mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

[master] update contrib

Browse Source 
3725.	[contrib]	Updated zkt and nslint to newest versions,
			cleaned up and rearranged the contrib
			directory, added a README.
This commit is contained in:
Evan Hunt 2014-02-05 16:17:50 -08:00
parent 09158ff8e4
commit e2d635d630
283 changed files with 21499 additions and 6323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -1,3 +1,7 @@
3725. [contrib] Updated zkt and nslint to newest versions,
cleaned up and rearranged the contrib
directory, and added a README.
--- 9.10.0a2 released ---
3724. [bug] win32: Fixed a bug that prevented dig and

6
configure vendored
View File

@ -20760,7 +20760,7 @@ ac_config_commands="$ac_config_commands chmod"
# elsewhere if there's a good reason for doing so.
#
ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/check-secure-delegation.pl contrib/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh"
#
@ -21819,8 +21819,8 @@ do
"bin/tests/virtual-time/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/Makefile" ;;
"bin/tests/virtual-time/conf.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/conf.sh" ;;
"bin/tools/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tools/Makefile" ;;
"contrib/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/check-secure-delegation.pl" ;;
"contrib/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/zone-edit.sh" ;;
"contrib/scripts/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/scripts/check-secure-delegation.pl" ;;
"contrib/scripts/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/scripts/zone-edit.sh" ;;
"doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
"doc/arm/Makefile") CONFIG_FILES="$CONFIG_FILES doc/arm/Makefile" ;;
"doc/doxygen/Doxyfile") CONFIG_FILES="$CONFIG_FILES doc/doxygen/Doxyfile" ;;

4
configure.in
View File

@ -4030,8 +4030,8 @@ AC_CONFIG_FILES([
bin/tests/virtual-time/Makefile
bin/tests/virtual-time/conf.sh
bin/tools/Makefile
contrib/check-secure-delegation.pl
contrib/zone-edit.sh
contrib/scripts/check-secure-delegation.pl
contrib/scripts/zone-edit.sh
doc/Makefile
doc/arm/Makefile
doc/doxygen/Doxyfile

53
contrib/README Normal file
View File

@ -0,0 +1,53 @@
This directory contains contributed scripts, tools, libraries,
and other useful additions to BIND 9. It includes:
- scripts/
Assorted useful scripts, including 'nanny' which monitors
named and restarts it in the event of a crash, 'zone-edit'
which enables editing of a dynamic zone, and others
- queryperf/
A DNS query performance testing tool
- dane/
mkdane.sh generates TLSA records for use with DNS-based
Authentication of Named Entities (DANE)
- dlz/modules
Dynamically linkable DLZ modules that can be configured into
named at runtime, enabling access to external data sources including
LDAP, MySQL, Berkeley DB, perl scripts, etc
- dlz/drivers
Old-style DLZ drivers that can be linked into named at compile
time. (These are no longer actively maintained and are expected
to be deprecated eventually.)
- sdb/
SDB drivers: another mechanism for accessing external data
sources
- idn/
Contains source for 'idnkit', which provides support for
Internationalized Domain Name processing.
- nslint-3.0a2
A lint-like tool for checking DNS files
- query-loc-0.4.0
A tool for retrieving location information stored in the DNS
- zkt-1.1.2
DNSSEC Zone Key Tools, an alternate method for managing keys
and signatures

12
contrib/linux/coredump-patch
View File

@ -1,12 +0,0 @@
--- binfmt_elf.c.old Mon Dec 11 10:49:57 2000
+++ binfmt_elf.c Wed Nov 1 13:05:23 2000
@@ -1091,7 +1091,8 @@
if (!current->dumpable ||
limit < ELF_EXEC_PAGESIZE ||
- atomic_read(&current->mm->count) != 1)
+/* atomic_read(&current->mm->count) != 1) */
+ test_and_set_bit(31, &current->mm->def_flags) != 0)
return 0;
current->dumpable = 0;

1
contrib/nslint-2.1a3/VERSION
View File

@ -1 +0,0 @@
2.1a3

693
contrib/nslint-2.1a3/config.guess vendored
View File

@ -1,693 +0,0 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc.
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Written by Per Bothner <bothner@cygnus.com>.
# The master version of this file is at the FSF in /home/gd/gnu/lib.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
# The plan is that this can be called by configure scripts if you
# don't specify an explicit system type (host/target name).
#
# Only a few systems have been added to this list; please add others
# (but try to keep the structure clean).
#
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 8/24/94.)
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
alpha:OSF1:*:*)
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'`
exit 0 ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit 0 ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-cbm-sysv4
exit 0;;
amiga:NetBSD:*:*)
echo m68k-cbm-netbsd${UNAME_RELEASE}
exit 0 ;;
amiga:OpenBSD:*:*)
echo m68k-cbm-openbsd${UNAME_RELEASE}
exit 0 ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit 0;;
Pyramid*:OSx*:*:*|MIS*:OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
fi
exit 0 ;;
NILE:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
i86pc:SunOS:5.*:*)
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
exit 0 ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
exit 0 ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
exit 0 ;;
atari*:NetBSD:*:*)
echo m68k-atari-netbsd${UNAME_RELEASE}
exit 0 ;;
atari*:OpenBSD:*:*)
echo m68k-atari-openbsd${UNAME_RELEASE}
exit 0 ;;
sun3*:NetBSD:*:*)
echo m68k-sun-netbsd${UNAME_RELEASE}
exit 0 ;;
sun3*:OpenBSD:*:*)
echo m68k-sun-openbsd${UNAME_RELEASE}
exit 0 ;;
mac68k:NetBSD:*:*)
echo m68k-apple-netbsd${UNAME_RELEASE}
exit 0 ;;
mac68k:OpenBSD:*:*)
echo m68k-apple-openbsd${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit 0 ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
sed 's/^ //' << EOF >dummy.c
int main (argc, argv) int argc; char **argv; {
#if defined (host_mips) && defined (MIPSEB)
#if defined (SYSTYPE_SYSV)
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_SVR4)
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
#endif
#endif
exit (-1);
}
EOF
${CC-cc} dummy.c -o dummy \
&& ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
&& rm dummy.c dummy && exit 0
rm -f dummy.c dummy
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
exit 0 ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
exit 0 ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
exit 0 ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
-o ${TARGET_BINARY_INTERFACE}x = x ] ; then
echo m88k-dg-dgux${UNAME_RELEASE}
else
echo m88k-dg-dguxbcs${UNAME_RELEASE}
fi
else echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
exit 0 ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
exit 0 ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
exit 0 ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
exit 0 ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i?86:AIX:*:*)
echo i386-ibm-aix
exit 0 ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
sed 's/^ //' << EOF >dummy.c
#include <sys/systemcfg.h>
main()
{
if (!__power_pc())
exit(1);
puts("powerpc-ibm-aix3.2.5");
exit(0);
}
EOF
${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
rm -f dummy.c dummy
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
exit 0 ;;
*:AIX:*:4)
if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=4.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:*:*)
echo rs6000-ibm-aix
exit 0 ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
exit 0 ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
exit 0 ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
exit 0 ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
exit 0 ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
exit 0 ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
exit 0 ;;
9000/[3478]??:HP-UX:*:*)
case "${UNAME_MACHINE}" in
9000/31? ) HP_ARCH=m68000 ;;
9000/[34]?? ) HP_ARCH=m68k ;;
9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;;
9000/8?? ) HP_ARCH=hppa1.0 ;;
esac
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
3050*:HI-UX:*:*)
sed 's/^ //' << EOF >dummy.c
#include <unistd.h>
int
main ()
{
long cpu = sysconf (_SC_CPU_VERSION);
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
results, however. */
if (CPU_IS_PA_RISC (cpu))
{
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
default: puts ("hppa-hitachi-hiuxwe2"); break;
}
}
else if (CPU_IS_HP_MC68K (cpu))
puts ("m68k-hitachi-hiuxwe2");
else puts ("unknown-hitachi-hiuxwe2");
exit (0);
}
EOF
${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
rm -f dummy.c dummy
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
exit 0 ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
exit 0 ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
exit 0 ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
exit 0 ;;
i?86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
exit 0 ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
CRAY*X-MP:*:*:*)
echo xmp-cray-unicos
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE}
exit 0 ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
exit 0 ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE}
exit 0 ;;
CRAY-2:*:*:*)
echo cray2-cray-unicos
exit 0 ;;
F300:UNIX_System_V:*:*)
FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
F301:UNIX_System_V:*:*)
echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
exit 0 ;;
hp3[0-9][05]:NetBSD:*:*)
echo m68k-hp-netbsd${UNAME_RELEASE}
exit 0 ;;
hp3[0-9][05]:OpenBSD:*:*)
echo m68k-hp-openbsd${UNAME_RELEASE}
exit 0 ;;
i?86:BSD/386:*:* | *:BSD/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
*:FreeBSD:*:*)
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit 0 ;;
*:NetBSD:*:*)
echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
exit 0 ;;
*:OpenBSD:*:*)
echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
exit 0 ;;
i*:CYGWIN*:*)
echo i386-pc-cygwin32
exit 0 ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin32
exit 0 ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
*:GNU:*:*)
echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit 0 ;;
*:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us.
ld_help_string=`ld --help 2>&1`
if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then
echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0
elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then
echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0
elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then
echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0
elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then
echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0
elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then
echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0
elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then
echo "powerpc-unknown-linux-gnu" ; exit 0
elif test "${UNAME_MACHINE}" = "alpha" ; then
echo alpha-unknown-linux-gnu ; exit 0
elif test "${UNAME_MACHINE}" = "sparc" ; then
echo sparc-unknown-linux-gnu ; exit 0
else
# Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us
# useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout.
test ! -d /usr/lib/ldscripts/. \
&& echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
# Determine whether the default compiler is a.out or elf
cat >dummy.c <<EOF
main(argc, argv)
int argc;
char *argv[];
{
#ifdef __ELF__
printf ("%s-pc-linux-gnu\n", argv[1]);
#else
printf ("%s-pc-linux-gnuaout\n", argv[1]);
#endif
return 0;
}
EOF
${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
rm -f dummy.c dummy
fi ;;
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions
# are messed up and put the nodename in both sysname and nodename.
i?86:DYNIX/ptx:4*:*)
echo i386-sequent-sysv4
exit 0 ;;
i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
fi
exit 0 ;;
i?86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
paragon:*:*:*)
echo i860-intel-osf1
exit 0 ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
exit 0 ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4.3${OS_REL} && exit 0
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
i?86:LynxOS:2.*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
exit 0 ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
echo ${UNAME_MACHINE}-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
exit 0 ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit 0 ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
exit 0 ;;
R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
cat >dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
#if !defined (ultrix)
printf ("vax-dec-bsd\n"); exit (0);
#else
printf ("vax-dec-ultrix\n"); exit (0);
#endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
rm -f dummy.c dummy
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit 0 ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
c34*)
echo c34-convex-bsd
exit 0 ;;
c38*)
echo c38-convex-bsd
exit 0 ;;
c4*)
echo c4-convex-bsd
exit 0 ;;
esac
fi
#echo '(Unable to guess system type)' 1>&2
exit 1

1905
contrib/nslint-2.1a3/configure vendored
View File

File diff suppressed because it is too large Load Diff

47
contrib/nslint-2.1a3/configure.in
View File

@ -1,47 +0,0 @@
dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/configure.in,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL)
dnl
dnl Copyright (c) 1995, 1996, 1997
dnl The Regents of the University of California. All rights reserved.
dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_INIT(nslint.c)
AC_CANONICAL_SYSTEM
umask 002
if test -z "$PWD" ; then
PWD=`pwd`
fi
AC_LBL_C_INIT(V_CCOPT, V_INCLS)
AC_CHECK_HEADERS(fcntl.h malloc.h memory.h)
AC_REPLACE_FUNCS(strerror)
AC_CHECK_LIB(nsl, main)
AC_CHECK_LIB(socket, main)
AC_CHECK_TYPE(int32_t, int)
AC_CHECK_TYPE(u_int32_t, u_int)
AC_LBL_DEVEL(V_CCOPT)
if test -r lbl/gnuc.h ; then
rm -f gnuc.h
ln -s lbl/gnuc.h gnuc.h
fi
AC_SUBST(V_CCOPT)
AC_SUBST(V_INCLS)
AC_PROG_INSTALL
AC_OUTPUT(Makefile)
if test -f .devel ; then
make depend
fi
exit 0

250
contrib/nslint-2.1a3/install-sh
View File

@ -1,250 +0,0 @@
#! /bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission. M.I.T. makes no representations about the
# suitability of this software for any purpose. It is provided "as is"
# without express or implied warranty.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

38
contrib/nslint-2.1a3/lbl/os-irix5.h
View File

@ -1,38 +0,0 @@
/*
* Copyright (c) 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-irix5.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
*/
/* Prototypes missing in IRIX 5 */
#ifdef __STDC__
struct ether_addr;
#endif
int ether_hostton(char *, struct ether_addr *);
char *ether_ntoa(struct ether_addr *);
#ifdef __STDC__
struct utmp;
#endif
void login(struct utmp *);
int setenv(const char *, const char *, int);
int sigblock(int);
int sigsetmask(int);
int snprintf(char *, size_t, const char *, ...);
time_t time(time_t *);

32
contrib/nslint-2.1a3/lbl/os-osf3.h
View File

@ -1,32 +0,0 @@
/*
* Copyright (c) 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-osf3.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
*/
/* Prototypes missing in osf3 */
int flock(int, int);
int ioctl(int, int, caddr_t);
int iruserok(u_int, int, char *, char *);
int pfopen(char *, int);
int rcmd(char **, u_short, const char *, const char *, const char *, int *);
int rresvport(int *);
int snprintf(char *, size_t, const char *, ...);
void sync(void);

50
contrib/nslint-2.1a3/lbl/os-solaris2.h
View File

@ -1,50 +0,0 @@
/*
* Copyright (c) 1993, 1994, 1995, 1996, 1997, 2000
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Id: os-solaris2.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
*/
/* Prototypes missing in SunOS 5 */
int daemon(int, int);
int dn_expand(const u_char *, const u_char *, const u_char *, char *, int);
int dn_skipname(const u_char *, const u_char *);
int flock(int, int);
int getdtablesize(void);
int gethostname(char *, int);
int getpagesize(void);
char *getusershell(void);
char *getwd(char *);
int iruserok(u_int, int, char *, char *);
#ifdef __STDC__
struct utmp;
void login(struct utmp *);
#endif
int logout(const char *);
int res_query(const char *, int, int, u_char *, int);
int setenv(const char *, const char *, int);
#if defined(_STDIO_H) && defined(HAVE_SETLINEBUF)
int setlinebuf(FILE *);
#endif
int sigblock(int);
int sigsetmask(int);
char *strerror(int);
int snprintf(char *, size_t, const char *, ...);
int strcasecmp(const char *, const char *);
void unsetenv(const char *);

215
contrib/nslint-2.1a3/lbl/os-sunos4.h
View File

@ -1,215 +0,0 @@
/*
* Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-sunos4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
*/
/* Prototypes missing in SunOS 4 */
#ifdef FILE
int _filbuf(FILE *);
int _flsbuf(u_char, FILE *);
int fclose(FILE *);
int fflush(FILE *);
int fgetc(FILE *);
int fprintf(FILE *, const char *, ...);
int fputc(int, FILE *);
int fputs(const char *, FILE *);
u_int fread(void *, u_int, u_int, FILE *);
int fseek(FILE *, long, int);
u_int fwrite(const void *, u_int, u_int, FILE *);
int pclose(FILE *);
void rewind(FILE *);
void setbuf(FILE *, char *);
int setlinebuf(FILE *);
int ungetc(int, FILE *);
int vfprintf(FILE *, const char *, ...);
int vprintf(const char *, ...);
#endif
#if __GNUC__ <= 1
int read(int, char *, u_int);
int write(int, char *, u_int);
#endif
long a64l(const char *);
#ifdef __STDC__
struct sockaddr;
#endif
int accept(int, struct sockaddr *, int *);
int bind(int, struct sockaddr *, int);
int bcmp(const void *, const void *, u_int);
void bcopy(const void *, void *, u_int);
void bzero(void *, int);
int chroot(const char *);
int close(int);
void closelog(void);
int connect(int, struct sockaddr *, int);
char *crypt(const char *, const char *);
int daemon(int, int);
int fchmod(int, int);
int fchown(int, int, int);
void endgrent(void);
void endpwent(void);
void endservent(void);
#ifdef __STDC__
struct ether_addr;
#endif
struct ether_addr *ether_aton(const char *);
int flock(int, int);
#ifdef __STDC__
struct stat;
#endif
int fstat(int, struct stat *);
#ifdef __STDC__
struct statfs;
#endif
int fstatfs(int, struct statfs *);
int fsync(int);
#ifdef __STDC__
struct timeb;
#endif
int ftime(struct timeb *);
int ftruncate(int, off_t);
int getdtablesize(void);
long gethostid(void);
int gethostname(char *, int);
int getopt(int, char * const *, const char *);
int getpagesize(void);
char *getpass(char *);
int getpeername(int, struct sockaddr *, int *);
int getpriority(int, int);
#ifdef __STDC__
struct rlimit;
#endif
int getrlimit(int, struct rlimit *);
int getsockname(int, struct sockaddr *, int *);
int getsockopt(int, int, int, char *, int *);
#ifdef __STDC__
struct timeval;
struct timezone;
#endif
int gettimeofday(struct timeval *, struct timezone *);
char *getusershell(void);
char *getwd(char *);
int initgroups(const char *, int);
int ioctl(int, int, caddr_t);
int iruserok(u_long, int, char *, char *);
int isatty(int);
int killpg(int, int);
int listen(int, int);
#ifdef __STDC__
struct utmp;
#endif
void login(struct utmp *);
int logout(const char *);
off_t lseek(int, off_t, int);
int lstat(const char *, struct stat *);
int mkstemp(char *);
char *mktemp(char *);
int munmap(caddr_t, int);
void openlog(const char *, int, int);
void perror(const char *);
int printf(const char *, ...);
int puts(const char *);
long random(void);
int readlink(const char *, char *, int);
#ifdef __STDC__
struct iovec;
#endif
int readv(int, struct iovec *, int);
int recv(int, char *, u_int, int);
int recvfrom(int, char *, u_int, int, struct sockaddr *, int *);
int rename(const char *, const char *);
int rcmd(char **, u_short, char *, char *, char *, int *);
int rresvport(int *);
int send(int, char *, u_int, int);
int sendto(int, char *, u_int, int, struct sockaddr *, int);
int setenv(const char *, const char *, int);
int seteuid(int);
int setpriority(int, int, int);
int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
int setpgrp(int, int);
void setpwent(void);
int setrlimit(int, struct rlimit *);
void setservent(int);
int setsockopt(int, int, int, char *, int);
int shutdown(int, int);
int sigblock(int);
void (*signal (int, void (*) (int))) (int);
int sigpause(int);
int sigsetmask(int);
#ifdef __STDC__
struct sigvec;
#endif
int sigvec(int, struct sigvec *, struct sigvec*);
int snprintf(char *, size_t, const char *, ...);
int socket(int, int, int);
int socketpair(int, int, int, int *);
int symlink(const char *, const char *);
void srandom(int);
int sscanf(char *, const char *, ...);
int stat(const char *, struct stat *);
int statfs(char *, struct statfs *);
char *strerror(int);
int strcasecmp(const char *, const char *);
#ifdef __STDC__
struct tm;
#endif
int strftime(char *, int, char *, struct tm *);
int strncasecmp(const char *, const char *, int);
long strtol(const char *, char **, int);
void sync(void);
void syslog(int, const char *, ...);
int system(const char *);
long tell(int);
time_t time(time_t *);
char *timezone(int, int);
int tolower(int);
int toupper(int);
int truncate(char *, off_t);
void unsetenv(const char *);
int vfork(void);
int vsprintf(char *, const char *, ...);
int writev(int, struct iovec *, int);
#ifdef __STDC__
struct rusage;
#endif
int utimes(const char *, struct timeval *);
#if __GNUC__ <= 1
int wait(int *);
pid_t wait3(int *, int, struct rusage *);
#endif
/* Ugly signal hacking */
#ifdef SIG_ERR
#undef SIG_ERR
#define SIG_ERR (void (*)(int))-1
#undef SIG_DFL
#define SIG_DFL (void (*)(int))0
#undef SIG_IGN
#define SIG_IGN (void (*)(int))1
#ifdef KERNEL
#undef SIG_CATCH
#define SIG_CATCH (void (*)(int))2
#endif
#undef SIG_HOLD
#define SIG_HOLD (void (*)(int))3
#endif

