1*00b67f09SDavid van Moolenbroek<?xml version="1.0" encoding="utf-8"?> 2*00b67f09SDavid van Moolenbroek<!-- 3*00b67f09SDavid van Moolenbroek - Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek - 5*00b67f09SDavid van Moolenbroek - Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek - purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek - copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek - 9*00b67f09SDavid van Moolenbroek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek - PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek--> 17*00b67f09SDavid van Moolenbroek 18*00b67f09SDavid van Moolenbroek<sect1 id="bind9.library"> 19*00b67f09SDavid van Moolenbroek <title>BIND 9 DNS Library Support</title> 20*00b67f09SDavid van Moolenbroek <para>This version of BIND 9 "exports" its internal libraries so 21*00b67f09SDavid van Moolenbroek that they can be used by third-party applications more easily (we 22*00b67f09SDavid van Moolenbroek call them "export" libraries in this document). In addition to 23*00b67f09SDavid van Moolenbroek all major DNS-related APIs BIND 9 is currently using, the export 24*00b67f09SDavid van Moolenbroek libraries provide the following features:</para> 25*00b67f09SDavid van Moolenbroek <itemizedlist> 26*00b67f09SDavid van Moolenbroek <listitem> 27*00b67f09SDavid van Moolenbroek <para>The newly created "DNS client" module. This is a higher 28*00b67f09SDavid van Moolenbroek level API that provides an interface to name resolution, 29*00b67f09SDavid van Moolenbroek single DNS transaction with a particular server, and dynamic 30*00b67f09SDavid van Moolenbroek update. Regarding name resolution, it supports advanced 31*00b67f09SDavid van Moolenbroek features such as DNSSEC validation and caching. This module 32*00b67f09SDavid van Moolenbroek supports both synchronous and asynchronous mode.</para> 33*00b67f09SDavid van Moolenbroek </listitem> 34*00b67f09SDavid van Moolenbroek <listitem> 35*00b67f09SDavid van Moolenbroek <para>The new "IRS" (Information Retrieval System) library. 36*00b67f09SDavid van Moolenbroek It provides an interface to parse the traditional resolv.conf 37*00b67f09SDavid van Moolenbroek file and more advanced, DNS-specific configuration file for 38*00b67f09SDavid van Moolenbroek the rest of this package (see the description for the 39*00b67f09SDavid van Moolenbroek dns.conf file below).</para> 40*00b67f09SDavid van Moolenbroek </listitem> 41*00b67f09SDavid van Moolenbroek <listitem> 42*00b67f09SDavid van Moolenbroek <para>As part of the IRS library, newly implemented standard 43*00b67f09SDavid van Moolenbroek address-name mapping functions, getaddrinfo() and 44*00b67f09SDavid van Moolenbroek getnameinfo(), are provided. They use the DNSSEC-aware 45*00b67f09SDavid van Moolenbroek validating resolver backend, and could use other advanced 46*00b67f09SDavid van Moolenbroek features of the BIND 9 libraries such as caching. The 47*00b67f09SDavid van Moolenbroek getaddrinfo() function resolves both A and AAAA RRs 48*00b67f09SDavid van Moolenbroek concurrently (when the address family is unspecified).</para> 49*00b67f09SDavid van Moolenbroek </listitem> 50*00b67f09SDavid van Moolenbroek <listitem> 51*00b67f09SDavid van Moolenbroek <para>An experimental framework to support other event 52*00b67f09SDavid van Moolenbroek libraries than BIND 9's internal event task system.</para> 53*00b67f09SDavid van Moolenbroek </listitem> 54*00b67f09SDavid van Moolenbroek </itemizedlist> 55*00b67f09SDavid van Moolenbroek <sect2> 56*00b67f09SDavid van Moolenbroek <title>Prerequisite</title> 57*00b67f09SDavid van Moolenbroek <para>GNU make is required to build the export libraries (other 58*00b67f09SDavid van Moolenbroek part of BIND 9 can still be built with other types of make). In 59*00b67f09SDavid van Moolenbroek the reminder of this document, "make" means GNU make. Note that 60*00b67f09SDavid van Moolenbroek in some platforms you may need to invoke a different command name 61*00b67f09SDavid van Moolenbroek than "make" (e.g. "gmake") to indicate it's GNU make.