <filename>b10-config.db</filename>.</para>
</listitem>
</varlistentry>
......@@ -123,9 +123,11 @@
</term>
<listitem>
<para>The path where BIND 10 programs look for various data files.
Currently only b10-cfgmgr uses it to locate the configuration file,
but the usage might be extended for other programs and other types
of files.</para>
Currently only
<citerefentry><refentrytitle>b10-cfgmgr</refentrytitle><manvolnum>8</manvolnum></citerefentry>
uses it to locate the configuration file, but the usage
might be extended for other programs and other types of
files.</para>
</listitem>
</varlistentry>
......@@ -155,9 +157,9 @@
<varlistentry>
<term><option>-u</option> <replaceable>user</replaceable>, <option>--user</option> <replaceable>name</replaceable></term>
<!-- TODO: example more detail. -->
<listitem>
<para>The username for <command>bind10</command> to run as.
<!-- TODO: example more detail. -->
<command>bind10</command> must be initially ran as the
root user to use this option.
The default is to run as the current user.</para>
......@@ -169,7 +171,6 @@
<listitem>
<para>If defined, the PID of the <command>bind10</command> is stored
in this file.
This is used for testing purposes.
</para>
</listitem>
</varlistentry>
......@@ -201,11 +202,12 @@ The default is the basename of ARG 0.
<varlistentry>
<term><option>-w</option> <replaceable>wait_time</replaceable>, <option>--wait</option> <replaceable>wait_time</replaceable></term>
<listitem>
<para>Sets the amount of time that BIND 10 will wait for
the configuration manager (a key component of BIND 10) to
initialize itself before abandoning the start up and
terminating with an error. The wait_time is specified in
seconds and has a default value of 10.
<para>Sets the amount of time that BIND 10 will wait for
the configuration manager (a key component of BIND 10)
to initialize itself before abandoning the start up and
terminating with an error. The
<replaceable>wait_time</replaceable> is specified in
seconds and has a default value of 10.
</para>
</listitem>
</varlistentry>
......@@ -237,10 +239,6 @@ TODO: configuration section
<para> <varname>/Boss/components/b10-cmdctl</varname> </para>
</listitem>
<listitem>
<para> <varname>/Boss/components/setuid</varname> </para>
</listitem>
<listitem>
<para> <varname>/Boss/components/b10-stats</varname> </para>
</listitem>
......@@ -266,12 +264,12 @@ TODO: configuration section
<para>
(Note that the startup of <command>b10-sockcreator</command>,
<command>b10-cfgmgr</command>, and <command>b10-msgq</command>
is not configurable. It is hardcoded and <command>bind10</command>
is not configurable. They are hardcoded and <command>bind10</command>
will not run without them.)
</para>
<para>
These named sets (listed above) contain the following settings:
The named sets for components contain the following settings:
</para>
<variablelist>
......@@ -346,7 +344,7 @@ list
<term> <varname>special</varname> </term>
<listitem>
<para>
This defines if the component is started a special
This defines if the component is started a special, hardcoded
way.
<!--
TODO: document this ... but maybe some of these will be removed
......@@ -357,7 +355,6 @@ cfgmgr
cmdctl
msgq
resolver
setuid
sockcreator
xfrin
-->
......@@ -374,6 +371,22 @@ xfrin
</para>
<!-- TODO: let's just let bind10 be known as bind10 and not Boss -->
<!-- TODO -->
<!--
<para>
<command>drop_socket</command>
This is an internal command and not exposed to the administrator.
</para>
-->
<!-- TODO -->
<!--
<para>
<command>get_socket</command>
This is an internal command and not exposed to the administrator.
</para>
-->
<para>
<command>getstats</command> tells <command>bind10</command>
to send its statistics data to the <command>b10-stats</command>
......@@ -438,13 +451,16 @@ xfrin
</refsect1>
<!--
<refsect1>
<title>FILES</title>
<para><filename></filename>
<para><filename>sockcreator-XXXXXX/sockcreator</filename>
&mdash;
the Unix Domain socket located in a temporary file directory for
<command>b10-sockcreator</command>
<!-- <citerefentry><refentrytitle>b10-sockcreator</refentrytitle><manvolnum>8</manvolnum></citerefentry> -->
communication.
</para>
</refsect1>
-->
<refsect1>
<title>SEE ALSO</title>
......@@ -476,6 +492,9 @@ xfrin
<citetitle>BIND 10 Guide</citetitle>.
</para>
</refsect1>
<!-- <citerefentry>
<refentrytitle>b10-sockcreator</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, -->
<refsect1 id='history'><title>HISTORY</title>
<para>The development of <command>bind10</command>
......
......@@ -892,7 +892,7 @@ class BoB:
# the need to find the place ourself or bother users. Also, this
# secures the socket on some platforms, as it creates a private
# directory.
self._tmpdir = tempfile.mkdtemp()
self._tmpdir = tempfile.mkdtemp(prefix='sockcreator-')
# Get the name
self._socket_path = os.path.join(self._tmpdir, "sockcreator")
# And bind the socket to the name
......
......@@ -2,12 +2,12 @@
.\" Title: b10-cmdctl
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: March 9, 2010
.\" Date: February 28, 2012
.\" Manual: BIND10
.\" Source: BIND10
.\" Language: English
.\"
.TH "B10\-CMDCTL" "8" "March 9, 2010" "BIND10" "BIND10"
.TH "B10\-CMDCTL" "8" "February 28, 2012" "BIND10" "BIND10"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
......@@ -70,6 +70,33 @@ Enable verbose mode\&.
.RS 4
Display the version number and exit\&.
.RE
.SH "CONFIGURATION AND COMMANDS"
.PP
The configurable settings are:
.PP
\fIaccounts_file\fR
defines the path to the user accounts database\&. The default is
/usr/local/etc/bind10\-devel/cmdctl\-accounts\&.csv\&.
.PP
\fIcert_file\fR
defines the path to the PEM certificate file\&. The default is
/usr/local/etc/bind10\-devel/cmdctl\-certfile\&.pem\&.
.PP
\fIkey_file\fR