39
contrib/nslint-2.1a3/lbl/os-ultrix4.h
View File

@ -1,39 +0,0 @@
/*
* Copyright (c) 1990, 1993, 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-ultrix4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
*/
/* Prototypes missing in Ultrix 4 */
int bcmp(const char *, const char *, u_int);
void bcopy(const void *, void *, u_int);
void bzero(void *, u_int);
void endservent(void);
int getopt(int, char * const *, const char *);
#ifdef __STDC__
struct timeval;
struct timezone;
#endif
int gettimeofday(struct timeval *, struct timezone *);
int ioctl(int, int, caddr_t);
int pfopen(char *, int);
int setlinebuf(FILE *);
int socket(int, int, int);
int strcasecmp(const char *, const char *);

21
contrib/nslint-2.1a3/CHANGES → contrib/nslint-3.0a2/CHANGES
View File

@ -1,6 +1,14 @@
@(#) $Id: CHANGES,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL)
@(#) $Id: CHANGES 250 2009-10-16 23:26:47Z leres $ (LBL)
v2.1 Wed Aug 22 18:30:35 PDT 2001
v3.0 Fri Oct 16 16:26:04 PDT 2009
- Add IPv6 support.
v2.2 Fri Mar 13 22:29:52 PDT 2009
- Convert source tree to subversion
v2.1 Fri Feb 15 20:45:01 PST 2008
- Handle "srv" records.
@ -8,6 +16,12 @@ v2.1 Wed Aug 22 18:30:35 PDT 2001
- Add "ignore" option
- Hack in support for "view"
- Check for duplicate "cname" records.
- Upgrade to autoconf 2.61
v2.0.2 Tue Mar 20 17:49:13 PST 2001
- Allow missing trailing dot in certain special cases.
@ -16,6 +30,9 @@ v2.0.2 Tue Mar 20 17:49:13 PST 2001
- Document nslint.conf network keyword.
- Sort the network list so that we always pick the right network/mask
when the overlap.
v2.0.1 Tue Dec 14 11:24:31 PST 1999
- Handle $ttl.

6
contrib/nslint-2.1a3/FILES → contrib/nslint-3.0a2/FILES
View File

@ -11,14 +11,10 @@ configure
configure.in
install-sh
lbl/gnuc.h
lbl/os-irix5.h
lbl/os-osf3.h
lbl/os-solaris2.h
lbl/os-sunos4.h
lbl/os-ultrix4.h
mkdep
nslint.8
nslint.c
savestr.c
savestr.h
strerror.c
version.h

4
contrib/nslint-2.1a3/INSTALL → contrib/nslint-3.0a2/INSTALL
View File

@ -1,4 +1,4 @@
@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/INSTALL,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL)
@(#) $Id: INSTALL 238 2009-03-14 05:43:37Z leres $ (LBL)
You will need an ANSI C compiler to build nslint. The configure
script will abort if your compiler is not ANSI compliant. If this
@ -33,10 +33,10 @@ configure - configure script (run this first)
configure.in - configure script source
install-sh - BSD style install script
lbl/gnuc.h - gcc macros and defines
lbl/os-*.h - os dependent defines and prototypes
mkdep - construct Makefile dependency list
nslint.8 - manual entry
nslint.c - main program
savestr.c - strdup() replacement
savestr.h - savestr prototypes
strerror.c - missing routine
version.h - prototypes, defines and struct definitions

41
contrib/nslint-2.1a3/Makefile.in → contrib/nslint-3.0a2/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000
# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000, 2008, 2009
# The Regents of the University of California. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@ -17,7 +17,7 @@
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# @(#) $Id: Makefile.in,v 1.2 2004/07/20 07:13:40 marka Exp $ (LBL)
# @(#) $Id: Makefile.in 242 2009-10-14 08:30:03Z leres $ (LBL)
#
# Various configurable paths (remember to edit Makefile.in, not Makefile)
@ -29,7 +29,9 @@ exec_prefix = @exec_prefix@
# Pathname of directory to install the binary
BINDEST = @bindir@
# Pathname of directory to install the man page
MANDEST = @mandir@
MANDEST = @prefix@/man
# The root of the directory tree for read-only
datarootdir = @datarootdir@
# VPATH
srcdir = @srcdir@
@ -48,6 +50,9 @@ DEFS = @DEFS@
# Standard CFLAGS
CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
# Standard LDFLAGS
LDFLAGS = @LDFLAGS@
# Standard LIBS
LIBS = @LIBS@
@ -65,9 +70,9 @@ GENSRC = version.c
SRC = $(CSRC) $(GENSRC)
# We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot
# We would like to say "OBJS = $(SRC:.c=.o)" but Ultrix's make cannot
# hack the extra indirection
OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@
OBJS = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@
TAGHDR = \
/usr/include/sys/types.h \
@ -75,11 +80,15 @@ TAGHDR = \
TAGFILES = $(SRC) $(TAGHDR)
CLEANFILES = $(PROG) $(OBJ) $(GENSRC)
CLEANFILES = $(PROG) $(OBJS) $(GENSRC) purify $(OBJS:.o=_pure_*.o)
$(PROG): $(OBJ)
$(PROG): $(OBJS)
@rm -f $@
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
purify: $(OBJS)
@rm -f $@
purify $(CC) $(CFLAGS) $(LDFLAGS) -static -o purify $(OBJS) $(LIBS)
version.o: version.c
version.c: $(srcdir)/VERSION
@ -88,17 +97,15 @@ version.c: $(srcdir)/VERSION
install: force
$(INSTALL) -m 555 -o bin -g bin $(PROG) $(DESTDIR)$(BINDEST)/$(PROG)
install-man: force
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 \
$(DESTDIR)$(MANDEST)/man8/$(PROG).8
@diff $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8/
clean: force
rm -f $(CLEANFILES)
distclean: force
rm -f $(CLEANFILES) Makefile config.cache config.log config.status \
gnuc.h os-proto.h
rm -rf $(CLEANFILES) Makefile config.cache config.log config.status \
gnuc.h os-proto.h autom4te.cache
tags: $(TAGFILES)
ctags -wtd $(TAGFILES)
@ -117,6 +124,12 @@ tar: force
"rm -f $$name" ; \
rm -f $$name
sign:
@name=${PROG}-`cat VERSION`.tar.gz; \
set -x; \
rm -f $${name}.asc; \
gpg --armor --detach-sign $${name}
force: /tmp
depend: $(GENSRC) force
./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC)

2
contrib/nslint-2.1a3/README → contrib/nslint-3.0a2/README
View File

@ -1,4 +1,4 @@
@(#) $Id: README,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL)
@(#) $Id: README 237 2009-03-14 05:38:15Z leres $ (LBL)
NSLINT 2.0
Lawrence Berkeley National Laboratory

1
contrib/nslint-3.0a2/VERSION Normal file
View File

@ -0,0 +1 @@
3.0a2

367
contrib/nslint-2.1a3/aclocal.m4 → contrib/nslint-3.0a2/aclocal.m4 vendored
View File

@ -1,6 +1,6 @@
dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/aclocal.m4,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL)
dnl @(#) $Id: aclocal.m4 616 2009-10-10 00:08:08Z leres $ (LBL)
dnl
dnl Copyright (c) 1995, 1996, 1997, 1998, 1999
dnl Copyright (c) 2008, 2009
dnl The Regents of the University of California. All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@ -26,7 +26,7 @@ dnl
dnl Determine which compiler we're using (cc or gcc)
dnl If using gcc, determine the version number
dnl If using cc, require that it support ansi prototypes
dnl If using gcc, use -O2 (otherwise use -O)
dnl If using gcc, use -O3 (otherwise use -O)
dnl If using cc, explicitly specify /usr/local/include
dnl
dnl usage:
@ -38,23 +38,27 @@ dnl
dnl $1 (copt set)
dnl $2 (incls set)
dnl CC
dnl LDFLAGS
dnl LBL_CFLAGS
dnl LDFLAGS set
dnl
AC_DEFUN(AC_LBL_C_INIT,
[AC_PREREQ(2.12)
AC_ARG_ENABLE([optimization],
[AS_HELP_STRING([--disable-optimization],
[turn off gcc optimization])],
ac_cv_without_optimization=${withval})
AC_BEFORE([$0], [AC_PROG_CC])
AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
AC_BEFORE([$0], [AC_LBL_DEVEL])
AC_ARG_WITH(gcc, [ --without-gcc don't use gcc])
$1="-O"
AC_USE_SYSTEM_EXTENSIONS
$1=""
if test "${ac_cv_without_optimization+set}" != set; then
$1="-O"
fi
$2=""
if test "${srcdir}" != "." ; then
$2="-I\$\(srcdir\)"
fi
if test "${CFLAGS+set}" = set; then
LBL_CFLAGS="$CFLAGS"
fi
if test -z "$CC" ; then
case "$target_os" in
@ -72,6 +76,7 @@ AC_DEFUN(AC_LBL_C_INIT,
export CC
fi
AC_PROG_CC
AC_SYS_LARGEFILE
if test "$GCC" != yes ; then
AC_MSG_CHECKING(that $CC handles ansi prototypes)
AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes,
@ -100,7 +105,7 @@ AC_DEFUN(AC_LBL_C_INIT,
fi
CFLAGS="$savedcflags"
$1="-Aa $$1"
AC_DEFINE(_HPUX_SOURCE)
AC_DEFINE(_HPUX_SOURCE,,[HP-UX ansi compiler])
;;
*)
@ -132,13 +137,43 @@ AC_DEFUN(AC_LBL_C_INIT,
ac_cv_lbl_cc_const_proto=no))
AC_MSG_RESULT($ac_cv_lbl_cc_const_proto)
if test $ac_cv_lbl_cc_const_proto = no ; then
AC_DEFINE(const,)
AC_DEFINE(const,,[ultrix can't hack const])
fi
;;
esac
fi
])
AC_LBL_ENABLE_CHECK(brov6 activemapping expire-dfa-states)
dnl
dnl This allows us to check for bogus configure enable/disable
dnl command line options
dnl
dnl usage:
dnl
dnl AC_LBL_ENABLE_CHECK(opt ...)
dnl
AC_DEFUN(AC_LBL_ENABLE_CHECK,
[set |
sed -n -e 's/^enable_\([[^=]]*\)=[[^=]]*$/\1/p' |
while read var; do
ok=0
for o in $1; do
if test "${o}" = "${var}" ; then
ok=1
break
fi
done
if test ${ok} -eq 0 ; then
# It's hard to kill configure script from subshell!
AC_MSG_ERROR(unknown enable option: ${var})
exit 1
fi
done
if test $? -ne 0 ; then
exit 1
fi])
dnl
dnl Use pfopen.c if available and pfopen() not in standard libraries
dnl Require libpcap
@ -191,13 +226,13 @@ AC_DEFUN(AC_LBL_LIBPCAP,
done
if test "x$libpcap" = xFAIL ; then
AC_MSG_RESULT(not found)
unset ac_cv_lbl_lib_pcap_pcap_open_live_
AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
unset ac_cv_lib_pcap_pcap_open_live
if test "x$libpcap" = xFAIL ; then
unset ac_cv_lbl_lib_pcap_pcap_open_live_
CFLAGS="$CFLAGS -I/usr/local/include"
LIBS="$LIBS -L/usr/local/lib"
AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
unset ac_cv_lib_pcap_pcap_open_live
if test "x$libpcap" = xFAIL ; then
AC_MSG_ERROR(see the INSTALL doc for more info)
fi
@ -240,21 +275,21 @@ AC_DEFUN(AC_LBL_TYPE_SIGNAL,
[AC_BEFORE([$0], [AC_LBL_LIBPCAP])
AC_TYPE_SIGNAL
if test "$ac_cv_type_signal" = void ; then
AC_DEFINE(RETSIGVAL,)
AC_DEFINE(RETSIGVAL,,[signal function return value])
else
AC_DEFINE(RETSIGVAL,(0))
fi
case "$target_os" in
irix*)
AC_DEFINE(_BSD_SIGNALS)
AC_DEFINE(_BSD_SIGNALS,,[irix's BSD style signals])
;;
*)
dnl prefer sigset() to sigaction()
AC_CHECK_FUNCS(sigset)
if test $ac_cv_func_sigset = yes ; then
AC_DEFINE(signal,sigset)
AC_DEFINE(signal,sigset,[use sigset() instead of signal()])
else
AC_CHECK_FUNCS(sigaction)
fi
@ -397,17 +432,38 @@ dnl
dnl HAVE_SOCKADDR_SA_LEN (defined)
dnl
AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
[AC_MSG_CHECKING(if sockaddr struct has sa_len member)
AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len,
AC_TRY_COMPILE([
[AC_CHECK_MEMBERS(struct sockaddr.sa_len,,,[
# include <sys/types.h>
# include <sys/socket.h>],
[u_int i = sizeof(((struct sockaddr *)0)->sa_len)],
ac_cv_lbl_sockaddr_has_sa_len=yes,
ac_cv_lbl_sockaddr_has_sa_len=no))
AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len)
if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then
AC_DEFINE(HAVE_SOCKADDR_SA_LEN)
# include <sys/socket.h>])])
dnl
dnl Makes sure socklen_t is defined
dnl
dnl usage:
dnl
dnl AC_LBL_SOCKLEN_T
dnl
dnl results:
dnl
dnl socklen_t (defined if missing)
dnl
AC_DEFUN(AC_LBL_SOCKLEN_T,
[AC_MSG_CHECKING(for socklen_t in sys/socket.h using $CC)
AC_CACHE_VAL(ac_cv_lbl_socklen_t,
AC_TRY_COMPILE([
# include "confdefs.h"
# include <sys/types.h>
# include <sys/socket.h>
# if STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
# endif],
[socklen_t i],
ac_cv_lbl_socklen_t=yes,
ac_cv_lbl_socklen_t=no))
AC_MSG_RESULT($ac_cv_lbl_socklen_t)
if test $ac_cv_lbl_socklen_t = no ; then
AC_DEFINE(socklen_t, int, [Define socklen_t if missing])
fi])
dnl
@ -442,34 +498,9 @@ AC_DEFUN(AC_LBL_IFF_LOOPBACK,
ac_cv_lbl_have_iff_loopback=no))
AC_MSG_RESULT($ac_cv_lbl_have_iff_loopback)
if test $ac_cv_lbl_have_iff_loopback = yes ; then
AC_DEFINE(HAVE_IFF_LOOPBACK)
AC_DEFINE(HAVE_IFF_LOOPBACK,, [Have IFF_LOOPBACK define/enum])
fi])
dnl
dnl Checks to see if -R is used
dnl
dnl usage:
dnl
dnl AC_LBL_HAVE_RUN_PATH
dnl
dnl results:
dnl
dnl ac_cv_lbl_have_run_path (yes or no)
dnl
AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
[AC_MSG_CHECKING(for ${CC-cc} -R)
AC_CACHE_VAL(ac_cv_lbl_have_run_path,
[echo 'main(){}' > conftest.c
${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1
if test ! -s conftest.out ; then
ac_cv_lbl_have_run_path=yes
else
ac_cv_lbl_have_run_path=no
fi
rm -f conftest*])
AC_MSG_RESULT($ac_cv_lbl_have_run_path)
])
dnl
dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless.
dnl
@ -497,7 +528,7 @@ AC_DEFUN(AC_LBL_CHECK_TYPE,
ac_cv_lbl_have_$1=no))
AC_MSG_RESULT($ac_cv_lbl_have_$1)
if test $ac_cv_lbl_have_$1 = no ; then
AC_DEFINE($1, $2)
AC_DEFINE($1, $2, Define $1)
fi])
dnl
@ -584,24 +615,27 @@ AC_DEFUN(AC_LBL_CHECK_WALL,
[ if test "$GCC" = yes ; then
if test "$SHLICC2" = yes ; then
ac_cv_lbl_gcc_vers=2
$1="`echo $$1 | sed -e 's/-O/-O2/'`"
$1="`echo $$1 | sed -e 's/-O/-O3/'`"
else
AC_MSG_CHECKING(gcc version)
AC_CACHE_VAL(ac_cv_lbl_gcc_vers,
ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | \
sed -e 's/\..*//'`)
# Gag, the gcc folks keep changing the output...
# try to grab N.N.N
ac_cv_lbl_gcc_vers=`$CC --version 2>&1 |
sed -e '1!d' -e 's/[[[^0-9]]]*\([[[0-9]]][[[0-9]]]*\)\.[[[0-9\]]][[[0-9]]]*\.[[[0-9]]][[[0-9]]]*.*/\1/'`)
AC_MSG_RESULT($ac_cv_lbl_gcc_vers)
if test $ac_cv_lbl_gcc_vers -gt 1 ; then
$1="`echo $$1 | sed -e 's/-O/-O2/'`"
if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
$1="`echo $$1 | sed -e 's/-O/-O3/'`"
fi
fi
if test "${LBL_CFLAGS+set}" != set; then
if test "$ac_cv_prog_cc_g" = yes ; then
$1="-g $$1"
fi
$1="$$1 -Wall"
if test $ac_cv_lbl_gcc_vers -gt 1 ; then
$1="$$1 -Wmissing-prototypes -Wstrict-prototypes"
if test "$ac_cv_prog_cc_g" = yes ; then
$1="-g $$1"
fi
$1="$$1 -Wall"
if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
$1="$$1 -Wmissing-prototypes -Wstrict-prototypes"
if [[ "`uname -s`" = "FreeBSD" ]]; then
$1="$$1 -Werror"
fi
fi
else
@ -632,18 +666,16 @@ dnl $1 (copt appended)
dnl HAVE_OS_PROTO_H (defined)
dnl os-proto.h (symlinked)
dnl
AC_DEFUN(AC_LBL_DEVEL,
[rm -f os-proto.h
if test "${LBL_CFLAGS+set}" = set; then
$1="$$1 ${LBL_CFLAGS}"
fi
AC_DEFUN(AC_LBL_DEVEL,[
AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH])
rm -f os-proto.h
if test -f .devel ; then
AC_LBL_CHECK_WALL($1)
os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
name="lbl/os-$os.h"
if test -f $name ; then
ln -s $name os-proto.h
AC_DEFINE(HAVE_OS_PROTO_H)
AC_DEFINE(HAVE_OS_PROTO_H,,[have os-proto.h])
else
AC_MSG_WARN(can't find $name)
fi
@ -747,19 +779,200 @@ AC_DEFUN(AC_LBL_LIBRARY_NET, [
# libraries (i.e. libc):
AC_CHECK_FUNC(gethostbyname, ,
# Some OSes (eg. Solaris) place it in libnsl:
AC_LBL_CHECK_LIB(nsl, gethostbyname, ,
AC_CHECK_LIB(nsl, gethostbyname, ,
# Some strange OSes (SINIX) have it in libsocket:
AC_LBL_CHECK_LIB(socket, gethostbyname, ,
AC_CHECK_LIB(socket, gethostbyname, ,
# Unfortunately libsocket sometimes depends on libnsl.
# AC_CHECK_LIB's API is essentially broken so the
# following ugliness is necessary:
AC_LBL_CHECK_LIB(socket, gethostbyname,
AC_CHECK_LIB(socket, gethostbyname,
LIBS="-lsocket -lnsl $LIBS",
AC_CHECK_LIB(resolv, gethostbyname),
-lnsl))))
AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, ,
AC_LBL_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", ,
AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", ,
-lnsl)))
# DLPI needs putmsg under HPUX so test for -lstr while we're at it
AC_CHECK_LIB(str, putmsg)
])
dnl
dnl AC_LBL_RUN_PATH
dnl
dnl Extracts -L directories from LIBS; if any are found they are
dnl converted to a LD_RUN_PATH and put in V_ENVIRONMENT
dnl
dnl usage:
dnl
dnl AC_LBL_RUN_PATH
dnl
dnl results:
dnl
dnl V_ENVIRONMENT
dnl
AC_DEFUN(AC_LBL_LD_RUN_PATH, [
AC_MSG_CHECKING(LD_RUN_PATH)
AC_SUBST(V_ENVIRONMENT)
dnl
dnl Split out -L directories
dnl
ldirs=""
for x in ${LIBS}; do
case x${x} in
x-L*)
ldirs="${ldirs} ${x}"
;;
*)
;;
esac
done
dnl
dnl Build LD_RUN_PATH
dnl
if test -n "${ldirs}"; then
V_ENVIRONMENT="LD_RUN_PATH=\"`echo \"${ldirs}\" | sed -e 's,-L,,g' -e 's,^ *,,' -e 's, ,:,g'`\""
AC_MSG_RESULT(${V_ENVIRONMENT})
else
AC_MSG_RESULT(empty)
fi])
dnl
dnl AC_LBL_BROCCOLI
dnl
dnl Include Broccoli support
dnl
dnl usage:
dnl
dnl AC_LBL_BROCCOLI(copt, incls, [min-vers])
dnl
dnl results:
dnl
dnl $1 (copt variable appended)
dnl $2 (incls variable appended)
dnl $3 minimum version (optional)
dnl
AC_DEFUN(AC_LBL_BROCCOLI, [
AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH])
dnl
dnl configure flags
dnl
AC_ARG_WITH([broccoli],
[AS_HELP_STRING([--without-broccoli],
[disable Broccoli support @<:@default=check@:>@])],
ac_cv_with_broccoli=${withval})
dnl
dnl Network application libraries
dnl
AC_LBL_LIBRARY_NET
AC_MSG_CHECKING(for broccoli)
if test "${ac_cv_with_broccoli}" = "" -o \
"${ac_cv_with_broccoli}" = yes ; then
cflags=""
libs=""
dnl
dnl Our entire path
dnl
dirs="`echo ${PATH} | sed -e 's/:/ /g'`"
dnl
dnl Add in default Bro install bin directory
dnl
dirs="${dirs} /usr/local/bro/bin"
for d in ${dirs}; do
if test -x ${d}/broccoli-config ; then
broccoli_config_path="${d}/broccoli-config"
cflags="`${broccoli_config_path} --cflags`"
libs="`${broccoli_config_path} --libs`"
break
fi
done
if test -n "${cflags}" ; then
ac_cv_have_broccoli=yes
else
ac_cv_have_broccoli=no
fi
AC_MSG_RESULT($ac_cv_have_broccoli)
if test "${ac_cv_with_broccoli}" = yes -a \
${ac_cv_have_broccoli} = "no" ; then
AC_MSG_ERROR(Broccoli explicitly enabled but not supported)
fi
else
AC_MSG_RESULT([disabled])
fi
dnl
dnl Optionally check for minimum Broccoli version
dnl
if test "$ac_cv_have_broccoli" = yes -a -n "$3"; then
AC_MSG_CHECKING(Broccoli >= $3)
BROCCOLI_VERSION="`${broccoli_config_path} --version`"
AC_MSG_RESULT(${BROCCOLI_VERSION})
dnl
dnl Sort the two versions; the desired version should
dnl appear first (or perhaps 1st and 2nd)
dnl
tvers="`(echo "$3" ; echo ${BROCCOLI_VERSION}) |
sort -t. +0 -1n +1 -2n +2 -3n +3 -4n |
head -1`"
if test "${tvers}" != "$3"; then
if test "${ac_cv_with_broccoli}" = yes; then
AC_MSG_ERROR(Broccoli $3 or higher is required)
fi
AC_MSG_NOTICE(Broccoli support disabled)
ac_cv_have_broccoli="no"
fi
fi
dnl
dnl Broccoli ho!
dnl
if test "$ac_cv_have_broccoli" = yes ; then
AC_DEFINE(HAVE_BROCCOLI)
dnl
dnl Split out -I directories
dnl
for x in ${cflags}; do
case x${x} in
x-I*)
eval "$2=\"\$$2 ${x}\""
;;
*)
eval "$1=\"\$$1 ${x}\""
;;
esac
done
dnl
dnl Add in Broccoli libs
dnl
LIBS="$LIBS ${libs}"
dnl
dnl Look for the libs in DIR or DIR/lib
dnl
AC_ARG_WITH([openssl],
[AS_HELP_STRING([--with-openssl=DIR],
[Use OpenSSL installation in DIR])],
[eval "$2=\"-I${withval}/include \$$2\""
for x in ${withval}/lib ${withval}; do
if test -r ${x}/libssl.a; then
LIBS="-L${x} ${LIBS}"
break
fi
done])
dnl
dnl -lssl needs to come first on some systems!
dnl
AC_CHECK_LIB(ssl, OPENSSL_add_all_algorithms_conf,
[LIBS="${LIBS} -lssl -lcrypto"],,-lcrypto)
dnl
dnl Newer versions of 1.4.0 and anything higher needs bro_init()
dnl
AC_CHECK_LIB(broccoli, bro_init, [AC_DEFINE(HAVE_BRO_INIT)])
fi])