</para> 62*00b67f09SDavid van Moolenbroek </sect2> 63*00b67f09SDavid van Moolenbroek <sect2> 64*00b67f09SDavid van Moolenbroek <title>Compilation</title> 65*00b67f09SDavid van Moolenbroek <screen> 66*00b67f09SDavid van Moolenbroek$ <userinput>./configure --enable-exportlib <replaceable>[other flags]</replaceable></userinput> 67*00b67f09SDavid van Moolenbroek$ <userinput>make</userinput> 68*00b67f09SDavid van Moolenbroek</screen> 69*00b67f09SDavid van Moolenbroek <para> 70*00b67f09SDavid van Moolenbroek This will create (in addition to usual BIND 9 programs) and a 71*00b67f09SDavid van Moolenbroek separate set of libraries under the lib/export directory. For 72*00b67f09SDavid van Moolenbroek example, <filename>lib/export/dns/libdns.a</filename> is the archive file of the 73*00b67f09SDavid van Moolenbroek export version of the BIND 9 DNS library. Sample application 74*00b67f09SDavid van Moolenbroek programs using the libraries will also be built under the 75*00b67f09SDavid van Moolenbroek lib/export/samples directory (see below).</para> 76*00b67f09SDavid van Moolenbroek </sect2> 77*00b67f09SDavid van Moolenbroek <sect2> 78*00b67f09SDavid van Moolenbroek <title>Installation</title> 79*00b67f09SDavid van Moolenbroek <screen> 80*00b67f09SDavid van Moolenbroek$ <userinput>cd lib/export</userinput> 81*00b67f09SDavid van Moolenbroek$ <userinput>make install</userinput> 82*00b67f09SDavid van Moolenbroek</screen> 83*00b67f09SDavid van Moolenbroek <para> 84*00b67f09SDavid van Moolenbroek This will install library object files under the directory 85*00b67f09SDavid van Moolenbroek specified by the --with-export-libdir configure option (default: 86*00b67f09SDavid van Moolenbroek EPREFIX/lib/bind9), and header files under the directory 87*00b67f09SDavid van Moolenbroek specified by the --with-export-includedir configure option 88*00b67f09SDavid van Moolenbroek (default: PREFIX/include/bind9). 89*00b67f09SDavid van Moolenbroek Root privilege is normally required. 90*00b67f09SDavid van Moolenbroek "<command>make install</command>" at the top directory will do the 91*00b67f09SDavid van Moolenbroek same. 92*00b67f09SDavid van Moolenbroek </para> 93*00b67f09SDavid van Moolenbroek <para> 94*00b67f09SDavid van Moolenbroek To see how to build your own 95*00b67f09SDavid van Moolenbroek application after the installation, see 96*00b67f09SDavid van Moolenbroek <filename>lib/export/samples/Makefile-postinstall.in</filename>.</para> 97*00b67f09SDavid van Moolenbroek </sect2> 98*00b67f09SDavid van Moolenbroek <sect2> 99*00b67f09SDavid van Moolenbroek <title>Known Defects/Restrictions</title> 100*00b67f09SDavid van Moolenbroek <itemizedlist> 101*00b67f09SDavid van Moolenbroek <listitem> 102*00b67f09SDavid van Moolenbroek<!-- TODO: what about AIX? --> 103*00b67f09SDavid van Moolenbroek <para>Currently, win32 is not supported for the export 104*00b67f09SDavid van Moolenbroek library. (Normal BIND 9 application can be built as 105*00b67f09SDavid van Moolenbroek before).</para> 106*00b67f09SDavid van Moolenbroek </listitem> 107*00b67f09SDavid van Moolenbroek <listitem> 108*00b67f09SDavid van Moolenbroek <para>The "fixed" RRset order is not (currently) supported in 109*00b67f09SDavid van Moolenbroek the export library. If you want to use "fixed" RRset order 110*00b67f09SDavid van Moolenbroek for, e.g. <command>named</command> while still building the 111*00b67f09SDavid van Moolenbroek export library even without the fixed order support, build 112*00b67f09SDavid van Moolenbroek them separately: 113*00b67f09SDavid van Moolenbroek <screen> 114*00b67f09SDavid van Moolenbroek$ <userinput>./configure --enable-fixed-rrset <replaceable>[other flags, but not --enable-exportlib]</replaceable></userinput> 115*00b67f09SDavid van Moolenbroek$ <userinput>make</userinput> 116*00b67f09SDavid van Moolenbroek$ <userinput>./configure --enable-exportlib <replaceable>[other flags, but not --enable-fixed-rrset]</replaceable></userinput> 117*00b67f09SDavid van Moolenbroek$ <userinput>cd lib/export</userinput> 118*00b67f09SDavid van Moolenbroek$ <userinput>make</userinput> 119*00b67f09SDavid van Moolenbroek</screen> 120*00b67f09SDavid van Moolenbroek </para> 121*00b67f09SDavid van Moolenbroek </listitem> 122*00b67f09SDavid van Moolenbroek <listitem> 123*00b67f09SDavid van Moolenbroek <para>The client module and the IRS library currently do not 124*00b67f09SDavid van Moolenbroek support DNSSEC validation using DLV (the underlying modules 125*00b67f09SDavid van Moolenbroek can handle it, but there is no tunable interface to enable 126*00b67f09SDavid van Moolenbroek the feature).