diff options
Diffstat (limited to 'contrib/bind9/bin/named/config.c')
| -rw-r--r-- | contrib/bind9/bin/named/config.c | 74 |
1 files changed, 61 insertions, 13 deletions
diff --git a/contrib/bind9/bin/named/config.c b/contrib/bind9/bin/named/config.c index 43d0e5287d04..704d7ecc55ef 100644 --- a/contrib/bind9/bin/named/config.c +++ b/contrib/bind9/bin/named/config.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.93.14.2 2009-03-17 23:47:28 tbox Exp $ */ +/* $Id: config.c,v 1.113.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */ /*! \file */ @@ -42,9 +42,13 @@ #include <dns/tsig.h> #include <dns/zone.h> +#include <dst/dst.h> + #include <named/config.h> #include <named/globals.h> +#include "bind.keys.h" + /*% default configuration */ static char defaultconf[] = "\ options {\n\ @@ -55,7 +59,10 @@ options {\n\ files unlimited;\n\ stacksize default;\n" #endif -" deallocate-on-exit true;\n\ +"# session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\ + session-keyname local-ddns;\n\ + session-keyalg hmac-sha256;\n\ + deallocate-on-exit true;\n\ # directory <none>\n\ dump-file \"named_dump.db\";\n\ fake-iquery no;\n\ @@ -70,8 +77,10 @@ options {\n\ multiple-cnames no;\n\ # named-xfer <obsolete>;\n\ # pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\ + bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\ port 53;\n\ recursing-file \"named.recursing\";\n\ + secroots-file \"named.secroots\";\n\ " #ifdef PATH_RANDOMDEV "\ @@ -80,6 +89,7 @@ options {\n\ #endif "\ recursive-clients 1000;\n\ + resolver-query-timeout 30;\n\ rrset-order {type NS order random; order cyclic; };\n\ serial-queries 20;\n\ serial-query-rate 20;\n\ @@ -102,6 +112,9 @@ options {\n\ request-nsid false;\n\ reserved-sockets 512;\n\ \n\ + /* DLV */\n\ + dnssec-lookaside . trust-anchor dlv.isc.org;\n\ +\n\ /* view */\n\ allow-notify {none;};\n\ allow-update-forwarding {none;};\n\ @@ -135,6 +148,7 @@ options {\n\ check-names master fail;\n\ check-names slave warn;\n\ check-names response ignore;\n\ + check-dup-records warn;\n\ check-mx warn;\n\ acache-enable no;\n\ acache-cleaning-interval 60;\n\ @@ -146,7 +160,13 @@ options {\n\ max-clients-per-query 100;\n\ zero-no-soa-ttl-cache no;\n\ nsec3-test-zone no;\n\ + allow-new-zones no;\n\ +" +#ifdef ALLOW_FILTER_AAAA_ON_V4 +" filter-aaaa-on-v4 no;\n\ + filter-aaaa { any; };\n\ " +#endif " /* zone */\n\ allow-query {any;};\n\ @@ -174,6 +194,7 @@ options {\n\ max-refresh-time 2419200; /* 4 weeks */\n\ min-refresh-time 300;\n\ multi-master no;\n\ + dnssec-secure-to-insecure no;\n\ sig-validity-interval 30; /* days */\n\ sig-signing-nodes 100;\n\ sig-signing-signatures 10;\n\ @@ -188,6 +209,7 @@ options {\n\ check-srv-cname warn;\n\ zero-no-soa-ttl yes;\n\ update-check-ksk yes;\n\ + dnssec-dnskey-kskonly no;\n\ try-tcp-refresh yes; /* BIND 8 compat */\n\ };\n\ " @@ -198,6 +220,7 @@ options {\n\ view \"_bind\" chaos {\n\ recursion no;\n\ notify no;\n\ + allow-new-zones no;\n\ \n\ zone \"version.bind\" chaos {\n\ type master;\n\ @@ -213,11 +236,24 @@ view \"_bind\" chaos {\n\ type master;\n\ database \"_builtin authors\";\n\ };\n\ +\n\ zone \"id.server\" chaos {\n\ type master;\n\ database \"_builtin id\";\n\ };\n\ };\n\ +" +"#\n\ +# Default trusted key(s) for builtin DLV support\n\ +# (used if \"dnssec-lookaside auto;\" is set and\n\ +# sysconfdir/bind.keys doesn't exist).\n\ +#\n\ +# BEGIN MANAGED KEYS\n" + +/* Imported from bind.keys.h: */ +MANAGED_KEYS + +"# END MANAGED KEYS\n\ "; isc_result_t @@ -339,6 +375,8 @@ ns_config_getzonetype(const cfg_obj_t *zonetypeobj) { ztype = dns_zone_slave; else if (strcasecmp(str, "stub") == 0) ztype = dns_zone_stub; + else if (strcasecmp(str, "static-stub") == 0) + ztype = dns_zone_staticstub; else INSIST(0); return (ztype); @@ -615,7 +653,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, isc_buffer_add(&b, strlen(keystr)); dns_fixedname_init(&fname); result = dns_name_fromtext(dns_fixedname_name(&fname), &b, - dns_rootname, ISC_FALSE, NULL); + dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) goto cleanup; result = dns_name_dup(dns_fixedname_name(&fname), mctx, @@ -747,23 +785,31 @@ struct keyalgorithms { const char *str; enum { hmacnone, hmacmd5, hmacsha1, hmacsha224, hmacsha256, hmacsha384, hmacsha512 } hmac; + unsigned int type; isc_uint16_t size; } algorithms[] = { - { "hmac-md5", hmacmd5, 128 }, - { "hmac-md5.sig-alg.reg.int", hmacmd5, 0 }, - { "hmac-md5.sig-alg.reg.int.", hmacmd5, 0 }, - { "hmac-sha1", hmacsha1, 160 }, - { "hmac-sha224", hmacsha224, 224 }, - { "hmac-sha256", hmacsha256, 256 }, - { "hmac-sha384", hmacsha384, 384 }, - { "hmac-sha512", hmacsha512, 512 }, - { NULL, hmacnone, 0 } + { "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 }, + { "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 }, + { "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 }, + { "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 }, + { "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 }, + { "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 }, + { "hmac-sha384", hmacsha384, DST_ALG_HMACSHA384, 384 }, + { "hmac-sha512", hmacsha512, DST_ALG_HMACSHA512, 512 }, + { NULL, hmacnone, DST_ALG_UNKNOWN, 0 } }; isc_result_t ns_config_getkeyalgorithm(const char *str, dns_name_t **name, isc_uint16_t *digestbits) { + return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits)); +} + +isc_result_t +ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, + unsigned int *typep, isc_uint16_t *digestbits) +{ int i; size_t len = 0; isc_uint16_t bits; @@ -801,6 +847,8 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, INSIST(0); } } + if (typep != NULL) + *typep = algorithms[i].type; if (digestbits != NULL) *digestbits = bits; return (ISC_R_SUCCESS); |