1407
contrib/nslint-3.0a2/config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

779
contrib/nslint-2.1a3/config.sub → contrib/nslint-3.0a2/config.sub vendored Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

6885
contrib/nslint-3.0a2/configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

51
contrib/nslint-3.0a2/configure.in Normal file
View File

@ -0,0 +1,51 @@
AC_REVISION([@(#) $Id: configure.in 241 2009-10-10 23:31:13Z leres $ (LBL)])
dnl
AC_COPYRIGHT([Copyright (c) 1995, 1996, 1997, 2006, 2009
The Regents of the University of California. All rights reserved.])
dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_INIT
AC_CONFIG_SRCDIR(nslint.c)
AC_CANONICAL_TARGET
umask 002
if test -z "$PWD" ; then
PWD=`pwd`
fi
AC_LBL_C_INIT(V_CCOPT, V_INCLS)
AC_PROG_INSTALL
AC_CHECK_HEADERS(fcntl.h memory.h)
AC_REPLACE_FUNCS(strerror)
AC_CHECK_LIB(nsl, main)
AC_CHECK_LIB(socket, main)
AC_LBL_CHECK_TYPE(int32_t, int)
AC_LBL_CHECK_TYPE(u_int32_t, u_int)
AC_LBL_DEVEL(V_CCOPT)
if test -r lbl/gnuc.h ; then
rm -f gnuc.h
ln -s lbl/gnuc.h gnuc.h
fi
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(LIBS)
AC_SUBST(V_CCOPT)
AC_SUBST(V_INCLS)
AC_CONFIG_FILES(Makefile)
AC_OUTPUT
if test -f .devel ; then
make depend
fi
exit 0

519
contrib/nslint-3.0a2/install-sh Executable file
View File

@ -0,0 +1,519 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2006-12-25.00
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call `install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
trap '(exit $?); exit' 1 2 13 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names starting with `-'.
case $src in
-*) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# Protect names starting with `-'.
case $dst in
-*) dst=./$dst;;
esac
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writeable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
-*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test -z "$d" && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:

10
contrib/nslint-2.1a3/lbl/gnuc.h → contrib/nslint-3.0a2/lbl/gnuc.h
View File

@ -1,4 +1,4 @@
/* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/gnuc.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) */
/* @(#) $Id: gnuc.h,v 1.4 2006/04/30 03:58:45 leres Exp $ (LBL) */
/* Define __P() macro, if necessary */
#ifndef __P
@ -21,12 +21,18 @@
*
* For example:
*
* __dead void foo(void) __attribute__((volatile));
* __dead void foo(void) __attribute__((noreturn));
*
*/
#ifdef __GNUC__
#ifndef __dead
#if __GNUC__ >= 4
#define __dead
#define noreturn __noreturn__
#else
#define __dead volatile
#define noreturn volatile
#endif
#endif
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
#ifndef __attribute__

0
contrib/nslint-2.1a3/mkdep → contrib/nslint-3.0a2/mkdep Normal file → Executable file
View File

148
contrib/nslint-2.1a3/nslint.8 → contrib/nslint-3.0a2/nslint.8
View File

@ -1,6 +1,6 @@
.\" @(#) $Id: nslint.8,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL)
.\" @(#) $Id: nslint.8 238 2009-03-14 05:43:37Z leres $ (LBL)
.\"
.\" Copyright (c) 1994, 1996, 1997, 1999, 2001
.\" Copyright (c) 1994, 1996, 1997, 1999, 2001, 2002, 2009
.\" The Regents of the University of California. All rights reserved.
.\" All rights reserved.
.\"
@ -20,7 +20,7 @@
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.TH nslint 8 "20 March 2001"
.TH nslint 8 "2 May 2002"
.UC 4
.SH NAME
nslint - perform consistency checks on dns files
@ -29,23 +29,23 @@ nslint - perform consistency checks on dns files
[
.B -d
] [
.B -b
.I named.boot
] [
.B -B
.I nslint.boot
]
.br
.B nslint
[
.B -d
] [
.B -c
.I named.conf
] [
.B -C
.I nslint.conf
]
.br
.B nslint
[
.B -d
] [
.B -b
.I named.boot
] [
.B -B
.I nslint.boot
]
.SH DESCRIPTION
.B Nslint
reads the nameserver configuration files and performs a number of
@ -56,7 +56,7 @@ and
.B nslint
exits with a non-zero status.
.LP
Here is a short list of errors
Here is a partial list of errors
.B nslint
detects:
.IP
@ -93,7 +93,7 @@ Unknown service and/or protocol keywords in
.B WKS
records.
.IP
Missing quotes.
Missing semicolons and quotes.
.LP
.SH OPTIONS
.TP
@ -150,25 +150,31 @@ displayed on
.IR stdout .
.LP
.B Nslint
knows how to read old style
.I named.boot
and BIND 8's new
knows how to read
BIND 8 and 9's
.I named.conf
files. If both files exist,
configuration file and also
older BIND's
.I named.boot
file. If both files exist,
.B nslint
will prefer
.I named.conf
(on the theory that you forgot to delete
.I named.boot
when you upgraded to BIND 8).
when you upgraded BIND).
.LP
.SH "ADVANCED CONFIGURATION"
There are some cases where it is necessary to use the
advanced configuration features of
.BR nslint .
Advanced configuration is done with the
.I nslint.conf
file. (You can also use
.I nslint.boot
file.
which has a syntax similar to
.I named.boot
but is not described here.)
.LP
The most common is when a site has a demilitarized zone (DMZ).
The problem here is that the DMZ network will have
@ -198,14 +204,19 @@ but we will get errors because there is no
record defined for
.IR gateway.es.net .
The solution is to create a
.I nslint.boot
.I nslint.conf
file (in the same directory as the other dns files)
with:
.LP
.RS
.nf
.sp .5
primary es.net nslint.es.net
zone "es.net" {
.RS
type master;
file "nslint.es.net";
.RE
};
.sp .5
.fi
.RE
@ -242,7 +253,12 @@ In this case we would need:
.RS
.nf
.sp .5
primary es.net nslint.es.net
zone "es.net" {
.RS
type master;
file "nslint.es.net";
.RE
};
.sp .5
.fi
.RE
@ -292,14 +308,25 @@ To suppress these warnings, add you would the lines:
.RS
.nf
.sp .5
primary lbl.gov nslint.lbl.gov
primary 0.128.in-addr.arpa nslint.128.0.rev
zone "lbl.gov" {
.RS
type master;
file "nslint.lbl.gov";
.RE
};
.LP
zone "0.128.in-addr.arpa" {
.RS
type master;
file "nslint.128.0.rev";
.RE
};
.sp .5
.fi
.RE
.LP
to
.I nslint.boot
.I nslint.conf
and create
.I nslint.lbl.gov
with:
@ -340,7 +367,7 @@ to be shared by
and
.IR jerry.lbl.gov .
.LP
One last
Another
.B nslint
feature helps detect hosts that have mistakenly had two ip addresses
assigned on the same subnet. This can happen when two different
@ -361,6 +388,19 @@ containing something similar to:
nslint {
.RS
network "128.0.6/22";
.RE
};
.sp .5
.fi
.RE
.LP
or:
.LP
.RS
.nf
.sp .5
nslint {
.RS
network "128.0.6 255.255.252.0";
.RE
};
@ -368,26 +408,11 @@ network "128.0.6 255.255.252.0";
.fi
.RE
.LP
The two network lines in this example are equivalent ways of saying the same
thing; that subnet
These two examples are are equivalent ways of saying the same thing;
that subnet
.I 128.0.6
has a 22 bit wide subnet mask.
.LP
If you are using
.IR nslint.boot ,
the syntax would be:
.LP
.RS
.nf
.sp .5
network 128.0.6/22
network 128.0.6 255.255.252.0
.sp .5
.fi
.RE
.LP
Again this shows two ways of saying the same thing.
.LP
Using information from the above
.B network
statement,
@ -409,21 +434,42 @@ Note that if you specify any
.B network
lines in your
.I nslint.conf
or
.I nslint.boot
files,
file,
.B nslint
requires you to include lines for all networks;
otherwise you might forget to add
.B network
lines for new networks.
.LP
Sometimes you have a zone that
.B nslint
just can't deal with. A good example is
a dynamic dns zone. To handle this, you can
add the following to
.IB nslint.com :
.LP
.RS
.nf
.sp .5
nslint {
.RS
ignorezone "dhcp.lbl.gov";
.RE
};
.sp .5
.fi
.RE
.LP
This will suppress "name referenced without other records" warnings.
.LP
.SH FILES
.na
.nh
.nf
/etc/named.boot - default named configuration file
nslint.boot - default nslint configuration file
/etc/named.conf - default named configuration file
/etc/named.boot - old style named configuration file
nslint.conf - default nslint configuration file
nslint.boot - old style nslint configuration file
.ad
.hy
.fi

2644
contrib/nslint-2.1a3/nslint.c → contrib/nslint-3.0a2/nslint.c
View File

File diff suppressed because it is too large Load Diff

5
contrib/nslint-2.1a3/savestr.c → contrib/nslint-3.0a2/savestr.c
View File

@ -21,14 +21,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.c,v 1.1 2001/12/21 04:12:04 marka Exp $ (LBL)";
"@(#) $Id: savestr.c,v 1.2 2006/03/09 02:27:11 leres Exp $ (LBL)";
#endif
#include <sys/types.h>
#ifdef HAVE_MALLOC_H
#include <malloc.h>
#endif
#include <stdio.h>
#include <stdlib.h>