</para> 127*00b67f09SDavid van Moolenbroek </listitem> 128*00b67f09SDavid van Moolenbroek <listitem> 129*00b67f09SDavid van Moolenbroek <para>RFC 5011 is not supported in the validating stub 130*00b67f09SDavid van Moolenbroek resolver of the export library. In fact, it is not clear 131*00b67f09SDavid van Moolenbroek whether it should: trust anchors would be a system-wide 132*00b67f09SDavid van Moolenbroek configuration which would be managed by an administrator, 133*00b67f09SDavid van Moolenbroek while the stub resolver will be used by ordinary applications 134*00b67f09SDavid van Moolenbroek run by a normal user.</para> 135*00b67f09SDavid van Moolenbroek </listitem> 136*00b67f09SDavid van Moolenbroek <listitem> 137*00b67f09SDavid van Moolenbroek <para>Not all common <filename>/etc/resolv.conf</filename> 138*00b67f09SDavid van Moolenbroek options are supported 139*00b67f09SDavid van Moolenbroek in the IRS library. The only available options in this 140*00b67f09SDavid van Moolenbroek version are "debug" and "ndots".</para> 141*00b67f09SDavid van Moolenbroek </listitem> 142*00b67f09SDavid van Moolenbroek </itemizedlist> 143*00b67f09SDavid van Moolenbroek </sect2> 144*00b67f09SDavid van Moolenbroek <sect2> 145*00b67f09SDavid van Moolenbroek <title>The dns.conf File</title> 146*00b67f09SDavid van Moolenbroek <para>The IRS library supports an "advanced" configuration file 147*00b67f09SDavid van Moolenbroek related to the DNS library for configuration parameters that 148*00b67f09SDavid van Moolenbroek would be beyond the capability of the 149*00b67f09SDavid van Moolenbroek <filename>resolv.conf</filename> file. 150*00b67f09SDavid van Moolenbroek Specifically, it is intended to provide DNSSEC related 151*00b67f09SDavid van Moolenbroek configuration parameters. By default the path to this 152*00b67f09SDavid van Moolenbroek configuration file is <filename>/etc/dns.conf</filename>. 153*00b67f09SDavid van Moolenbroek This module is very 154*00b67f09SDavid van Moolenbroek experimental and the configuration syntax or library interfaces 155*00b67f09SDavid van Moolenbroek may change in future versions. Currently, only the 156*00b67f09SDavid van Moolenbroek <command>trusted-keys</command> 157*00b67f09SDavid van Moolenbroek statement is supported, whose syntax is the same as the same name 158*00b67f09SDavid van Moolenbroek of statement for <filename>named.conf</filename>. (See 159*00b67f09SDavid van Moolenbroek <xref linkend="trusted-keys" /> for details.)</para> 160*00b67f09SDavid van Moolenbroek </sect2> 161*00b67f09SDavid van Moolenbroek <sect2> 162*00b67f09SDavid van Moolenbroek <title>Sample Applications</title> 163*00b67f09SDavid van Moolenbroek <para>Some sample application programs using this API are 164*00b67f09SDavid van Moolenbroek provided for reference. The following is a brief description of 165*00b67f09SDavid van Moolenbroek these applications. 166*00b67f09SDavid van Moolenbroek </para> 167*00b67f09SDavid van Moolenbroek <sect3> 168*00b67f09SDavid van Moolenbroek <title>sample: a simple stub resolver utility</title> 169*00b67f09SDavid van Moolenbroek <para> 170*00b67f09SDavid van Moolenbroek It sends a query of a given name (of a given optional RR type) to a 171*00b67f09SDavid van Moolenbroek specified recursive server, and prints the result as a list of 172*00b67f09SDavid van Moolenbroek RRs. It can also act as a validating stub resolver if a trust 173*00b67f09SDavid van Moolenbroek anchor is given via a set of command line options.