+3205. [func] Upgrade dig's defaults to better reflect modern
+ nameserver behaviour. Enable "dig +adflag" and
+ "dig +edns=0" by default. Enable "+dnssec" when
+ running "dig +trace". [RT #23497]
+
3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable
again. [RT #25960]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.242 2011/03/11 06:11:20 marka Exp $ */
+/* $Id: dig.c,v 1.243 2011/11/04 10:41:38 marka Exp $ */
/*! \file */
" +domain=### (Set default domainname)\n"
" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
" +ndots=### (Set NDOTS value)\n"
-" +edns=### (Set EDNS version)\n"
+" +edns=### (Set EDNS version) [0]\n"
" +[no]search (Set whether to use searchlist)\n"
" +[no]showsearch (Search with intermediate results)\n"
" +[no]defname (Ditto)\n"
" +[no]qr (Print question before sending)\n"
" +[no]nssearch (Search all authoritative nameservers)\n"
" +[no]identify (ID responders in short answers)\n"
-" +[no]trace (Trace delegation down from root)\n"
+" +[no]trace (Trace delegation down from root, [+dnssec])\n"
" +[no]dnssec (Request DNSSEC records)\n"
" +[no]nsid (Request Name Server ID)\n"
#ifdef DIG_SIGCHASE
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE;
lookup->section_question = ISC_FALSE;
+ lookup->dnssec = ISC_TRUE;
usesearch = ISC_FALSE;
}
break;
if (!is_batchfile) {
debug("making new lookup");
default_lookup = make_empty_lookup();
+ default_lookup->adflag = ISC_TRUE;
+ default_lookup->edns = 0;
#ifndef NOPOSIX
/*
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.49 2011/03/05 23:52:29 tbox Exp $ -->
+<!-- $Id: dig.docbook,v 1.50 2011/11/04 10:41:38 marka Exp $ -->
<refentry id="man.dig">
<refentryinfo>
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
- of the answer was insecure or not validated.
+ of the answer was insecure or not validated. This
+ bit is set by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]recurse</option></term>
- <listitem>
- <para>
- Toggle the setting of the RD (recursion desired) bit in the
- query.
- This bit is set by default, which means <command>dig</command>
- normally sends recursive queries. Recursion is automatically
- disabled
- when the <parameter>+nssearch</parameter> or
- <parameter>+trace</parameter> query options are
- used.
- </para>
- </listitem>
- </varlistentry>
+ <listitem>
+ <para>
+ Toggle the setting of the RD (recursion desired) bit
+ in the query. This bit is set by default, which means
+ <command>dig</command> normally sends recursive
+ queries. Recursion is automatically disabled when
+ the <parameter>+nssearch</parameter> or
+ <parameter>+trace</parameter> query options are used.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><option>+[no]nssearch</option></term>
<varlistentry>
<term><option>+[no]trace</option></term>
<listitem>
- <para>
- Toggle tracing of the delegation path from the root name servers
- for
- the name being looked up. Tracing is disabled by default. When
- tracing is enabled, <command>dig</command> makes
- iterative queries to
- resolve the name being looked up. It will follow referrals from
- the
- root servers, showing the answer from each server that was used
- to
- resolve the lookup.
- </para>
- </listitem>
- </varlistentry>
+ <para>
+ Toggle tracing of the delegation path from the root
+ name servers for the name being looked up. Tracing
+ is disabled by default. When tracing is enabled,
+ <command>dig</command> makes iterative queries to
+ resolve the name being looked up. It will follow
+ referrals from the root servers, showing the answer
+ from each server that was used to resolve the lookup.
+ </para>
+ <para>
+ <commmand>+dnssec</command> is also set when +trace is
+ set to better emulate the default queries from a nameserver.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><option>+[no]cmd</option></term>
<listitem>
<para>
Specify the EDNS version to query with. Valid values
- are 0 to 255. Setting the EDNS version will cause a
- EDNS query to be sent. <option>+noedns</option> clears the
- remembered EDNS version.
+ are 0 to 255. Setting the EDNS version will cause
+ a EDNS query to be sent. <option>+noedns</option>
+ clears the remembered EDNS version. EDNS is set to
+ 0 by default.
</para>
</listitem>
</varlistentry>
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.102 2011/11/04 05:36:28 each Exp $
+# $Id: tests.sh,v 1.103 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+# test AD bit:
+# - dig +noadflag
+echo "I:checking that AD is not set without +adflag or +dnssec ($n)"
+ret=0
+$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
echo "I:checking for AD in authoritative answer ($n)"
ret=0
$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.17 2007/06/19 23:47:03 tbox Exp $
+# $Id: tests.sh,v 1.18 2011/11/04 10:41:38 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
$PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1
echo "I:exactly maximum rrset"
-$DIG +tcp +norec a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
+$DIG +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
|| status=1
#dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset
$PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1
echo "I:exceed maximum rrset (5000 A records)"
-$DIG +tcp +norec 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
+$DIG +tcp +norec +noadd 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
# Look for truncation bit (tc).
grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || {
echo "I:TC bit was not set"
projects / thirdparty / bind9.git / commitdiff