2
contrib/nslint-2.1a3/savestr.h → contrib/nslint-3.0a2/savestr.h
View File

@ -18,7 +18,7 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL)
* @(#) $Header: savestr.h,v 1.1 97/04/22 13:30:21 leres Exp $ (LBL)
*/
extern char *savestr(const char *);

0
contrib/nslint-2.1a3/strerror.c → contrib/nslint-3.0a2/strerror.c
View File

3
contrib/nslint-3.0a2/version.h Normal file
View File

@ -0,0 +1,3 @@
/* @(#) $Id: version.h 239 2009-03-14 05:44:54Z leres $ (LBL) */
extern const char version[];

1
contrib/pkcs11-keygen/README
View File

@ -1 +0,0 @@
Moved to ${top}/bin/pkcs11

0
contrib/.gitignore → contrib/scripts/.gitignore vendored
View File

0
contrib/check-secure-delegation.pl.in → contrib/scripts/check-secure-delegation.pl.in
View File

0
contrib/check5011.pl → contrib/scripts/check5011.pl
View File

0
contrib/named-bootconf/named-bootconf.sh → contrib/scripts/named-bootconf.sh
View File

0
contrib/nanny/nanny.pl → contrib/scripts/nanny.pl
View File

0
contrib/zone-edit.sh.in → contrib/scripts/zone-edit.sh.in
View File

75
contrib/zkt/CHANGELOG → contrib/zkt-1.1.2/CHANGELOG
View File

@ -1,17 +1,82 @@
zkt 1.1.2 -- 05. Dec 2012
* bug Fixed bug introduced by changes on inc_soa_serial()
zkt 1.1.1 -- 27. Nov 2012
* bug Error fixed in zkt-conf in parsing the version number
* misc inc_soa_serial() now returns 0 on success
* bug Fixed bug in inc_serial()
The zone file wasn't closed on succesful change of the soa record.
Many thanks to Frederik Soderblom for fixing this.
zkt 1.1 -- 30. Jan 2012
* misc Release numbering changed to three level "major.minor.revison" scheme
* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
* doc Improved README file (Thanks to Jan-Piet Mens)
* misc Fixed some typos in log messages
* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
Default KSK lifetime changed from 1 year to 2 years
Parameter checks in checkconfig() adapted.
KSK random device changed back from /dev/urandom to BIND default
(Be aware of some possibly long delay in key generation)
* func New configure option to set the bind utility path manually (--enable-bindutil_path)
BIND_UTIL_PATH in config_zkt.h will no longer used
(Thanks to Mans Nilsson)
* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
(Thanks to Holger Wirtz)
* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
* func Description added to (some of the) dnssec.conf parameters
* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
* misc Config file syntax changed to parameter names without underscores.
zkt-conf uses ZKT_VERSION string as config version
* bug "make install-man" now installs all man page
* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already
included dnskey.db file if another file was included.
* misc destination dnssec-zkt removed from Makefile.in
* func dki_prt_managedkeys() added to dki.c
zkt_list_managedkeys() added to zkt.c
zkt-ls has new option -M to print out a list of managed-keys
* bug Bug fixed in the config parser (zconf.c). Couldn't parse
agorithm RSASHA512 correctly (Thanks to Michael Sinatra)
zkt 1.0 -- 15. June 2010
* feat "/dev/urandom" check added to checkconfig()
* func "/dev/urandom" check added to checkconfig()
* feat Config compability switch (-C) added to zkt-conf
* func Config compability switch (-C) added to zkt-conf
* feat zkt-ls has a new switch -s to change sorting of domains from
* func zkt-ls has a new switch -s to change sorting of domains from
subdomain before parent to subdomain below the parent
* feat "zkt-ls -T" prints only parent trust anchor
* func "zkt-ls -T" prints only parent trust anchor
zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) )
* feat Several config parameter are printed now in a more consistent and
* func Several config parameter are printed now in a more consistent and
user friendly form.
SerialFormat "Incremental" could be abbreviated as "inc" on input.

0
contrib/zkt/LICENSE → contrib/zkt-1.1.2/LICENSE
View File

39
contrib/zkt/Makefile.in → contrib/zkt-1.1.2/Makefile.in
View File

@ -55,30 +55,25 @@ OBJ_LS = $(SRC_LS:.c=.o) $(OBJ_KLS)
MAN_LS = zkt-ls.8
PROG_LS= zkt-ls
SRC_ZKT = dnssec-zkt.c strlist.c zkt.c tcap.c
OBJ_ZKT = $(SRC_ZKT:.c=.o)
MAN_ZKT = dnssec-zkt.8
PROG_ZKT= dnssec-zkt
SRC_SER = zkt-soaserial.c
OBJ_SER = $(SRC_SER:.c=.o)
#MAN_SER = zkt-soaserial.8
PROG_SER= zkt-soaserial
SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_LS) $(SRC_SER) $(SRC_KEY)
SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_LS) $(SRC_SER) $(SRC_KEY)
OBJ_PRG = $(SRC_PRG:.c=.o)
PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SER) $(PROG_KEY)
PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_LS) $(PROG_SER) $(PROG_KEY)
MAN_ALL = $(MAN_ZKT) $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY)
MAN_ALL = $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY)
OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \
configure examples
SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_KLS) \
configure distribute.sh examples
SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KLS) \
$(SRC_LS) $(SRC_KEY) $(SRC_SER) $(OTHER) \
man configure.ac config.h.in doc
#MNTSAVE = $(SAVE) configure.ac config.h.in doc
all: $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY)
all: $(PROG_CNF) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY)
macos: ## for MAC OS (depreciated)
macos:
@ -94,7 +89,6 @@ linux:
$(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG)
ln -f $(PROG_SIG) dnssec-signer
$(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(OBJ_CNF) $(OBJ_ALL) -o $(PROG_CNF)
@ -102,9 +96,6 @@ $(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile
$(PROG_KEY): $(OBJ_KEY) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_KEY) $(OBJ_ALL) -o $(PROG_KEY)
$(PROG_ZKT): $(OBJ_ZKT) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT)
$(PROG_LS): $(OBJ_LS) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_LS) $(OBJ_ALL) -o $(PROG_LS)
@ -114,12 +105,12 @@ $(PROG_SER): $(OBJ_SER) Makefile
install: ## install binaries in prefix/bin
install: $(PROG_PRG)
test -d $(prefix)/bin || mkdir -p $(prefix)/bin
cp dnssec-signer $(PROG_PRG) $(prefix)/bin/
cp $(PROG_PRG) $(prefix)/bin/
install-man: ## install man pages in mandir
install-man:
test -d $(mandir)/man8/ || mkdir -p $(mandir)/man8/
cp -p man/$(MAN_ZKT) man/$(MAN_SIG) $(mandir)/man8/
cp -p man/$(MAN_LS) man/$(MAN_SIG) man/$(MAN_KEY) man/$(MAN_CNF) $(mandir)/man8/
@ -182,7 +173,7 @@ help:
## all dependicies
#:r !make depend
#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c dnssec-zkt.c strlist.c zkt.c tcap.c zkt-ls.c strlist.c zkt.c tcap.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c
#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c zkt-ls.c zkt-soaserial.c zkt-keyman.c dki.c misc.c domaincmp.c zconf.c log.c
zkt-signer.o: zkt-signer.c config.h config_zkt.h zconf.h debug.h misc.h \
ncparse.h nscomm.h zone.h dki.h log.h soaserial.h rollover.h
zone.o: zone.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
@ -198,19 +189,11 @@ zkt-conf.o: zkt-conf.c config.h config_zkt.h debug.h misc.h zconf.h \
zfparse.h
zfparse.o: zfparse.c config.h config_zkt.h zconf.h log.h debug.h \
zfparse.h
dnssec-zkt.o: dnssec-zkt.c config.h config_zkt.h debug.h misc.h zconf.h \
strlist.h dki.h zkt.h
strlist.o: strlist.c strlist.h
zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \
domaincmp.h tcap.h zkt.h
tcap.o: tcap.c config.h config_zkt.h tcap.h
zkt-ls.o: zkt-ls.c config.h config_zkt.h debug.h misc.h zconf.h strlist.h \
dki.h tcap.h zkt.h
strlist.o: strlist.c strlist.h
zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \
domaincmp.h tcap.h zkt.h
tcap.o: tcap.c config.h config_zkt.h tcap.h
zkt-soaserial.o: zkt-soaserial.c config.h config_zkt.h
zkt-keyman.o: zkt-keyman.c config.h config_zkt.h debug.h misc.h zconf.h \
strlist.h dki.h zkt.h
dki.o: dki.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
dki.h
misc.o: misc.c config.h config_zkt.h zconf.h log.h debug.h misc.h

22
contrib/zkt/README → contrib/zkt-1.1.2/README
View File

@ -1,7 +1,7 @@
#
# README dnssec zone key tool
#
# (c) March 2005 - Aug 2009 by Holger Zuleger hznet
# (c) March 2005 - Aug 2010 by Holger Zuleger hznet
# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) zconf.c by Jeroen Masar & Holger Zuleger
#
@ -16,13 +16,13 @@ The ZKT software is licenced under BSD (see LICENCE file)
To build the software:
a) Get the current version of zkt
$ wget http://www.hznet.de/dns/zkt/zkt-1.0.tar.gz
$ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz
b) Unpack
$ tar xzvf zkt-1.0.tar.gz
$ tar xzvf zkt-1.1.tar.gz
c) Change to source directory
$ cd zkt-1.0
$ cd zkt-1.1
d) Run configure script
$ ./configure
@ -45,8 +45,20 @@ b) (optional) Change default parameters
$ zkt-conf -s -O "Zonedir: /var/named/zones" -w
or use your prefered editor
$ vi /var/named/dnssec.conf
(optional) You'll probably want to have zkt-ls work recursively
$ zkt-conf -s -O "Recursive: True" -w
c) Prepare one of your zone for zkt
$ cd /var/name/zones/net/example.net # change dir to zone directory
$ cd /var/named/zones/net/example.net # change dir to zone directory
$ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db"
$ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file
d) Prepare for initial signing
$ cd /var/named/zones/net/example.net
$ touch zone.db.signed
$ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name)
e) Publish your zone
@ add `zone.db.signed' as zone file to your name server
@ publish DS contained in `dsset-example.net.' at your zone's parent

6
contrib/zkt/README.logging → contrib/zkt-1.1.2/README.logging
View File

@ -65,10 +65,8 @@ Current logging messages:
Key rollover events
KSK key generation and revoking
Zone reload resp. freeze/thaw of dynamic zone
LG_INFO: Currently none
planned:
Mesages for key generation and key status change
(e.g.: pre-publish -> activate; revoked -> removed etc.)
LG_INFO:
Messages for key generation/removal and ksk rollover
LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages
Some recomended and useful logging settings

22
contrib/zkt/TODO → contrib/zkt-1.1.2/TODO
View File

@ -1,15 +1,10 @@
TODO list as of zkt-0.99
TODO list as of zkt-1.1
general:
Renaming to zkt-? and split of the functions of dnssec-zkt to
separate commands
Fixed in zkt-1.0 (zkt-conf command)
dnssec-zkt:
zkt-ls:
feat option to specify the key age as remaining lifetime
(Option -i inverse age ?).
dnssec-signer:
zkt-signer:
bug Distribute_Cmd wouldn't work properly on dynamic zones
(missing freeze, thaw; copy Keyfiles instead of signed zone file)
@ -26,18 +21,9 @@ dnssec-signer:
data in the hosted domain.
In other words: It's highly recommended to use the
option -r when you use zkt-signer on a production zone.
Then the time of propagation is (more or less) equal to the timestamp
Than the time of propagation is (more or less) equal to the timestamp
of the zone.db.signed file.
bug The max_TTL parameter should be set to the value found
in the zone. A mechanism for setting up a dnssec.conf file
for the zone specific TTL values is needed.
Fixed in zkt-1.0 (zkt-conf command)
zkt-conf:
port Option -C (compability) to create older config files
misc Change syntax of config parameters to a more uniq form (e.g. no "_" char)
zkt-rollover:
feat New command to roll keys independent of zone signing
(Usefull for dynamic zones managed by BIND9.7)

0
contrib/zkt/config.h.in → contrib/zkt-1.1.2/config.h.in
View File

19
contrib/zkt/config_zkt.h → contrib/zkt-1.1.2/config_zkt.h
View File

@ -80,6 +80,10 @@
# define ALWAYS_CHECK_KEYSETFILES 1
#endif
#ifndef ALLOW_ALWAYS_PREPUBLISH_ZSK
# define ALLOW_ALWAYS_PREPUBLISH_ZSK 1
#endif
#ifndef CONFIG_PATH
# define CONFIG_PATH "/var/named/"
#endif
@ -89,20 +93,19 @@
# define USE_TREE 1
#endif
/* BIND version and utility path will be set by ./configure script */
#ifndef BIND_VERSION
# define BIND_VERSION 942
#endif
/* BIND version and utility path *must* be set by ./configure script */
#ifndef BIND_UTIL_PATH
# define BIND_UTIL_PATH "/usr/local/sbin/"
# error ("BIND_UTIL_PATH not set. Please run configure with --enable-bind_util_path=");
#endif
#ifndef BIND_VERSION
# define BIND_VERSION 970
#endif
#ifndef ZKT_VERSION
# if defined(USE_TREE) && USE_TREE
# define ZKT_VERSION "vT0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de"
# define ZKT_VERSION "vT1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de"
# else
# define ZKT_VERSION "v0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de"
# define ZKT_VERSION "v1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de"
# endif
#endif

69
contrib/zkt/configure → contrib/zkt-1.1.2/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for ZKT 1.0.
# Generated by GNU Autoconf 2.61 for ZKT 1.1.2.
#
# Report bugs to <Holger Zuleger hznet.de>.
#
@ -574,8 +574,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='ZKT'
PACKAGE_TARNAME='zkt'
PACKAGE_VERSION='1.0'
PACKAGE_STRING='ZKT 1.0'
PACKAGE_VERSION='1.1.2'
PACKAGE_STRING='ZKT 1.1.2'
PACKAGE_BUGREPORT='Holger Zuleger hznet.de'
ac_unique_file="zkt-signer.c"
@ -1179,7 +1179,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ZKT 1.0 to adapt to many kinds of systems.
\`configure' configures ZKT 1.1.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1240,13 +1240,16 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ZKT 1.0:";;
short | recursive ) echo "Configuration of ZKT 1.1.2:";;
esac
cat <<\_ACEOF
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-bind_util_path=PATH
Define path to BIND utilities, default is path to
dnssec-signzone
--disable-color-mode zkt without colors
--enable-print-timezone print out timezone
--enable-print-age print age with year
@ -1339,7 +1342,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ZKT configure 1.0
ZKT configure 1.1.2
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1353,7 +1356,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ZKT $as_me 1.0, which was
It was created by ZKT $as_me 1.1.2, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@ -2639,7 +2642,25 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
### find out the path to BIND utils and version
# Extract the first word of "dnssec-signzone", so it can be a program name with args.
# Check whether --enable-bind_util_path was given.
if test "${enable_bind_util_path+set}" = set; then
enableval=$enable_bind_util_path; bind_util_path=$enableval
fi
if test -n "$bind_util_path"
then
if test -x "$bind_util_path/dnssec-signzone"
then
{ echo "$as_me:$LINENO: BIND utilities path successfully set to $bind_util_path." >&5
echo "$as_me: BIND utilities path successfully set to $bind_util_path." >&6;}
SIGNZONE_PROG=$bind_util_path/dnssec-signzone
else
{ { echo "$as_me:$LINENO: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&5
echo "$as_me: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&2;}
{ (exit 1); exit 1; }; }
fi
else
# Extract the first word of "dnssec-signzone", so it can be a program name with args.
set dummy dnssec-signzone; ac_word=$2
{ echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
@ -2679,25 +2700,32 @@ echo "${ECHO_T}no" >&6; }
fi
if test -z "$SIGNZONE_PROG" ; then
{ echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5
echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;}
else
bind_util_path=`dirname "$SIGNZONE_PROG"`
# define BIND_UTIL_PATH in config.h.in
if test -n "$SIGNZONE_PROG"
then
bind_util_path=`dirname "$SIGNZONE_PROG"`
{ echo "$as_me:$LINENO: BIND utilities path automatically set to $bind_util_path." >&5
echo "$as_me: BIND utilities path automatically set to $bind_util_path." >&6;}
else
{ { echo "$as_me:$LINENO: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&5
echo "$as_me: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&2;}
{ (exit 1); exit 1; }; }
fi
fi
### By now, we have a path. We'll use it.
# define BIND_UTIL_PATH in config.h.in
cat >>confdefs.h <<_ACEOF
#define BIND_UTIL_PATH "$bind_util_path/"
_ACEOF
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"`
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"`
cat >>confdefs.h <<_ACEOF
#define BIND_VERSION $bind_version
_ACEOF
fi
ac_ext=c
@ -3713,7 +3741,6 @@ if test "${enable_printyear+set}" = set; then
enableval=$enable_printyear;
fi
test "$printyear" = yes && printyear=1
printyear=0
if test "$enable_printyear" = "yes"; then
printyear=1
@ -3836,7 +3863,7 @@ _ACEOF
cat >>confdefs.h <<_ACEOF
#define ZKT_COPYRIGHT "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de"
#define ZKT_COPYRIGHT "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de"
_ACEOF
@ -6505,7 +6532,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ZKT $as_me 1.0, which was
This file was extended by ZKT $as_me 1.1.2, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -6554,7 +6581,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
ZKT config.status 1.0
ZKT config.status 1.1.2
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