</para> 174*00b67f09SDavid van Moolenbroek <para> 175*00b67f09SDavid van Moolenbroek Usage: sample [options] server_address hostname 176*00b67f09SDavid van Moolenbroek </para> 177*00b67f09SDavid van Moolenbroek <para> 178*00b67f09SDavid van Moolenbroek Options and Arguments: 179*00b67f09SDavid van Moolenbroek </para> 180*00b67f09SDavid van Moolenbroek <variablelist> 181*00b67f09SDavid van Moolenbroek <varlistentry> 182*00b67f09SDavid van Moolenbroek <term> 183*00b67f09SDavid van Moolenbroek -t RRtype 184*00b67f09SDavid van Moolenbroek </term> 185*00b67f09SDavid van Moolenbroek <listitem><para> 186*00b67f09SDavid van Moolenbroek specify the RR type of the query. The default is the A RR. 187*00b67f09SDavid van Moolenbroek </para></listitem> 188*00b67f09SDavid van Moolenbroek </varlistentry> 189*00b67f09SDavid van Moolenbroek <varlistentry> 190*00b67f09SDavid van Moolenbroek <term> 191*00b67f09SDavid van Moolenbroek [-a algorithm] [-e] -k keyname -K keystring 192*00b67f09SDavid van Moolenbroek </term> 193*00b67f09SDavid van Moolenbroek <listitem><para> 194*00b67f09SDavid van Moolenbroek specify a command-line DNS key to validate the answer. For 195*00b67f09SDavid van Moolenbroek example, to specify the following DNSKEY of example.com: 196*00b67f09SDavid van Moolenbroek<literallayout> 197*00b67f09SDavid van Moolenbroek example.com. 3600 IN DNSKEY 257 3 5 xxx 198*00b67f09SDavid van Moolenbroek</literallayout> 199*00b67f09SDavid van Moolenbroek specify the options as follows: 200*00b67f09SDavid van Moolenbroek<screen> 201*00b67f09SDavid van Moolenbroek<userinput> 202*00b67f09SDavid van Moolenbroek -e -k example.com -K "xxx" 203*00b67f09SDavid van Moolenbroek</userinput> 204*00b67f09SDavid van Moolenbroek</screen> 205*00b67f09SDavid van Moolenbroek -e means that this key is a zone's "key signing key" (as known 206*00b67f09SDavid van Moolenbroek as "secure Entry point"). 207*00b67f09SDavid van Moolenbroek When -a is omitted rsasha1 will be used by default. 208*00b67f09SDavid van Moolenbroek </para></listitem> 209*00b67f09SDavid van Moolenbroek </varlistentry> 210*00b67f09SDavid van Moolenbroek <varlistentry> 211*00b67f09SDavid van Moolenbroek <term> 212*00b67f09SDavid van Moolenbroek -s domain:alt_server_address 213*00b67f09SDavid van Moolenbroek </term> 214*00b67f09SDavid van Moolenbroek <listitem><para> 215*00b67f09SDavid van Moolenbroek specify a separate recursive server address for the specific 216*00b67f09SDavid van Moolenbroek "domain". Example: -s example.com:2001:db8::1234 217*00b67f09SDavid van Moolenbroek </para></listitem> 218*00b67f09SDavid van Moolenbroek </varlistentry> 219*00b67f09SDavid van Moolenbroek <varlistentry> 220*00b67f09SDavid van Moolenbroek <term>server_address</term> 221*00b67f09SDavid van Moolenbroek <listitem><para> 222*00b67f09SDavid van Moolenbroek an IP(v4/v6) address of the recursive server to which queries 223*00b67f09SDavid van Moolenbroek are sent. 224*00b67f09SDavid van Moolenbroek </para></listitem> 225*00b67f09SDavid van Moolenbroek </varlistentry> 226*00b67f09SDavid van Moolenbroek <varlistentry> 227*00b67f09SDavid van Moolenbroek <term>hostname</term> 228*00b67f09SDavid van Moolenbroek <listitem><para> 229*00b67f09SDavid van Moolenbroek the domain name for the query 230*00b67f09SDavid van Moolenbroek </para></listitem> 231*00b67f09SDavid van Moolenbroek </varlistentry> 232*00b67f09SDavid van Moolenbroek </variablelist> 233*00b67f09SDavid van Moolenbroek </sect3> 234*00b67f09SDavid van Moolenbroek <sect3> 235*00b67f09SDavid van Moolenbroek <title>sample-async: a simple stub resolver, working asynchronously</title> 236*00b67f09SDavid van Moolenbroek <para> 237*00b67f09SDavid van Moolenbroek Similar to "sample", but accepts a list 238*00b67f09SDavid van Moolenbroek of (query) domain names as a separate file and resolves the names 239*00b67f09SDavid van Moolenbroek asynchronously.</para> 240*00b67f09SDavid van Moolenbroek <para> 241*00b67f09SDavid van Moolenbroek Usage: sample-async [-s server_address] [-t RR_type] input_file</para> 242*00b67f09SDavid van Moolenbroek <para> 243*00b67f09SDavid van Moolenbroek Options and Arguments: 244*00b67f09SDavid van Moolenbroek </para> 245*00b67f09SDavid van Moolenbroek <variablelist> 246*00b67f09SDavid van Moolenbroek <varlistentry> 247*00b67f09SDavid van Moolenbroek <term> 248*00b67f09SDavid van Moolenbroek -s server_address 249*00b67f09SDavid van Moolenbroek </term> 250*00b67f09SDavid van Moolenbroek <listitem> 251*00b67f09SDavid van Moolenbroek an IPv4 address of the recursive server to which queries are sent. 252*00b67f09SDavid van Moolenbroek (IPv6 addresses are not supported in this implementation) 