mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

3205. [func] Upgrade dig's defaults to better reflect modern

Browse Source 
nameserver behaviour.  Enable "dig +adflag" and
                        "dig +edns=0" by default.  Enable "+dnssec" when
                        running "dig +trace". [RT #23497]
This commit is contained in:
Mark Andrews
2011-11-04 10:41:38 +00:00
parent fd94261ec7
commit 3fb5bccf59
5 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -1,3 +1,8 @@
3205. [func] Upgrade dig's defaults to better reflect modern
nameserver behaviour. Enable "dig +adflag" and
"dig +edns=0" by default. Enable "+dnssec" when
running "dig +trace". [RT #23497]
3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable
again. [RT #25960]

9
bin/dig/dig.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.242 2011/03/11 06:11:20 marka Exp $ */
/* $Id: dig.c,v 1.243 2011/11/04 10:41:38 marka Exp $ */
/*! \file */
@@ -187,7 +187,7 @@ help(void) {
" +domain=### (Set default domainname)\n"
" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
" +ndots=### (Set NDOTS value)\n"
" +edns=### (Set EDNS version)\n"
" +edns=### (Set EDNS version) [0]\n"
" +[no]search (Set whether to use searchlist)\n"
" +[no]showsearch (Search with intermediate results)\n"
" +[no]defname (Ditto)\n"
@@ -216,7 +216,7 @@ help(void) {
" +[no]qr (Print question before sending)\n"
" +[no]nssearch (Search all authoritative nameservers)\n"
" +[no]identify (ID responders in short answers)\n"
" +[no]trace (Trace delegation down from root)\n"
" +[no]trace (Trace delegation down from root, [+dnssec])\n"
" +[no]dnssec (Request DNSSEC records)\n"
" +[no]nsid (Request Name Server ID)\n"
#ifdef DIG_SIGCHASE
@@ -1124,6 +1124,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE;
lookup->section_question = ISC_FALSE;
lookup->dnssec = ISC_TRUE;
usesearch = ISC_FALSE;
}
break;
@@ -1527,6 +1528,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (!is_batchfile) {
debug("making new lookup");
default_lookup = make_empty_lookup();
default_lookup->adflag = ISC_TRUE;
default_lookup->edns = 0;
#ifndef NOPOSIX
/*

65
bin/dig/dig.docbook
View File

@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.docbook,v 1.49 2011/03/05 23:52:29 tbox Exp $ -->
<!-- $Id: dig.docbook,v 1.50 2011/11/04 10:41:38 marka Exp $ -->
<refentry id="man.dig">
<refentryinfo>
@@ -461,7 +461,8 @@
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
of the answer was insecure or not validated. This
bit is set by default.
</para>
</listitem>
</varlistentry>
@@ -498,19 +499,17 @@
<varlistentry>
<term><option>+[no]recurse</option></term>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit in the
query.
This bit is set by default, which means <command>dig</command>
normally sends recursive queries. Recursion is automatically
disabled
when the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are
used.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
<command>dig</command> normally sends recursive
queries. Recursion is automatically disabled when
the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]nssearch</option></term>
@@ -530,20 +529,21 @@
<varlistentry>
<term><option>+[no]trace</option></term>
<listitem>
<para>
Toggle tracing of the delegation path from the root name servers
for
the name being looked up. Tracing is disabled by default. When
tracing is enabled, <command>dig</command> makes
iterative queries to
resolve the name being looked up. It will follow referrals from
the
root servers, showing the answer from each server that was used
to
resolve the lookup.
</para>
</listitem>
</varlistentry>
<para>
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
<command>dig</command> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
</para>
<para>
<commmand>+dnssec</command> is also set when +trace is
set to better emulate the default queries from a nameserver.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]cmd</option></term>
@@ -776,9 +776,10 @@
<listitem>
<para>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a
EDNS query to be sent. <option>+noedns</option> clears the
remembered EDNS version.
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <option>+noedns</option>
clears the remembered EDNS version. EDNS is set to
0 by default.
</para>
</listitem>
</varlistentry>

13
bin/tests/system/dnssec/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.102 2011/11/04 05:36:28 each Exp $
# $Id: tests.sh,v 1.103 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
@@ -86,6 +86,17 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
# test AD bit:
# - dig +noadflag
echo "I:checking that AD is not set without +adflag or +dnssec ($n)"
ret=0
$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking for AD in authoritative answer ($n)"
ret=0
$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1

6
bin/tests/system/limits/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.17 2007/06/19 23:47:03 tbox Exp $
# $Id: tests.sh,v 1.18 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
@@ -43,13 +43,13 @@ $DIG +tcp +norec 4000.example. @10.53.0.1 a -p 5300 > dig.out.4000 || status=1
$PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1
echo "I:exactly maximum rrset"
$DIG +tcp +norec a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
$DIG +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
|| status=1
#dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset
$PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1
echo "I:exceed maximum rrset (5000 A records)"
$DIG +tcp +norec 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
$DIG +tcp +norec +noadd 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
# Look for truncation bit (tc).
grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || {
echo "I:TC bit was not set"