43
contrib/zkt/configure.ac → contrib/zkt-1.1.2/configure.ac
View File

@ -12,13 +12,15 @@
# 2008-10-01 if BIND_UTIL_PATH check failed, use config_zkt.h setting as last resort
# 2009-07-30 check for timegm() added
# 2009-12-02 the tr command in bind_version= didn't work well under solaris
# 2010-10-14 new option to specify BIND_UTIL_PATH on command line (thanks to Mans Nilsson)
# No build in default BIND_UTIL_PATH used anymore
#
dnl AC_PREREQ(2.59)
### Package name and current version
AC_INIT(ZKT, 1.0, Holger Zuleger hznet.de)
dnl AC_REVISION($Revision: 1.2 $)
AC_INIT(ZKT, 1.1.2, Holger Zuleger hznet.de)
dnl AC_REVISION($Revision: 1.397 $)
### Files to test to check if src dir contains the package
AC_CONFIG_SRCDIR([zkt-signer.c])
@ -29,17 +31,33 @@ AC_CONFIG_HEADER([config.h])
AC_PROG_CC
### find out the path to BIND utils and version
AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone)
if test -z "$SIGNZONE_PROG" ; then
AC_MSG_WARN([*** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***])
AC_ARG_ENABLE([bind_util_path], AS_HELP_STRING( [--enable-bind_util_path=PATH], [Define path to BIND utilities, default is path to dnssec-signzone]), [bind_util_path=$enableval])
if test -n "$bind_util_path"
then
if test -x "$bind_util_path/dnssec-signzone"
then
AC_MSG_NOTICE([BIND utilities path successfully set to $bind_util_path.])
SIGNZONE_PROG=$bind_util_path/dnssec-signzone
else
AC_MSG_ERROR([*** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***])
fi
else
bind_util_path=`dirname "$SIGNZONE_PROG"`
# define BIND_UTIL_PATH in config.h.in
AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities)
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"`
AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots)
AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone)
if test -n "$SIGNZONE_PROG"
then
bind_util_path=`dirname "$SIGNZONE_PROG"`
AC_MSG_NOTICE([BIND utilities path automatically set to $bind_util_path.])
else
AC_MSG_ERROR([*** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***])
fi
fi
### By now, we have a path. We'll use it.
# define BIND_UTIL_PATH in config.h.in
AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities)
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"`
AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots)
AC_CHECK_TYPE(uint, unsigned int)
AC_CHECK_TYPE(ulong, unsigned long)
@ -68,7 +86,6 @@ AS_IF([test "$enable_printtimezone" = "yes"], [printtimezone=1])
AC_DEFINE_UNQUOTED(PRINT_TIMEZONE, $printtimezone, print out timezone)
AC_ARG_ENABLE([printyear], AS_HELP_STRING( [--enable-print-age], [print age with year]))
test "$printyear" = yes && printyear=1
printyear=0
AS_IF([test "$enable_printyear" = "yes"], [printyear=1])
AC_DEFINE_UNQUOTED(PRINT_AGE_WITH_YEAR, $printyear, print age with year)
@ -123,7 +140,7 @@ fi
AC_DEFINE_UNQUOTED(USE_TREE, $usetree, Use TREE data structure for dnssec-zkt)
AC_DEFINE_UNQUOTED(ZKT_VERSION, "$t$PACKAGE_VERSION", ZKT version string)
AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de", ZKT copyright string)
AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de", ZKT copyright string)
### Checks for libraries.

0
contrib/zkt/debug.h → contrib/zkt-1.1.2/debug.h
View File

82
contrib/zkt-1.1.2/distribute.sh Executable file
View File

@ -0,0 +1,82 @@
#################################################################
#
# @(#) distribute.sh -- distribute and reload command for dnssec-signer
#
# (c) Jul 2008 Holger Zuleger hznet.de
#
# Feb 2010 action "distkeys" added but currently not used
#
# This shell script will be run by zkt-signer as a distribution
# and reload command if:
#
# a) the dnssec.conf file parameter Distribute_Cmd: points
# to this file
# and
# b) the user running the zkt-signer command is not
# root (uid==0)
# and
# c) the owner of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the owner
# or
# d) the group of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the group
#
#################################################################
# set path to rndc and scp
PATH="/bin:/usr/bin:/usr/local/sbin"
# remote server and directory
server=localhost # fqdn of remote name server
dir=/var/named # zone directory on remote name server
progname=$0
usage()
{
echo "usage: $progname distkeys|distribute|reload <zone> <path_to_zonefile> [<viewname>]" 1>&2
test $# -gt 0 && echo $* 1>&2
exit 1
}
if test $# -lt 3
then
usage
fi
action="$1"
zone="$2"
zonefile="$3"
view=""
test $# -gt 3 && view="$4"
case $action in
distkeys)
if test -n "$view"
then
: echo "scp K$zone+* $server:$dir/$view/$zone/"
scp K$zone+* $server:$dir/$view/$zone/
else
: echo "scp K$zone+* $server:$dir/$zone/"
scp K$zone+* $server:$dir/$zone/
fi
;;
distribute)
if test -n "$view"
then
: echo "scp $zonefile $server:$dir/$view/$zone/"
scp $zonefile $server:$dir/$view/$zone/
else
: echo "scp $zonefile $server:$dir/$zone/"
scp $zonefile $server:$dir/$zone/
fi
;;
reload)
: echo "rndc $action $zone $view"
rndc $action $zone $view
;;
*)
usage "illegal action $action"
;;
esac

33
contrib/zkt/dki.c → contrib/zkt-1.1.2/dki.c
View File

@ -789,6 +789,39 @@ int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)
return len;
}
/*****************************************************************
** dki_prt_managedkey ()
*****************************************************************/
int dki_prt_managedkey (const dki_t *dkp, FILE *fp)
{
char *p;
int spaces;
int len = 0;
if ( dkp == NULL )
return len;
len += fprintf (fp, "\"%s\" ", dkp->name);
spaces = 22 - (strlen (dkp->name) + 3);
len += fprintf (fp, "initial-key ");
spaces -= 13;
len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " ");
len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
if ( spaces < 0 )
len += fprintf (fp, "\n\t\t\t%7s", " ");
len += fprintf (fp, "\"");
for ( p = dkp->pubkey; *p ; p++ )
if ( *p == ' ' )
len += fprintf (fp, "\n\t\t\t\t");
else
putc (*p, fp), len += 1;
if ( dki_isrevoked (dkp) )
len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag);
else
len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag);
return len;
}
/*****************************************************************
** dki_cmp () return <0 | 0 | >0

1
contrib/zkt/dki.h → contrib/zkt-1.1.2/dki.h
View File

@ -151,6 +151,7 @@ extern int dki_allcmp (const dki_t *a, const dki_t *b);
extern dki_t *dki_read (const char *dir, const char *fname);
extern int dki_readdir (const char *dir, dki_t **listp, int recursive);
extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp);
extern int dki_prt_managedkey (const dki_t *dkp, FILE *fp);
extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp);
extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl);
extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp);

0
contrib/zkt/doc/KeyRollover.ms → contrib/zkt-1.1.2/doc/KeyRollover.ms
View File

304
contrib/zkt-1.1.2/doc/KeyRollover.ps Normal file
View File

@ -0,0 +1,304 @@
%!PS-Adobe-3.0
%%Creator: groff version 1.19.2
%%CreationDate: Mon Jul 14 23:23:30 2008
%%DocumentNeededResources: font Times-Bold
%%+ font Times-Roman
%%+ font Courier
%%+ font Symbol
%%DocumentSuppliedResources: procset grops 1.19 2
%%Pages: 1
%%PageOrder: Ascend
%%DocumentMedia: Default 595 842 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginResource: procset grops 1.19 2
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
}bind def
/PEND{
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Bold
%%IncludeResource: font Times-Roman
%%IncludeResource: font Courier
%%IncludeResource: font Symbol
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
/Times-Bold@0 ENC0/Times-Bold RE
%%EndSetup
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Bold@0 SF 2.5(1. DNS)72 84 R -.25(Ke)2.5 G 2.5(yS).25 G
(tatus T)-2.5 E(ypes and Filenames)-.74 E -.25(Ke)189.22 105.6 S 63.235
(yF).25 G 40.415(ilename used)-63.235 F -.25(fo)2.5 G 29.33(rd).25 G
(nssec-zkt)-29.33 E -.74(Ty)168.35 117.6 S 12.5(pe Flags).74 F 23.57
(public pri)16.95 F -.1(va)-.1 G 21.62(te signing?).1 F(label)40.72 E
(Status)99.34 111.6 Q .4 LW 473.8 122.1 72 122.1 DL/F1 10/Times-Roman@0
SF(acti)72 131.6 Q 70.67 -.15(ve Z)-.25 H 18.43(SK 256).15 F(.k)18.89 E
26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F/F2 10
/Courier@0 SF(act ive)30.285 E F1 17.32(KSK 257)168.35 143.6 R(.k)18.89
E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F F2
(act ive)30.285 E F1 54.96(published ZSK)72 158 R 16.39(256 .k)20.93 F
26.69 -.15(ey .)-.1 H 34.985(published n).15 F F2(pub lished)30.285 E F1
17.32(KSK 257)168.35 170 R(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E
-.25(va)-.25 G 46.605(te n).25 F F2(sta ndby)30.285 E F1
(depreciated \(retired\))72 184.4 Q 18.43(ZSK 256)15 F(.k)18.89 E 26.69
-.15(ey .)-.1 H 27.785(depreciated n).15 F F2(dep reciated)30.285 E F1
(re)72 198.8 Q -.2(vo)-.25 G -.1(ke).2 G 64.69(dK).1 G 17.32(SK 385)
-64.69 F(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G
46.605(te y).25 F F2(rev oked)30.285 E F1(remo)72 213.2 Q -.15(ve)-.15 G
61.66(dK).15 G 17.32(SK 257)-61.66 F(k*.k)18.89 E 16.69 -.15(ey k)-.1 H
(*.pri).15 E -.25(va)-.25 G 36.605(te n).25 F F2(-)30.285 E F1 80.52
(sep KSK)72 227.6 R 16.39(257 .k)19.82 F 26.69 -.15(ey -)-.1 H(n)75.695
E F2(sep)30.285 E 394.3 96.1 394.3 230.1 DL 343.73 96.1 343.73 230.1 DL
280.14 108.1 280.14 230.1 DL 234.56 96.1 234.56 230.1 DL 196.78 108.1
196.78 230.1 DL 160.85 96.1 160.85 230.1 DL F0 2.5(2. K)72 257.6 R(ey r)
-.25 E(ollo)-.18 E -.1(ve)-.1 G(r).1 E 2.5(2.1. Zone)72 285.2 R
(signing k)2.5 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G(pr)
-2.5 E(e-publish RFC4641\))-.18 E 57.47(action cr)75.34 306.8 R 27.035
(eate change)-.18 F -.18(re)23.045 G(mo).18 E -.1(ve)-.1 G -.1(ke)72
318.8 S 65.025(ys newk).1 F 24.395(ey sig)-.1 F -.1(ke)2.5 G 23.775(yo)
.1 G(ld k)-23.775 E(ey)-.1 E 301.18 323.3 72 323.3 DL F1 23.62
(zsk1 acti)72 332.8 R 12.8 -.15(ve a)-.25 H(cti).15 E 28.21 -.15(ve d)
-.25 H(epreciated).15 E 62.1(zsk2 published)72 344.8 R(acti)15 E 35.41
-.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G 12.5(RRSIG zsk1)72 360.4 R
33.06(zsk1 zsk2)20.15 F(zsk2)42.76 E 262.41 297.3 262.41 362.9 DL 201.32
297.3 201.32 362.9 DL 147.43 297.3 147.43 362.9 DL 108.95 309.3 108.95
362.9 DL F0 2.5(2.2. K)72 390.4 R(ey signing k)-.25 E(ey r)-.1 E(ollo)
-.18 E -.1(ve)-.1 G 2.5(r\().1 G(double signatur)-2.5 E 2.5(eR)-.18 G
(FC4641\))-2.5 E 58.165(action cr)118.39 412 R 26.63(eate change)-.18 F
-.18(re)21.945 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 424 S 108.77(ys newk).1
F 16.58(ey delegation)-.1 F(old k)15.265 E(ey)-.1 E 343.42 428.5 72
428.5 DL F1(ksk)72 438 Q(1)5 I(acti)68.61 -5 M 12.8 -.15(ve a)-.25 H
(cti).15 E 29.6 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 450 Q
(2)5 I(acti)107.09 -5 M 29.6 -.15(ve a)-.25 H(cti).15 E 33.21 -.15(ve a)
-.25 H(cti).15 E -.15(ve)-.25 G(DNSKEY RRSIG)72 465.6 Q 17.09
(ksk1 ksk1,ksk2)15 F 16.11(ksk1,ksk2 ksk2)15 F(DS at parent)72 481.2 Q
(DS)37.51 E(1)5 I(DS)20.7 -5 M(1)5 I(DS)37.5 -5 M(2)5 I(DS)41.11 -5 M(2)
5 I 304.65 402.5 304.65 483.7 DL 245.76 402.5 245.76 483.7 DL 190.48
402.5 190.48 483.7 DL 152 414.5 152 483.7 DL F0 2.5(2.3. K)72 511.2 R
(ey signing k)-.25 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G
(rfc5011\))-2.5 E 63.465(action newk)118.39 532.8 R 19.855(ey change)-.1
F(delegation)2.5 E -.1(ke)72 544.8 S 112.32(ys &).1 F -.18(ro)2.5 G(llo)
.18 E -.1(ve)-.1 G 15.525(r&).1 G -.18(re)-13.025 G(mo).18 E .2 -.1
(ve o)-.1 H(ld k).1 E(ey)-.1 E 341.33 549.3 72 549.3 DL F1(ksk)72 558.8
Q(1)5 I(acti)68.61 -5 M 20.43 -.15(ve r)-.25 H -2.2 -.25(ev o).15 H -.1
(ke).25 G<87>.1 -2.4 M(ksk)72 570.8 Q(2)5 I 12.5(standby acti)68.61 -5 N
33.65 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 582.8 Q(3)5 I
(standby)114.72 -5 M<88>-2.4 I(standby)23.22 2.4 M(DNSKEY RRSIG)72 598.4
Q 24.72(ksk1 ksk1,ksk2)15 F(ksk2)19.05 E -.15(Pa)72 614 S(rent DS).15 E
(DS)46.82 E(1)5 I(DS)28.33 -5 M(1)5 I(DS)41.55 -5 M(2)5 I(DS)159.5 626 Q
(2)5 I(DS)28.33 -5 M(2)5 I(DS)41.55 -5 M(3)5 I 257.44 523.3 257.44 628.5
DL 198.11 523.3 198.11 628.5 DL 152 535.3 152 628.5 DL<87>72 645.2 Q(Ha)
2.5 2.4 M .3 -.15(ve t)-.2 H 2.5(or).15 G(emain until the remo)-2.5 E .3
-.15(ve h)-.15 H(old-do).15 E(wn time is e)-.25 E
(xpired, which is 30days at a minimum.)-.15 E<88>72 660.8 Q -.4(Wi)2.5
2.4 O(ll be the standby k).4 E .3 -.15(ey a)-.1 H(fter the hold-do).15 E
(wn time is e)-.25 E(xpired)-.15 E(Add holdtime)72 675.2 Q/F3 10/Symbol
SF(=)2.5 E F1(max\(30days, TTL of DNSKEY\))2.5 E 0 Cg EP
%%Trailer
end
%%EOF

616
contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt Normal file
View File