253*00b67f09SDavid van Moolenbroek </listitem> 254*00b67f09SDavid van Moolenbroek </varlistentry> 255*00b67f09SDavid van Moolenbroek <varlistentry> 256*00b67f09SDavid van Moolenbroek <term> 257*00b67f09SDavid van Moolenbroek -t RR_type 258*00b67f09SDavid van Moolenbroek </term> 259*00b67f09SDavid van Moolenbroek <listitem> 260*00b67f09SDavid van Moolenbroek specify the RR type of the queries. The default is the A 261*00b67f09SDavid van Moolenbroek RR. 262*00b67f09SDavid van Moolenbroek </listitem> 263*00b67f09SDavid van Moolenbroek </varlistentry> 264*00b67f09SDavid van Moolenbroek <varlistentry> 265*00b67f09SDavid van Moolenbroek <term> 266*00b67f09SDavid van Moolenbroek input_file 267*00b67f09SDavid van Moolenbroek </term> 268*00b67f09SDavid van Moolenbroek <listitem> 269*00b67f09SDavid van Moolenbroek a list of domain names to be resolved. each line 270*00b67f09SDavid van Moolenbroek consists of a single domain name. Example: 271*00b67f09SDavid van Moolenbroek <literallayout> 272*00b67f09SDavid van Moolenbroek www.example.com 273*00b67f09SDavid van Moolenbroek mx.example.net 274*00b67f09SDavid van Moolenbroek ns.xxx.example 275*00b67f09SDavid van Moolenbroek</literallayout> 276*00b67f09SDavid van Moolenbroek </listitem> 277*00b67f09SDavid van Moolenbroek </varlistentry> 278*00b67f09SDavid van Moolenbroek </variablelist> 279*00b67f09SDavid van Moolenbroek </sect3> 280*00b67f09SDavid van Moolenbroek <sect3> 281*00b67f09SDavid van Moolenbroek <title>sample-request: a simple DNS transaction client</title> 282*00b67f09SDavid van Moolenbroek <para> 283*00b67f09SDavid van Moolenbroek It sends a query to a specified server, and 284*00b67f09SDavid van Moolenbroek prints the response with minimal processing. It doesn't act as a 285*00b67f09SDavid van Moolenbroek "stub resolver": it stops the processing once it gets any 286*00b67f09SDavid van Moolenbroek response from the server, whether it's a referral or an alias 287*00b67f09SDavid van Moolenbroek (CNAME or DNAME) that would require further queries to get the 288*00b67f09SDavid van Moolenbroek ultimate answer. In other words, this utility acts as a very 289*00b67f09SDavid van Moolenbroek simplified <command>dig</command>. 290*00b67f09SDavid van Moolenbroek </para> 291*00b67f09SDavid van Moolenbroek <para> 292*00b67f09SDavid van Moolenbroek Usage: sample-request [-t RRtype] server_address hostname 293*00b67f09SDavid van Moolenbroek </para> 294*00b67f09SDavid van Moolenbroek <para> 295*00b67f09SDavid van Moolenbroek Options and Arguments: 296*00b67f09SDavid van Moolenbroek </para> 297*00b67f09SDavid van Moolenbroek <variablelist> 298*00b67f09SDavid van Moolenbroek <varlistentry> 299*00b67f09SDavid van Moolenbroek <term> 300*00b67f09SDavid van Moolenbroek -t RRtype 301*00b67f09SDavid van Moolenbroek </term> 302*00b67f09SDavid van Moolenbroek <listitem> 303*00b67f09SDavid van Moolenbroek <para> 304*00b67f09SDavid van Moolenbroek specify the RR type of 305*00b67f09SDavid van Moolenbroek the queries. The default is the A RR. 306*00b67f09SDavid van Moolenbroek </para> 307*00b67f09SDavid van Moolenbroek </listitem> 308*00b67f09SDavid van Moolenbroek </varlistentry> 309*00b67f09SDavid van Moolenbroek <varlistentry> 310*00b67f09SDavid van Moolenbroek <term> 311*00b67f09SDavid van Moolenbroek server_address 312*00b67f09SDavid van Moolenbroek </term> 313*00b67f09SDavid van Moolenbroek <listitem> 314*00b67f09SDavid van Moolenbroek <para> 315*00b67f09SDavid van Moolenbroek an IP(v4/v6) 316*00b67f09SDavid van Moolenbroek address of the recursive server to which the query is sent. 317*00b67f09SDavid van Moolenbroek </para> 318*00b67f09SDavid van Moolenbroek </listitem> 319*00b67f09SDavid van Moolenbroek </varlistentry> 320*00b67f09SDavid van Moolenbroek <varlistentry> 321*00b67f09SDavid van Moolenbroek <term> 322*00b67f09SDavid van Moolenbroek hostname 323*00b67f09SDavid van Moolenbroek </term> 324*00b67f09SDavid van Moolenbroek <listitem> 325*00b67f09SDavid van Moolenbroek <para> 326*00b67f09SDavid van Moolenbroek the domain name for the query 327*00b67f09SDavid van Moolenbroek </para> 328*00b67f09SDavid van Moolenbroek </listitem> 329*00b67f09SDavid van Moolenbroek </varlistentry> 330*00b67f09SDavid van