mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

3205. [func] Upgrade dig's defaults to better reflect modern

Browse Source 
nameserver behaviour.  Enable "dig +adflag" and
                        "dig +edns=0" by default.  Enable "+dnssec" when
                        running "dig +trace". [RT #23497]
This commit is contained in:
Mark Andrews
2011-11-04 10:41:38 +00:00
parent fd94261ec7
commit 3fb5bccf59
5 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -1,3 +1,8 @@
3205. [func] Upgrade dig's defaults to better reflect modern
nameserver behaviour. Enable "dig +adflag" and
"dig +edns=0" by default. Enable "+dnssec" when
running "dig +trace". [RT #23497]
3204. [bug] When a master server that has been marked as 3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable unreachable sends a NOTIFY, mark it reachable
again. [RT #25960] again. [RT #25960]

9
bin/dig/dig.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dig.c,v 1.242 2011/03/11 06:11:20 marka Exp $ */ /* $Id: dig.c,v 1.243 2011/11/04 10:41:38 marka Exp $ */
/*! \file */ /*! \file */
@@ -187,7 +187,7 @@ help(void) {
" +domain=### (Set default domainname)\n" " +domain=### (Set default domainname)\n"
" +bufsize=### (Set EDNS0 Max UDP packet size)\n" " +bufsize=### (Set EDNS0 Max UDP packet size)\n"
" +ndots=### (Set NDOTS value)\n" " +ndots=### (Set NDOTS value)\n"
" +edns=### (Set EDNS version)\n" " +edns=### (Set EDNS version) [0]\n"
" +[no]search (Set whether to use searchlist)\n" " +[no]search (Set whether to use searchlist)\n"
" +[no]showsearch (Search with intermediate results)\n" " +[no]showsearch (Search with intermediate results)\n"
" +[no]defname (Ditto)\n" " +[no]defname (Ditto)\n"
@@ -216,7 +216,7 @@ help(void) {
" +[no]qr (Print question before sending)\n" " +[no]qr (Print question before sending)\n"
" +[no]nssearch (Search all authoritative nameservers)\n" " +[no]nssearch (Search all authoritative nameservers)\n"
" +[no]identify (ID responders in short answers)\n" " +[no]identify (ID responders in short answers)\n"
" +[no]trace (Trace delegation down from root)\n" " +[no]trace (Trace delegation down from root, [+dnssec])\n"
" +[no]dnssec (Request DNSSEC records)\n" " +[no]dnssec (Request DNSSEC records)\n"
" +[no]nsid (Request Name Server ID)\n" " +[no]nsid (Request Name Server ID)\n"
#ifdef DIG_SIGCHASE #ifdef DIG_SIGCHASE
@@ -1124,6 +1124,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_additional = ISC_FALSE; lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE; lookup->section_authority = ISC_TRUE;
lookup->section_question = ISC_FALSE; lookup->section_question = ISC_FALSE;
lookup->dnssec = ISC_TRUE;
usesearch = ISC_FALSE; usesearch = ISC_FALSE;
} }
break; break;
@@ -1527,6 +1528,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (!is_batchfile) { if (!is_batchfile) {
debug("making new lookup"); debug("making new lookup");
default_lookup = make_empty_lookup(); default_lookup = make_empty_lookup();
default_lookup->adflag = ISC_TRUE;
default_lookup->edns = 0;
#ifndef NOPOSIX #ifndef NOPOSIX
/* /*

65
bin/dig/dig.docbook
View File

@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: dig.docbook,v 1.49 2011/03/05 23:52:29 tbox Exp $ --> <!-- $Id: dig.docbook,v 1.50 2011/11/04 10:41:38 marka Exp $ -->
<refentry id="man.dig"> <refentry id="man.dig">
<refentryinfo> <refentryinfo>
@@ -461,7 +461,8 @@
policy of the server. AD=1 indicates that all records policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated. of the answer was insecure or not validated. This
bit is set by default.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -498,19 +499,17 @@
<varlistentry> <varlistentry>
<term><option>+[no]recurse</option></term> <term><option>+[no]recurse</option></term>
<listitem> <listitem>
<para> <para>
Toggle the setting of the RD (recursion desired) bit in the Toggle the setting of the RD (recursion desired) bit
query. in the query. This bit is set by default, which means
This bit is set by default, which means <command>dig</command> <command>dig</command> normally sends recursive
normally sends recursive queries. Recursion is automatically queries. Recursion is automatically disabled when
disabled the <parameter>+nssearch</parameter> or
when the <parameter>+nssearch</parameter> or <parameter>+trace</parameter> query options are used.
<parameter>+trace</parameter> query options are </para>
used. </listitem>
</para> </varlistentry>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>+[no]nssearch</option></term> <term><option>+[no]nssearch</option></term>
@@ -530,20 +529,21 @@
<varlistentry> <varlistentry>
<term><option>+[no]trace</option></term> <term><option>+[no]trace</option></term>
<listitem> <listitem>
<para> <para>
Toggle tracing of the delegation path from the root name servers Toggle tracing of the delegation path from the root
for name servers for the name being looked up. Tracing
the name being looked up. Tracing is disabled by default. When is disabled by default. When tracing is enabled,
tracing is enabled, <command>dig</command> makes <command>dig</command> makes iterative queries to
iterative queries to resolve the name being looked up. It will follow
resolve the name being looked up. It will follow referrals from referrals from the root servers, showing the answer
the from each server that was used to resolve the lookup.
root servers, showing the answer from each server that was used </para>
to <para>
resolve the lookup. <commmand>+dnssec</command> is also set when +trace is
</para> set to better emulate the default queries from a nameserver.
</listitem> </para>
</varlistentry> </listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>+[no]cmd</option></term> <term><option>+[no]cmd</option></term>
@@ -776,9 +776,10 @@
<listitem> <listitem>
<para> <para>
Specify the EDNS version to query with. Valid values Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a are 0 to 255. Setting the EDNS version will cause
EDNS query to be sent. <option>+noedns</option> clears the a EDNS query to be sent. <option>+noedns</option>
remembered EDNS version. clears the remembered EDNS version. EDNS is set to
0 by default.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

13
bin/tests/system/dnssec/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.102 2011/11/04 05:36:28 each Exp $ # $Id: tests.sh,v 1.103 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -86,6 +86,17 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
# test AD bit:
# - dig +noadflag
echo "I:checking that AD is not set without +adflag or +dnssec ($n)"
ret=0
$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking for AD in authoritative answer ($n)" echo "I:checking for AD in authoritative answer ($n)"
ret=0 ret=0
$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1

6
bin/tests/system/limits/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.17 2007/06/19 23:47:03 tbox Exp $ # $Id: tests.sh,v 1.18 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -43,13 +43,13 @@ $DIG +tcp +norec 4000.example. @10.53.0.1 a -p 5300 > dig.out.4000 || status=1
$PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1 $PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1
echo "I:exactly maximum rrset" echo "I:exactly maximum rrset"
$DIG +tcp +norec a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \ $DIG +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
|| status=1 || status=1
#dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset #dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset
$PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1 $PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1
echo "I:exceed maximum rrset (5000 A records)" echo "I:exceed maximum rrset (5000 A records)"
$DIG +tcp +norec 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1 $DIG +tcp +norec +noadd 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
# Look for truncation bit (tc). # Look for truncation bit (tc).
grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || { grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || {
echo "I:TC bit was not set" echo "I:TC bit was not set"