@ -0,0 +1,616 @@
Intended Status: Informational O. Gudmundsson
Network Working Group OGUD Consulting LLC
Internet-Draft J. Ihren
Expires: August 21, 2008 AAB
February 18, 2008
Names of States in the life of a DNSKEY
draft-gudmundsson-life-of-dnskey-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 21, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Gudmundsson & Ihren Expires August 21, 2008 [Page 1]
Internet-Draft DNSSEC Key life stages. February 2008
Abstract
This document recommends a specific terminology to use when
expressing the state that a DNSKEY is in at particular time. This
does not affect how the protocol operates in any way.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. DNSKEY timeline . . . . . . . . . . . . . . . . . . . . . . . 4
3. Life stages of a DNSKEY . . . . . . . . . . . . . . . . . . . 5
3.1. Generated . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Published . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. Pre-Publication . . . . . . . . . . . . . . . . . . . 5
3.2.2. Out-Of-Band Publication . . . . . . . . . . . . . . . 5
3.3. Active . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.4. Retired . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.5. Removed . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.1. Lame . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.2. Stale . . . . . . . . . . . . . . . . . . . . . . . . 6
3.6. Revoked . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Security considerations . . . . . . . . . . . . . . . . . . . 7
5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . . 9
6.2. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 11
Gudmundsson & Ihren Expires August 21, 2008 [Page 2]
Internet-Draft DNSSEC Key life stages. February 2008
1. Introduction
When the editors of this document where comparing their DNSSEC key
management projects they discovered that they where discussing
roughly the same thing but using different terminology.
This document presents a unified terminology to use when describing
the current state of a DNSKEY.
The DNSSEC standards documents ([1], [2] and [3]) do not address the
required states for the key management of a DNSSEC key. The DNSSEC
Operational Practices [4] document does propose that keys be
published before use but uses inconsistent or confusing terms. This
document assumes basic understanding of DNSSEC and key management.
The terms proposed in this document attempt to avoid any confusion
and make the states of keys to be as clear as possible. The terms
used in this document are intended as a operational supplement to the
terms defined in Section 2 of [1].
To large extent this discussion is motivated by Trust anchor keys but
the same terminology can be used for zone signing keys.
Gudmundsson & Ihren Expires August 21, 2008 [Page 3]
Internet-Draft DNSSEC Key life stages. February 2008
2. DNSKEY timeline
The model in this document is that keys progress through a state
machine along a one-way path, keys never move to an earlier states.
GENERATED----------> PUBLISHED ---> ACTIVE ---> RETIRED --> REMOVED
| ^ | | | ^
| | | | v |
+--> Pre-PUBLISHED--+ +--------+---------> REVOKED ---+
DNSKEY time line.
There are few more states that are defined below but these apply only
to the publisher of TA's and the consumer of TA's. Two of these are
sub-sets of the Published state, the other two are error states.
Gudmundsson & Ihren Expires August 21, 2008 [Page 4]
Internet-Draft DNSSEC Key life stages. February 2008
3. Life stages of a DNSKEY
3.1. Generated
Once a key is generated it enters state Generated and stays there
until the next state. While in this state only the owner of the key
is aware of its existence and can prepare for its future use.
3.2. Published
Once the key is added to the DNSKEY set of a zone the key is there
for the world to see, or published. The key needs to remain in this
state for some time to propagate to all validators that have cached
the prior version of the DNSKEY set. In the case of KSK the key
should remain in this state for a longer time as documented in DNSSEC
Timers RFC [5].
3.2.1. Pre-Publication
In certain circumstances a zone owner may want to give out a new
Trust Anchor before exposing the actual public key. In this case the
zone can publish a DS record of the key. This allows others to
configure the trust anchor but will not be able to use the key until
the key is published in the DNSKEY RRset.
3.2.2. Out-Of-Band Publication
In certain circumstances a domain may want to give out a new Trust
Anchor outside DNS to give others a long lead time to configure the
new key as trust anchor. The reason people may want to do this is to
keep the size of the DNSKEY set smaller and only add new trust anchor
just before the key goes into use. One likely use for this is the
DNS "." root key as it does not have a parent that can publish a DS
record for it. The publication mechanism does not matter it can be
any one of web-site, advertisement in Financial Times and other
international publication, e-mail to DNS related mailing lists, etc..
3.3. Active
The key is in ACTIVE state while it is actively signing data in the
zone it resides in. It is one of the the keys that are signing the
zone or parts of the zone.
3.4. Retired
When the key is no longer used for signing the zone it enters state
Retired. In this state there may still be signatures by the key in
cached data from the zone available at recursive servers, but the
Gudmundsson & Ihren Expires August 21, 2008 [Page 5]
Internet-Draft DNSSEC Key life stages. February 2008
authoritative servers for the zone do no longer carry any signatures
generated by the key.
3.5. Removed
Once the key is removed from the DNSKEY RRset it enters the state
Removed. At this point all signatures by the key that may still be
temporarily valid will fail to verify once the validator refreshes
the DNSKEY RRset in its memory.
Therefore "removal" of a key is typically not done until all the
cached signatures have expired. Entering this state too early may
cause number of validators to end up with STALE Trust Anchors.
3.5.1. Lame
A Trust Anchor is Lame if the parent continues to publish DS pointing
to the key after it has been removed from the DNSKEY RRset. A Trust
Anchor is arguably Lame if there are no signatures by a Retired KSK
in the zone.
3.5.2. Stale
A Stale Trust Anchor is an old TA that remains in a validators list
of active key(s) after the key has been removed from the zone's
DNSKEY RRset.
3.6. Revoked
There are times when a zone wants to signal that a particular key
should not be used at all. The mechanism to do this is to set the
REVOKE bit [5]. Any key in any of the while the key is the DNSSKEY
set can be exited to Revoked state. After some time in the Revoke
state the key will be Removed.
Gudmundsson & Ihren Expires August 21, 2008 [Page 6]
Internet-Draft DNSSEC Key life stages. February 2008
4. Security considerations
TBD
Gudmundsson & Ihren Expires August 21, 2008 [Page 7]
Internet-Draft DNSSEC Key life stages. February 2008
5. IANA considerations
This document does not have any IANA actions.
Gudmundsson & Ihren Expires August 21, 2008 [Page 8]
Internet-Draft DNSSEC Key life stages. February 2008
6. References
6.1. Normative References
6.2. Informative References
[1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"DNS Security Introduction and Requirements", RFC 4033,
March 2005.
[2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Resource Records for the DNS Security Extensions", RFC 4034,
March 2005.
[3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Protocol Modifications for the DNS Security Extensions",
RFC 4035, March 2005.
[4] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices",
RFC 4641, September 2006.
[5] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust
Anchors", RFC 5011, September 2007.
Gudmundsson & Ihren Expires August 21, 2008 [Page 9]
Internet-Draft DNSSEC Key life stages. February 2008
Authors' Addresses
Olafur Gudmundsson
OGUD Consulting LLC
3821 Village Park Drive
Chevy Chase, MD 20815
USA
Email: ogud@ogud.com
Johan Ihren
Automatica, AB
Bellmansgatan 30
Stockholm, SE-118 47
Sweden
Email: johani@automatica.se
Gudmundsson & Ihren Expires August 21, 2008 [Page 10]
Internet-Draft DNSSEC Key life stages. February 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Gudmundsson & Ihren Expires August 21, 2008 [Page 11]

2128
contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt Normal file
View File

File diff suppressed because it is too large Load Diff

1963
contrib/zkt-1.1.2/doc/rfc4641.txt Normal file
View File

File diff suppressed because it is too large Load Diff

0
contrib/zkt/doc/rfc5011.txt → contrib/zkt-1.1.2/doc/rfc5011.txt
View File

0
contrib/zkt/domaincmp.c → contrib/zkt-1.1.2/domaincmp.c
View File

0
contrib/zkt/domaincmp.h → contrib/zkt-1.1.2/domaincmp.h
View File

0
contrib/zkt/examples/dnssec.conf → contrib/zkt-1.1.2/examples/dnssec.conf
View File

BIN
contrib/zkt-1.1.2/examples/flat/core Normal file
View File

Binary file not shown.

82
contrib/zkt-1.1.2/examples/flat/dist.sh Executable file
View File

@ -0,0 +1,82 @@
#################################################################
#
# @(#) dist.sh -- distribute and reload command for dnssec-signer
#
# (c) Jul 2008 Holger Zuleger hznet.de
#
# Feb 2010 action "distkeys" added
#
# This shell script will be run by dnssec-signer as a distribution
# and reload command if:
#
# a) the dnssec.conf file parameter Distribute_Cmd: points
# to this file
# and
# b) the user running the dnssec-signer command is not
# root (uid==0)
# and
# c) the owner of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the owner
# or
# d) the group of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the group
#
#################################################################
# set path to rndc and scp
PATH="/bin:/usr/bin:/usr/local/sbin"
# remote server and directory
server=localhost # fqdn of remote name server
dir=/var/named # zone directory on remote name server
progname=$0
usage()
{
echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
test $# -gt 0 && echo $* 1>&2
exit 1
}
if test $# -lt 3
then
usage
fi
action="$1"
domain="$2"
zonefile="$3"
view=""
test $# -gt 3 && view="$4"
case $action in
distkeys)
if test -n "$view"
then
echo "scp K$zone+* $server:$dir/$view/$zone/"
: scp K$zone+* $server:$dir/$view/$zone/
else
echo "scp K$zone+* $server:$dir/$zone/"
: scp K$zone+* $server:$dir/$zone/
fi
;;
distribute)
if test -n "$view"
then
echo "scp $zonefile $server:$dir/$view/$domain/"
: scp $zonefile $server:$dir/$view/$domain/
else
echo "scp $zonefile $server:$dir/$domain/"
: scp $zonefile $server:$dir/$domain/
fi
;;
reload)
echo "rndc $action $domain $view"
: rndc $action $domain $view
;;
*)
usage "illegal action $action"
;;
esac

45
contrib/zkt-1.1.2/examples/flat/dnssec.conf Normal file
View File

@ -0,0 +1,45 @@
#
# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "."
Recursive: True
PrintTime: False
PrintAge: True
LeftJustify: False
# zone specific values
ResignInterval: 2d # (172800 seconds)
Sigvalidity: 6d # (518400 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 1h # (3600 seconds)
Serialformat: incremental
# signing key parameters
Key_Algo: RSASHA512
KSK_lifetime: 60d # (5184000 seconds)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 2w # (1209600 seconds)
ZSK_bits: 1024
ZSK_randfile: "/dev/urandom"
SaltBits: 24
# dnssec-signer options
LogFile: "zkt.log"
LogLevel: DEBUG
LogDomainDir: "."
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
KeySetDir: "../keysets"
DLV_Domain: ""
Sig_Pseudorand: True
Sig_GenerateDS: True
Sig_DnsKeyKSK: False
Sig_Parameter: "-n 1"
Distribute_Cmd: "./dist.sh"

0
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key → contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key
View File

0
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private → contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private
View File

0
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key → contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key
View File

0
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private → contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private
View File

23
contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db Normal file
View File

@ -0,0 +1,23 @@
;
; !!! Don't edit this file by hand.
; !!! It will be generated by zkt-signer.
;
; Last generation time Mar 02 2010 10:59:46
;
; *** List of Key Signing Keys ***
; dyn.example.net. tag=52935 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15
dyn.example.net. 3600 IN DNSKEY 257 3 7 (
AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e
WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H
CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9
Fh+SCVO3
) ; key id = 52935
; *** List of Zone Signing Keys ***
; dyn.example.net. tag=30323 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15
dyn.example.net. 3600 IN DNSKEY 256 3 7 (
AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A
xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk=
) ; key id = 30323

3
contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf Normal file
View File

@ -0,0 +1,3 @@
Key_Algo: NSEC3RSASHA1 # (Algorithm ID 7)
KSK_lifetime: 60d # (5184000 seconds)
KSK_bits: 1024

0
contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. → contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net.
View File

135
contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db Normal file
View File

@ -0,0 +1,135 @@
; File written on Thu Feb 25 23:42:29 2010
; dnssec_signzone version 9.7.0
dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
18 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 7 3 7200 20100303214229 (
20100225214229 30323 dyn.example.net.
Ih9WgRBKZVDT3zJR9eFcB0VKU0o2G7h13XHZ
W6j2Jr1H4Db5IC1xiHXq+hI9UMkVQA3fu1Ub
+tjqAJE+y3hUFg== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 7 3 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
uvTn2MCWjTfS/piH3kKEmF1gPoeN8jIdcFFJ
5t3b8RIwjorD81gWIRmzkGDE59hoL4mMvEnO
32sAi8qkYhvBOA== )
3600 DNSKEY 256 3 7 (
AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R
is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa
G3vTNW3Wl4bl4ITFZrk=
) ; key id = 30323
3600 DNSKEY 257 3 7 (
AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO
oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/
bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE
nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG
f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3
) ; key id = 52935
3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
20100221180048 30323 dyn.example.net.
je5kBhDdp9b9fjH/lJ1o9WDBL2YxZ+6UNuF9
zNbeeDlfBHe7XlTGw9MHyvZh46wx2OUmLoGM
DFhPfIwUwtttUA== )
3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
20100221180048 52935 dyn.example.net.
MuyIUCa3XlttWuSnaQegQnRgTrTsx0Mj4EGI
fwtZs2H3L079Y/brqMvtlIGxtlr9meLg43oo
jX1w48ilerzf1PwYhUVpFefZTgmClK0h2ej4
Ho9Qh4/6snesVj06kWsQDkhuVs58zHmhRtEy
P4YlqP/R1CAk166RhwSmGuSx1O8= )
0 NSEC3PARAM 1 0 10 76931F
0 RRSIG NSEC3PARAM 7 3 0 20100227180048 (
20100221180048 30323 dyn.example.net.
LGD8bq/sX9yvDUpmyaRczfTshrR6T9HmQ5/a
MwMSY+5LDAD/YdwtpVF7uNwdMa6ydJFQW37u
Rma0TxEqKPGPyQ== )
localhost.dyn.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
SHLL1lIJZaEGKphkFm3NShS6H33mBnwwACkH
eF3JE5vWwTuT7hffdJlwcahYQfcr3egPv64d
iyCNYNjdvlJpsg== )
ns1.dyn.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
6PF5dGgOJdolEyxrHqyA66BFLrUORQLZvVBw
9fX9uGWWKiu6yRR3i4LwIkQ+VelTpCbTsLh4
gm+rcSMFNeOtxA== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
dk1DfG0y9qjCi3VD4e9B1NGKWEig7q8hFdaR
3hElCIzGlflvgHRiE7iTJxDMB+kTA0by4BMZ
yssUuXP2FMlB2g== )
ns2.dyn.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
Ei5VGwE7CNBQ7ZOHpyKZXtuC8I7lusZ4d+gx
MwpLROH+6OSu26x2ScPdwg1qpZ5Mui01ss6O
IcJL36PRqAM26A== )
x.dyn.example.net. 7200 IN A 1.2.3.4
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
ieiExNeDjeucDjtMVj0F9kwIsL0ngZfAmEU/
/UlYe8/8pg2NzFulOviI09ekgOOnMfcnb4n4
/pRIkFddCEOt0g== )
y.dyn.example.net. 7200 IN A 1.2.3.5
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
NfDUCrArDXCTPrTpiesQYCoZ039YE/KwlN25
EZ9vOVt6dE2R9KkAWezkdY9zDmJMGTN1XYI/
vgd56J8B5Y/uQQ== )
z.dyn.example.net. 7200 IN A 1.2.3.6
7200 RRSIG A 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
VH3BsA8JLlqmL0xkXgXlPXT0xfRcdFy7vPYh
27exw16LDbQF15KjkHvUJ+Bkei/SmRa20Dll
Yy536Dj+ar5ABQ== )
A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
9BhZcQdLwRPU/Dz38uMis/nCcddyhKEm0Zb+
Mhh3V3OsGI202cebTaxbwVEbQQOeowpUmf8l
AmK/cNX7+IS2rw== )
AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
lVyEaxejO5qFlyyBp8gYyQnG+DkIm8vofj+B
SuTxalc2l+TYen1RnSTeeXfMqc9YpGu4SCaG
Fyznu1K88oUhMg== )
FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
577WZnTQemStx+ciON9rEGXAGnU7C0KLjrFL
VyhocnBnNtxJS8eRMSWvb9XuYCMNhYKOurtt
Ar4qh4VW1+unmA== )
I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
+PKntiPlw2om9e0KJX/L2VxSCbxL95eIV2f+
5YBMq3npDguHaUiBwan8Vsm+aNsdr1NDDLY/
HdJzEfVmSNGs7Q== )
IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
smsg35snQ9PpeG2r8ZGxBl44pwSReh/1rIil
u/n8aa5nKbBpkqtbcc7q1OpUgb1Q7+Tl/wes
kB6bohsRdrwEJA== )
S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
XalRIESpdeVK1aNbwu9ym2Spk981Y127rKua
xsoals0Zn2tTjF9wpOYVGVOto3FcWBbyKD1g
69BTRlv634UIOw== )
T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM
7200 RRSIG NSEC3 7 4 7200 20100227180048 (
20100221180048 30323 dyn.example.net.
D3xq+CkK/a8YSbh9o8WwWnenjDQ3weVdtZ0x
i6bOv3iRITOfCRjYgbeIYtjMFb1rZwgCPD40
JQgGu5mx1TjnGA== )

135
contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned Normal file
View File

@ -0,0 +1,135 @@
; File written on Tue Mar 2 10:59:46 2010
; dnssec_signzone version 9.7.0
dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
19 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 7 3 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
eNZruaQkUB/jteZtRkZ957BX65zjXIGaKlkf
Bq0XW8OgyHYCvJiB7waJYyiWKeQskp0Z90JF
34WMUztuTvWUTA== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 7 3 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
obQoowLwuBixnopoSvUsXvwveB7Pqmeblt2S
5SXo7ztPNcM1hTdWfIEwRDpQ2DhOfGYi0Ov0
xEmMlPheVZkW6g== )
3600 DNSKEY 256 3 7 (
AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R
is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa
G3vTNW3Wl4bl4ITFZrk=
) ; key id = 30323
3600 DNSKEY 257 3 7 (
AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO
oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/
bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE
nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG
f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3
) ; key id = 52935
3600 RRSIG DNSKEY 7 3 3600 20100308085946 (
20100302085946 30323 dyn.example.net.
4xQy+G1g8IHVp3NTxHtUIaz/G+h6+ce4SRum
bftLFS9rXV13wSa761J1YoDYx8lj98IDBuED
94980qJWjgNfdw== )
3600 RRSIG DNSKEY 7 3 3600 20100308085946 (
20100302085946 52935 dyn.example.net.
VmL0mzUoBzSX+5gB/9MsHUFWBbHrVoyMUjnw
mR7FyrZMfNgz4rf6J2bZ8a8zYGvSXEBrangQ
kkPlxuvNxzn2s+Ji+crfUNa2ZFzRKA8BBczU
0WLETC5QKonjiAzofCcP15OPN4H18y9WMfE/
wU0oPhcd8d31Ckf2jPaSdTS8NMk= )
0 NSEC3PARAM 1 0 10 76931F
0 RRSIG NSEC3PARAM 7 3 0 20100308085946 (
20100302085946 30323 dyn.example.net.
GSTGjHni3oZ1Nod57kXFkxcOiKXTzjfJ0PDy
hjDfzYS1QKtKA6LzkaBzyl5HK+Yy3DOcep7G
dj7VJG8bsa9S/A== )
localhost.dyn.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
N5t+OxMeH2rozoIM1ZtXUpnpSep3Qd1J/KUE
LjkisP6KvmwVhkbdcv44KbgS5aR16RJOlFdW
+ilc8QpZ4bvqlQ== )
ns1.dyn.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
2DoRBkfIQEBmEeo2Z02SA329ebgp2lFQ2Ykl
Qe5S+J6ZMjVdZyjW8XqBCiqEg6fNbQyUFn3X
pSVvabUPjJpHWA== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
XD+JHAergnT3NDQqEUGv52GNdcF1U1SitccE
y5iL4Dk0qVu+uEA4TVupnMhwOK+wl8759Yw/
SF6h6CzzKx0Eiw== )
ns2.dyn.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
S+CpXVolhedS2bFTNdoNAPd+T2Bi/5iKVcKJ
9S27k/tpifBNVjAQPktM9iya60upXxuOkHqt
/uuF4iTlh9Yukw== )
x.dyn.example.net. 7200 IN A 1.2.3.4
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
Fb+8g0K+/6ZkXctNOprGKyJC1Y5pFizibI3o
k2E6aDN8hUJ5FK/1fkRl5IQ7HDpAUZviWaQp
j9tfr9r9xW0bMw== )
y.dyn.example.net. 7200 IN A 1.2.3.5
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
S1l/dM/Ez91B4Py7mI/GESjgqccGIwi9clyc
Vj3S40uF4dGaAgxoCDS0pMvyS0k7ir0g1qbK
/csopbL0wHSaVg== )
z.dyn.example.net. 7200 IN A 1.2.3.6
7200 RRSIG A 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
SgorWJQS6SiDvv6KRmWQEcUaaCkMCHZDcSMx
JiOT84ygkUBCzwTykQskoNtbUSIfAASU3lE7
e31RZotcxlkirQ== )
A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
hp879kZpD/Qe+d4FoanRewI4CXMuTOMcao5G
S7quT3mr+Mgi1nrSSz+/IBhlzCipziFjY42a
TNt8FoYo9Z8irw== )
AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
1MC5bqNXkVG4gaFKJQJBG7v4ZKOht6EJEkUZ
nAwTF2Nw5mWFFMBbOwVMtbJFA+ewHrebB6cK
FitvPi3yLDW8aA== )
FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
7Y+yhH11EojLDu43C8dCuD6D0F4RZYUt9J0+
KUfRVUMhftYsMl6G2qgkfsgJE+FG1Nj/nI+b
pO7VSJGfV5Za4A== )
I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
K0ggT6yH7z1YshOb08se84cRWvWWeQFdMTDG
XhA/2UEamfE1NHetPuYzJZQdrVPeX3tgjCjS
Jmb3YuSE1XD3zQ== )
IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
mQoG3VBXfi7u2+zlmJttsGaStP3WvDPDQ99T
l2ha4zmpZPd1JUKHMXYTLTlUuWAq7BcS9MUn
hfhXcmSEr96K1Q== )
S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
0/TWe9HMZiA+yW0oLHkYKeIXrrXU/1ec8XDy
cbZM1IGPjHlMEjKKorZgx983FuiyKFLa97+3
bB3abnKo7e2yRQ== )
T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM
7200 RRSIG NSEC3 7 4 7200 20100308085946 (
20100302085946 30323 dyn.example.net.
BXRjHUGEmoz1cMAXSCmfFVe6+qCYVyivjeAT
7hPcfB8iS2ck8Sq/CjOAKBu0BeSBim+9Oduu
kKNL3thgyMPcug== )