Moolenbroek </variablelist> 331*00b67f09SDavid van Moolenbroek </sect3> 332*00b67f09SDavid van Moolenbroek <sect3> 333*00b67f09SDavid van Moolenbroek <title>sample-gai: getaddrinfo() and getnameinfo() test code</title> 334*00b67f09SDavid van Moolenbroek <para> 335*00b67f09SDavid van Moolenbroek This is a test program 336*00b67f09SDavid van Moolenbroek to check getaddrinfo() and getnameinfo() behavior. It takes a 337*00b67f09SDavid van Moolenbroek host name as an argument, calls getaddrinfo() with the given host 338*00b67f09SDavid van Moolenbroek name, and calls getnameinfo() with the resulting IP addresses 339*00b67f09SDavid van Moolenbroek returned by getaddrinfo(). If the dns.conf file exists and 340*00b67f09SDavid van Moolenbroek defines a trust anchor, the underlying resolver will act as a 341*00b67f09SDavid van Moolenbroek validating resolver, and getaddrinfo()/getnameinfo() will fail 342*00b67f09SDavid van Moolenbroek with an EAI_INSECUREDATA error when DNSSEC validation fails. 343*00b67f09SDavid van Moolenbroek </para> 344*00b67f09SDavid van Moolenbroek <para> 345*00b67f09SDavid van Moolenbroek Usage: sample-gai hostname 346*00b67f09SDavid van Moolenbroek </para> 347*00b67f09SDavid van Moolenbroek </sect3> 348*00b67f09SDavid van Moolenbroek <sect3> 349*00b67f09SDavid van Moolenbroek <title>sample-update: a simple dynamic update client program</title> 350*00b67f09SDavid van Moolenbroek <para> 351*00b67f09SDavid van Moolenbroek It accepts a single update command as a 352*00b67f09SDavid van Moolenbroek command-line argument, sends an update request message to the 353*00b67f09SDavid van Moolenbroek authoritative server, and shows the response from the server. In 354*00b67f09SDavid van Moolenbroek other words, this is a simplified <command>nsupdate</command>. 355*00b67f09SDavid van Moolenbroek </para> 356*00b67f09SDavid van Moolenbroek <para> 357*00b67f09SDavid van Moolenbroek Usage: sample-update [options] (add|delete) "update data" 358*00b67f09SDavid van Moolenbroek </para> 359*00b67f09SDavid van Moolenbroek <para> 360*00b67f09SDavid van Moolenbroek Options and Arguments: 361*00b67f09SDavid van Moolenbroek </para> 362*00b67f09SDavid van Moolenbroek <variablelist> 363*00b67f09SDavid van Moolenbroek <varlistentry> 364*00b67f09SDavid van Moolenbroek <term> 365*00b67f09SDavid van Moolenbroek -a auth_server 366*00b67f09SDavid van Moolenbroek </term> 367*00b67f09SDavid van Moolenbroek <listitem><para> 368*00b67f09SDavid van Moolenbroek An IP address of the authoritative server that has authority 369*00b67f09SDavid van Moolenbroek for the zone containing the update name. This should normally 370*00b67f09SDavid van Moolenbroek be the primary authoritative server that accepts dynamic 371*00b67f09SDavid van Moolenbroek updates. It can also be a secondary server that is configured 372*00b67f09SDavid van Moolenbroek to forward update requests to the primary server. 373*00b67f09SDavid van Moolenbroek </para></listitem> 374*00b67f09SDavid van Moolenbroek </varlistentry> 375*00b67f09SDavid van Moolenbroek <varlistentry> 376*00b67f09SDavid van Moolenbroek <term> 377*00b67f09SDavid van Moolenbroek -k keyfile 378*00b67f09SDavid van Moolenbroek </term> 379*00b67f09SDavid van Moolenbroek <listitem><para> 380*00b67f09SDavid van Moolenbroek A TSIG key file to secure the update transaction. The keyfile 381*00b67f09SDavid van Moolenbroek format is the same as that for the nsupdate utility. 382*00b67f09SDavid van Moolenbroek </para></listitem> 383*00b67f09SDavid van Moolenbroek </varlistentry> 384*00b67f09SDavid van Moolenbroek <varlistentry> 385*00b67f09SDavid van Moolenbroek <term> 386*00b67f09SDavid van Moolenbroek -p prerequisite 387*00b67f09SDavid van Moolenbroek </term> 388*00b67f09SDavid van Moolenbroek <listitem><para> 389*00b67f09SDavid van Moolenbroek A prerequisite for the update (only one prerequisite can be 390*00b67f09SDavid van Moolenbroek specified). The prerequisite format is the same as that is 391*00b67f09SDavid van Moolenbroek accepted by the nsupdate utility. 392*00b67f09SDavid van Moolenbroek </para></listitem> 393*00b67f09SDavid van Moolenbroek </varlistentry> 394*00b67f09SDavid van Moolenbroek <varlistentry> 395*00b67f09SDavid van Moolenbroek <term> 396*00b67f09SDavid van Moolenbroek -r recursive_server 397*00b67f09SDavid van Moolenbroek </term> 398*00b67f09SDavid van Moolenbroek <listitem><para> 399*00b67f09SDavid van Moolenbroek An IP address of a recursive server that this utility will 400*00b67f09SDavid van Moolenbroek use. A recursive server may be necessary to identify the 401*00b67f09SDavid van Moolenbroek authoritative server address to which the update request is 402*00b67f09SDavid van Moolenbroek sent. 403*00b67f09SDavid van Moolenbroek </para></listitem> 404*00b67f09SDavid van Moolenbroek </varlistentry> 405*00b67f09SDavid van Moolenbroek <varlistentry> 406*00b67f09SDavid van Moolenbroek <term> 407*00b67f09SDavid van Moolenbroek -z zonename 408*00b67f09SDavid van Moolenbroek </term> 409*00b67f09SDavid van Moolenbroek <listitem><para> 410*00b67f09SDavid van Moolenbroek The domain name of the zone that contains 411*00b67f09SDavid van Moolenbroek </para></listitem> 412*00b67f09SDavid van Moolenbroek </varlistentry> 413*00b67f09SDavid van Moolenbroek <varlistentry> 414*00b67f09SDavid van Moolenbroek <term> 415*00b67f09SDavid van Moolenbroek (add|delete) 416*00b67f09SDavid van Moolenbroek </term> 417*00b67f09SDavid van Moolenbroek <listitem><para> 418*00b67f09SDavid van Moolenbroek Specify the type of update operation. Either "add" or "delete" 419*00b67f09SDavid van Moolenbroek must be specified. 420*00b67f09SDavid van Moolenbroek </para></listitem> 421*00b67f09SDavid van Moolenbroek </varlistentry> 422*00b67f09SDavid van Moolenbroek <varlistentry> 423*00b67f09SDavid van Moolenbroek <term> 424*00b67f09SDavid van Moolenbroek "update data" 425*00b67f09SDavid van Moolenbroek </term> 426*00b67f09SDavid van Moolenbroek <listitem><para> 427*00b67f09SDavid van Moolenbroek Specify the data to be updated. A typical example of the data 428*00b67f09SDavid van Moolenbroek would look like "name TTL RRtype RDATA". 429*00b67f09SDavid van Moolenbroek </para></listitem> 430*00b67f09SDavid van Moolenbroek </varlistentry> 431*00b67f09SDavid van Moolenbroek </variablelist> 432*00b67f09SDavid van Moolenbroek 433*00b67f09SDavid van Moolenbroek <note>In practice, either -a or -r must be specified. Others can 434*00b67f09SDavid van Moolenbroek be optional; the underlying library routine tries to identify the 435*00b67f09SDavid van Moolenbroek appropriate server and the zone name for the update.</note> 436*00b67f09SDavid van Moolenbroek 437*00b67f09SDavid van Moolenbroek <para> 438*00b67f09SDavid van Moolenbroek Examples: assuming the primary authoritative server of the 439*00b67f09SDavid van Moolenbroek dynamic.example.com zone has an IPv6 address 2001:db8::1234, 440*00b67f09SDavid van Moolenbroek </para> 441*00b67f09SDavid van Moolenbroek <screen> 442*00b67f09SDavid van Moolenbroek$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</userinput></screen> 443*00b67f09SDavid van Moolenbroek <para> 444*00b67f09SDavid van Moolenbroek adds an A RR for foo.dynamic.example.com using the given key. 445*00b67f09SDavid van Moolenbroek </para> 446*00b67f09SDavid van Moolenbroek <screen> 447*00b67f09SDavid van Moolenbroek$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</userinput></screen> 448*00b67f09SDavid van Moolenbroek <para> 449*00b67f09SDavid van Moolenbroek removes all A RRs for foo.dynamic.example.com using the given key. 450*00b67f09SDavid van Moolenbroek </para> 451*00b67f09SDavid van Moolenbroek <screen> 452*00b67f09SDavid van Moolenbroek$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</userinput></screen> 453*00b67f09SDavid van Moolenbroek <para> 454*00b67f09SDavid van Moolenbroek removes all RRs for foo.dynamic.example.com using the given key. 455*00b67f09SDavid van Moolenbroek </para> 456*00b67f09SDavid van Moolenbroek </sect3> 457*00b67f09SDavid van Moolenbroek <sect3> 458*00b67f09SDavid van Moolenbroek <title>nsprobe: domain/name server checker in terms of RFC 4074</title> 459*00b67f09SDavid van Moolenbroek <para> 460*00b67f09SDavid van Moolenbroek It checks a set 461*00b67f09SDavid van Moolenbroek of domains to see the name servers of the domains behave 462*00b67f09SDavid van Moolenbroek correctly in terms of RFC 4074. This is included in the set of 463*00b67f09SDavid van Moolenbroek sample programs to show how the export library can be used in a 464*00b67f09SDavid van Moolenbroek DNS-related application. 