30
contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org Normal file
View File

@ -0,0 +1,30 @@
;-----------------------------------------------------------------
;
; @(#) dyn.example.net/zone.org
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
1 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 1.0.0.5
IN AAAA 2001:db8::53
ns2 IN A 1.2.0.6
localhost IN A 127.0.0.1
x IN A 1.2.3.4
y IN A 1.2.3.5
z IN A 1.2.3.6
$INCLUDE dnskey.db

3
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key Normal file
View File

@ -0,0 +1,3 @@
;% generationtime=20110125190230
;% lifetime=63d
example.net. IN DNSKEY 256 3 8 BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==

10
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published Normal file
View File

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: 7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==
PublicExponent: AQAAAAE=
PrivateExponent: IVO4lg5Ev/f/GpSRfYuXmUMH3qrv5Cr+ZAMqT+xGNJdyvlMAVV0ZDZehj/ar8brkm+sdrJ3LepVTEz0vLXPCgQ==
Prime1: /Ru1X3jzyO19+aLhf/Hsu0WOdjn0MAWzKx0KwWPkxcs=
Prime2: 8I9Q89DvF0qZqkF9kVzZ4B1LYdHz3uhKaxD40vu4xWM=
Exponent1: fSAVRShndbuiQZtsVHyekvPH4Xjl1dJ3hF03O4InOAc=
Exponent2: JJDvU+0J0KXaBArxDjoblXTKWVC3kGnLR+2AEpxei7k=
Coefficient: RviZPpnVpS30oBPH1freoUgcXJ4bKnivP41BUxcVh4U=

3
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key Normal file
View File

@ -0,0 +1,3 @@
;% generationtime=20110125091121
;% lifetime=84d
example.net. IN DNSKEY 256 3 8 BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==

10
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private Normal file
View File

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: vX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJDqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==
PublicExponent: AQAAAAE=
PrivateExponent: a77DD9J85SYlVi2lIKdzfHFkqtTFvQjTiLih+sx3lnhefQ5N20ABJVpTMwMOoA5tiDanSmKkk7O+GJXvI6E+KQ==
Prime1: 7S87u5BoQFYbGZzGaBPAqznZt7X1g2J/qop4W9rziy0=
Prime2: zIbOBuf2onI1ThmHXGPQEdQoFoJx3GqTkYjzUQQOL0M=
Exponent1: YfyQEtL2twRiwb8RIlKR3OE/rhnfqZYr9dwgRa0qjAU=
Exponent2: x73r1pDdvUShLs8hvmY0soX6a2Dcbokdf1D82/iCDU8=
Coefficient: 1r/5mih7lqQx4ZIEcr8TmQWMscwDGk3eERsFuSYGt0c=

3
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key Normal file
View File

@ -0,0 +1,3 @@
;% generationtime=20100924112635
;% lifetime=365d
example.net. IN DNSKEY 257 3 8 BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp 4Q==

10
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private Normal file
View File

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: C6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp4Q==
PublicExponent: AQAAAAE=
PrivateExponent: A3MjVh+KkQuwpnsGnr/xPRs8PfwUIDu7NYQVKpQAttLnZPOEXsjPniy3QuBpIMnnBCbxYaOV0ctiYQOx6vU8qprrSD8OfXXI8OhBNgExvw/Bsfki3MQINAHX0wY9juuIoMLKdqcMpsUC6ILE4FSkcc+jVFbTrDqjQgDDykkpABrlG1SUz51hLOZMAz2vu8QE8m57LaPUPpRhNPf4J2dDfkX/KQ==
Prime1: A3lFNBrVdcJBUq0ekPjtEZ0xCOTgSgUHAB+KJkdpiB0tV0jYf1Yaj7Kr98pKIM8jaZOhQnEKhAD947h4XG6IuxgraCNWonOyt5Yo9WjXFHzK0w==
Prime2: A1vFf9Tp7MxblYWLsFUsMZxXVRxPpeoGtwmNm24k5bUPpH6/B7Yd8DcE6O3cYyHcShq8sZcuOuPhNkGwgg7IMRABXcLyCXqoEKvy0nhnbKCf+w==
Exponent1: AQKRURkK7K15jiVVpw4nhd7Qtck1GkZon10UCQ5p2iE+weL+qhzi5L9u5mXLVaeGffwGkMkU6wvj5KSAuEiJr08+AxWfLy3Tf1fbiaiimPGDNQ==
Exponent2: AfnXuwDet4BuUGa8EHswqADRk0XeWtxztKQ48YOh5Q5/3rauIIMm+6ERfu0gWfnkYaRNamKSXMDVC5PUQHT33u0gGnopMipao6xICXGxbrGhCQ==
Coefficient: AYM1htjFUUAPKrVoajGJF+wLlQHBR3vrylKNpT5IFqr6Qczw54kfhx9n/18vIvtGIpj07xSEIfgBf+itZIRxPOwphkwaJXmHZKpYHpEvdqiyjA==

10
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated Normal file
View File

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: 2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==
PublicExponent: AQAAAAE=
PrivateExponent: FzC3Jdpl35o/UUyvZ/7sc8BRpfDuIgMnHA1a9WwxZz20Tqki3snE/Nz4ePNNv/5LGrzFlOnPtEd1GT2biUKzVQ==
Prime1: /4YvvO0nbMJxZ4dHbYKl2pGe0hSgEUYnTNnuVbSEKrM=
Prime2: 2OrV7XGOYCMXr/WIrD0NCBnqU1tsizPQNMIjwXuuV2c=
Exponent1: 63ub+oH78z6TercHscYOS7HpYttDzC1YV3oupGyRNDs=
Exponent2: A4HpxW8K6ivUb2RbKDBaze8ivr5u41hJPsbn4FQzB3E=
Coefficient: Lz1Gg/PtC9HOrhFORXlzzkzb+5PeFIGq43mtGx7oAUo=

3
contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key Normal file
View File

@ -0,0 +1,3 @@
;% generationtime=20100924112635
;% lifetime=84d
example.net. IN DNSKEY 256 3 8 BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==

36
contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db Normal file
View File

@ -0,0 +1,36 @@
;
; !!! Don't edit this file by hand.
; !!! It will be generated by zkt-signer.
;
; Last generation time Jan 25 2011 20:02:30
;
; *** List of Key Signing Keys ***
; example.net. tag=52101 algo=RSASHA256 generated Sep 24 2010 13:26:35
example.net. 14400 IN DNSKEY 257 3 8 (
BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1
BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK
1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq
vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp
4Q==
) ; key id = 52101
; *** List of Zone Signing Keys ***
; example.net. tag=21605 algo=RSASHA256 generated Jan 25 2011 19:39:25
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ
DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==
) ; key id = 21605
; example.net. tag=56360 algo=RSASHA256 generated Jan 25 2011 19:39:25
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr
W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==
) ; key id = 56360
; example.net. tag=2957 algo=RSASHA256 generated Jan 25 2011 20:02:30
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0
kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==
) ; key id = 2957

1
contrib/zkt/examples/flat/example.net/dnssec.conf → contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf
View File

@ -1,2 +1,3 @@
Key_Algo: RSASHA256 # (Algorithm ID 8)
NSEC3: OPTOUT
ZSKpermanent: true

0
contrib/zkt/examples/flat/example.net/z.db → contrib/zkt-1.1.2/examples/flat/example.net/z.db
View File

238
contrib/zkt/examples/flat/example.net/zktlog-example.net. → contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net.
View File

@ -272,3 +272,241 @@
2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:53:27.920: debug: Signing completed after 0s.
2010-07-05 08:15:24.179: debug: Check RFC5011 status
2010-07-05 08:15:24.179: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:24.179: debug: Check KSK status
2010-07-05 08:15:24.179: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m44s
2010-07-05 08:15:24.179: debug: Check ZSK status
2010-07-05 08:15:24.179: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081384 sec)
2010-07-05 08:15:24.179: debug: ->waiting for published key
2010-07-05 08:15:24.179: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m44s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:24.179: debug: New key for publishing needed
2010-07-05 08:15:24.278: debug: ->creating new key 48476
2010-07-05 08:15:24.278: info: "example.net.": new key 48476 generated for publishing
2010-07-05 08:15:24.278: debug: Re-signing necessary: Modfied zone key set
2010-07-05 08:15:24.278: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-07-05 08:15:24.278: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:15:24.278: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:15:24.278: debug: Signing zone "example.net."
2010-07-05 08:15:24.278: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5816F0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:15:24.315: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:15:24.315: debug: Signing completed after 0s.
2010-07-05 08:15:28.174: debug: Check RFC5011 status
2010-07-05 08:15:28.174: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:28.174: debug: Check KSK status
2010-07-05 08:15:28.174: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m48s
2010-07-05 08:15:28.174: debug: Check ZSK status
2010-07-05 08:15:28.174: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081388 sec)
2010-07-05 08:15:28.174: debug: ->waiting for published key
2010-07-05 08:15:28.174: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m48s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:28.174: debug: Re-signing not necessary!
2010-07-05 08:15:28.174: debug: Check if there is a parent file to copy
2010-07-05 08:15:58.502: debug: Check RFC5011 status
2010-07-05 08:15:58.502: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:58.503: debug: Check KSK status
2010-07-05 08:15:58.503: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m18s
2010-07-05 08:15:58.503: debug: Check ZSK status
2010-07-05 08:15:58.503: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081418 sec)
2010-07-05 08:15:58.503: debug: ->waiting for published key
2010-07-05 08:15:58.503: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m18s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:58.503: debug: Re-signing not necessary!
2010-07-05 08:15:58.503: debug: Check if there is a parent file to copy
2010-07-05 08:16:04.937: debug: Check RFC5011 status
2010-07-05 08:16:04.937: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:16:04.937: debug: Check KSK status
2010-07-05 08:16:04.937: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m24s
2010-07-05 08:16:04.937: debug: Check ZSK status
2010-07-05 08:16:04.937: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081424 sec)
2010-07-05 08:16:04.937: debug: ->waiting for published key
2010-07-05 08:16:04.937: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m24s: ZSK rollover deferred: waiting for published key
2010-07-05 08:16:04.937: debug: Re-signing necessary: Option -f
2010-07-05 08:16:04.937: notice: "example.net.": re-signing triggered: Option -f
2010-07-05 08:16:04.937: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:16:04.937: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:16:04.937: debug: Signing zone "example.net."
2010-07-05 08:16:04.937: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 C58544 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:16:04.993: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:16:04.993: debug: Signing completed after 0s.
2010-07-05 08:16:33.604: debug: Check RFC5011 status
2010-07-05 08:16:33.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:16:33.604: debug: Check KSK status
2010-07-05 08:16:33.604: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m53s
2010-07-05 08:16:33.604: debug: Check ZSK status
2010-07-05 08:16:33.604: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081453 sec)
2010-07-05 08:16:33.604: debug: ->waiting for published key
2010-07-05 08:16:33.604: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m53s: ZSK rollover deferred: waiting for published key
2010-07-05 08:16:33.604: debug: Re-signing necessary: Option -f
2010-07-05 08:16:33.604: notice: "example.net.": re-signing triggered: Option -f
2010-07-05 08:16:33.604: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:16:33.605: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:16:33.605: debug: Signing zone "example.net."
2010-07-05 08:16:33.605: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 FCB8E2 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:16:33.648: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:16:33.648: debug: Signing completed after 0s.
2010-07-30 01:30:55.411: debug: Check RFC5011 status
2010-07-30 01:30:55.411: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-30 01:30:55.411: debug: Check KSK status
2010-07-30 01:30:55.411: debug: Check ZSK status
2010-07-30 01:30:55.411: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (2130473 sec)
2010-07-30 01:30:55.411: debug: ->depreciate it
2010-07-30 01:30:55.411: debug: ->activate published key 48476
2010-07-30 01:30:55.411: notice: "example.net.": lifetime of zone signing key 36257 exceeded: ZSK rollover done
2010-07-30 01:30:55.411: debug: New key for publishing needed
2010-07-30 01:30:55.493: debug: ->creating new key 1775
2010-07-30 01:30:55.493: info: "example.net.": new key 1775 generated for publishing
2010-07-30 01:30:55.493: debug: Re-signing necessary: Modfied zone key set
2010-07-30 01:30:55.493: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-07-30 01:30:55.493: debug: Writing key file "./example.net/dnskey.db"
2010-07-30 01:30:55.493: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-30 01:30:55.493: debug: Signing zone "example.net."
2010-07-30 01:30:55.494: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 3723BA -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-30 01:30:55.563: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-30 01:30:55.563: debug: Signing completed after 0s.
2010-08-26 22:52:09.539: debug: Check RFC5011 status
2010-08-26 22:52:09.539: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 22:52:09.539: debug: Check KSK status
2010-08-26 22:52:09.539: debug: Check ZSK status
2010-08-26 22:52:09.539: debug: Lifetime(29100 sec) of depreciated key 36257 exceeded (2409674 sec)
2010-08-26 22:52:09.539: info: "example.net.": old ZSK 36257 removed
2010-08-26 22:52:09.572: debug: ->remove it
2010-08-26 22:52:09.572: debug: Lifetime(1209600 +/-150 sec) of active key 48476 exceeded (2409674 sec)
2010-08-26 22:52:09.572: debug: ->depreciate it
2010-08-26 22:52:09.572: debug: ->activate published key 1775
2010-08-26 22:52:09.572: notice: "example.net.": lifetime of zone signing key 48476 exceeded: ZSK rollover done
2010-08-26 22:52:09.572: debug: New key for publishing needed
2010-08-26 22:52:09.640: debug: ->creating new key 26477
2010-08-26 22:52:09.640: info: "example.net.": new key 26477 generated for publishing
2010-08-26 22:52:09.640: debug: Re-signing necessary: Modfied zone key set
2010-08-26 22:52:09.640: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 22:52:09.640: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 22:52:09.641: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 22:52:09.641: debug: Signing zone "example.net."
2010-08-26 22:52:09.641: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 2F41F9 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 22:52:09.704: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 22:52:09.704: debug: Signing completed after 0s.
2010-08-26 22:56:02.938: debug: Check RFC5011 status
2010-08-26 22:56:02.938: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 22:56:02.938: debug: Check KSK status
2010-08-26 22:56:02.938: debug: Check ZSK status
2010-08-26 22:56:02.938: debug: Re-signing not necessary!
2010-08-26 22:56:02.938: debug: Check if there is a parent file to copy
2010-08-26 23:06:00.593: debug: Check RFC5011 status
2010-08-26 23:06:00.593: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:06:00.593: debug: Check KSK status
2010-08-26 23:06:00.593: debug: Check ZSK status
2010-08-26 23:06:00.593: debug: New key for publishing needed
2010-08-26 23:06:00.631: debug: ->creating new key 18026
2010-08-26 23:06:00.631: info: "example.net.": new key 18026 generated for publishing
2010-08-26 23:06:00.631: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:06:00.631: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:06:00.631: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:06:00.631: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:06:00.631: debug: Signing zone "example.net."
2010-08-26 23:06:00.631: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5EA89E -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:06:00.672: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:06:00.672: debug: Signing completed after 0s.
2010-08-26 23:11:33.808: debug: Check RFC5011 status
2010-08-26 23:11:33.808: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:11:33.809: debug: Check KSK status
2010-08-26 23:11:33.809: debug: Check ZSK status
2010-08-26 23:11:33.809: debug: Re-signing not necessary!
2010-08-26 23:11:33.809: debug: Check if there is a parent file to copy
2010-08-26 23:12:51.012: debug: Check RFC5011 status
2010-08-26 23:12:51.012: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:12:51.012: debug: Check KSK status
2010-08-26 23:12:51.012: debug: Check ZSK status
2010-08-26 23:12:51.012: debug: Re-signing not necessary!
2010-08-26 23:12:51.012: debug: Check if there is a parent file to copy
2010-08-26 23:23:47.886: debug: Check RFC5011 status
2010-08-26 23:23:47.886: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:23:47.886: debug: Check KSK status
2010-08-26 23:23:47.886: debug: Check ZSK status
2010-08-26 23:23:47.886: debug: Re-signing not necessary!
2010-08-26 23:23:47.886: debug: Check if there is a parent file to copy
2010-08-26 23:50:15.724: debug: Check RFC5011 status
2010-08-26 23:50:15.724: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:50:15.724: debug: Check KSK status
2010-08-26 23:50:15.724: debug: Check ZSK status
2010-08-26 23:50:15.725: debug: Re-signing not necessary!
2010-08-26 23:50:15.725: debug: Check if there is a parent file to copy
2010-08-26 23:50:55.124: debug: Check RFC5011 status
2010-08-26 23:50:55.124: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:50:55.124: debug: Check KSK status
2010-08-26 23:50:55.124: debug: Check ZSK status
2010-08-26 23:50:55.124: debug: Re-signing not necessary!
2010-08-26 23:50:55.124: debug: Check if there is a parent file to copy
2010-08-26 23:51:46.719: debug: Check RFC5011 status
2010-08-26 23:51:46.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:51:46.719: debug: Check KSK status
2010-08-26 23:51:46.719: debug: Check ZSK status
2010-08-26 23:51:46.719: debug: Re-signing not necessary!
2010-08-26 23:51:46.719: debug: Check if there is a parent file to copy
2010-08-26 23:54:22.824: debug: Check RFC5011 status
2010-08-26 23:54:22.824: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:54:22.824: debug: Check KSK status
2010-08-26 23:54:22.824: debug: Check ZSK status
2010-08-26 23:54:22.824: debug: Re-signing not necessary!
2010-08-26 23:54:22.825: debug: Check if there is a parent file to copy
2010-08-26 23:55:00.018: debug: Check RFC5011 status
2010-08-26 23:55:00.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:55:00.018: debug: Check KSK status
2010-08-26 23:55:00.018: debug: Check ZSK status
2010-08-26 23:55:00.018: debug: New key for pre-publishing needed
2010-08-26 23:55:00.110: debug: ->creating new key 18293
2010-08-26 23:55:00.110: info: "example.net.": new key 18293 generated for pre-publishing
2010-08-26 23:55:00.110: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:55:00.110: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:55:00.110: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:55:00.110: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:55:00.110: debug: Signing zone "example.net."
2010-08-26 23:55:00.111: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 EBE919 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:55:00.168: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:55:00.169: debug: Signing completed after 0s.
2010-08-26 23:56:17.466: debug: Check RFC5011 status
2010-08-26 23:56:17.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:56:17.466: debug: Check KSK status
2010-08-26 23:56:17.466: debug: Check ZSK status
2010-08-26 23:56:17.466: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:56:17.466: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:56:17.466: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:56:17.467: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:56:17.467: debug: Signing zone "example.net."
2010-08-26 23:56:17.467: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 A876E5 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:56:17.531: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:56:17.531: debug: Signing completed after 0s.
2010-08-26 23:57:00.178: debug: Check RFC5011 status
2010-08-26 23:57:00.178: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:57:00.178: debug: Check KSK status
2010-08-26 23:57:00.178: debug: Check ZSK status
2010-08-26 23:57:00.178: debug: Re-signing not necessary!
2010-08-26 23:57:00.178: debug: Check if there is a parent file to copy
2010-10-21 14:01:35.546: debug: Check RFC5011 status
2010-10-21 14:01:35.546: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:01:35.546: debug: Check KSK status
2010-10-21 14:01:35.546: debug: Check ZSK status
2010-10-21 14:01:35.546: debug: Re-signing necessary: re-signing interval (2d) reached
2010-10-21 14:01:35.546: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
2010-10-21 14:01:35.546: debug: Writing key file "./example.net/dnskey.db"
2010-10-21 14:01:35.607: debug: Incrementing serial number in file "./example.net/zone.db"
2010-10-21 14:01:35.607: debug: Signing zone "example.net."
2010-10-21 14:01:35.607: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9FC981 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-10-21 14:01:35.761: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-10-21 14:01:35.761: debug: Signing completed after 0s.
2010-10-21 14:02:09.209: debug: Check RFC5011 status
2010-10-21 14:02:09.209: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:02:09.209: debug: Check KSK status
2010-10-21 14:02:09.209: debug: Check ZSK status
2010-10-21 14:02:09.209: debug: Re-signing not necessary!
2010-10-21 14:02:09.209: debug: Check if there is a parent file to copy
2010-10-21 14:05:36.170: debug: Check RFC5011 status
2010-10-21 14:05:36.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:05:36.170: debug: Check KSK status
2010-10-21 14:05:36.170: debug: Check ZSK status
2010-10-21 14:05:36.170: debug: Re-signing not necessary!
2010-10-21 14:05:36.170: debug: Check if there is a parent file to copy
2010-10-21 14:30:43.892: debug: Check RFC5011 status
2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:30:43.892: debug: Check KSK status
2010-10-21 14:30:43.892: debug: Check ZSK status
2010-10-21 14:30:43.892: debug: Re-signing not necessary!
2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy

43
contrib/zkt-1.1.2/examples/flat/example.net/zone.db Normal file
View File

@ -0,0 +1,43 @@
;-----------------------------------------------------------------
;
; @(#) example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
; Ensure that the serial number below is left
; justified in a field of at least 10 chars!!
; 0123456789;
; It's also possible to use the date format e.g. 2005040101
@ IN SOA ns1.example.net. hostmaster.example.net. (
386 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 1.0.0.5
IN AAAA 2001:db8::53
ns2 IN A 1.2.0.6
localhost IN A 127.0.0.1
a IN A 1.2.3.1
b IN MX 10 a
;c IN A 1.2.3.2
d IN A 1.2.3.3
IN AAAA 2001:0db8::3
; Delegation to secure zone; The DS resource record will
; be added by dnssec-signzone automatically if the
; keyset-sub.example.net file is present (run dnssec-signzone
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.net.
; this file will contain all the zone keys
$INCLUDE dnskey.db

169
contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed Normal file
View File

@ -0,0 +1,169 @@
; File written on Thu Oct 21 14:01:35 2010
; dnssec_signzone version 9.7.2-P2
example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
384 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 8 2 7200 20101027110135 (
20101021110135 56360 example.net.
f+HC41CGvNmlXSvPzzMbtVreNYKWyBhvbeb+
NUSvbBfuSlVt6VbyPUBYSe5Vg1QJO3YKu0ZR
Pw5Y9TNCaWqZCA== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 8 2 7200 20101027110135 (
20101021110135 56360 example.net.
aQpW5SQJ8Yx7++QWtRWMDoV+3OPjgTRC0PQC
zns3MTbpk2wIlhE7hqty+b+1EktEoMzmx73u
5Fu0OPKO+2PS5w== )
3600 DNSKEY 256 3 8 (
BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHc
FyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTF
Zeka2EsC7CEIyuEgkloDBQ==
) ; key id = 56360
3600 DNSKEY 257 3 8 (
BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ
5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0
aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7
HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI
Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla
chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs
K1cPYDPp4Q==
) ; key id = 52101
3600 RRSIG DNSKEY 8 2 3600 20101027110135 (
20101021110135 52101 example.net.
BlWP6PoxZFRZoLav7/+yPEgNIss17oxEJZtB
rVSiVb0BfwhL96KJ1uIOhK9r1+Tj8w3Ed7Oi
pocSTkZueV3OxFkBgSQAgc1JeUQTOVKYe80L
UFjl7UzV0eITIV1DE/QqWTBBblxjXF3Egy6O
6/9IrD65LWOGnLFFOSUZQ9IU8jFX/zqq5FWQ
Sta2/tQkzhq5F42qw3dRBNsoUC1bQ38UsYSk
SQ== )
3600 RRSIG DNSKEY 8 2 3600 20101027110135 (
20101021110135 56360 example.net.
VXJh+xZt8/5Eeo8oQyI89nXGJ0bWeBN25kpw
asam+qpoKsH6g8qJRyL3mEwIFOaud2mlQx9y
cdv42Vf3kfY71w== )
0 NSEC3PARAM 1 0 10 9FC981
0 RRSIG NSEC3PARAM 8 2 0 20101027110135 (
20101021110135 56360 example.net.
Fr4DrVORiEYUVCBmlRzjcEaKQ2VymMiMeJfd
gSWJzTzXbcuBbXDCfBRdph96Nz1xFvdOWvFn
xXxVOXW996AfEw== )
a.example.net. 7200 IN A 1.2.3.1
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
ZAuaFsvYdV1i4EqIgQoSzpkhMFJpJOOPIG9h
RXTT+LAUSFjOrFx2ovSgnySSiUV/LOsIV7bj
08ZkIzSPYKi4Ow== )
b.example.net. 7200 IN MX 10 a.example.net.
7200 RRSIG MX 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
SEIMAVtIT/2TGxkS2NFMRQfrUROKO1pbxYcS
FHImCGhWILb1E7qQ0saLi9QTMftCwRmYtJ4w
aDwAukjuLXOAnA== )
d.example.net. 7200 IN A 1.2.3.3
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1URwzkjdIhBCBtBWV9aUhJQ3yFwqwgscvcVN
9dvNqH5g7xLz+maqdeva065z0AkO5Et/9809
tm/0X2g0wQcoMQ== )
7200 AAAA 2001:db8::3
7200 RRSIG AAAA 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
fIUOcVYR9Ut+iWzE+R3N01bzLJ0gpSI1E0y0
cqEGpaU8mbgwnm4tAh57GKs8XZBbLEOH2zO8
5WTEjWHpKjqx3Q== )
localhost.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
iIfD1pCP+uHs1RarezGlZZhoyQ6R+3K3s6ba
xZZ5JCremDhFYPeMinRMjZSPos2QyEM1aHI8
2gXlxcb/y4+XRA== )
ns1.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
xBwgaFNo7+s4n4KnyZPR+1CESNVvXwUZHroC
dkEcLo8EF7+rbzFdDooJvD8wzlpy2nhwjLOL
ZxIfgZfNgkVXBw== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
uSuzZH2J+pwcP1PKKgrdJrwyvh1kpWBsprgd
9h59q9HYKR56LPx/3iuW7oCAO5fBFTp9pvcK
BI6f+4cs1Qpp6g== )
ns2.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
N+U/A0VJU9HWwk1j0CJtUN7Nw9g0A3oNeKP1
7YJ1p0H6QvgRHDe9w8oX3iCg+IEBS9oLdTer
DXsbWVlZNXjTSw== )
sub.example.net. 7200 IN NS ns1.example.net.
7200 DS 855 7 1 (
338E1808511D3E533F1C6B1DF27E0AABA8CC
6FE8 )
7200 DS 855 7 2 (
C07C1F2004ED12D40EEC82E4358BD8D2EDC1
99C8E6126DD293A8E402E591C98A )
7200 DS 33176 10 1 (
B7D045F9D7176BD0D00AF389856D18C0E361
C443 )
7200 DS 33176 10 2 (
627102FACA12A10C88F6C67915B720CC6888
7CF1C10BC3E8EB864160F1965A18 )
7200 RRSIG DS 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
N8A1y3qpsaJ0lP6d2I1y8YEuda7c2GY1kuCt
9Mdao6oh7tL6XP2b/ELIBo6fsghfuW1KZfou
WkTbI4/HV5732g== )
0SFBC13DNQA2CKBS24U09GPJMGD5QCF2.example.net. 7200 IN NSEC3 1 1 10 9FC981 16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO NS SOA RRSIG DNSKEY NSEC3PARAM
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
irEoMAQ1uehoU51rEkuM20++pBX8iPrFzQZk
4VAe0AXbeMBphSh3oBB0I3p7w4UGXLuYR7MW
bDPNteuoui5QmQ== )
16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO.example.net. 7200 IN NSEC3 1 1 10 9FC981 222FFA4JCL3KC4NLGH9R685ISJKB205Q MX RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1rCPDG0uz8PbKQ98WLlu1R39HhKOrfjory5r
tTi/e3RA2IAksL8ZQaVW+EyRzLGSDM7TtciM
UEgK/utbE0WlqQ== )
222FFA4JCL3KC4NLGH9R685ISJKB205Q.example.net. 7200 IN NSEC3 1 1 10 9FC981 AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1jS0RwIW59DFCr2d+ghFW8yFdcaGJDCQFgVh
pNiTIijvvyiObt7EqfJJ5PPV8CqJsZEiIoh+
JRDEuSSrKCU6eA== )
AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB.example.net. 7200 IN NSEC3 1 1 10 9FC981 BOS6983BFUCMFRIQF1QMC1U4AU37TR6O A AAAA RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
OHYj80ju8hKFNSDNj//yDIXgTKM2NUyRO2cs
K1knzM/3L/GvmEm5nvHNepxj+surAl6mmaiT
k2wl4DOdTml60w== )
BOS6983BFUCMFRIQF1QMC1U4AU37TR6O.example.net. 7200 IN NSEC3 1 1 10 9FC981 D8S4S8KU5O1TCASTGO9FEHHGUGO696U4 A AAAA RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
HwT0gQ7fVc5TYTc/SDQw9zMPmlSwlEW3cmVk
mjIQANQPFi597frcuVt26xAoUB71TXgGp+62
3y2MyRs66kCrNg== )
D8S4S8KU5O1TCASTGO9FEHHGUGO696U4.example.net. 7200 IN NSEC3 1 1 10 9FC981 DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC NS DS RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
R/YtEmQgd+tHTNQ8itKrFhy880QLYTpAVaER
0dd9vITUKHG7Fhr67ACkWBOEec+d9kiL76cH
DHrDGZ+wKksLxg== )
DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC.example.net. 7200 IN NSEC3 1 1 10 9FC981 H108GFD5147KMF1CLFQLQQBNSD733MPQ A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
KTPX36NTHepXsZoUGwBTq6Qt86mSF4Z0hlaP
HbhF9A+BJwLx+Sg0ifX0qobfMwh+BZZQZ8E3
nSSyA5sIJWL39Q== )
H108GFD5147KMF1CLFQLQQBNSD733MPQ.example.net. 7200 IN NSEC3 1 1 10 9FC981 0SFBC13DNQA2CKBS24U09GPJMGD5QCF2 A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
dmGULq6gwCxRscDm0oCeFD6RnDkXWtaw85DO
UGwgczRooNDBkbD608EJgqDT+ds0IGwZazGq
ufB2hCiFNnNjyg== )

4
contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. Normal file
View File

@ -0,0 +1,4 @@
sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 1 9660E85E9542C823D4E9860D778350AA5D8904E9
sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 2 1337FB51C697B7CD20C8D6BBC498310588C78B3595FB53F35C871DBF EC86DAAE
sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0
sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE

2
contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. Normal file
View File

@ -0,0 +1,2 @@
dyn.example.net. IN DS 52935 7 1 C8B16DDC8AFC66AFAB2E9BB5DD6D047A393870A9
dyn.example.net. IN DS 52935 7 2 56D089B139FEB68FB9D09038920E51DF067C4FCFE62D6C67C61395BC 24E7D425

2
contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. Normal file
View File

@ -0,0 +1,2 @@
example.net. IN DS 52101 8 1 F362C7CD57C0D663B783B763564C00C40A85AA69
example.net. IN DS 52101 8 2 0F94D302E97BBAFD0495E7C13B2428E8597084604053183DE9C8C4C3 EF2FAED1

4
contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. Normal file
View File

@ -0,0 +1,4 @@
sub.example.net. IN DS 855 7 1 338E1808511D3E533F1C6B1DF27E0AABA8CC6FE8
sub.example.net. IN DS 855 7 2 C07C1F2004ED12D40EEC82E4358BD8D2EDC199C8E6126DD293A8E402 E591C98A
sub.example.net. IN DS 33176 10 1 B7D045F9D7176BD0D00AF389856D18C0E361C443
sub.example.net. IN DS 33176 10 2 627102FACA12A10C88F6C67915B720CC68887CF1C10BC3E8EB864160 F1965A18

8
contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. Normal file
View File

@ -0,0 +1,8 @@
$ORIGIN .
dyn.example.net 7200 IN DNSKEY 257 3 7 (
AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO
oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/
bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE
nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG
f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3
) ; key id = 52935

10
contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. Normal file
View File

@ -0,0 +1,10 @@
$ORIGIN .
example.net 7200 IN DNSKEY 257 3 8 (
BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ
5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0
aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7
HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI
Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla
chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs
K1cPYDPp4Q==
) ; key id = 52101

15
contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. Normal file
View File

@ -0,0 +1,15 @@
$ORIGIN .
sub.example.net 7200 IN DNSKEY 257 3 7 (
AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H
3MyhMxUos7VWVrsAxNK8u900fdubtofcoLR4
FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0
URwOruYqvJAIf6ZTxyakaUaY5m0ABl1learg
+XhjBHcMz3Lvx4Opnw5qsM+vnqJT15vd
) ; key id = 855
7200 IN DNSKEY 257 3 10 (
BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpn
uBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3c
PvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZ
IQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1U
JCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0=
) ; key id = 33176

111
contrib/zkt-1.1.2/examples/flat/named.conf Normal file
View File

@ -0,0 +1,111 @@
/*****************************************************************
**
** #(@) named.conf (c) 6. May 2004 (hoz)
**
*****************************************************************/
/*****************************************************************
** logging options
*****************************************************************/
logging {
channel "named-log" {
file "/var/log/named" versions 3 size 2m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel "resolver-log" {
file "/var/log/named";
print-time yes;
print-category yes;
print-severity yes;
severity debug 1;
};
channel "dnssec-log" {
# file "/var/log/named-dnssec" ;
file "/var/log/named" ;
print-time yes;
print-category yes;
print-severity yes;
severity debug 3;
};
category "dnssec" { "dnssec-log"; };
category "default" { "named-log"; };
category "resolver" { "resolver-log"; };
category "client" { "resolver-log"; };
category "queries" { "resolver-log"; };
};
/*****************************************************************
** name server options
*****************************************************************/
options {
directory ".";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
recursion yes;
dnssec-enable yes;
edns-udp-size 4096;
# dnssec-lookaside "." trust-anchor "trusted-keys.de.";
querylog yes;
};
/*****************************************************************
** include shared secrets...
*****************************************************************/
/** for control sessions ... **/
controls {
inet 127.0.0.1
allow { localhost; };
inet ::1
allow { localhost; };
};
/*****************************************************************
** ... and trusted_keys
*****************************************************************/
# include "trusted-keys.conf" ;
/*****************************************************************
** root server hints and required 127 stuff
*****************************************************************/
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.ARPA" in {
type master;
file "127.0.0.zone";
};
#include "zone.conf";
zone "example.NET." in {
type master;
file "example.net/zone.db.signed";
zone-statistics yes;
};
zone "sub.example.NET." in {
type master;
file "sub.example.net/zone.db.signed";
zone-statistics no;
};

Some files were not shown because too many files have changed in this diff Show More