465*00b67f09SDavid van Moolenbroek </para> 466*00b67f09SDavid van Moolenbroek <para> 467*00b67f09SDavid van Moolenbroek Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file] 468*00b67f09SDavid van Moolenbroek </para> 469*00b67f09SDavid van Moolenbroek <para> 470*00b67f09SDavid van Moolenbroek Options 471*00b67f09SDavid van Moolenbroek </para> 472*00b67f09SDavid van Moolenbroek 473*00b67f09SDavid van Moolenbroek <variablelist> 474*00b67f09SDavid van Moolenbroek <varlistentry> 475*00b67f09SDavid van Moolenbroek <term> 476*00b67f09SDavid van Moolenbroek -d 477*00b67f09SDavid van Moolenbroek </term> 478*00b67f09SDavid van Moolenbroek <listitem><para> 479*00b67f09SDavid van Moolenbroek run in the "debug" mode. with this option nsprobe will dump 480*00b67f09SDavid van Moolenbroek every RRs it receives. 481*00b67f09SDavid van Moolenbroek </para></listitem> 482*00b67f09SDavid van Moolenbroek </varlistentry> 483*00b67f09SDavid van Moolenbroek <varlistentry> 484*00b67f09SDavid van Moolenbroek <term> 485*00b67f09SDavid van Moolenbroek -v 486*00b67f09SDavid van Moolenbroek </term> 487*00b67f09SDavid van Moolenbroek <listitem><para> 488*00b67f09SDavid van Moolenbroek increase verbosity of other normal log messages. This can be 489*00b67f09SDavid van Moolenbroek specified multiple times 490*00b67f09SDavid van Moolenbroek </para></listitem> 491*00b67f09SDavid van Moolenbroek </varlistentry> 492*00b67f09SDavid van Moolenbroek <varlistentry> 493*00b67f09SDavid van Moolenbroek <term> 494*00b67f09SDavid van Moolenbroek -c cache_address 495*00b67f09SDavid van Moolenbroek </term> 496*00b67f09SDavid van Moolenbroek <listitem><para> 497*00b67f09SDavid van Moolenbroek specify an IP address of a recursive (caching) name server. 498*00b67f09SDavid van Moolenbroek nsprobe uses this server to get the NS RRset of each domain and 499*00b67f09SDavid van Moolenbroek the A and/or AAAA RRsets for the name servers. The default 500*00b67f09SDavid van Moolenbroek value is 127.0.0.1. 501*00b67f09SDavid van Moolenbroek </para></listitem> 502*00b67f09SDavid van Moolenbroek </varlistentry> 503*00b67f09SDavid van Moolenbroek <varlistentry> 504*00b67f09SDavid van Moolenbroek <term> 505*00b67f09SDavid van Moolenbroek input_file 506*00b67f09SDavid van Moolenbroek </term> 507*00b67f09SDavid van Moolenbroek <listitem><para> 508*00b67f09SDavid van Moolenbroek a file name containing a list of domain (zone) names to be 509*00b67f09SDavid van Moolenbroek probed. when omitted the standard input will be used. Each 510*00b67f09SDavid van Moolenbroek line of the input file specifies a single domain name such as 511*00b67f09SDavid van Moolenbroek "example.com". In general this domain name must be the apex 512*00b67f09SDavid van Moolenbroek name of some DNS zone (unlike normal "host names" such as 513*00b67f09SDavid van Moolenbroek "www.example.com"). nsprobe first identifies the NS RRsets for 514*00b67f09SDavid van Moolenbroek the given domain name, and sends A and AAAA queries to these 515*00b67f09SDavid van Moolenbroek servers for some "widely used" names under the zone; 516*00b67f09SDavid van Moolenbroek specifically, adding "www" and "ftp" to the zone name. 517*00b67f09SDavid van Moolenbroek </para></listitem> 518*00b67f09SDavid van Moolenbroek </varlistentry> 519*00b67f09SDavid van Moolenbroek </variablelist> 520*00b67f09SDavid van Moolenbroek </sect3> 521*00b67f09SDavid van Moolenbroek </sect2> 522*00b67f09SDavid van Moolenbroek <sect2> 523*00b67f09SDavid van Moolenbroek <title>Library References</title> 524*00b67f09SDavid van Moolenbroek <para>As of this writing, there is no formal "manual" of the 525*00b67f09SDavid van Moolenbroek libraries, except this document, header files (some of them 526*00b67f09SDavid van Moolenbroek provide pretty detailed explanations), and sample application 527*00b67f09SDavid van Moolenbroek programs.</para> 528*00b67f09SDavid van Moolenbroek </sect2> 529*00b67f09SDavid van Moolenbroek</sect1> 530*00b67f09SDavid van Moolenbroek<!-- Id: libdns.xml,v 1.3 2010/02/03 23:49:07 tbox Exp --> 531