mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 05:55:27 +01:00
ebcbc731ab
This is a small fix, as a result of talking to Ultrix Hesiod-enabled named's. Apparently there are some buffer overruns causing data mangling.
412 lines
21 KiB
Plaintext
412 lines
21 KiB
Plaintext
OPTIONS
|
|
Original: Paul Vixie, 28Mar92
|
|
Revised: $Id: OPTIONS,v 8.5 1995/12/29 21:08:13 vixie Exp $
|
|
|
|
Options available in this version of BIND are controlled by conf/options.h,
|
|
rather than by $(DEFS) in the Makefile. The options are:
|
|
|
|
DEBUG (origin: U C Berkeley)
|
|
enables the -d command line option, and allows SIGUSR1 to increment
|
|
and SIGUSR2 to clear the internal variable "debug", which in turn controls
|
|
hundreds of fprintf()'s out to /usr/tmp/named.run.
|
|
you probably want this. it makes the binary bigger but not slower (or
|
|
at least not much slower), but SIGUSR[12] are the only way you'll track down
|
|
misconfigured name servers that hose you down with billions of bogus requests.
|
|
you may need this, it is on by default.
|
|
|
|
ALLOW_T_UNSPEC (origin: MIT Project Athena)
|
|
enables the "unspec" RR type for ancient Athena software that does not
|
|
know about TXT RR's.
|
|
you probably do not care about this, it is off by default.
|
|
|
|
ALLOW_UPDATES (origin: Mike Schwartz, University of Washington)
|
|
enables "dynamic updates", described in "doc/DynamicUpdate". this lets
|
|
you update named's in-memory database on the fly if you have the right client.
|
|
there is absolutely no security around this; if you enable it, anyone who can
|
|
reach your server can update your database.
|
|
this code doesn't compile any more and will be removed shortly.
|
|
|
|
INVQ (origin: U C Berkeley, with #ifdef's by Paul Vixie)
|
|
enables "inverse queries", which in all of the internet only one
|
|
client ever uses: ancient nslookup. if you build named with INVQ defined,
|
|
you get the time-honored behaviour of supporting this whole class of queries
|
|
for no real purpose other than to waste a few hundred kilobytes of your
|
|
memory and about 3% of named's total CPU time. if you build with INVQ
|
|
undefined, old nslookups will not be able to reach your server in their
|
|
startup phase, and you will have to use the "server" command after it fails
|
|
over to some other server, or use "nslookup - 0" to get in from the shell.
|
|
you probably do not want this.
|
|
|
|
DSTORAGE (origin: U C Berkeley, with #ifdef's by Paul Vixie)
|
|
enables a malloc-debugger that checks for overruns on both ends of
|
|
each allocated block of memory. used when debugging since C has no bounds
|
|
or type checking.
|
|
you probably do not want this, it is off by default.
|
|
|
|
DMALLOC (origin: Paul Vixie of Digital)
|
|
enables a malloc-debugger that traces all allocated blocks of memory
|
|
such that SIGIOT's output (see STATS option) includes a list of all mallocs
|
|
in the program, how many times each has been called, how many blocks of memory
|
|
allocated by that malloc are not yet free, and how many bytes they use up.
|
|
under each one will be a list of each free/realloc that has deallocated a block
|
|
of that malloc's memory, and how many times it has done so.
|
|
this is extremely helpful for finding memory leaks. as such, you
|
|
probably do not want this unless you are debugging named.
|
|
you probably do not need this, it is off by default.
|
|
|
|
XFRNETS (origin: Paul Vixie of Digital)
|
|
enables the "xfrnets" command in named.boot. this has the same
|
|
syntax as "forwarders" and "sortlist" -- that is, a list of dotted quads.
|
|
each one is a network (16.0.0.0 and 130.180.0.0 are examples) or a host.
|
|
if you put any xfrnets commands into your named.boot, then zone transfers
|
|
will only be honored if they come from inside one of the specified
|
|
networks. this is very useful if you want to keep people outside from
|
|
being able to trivially map your entire network, but it doesn't stop them
|
|
from iterating so it's more annoying than secure.
|
|
this feature was once called "tcplist" out of ignorance on my part,
|
|
but with advice from phil almquist i decided to rename it "xfrnets" and make
|
|
it only control zone transfers -- previously it controlled all TCP connections
|
|
which made certain TCP-only resolvers unable to use our servers. the "tcplist"
|
|
syntax still works; it is a synonym for "xfrnets".
|
|
it is also nice if you want to keep the outside world from making your
|
|
nameserver fork and swap trying to do unauthorized zone transfers. if you have
|
|
large zone files or use BIND for TXT records you will find this useful.
|
|
you probably want this, it is on by default.
|
|
|
|
PID_FIX (origin: Don Lewis of Harris)
|
|
tells named that if it starts up but can't keep going because another
|
|
nameserver is already running (and sitting on the server port), it should
|
|
put the /etc/named.pid (/var/run/named.pid) file back the way it found it.
|
|
you probably want this, it is on by default.
|
|
|
|
FWD_LOOP (origin: Don Lewis of Harris)
|
|
tells named that if you list any of your own IP addresses in a
|
|
"forwarders" command in your named.boot file, you should be scolded.
|
|
you probably want this, it is on by default.
|
|
|
|
NO_GLUE (origin: Don Lewis of Harris, and Andrew Partan of UUNET)
|
|
tells named-xfer that incoming zone transfers should be checked
|
|
for "glue" that comes from a zone outside the zone being transfered, and
|
|
comment this garbage out in the zone file so that when named reads in the
|
|
zone file after named-xfer exits, the garbage will not be entered into the
|
|
memory-resident database.
|
|
also tells named that when it is performing an outgoing zone
|
|
transfer, it should not send any of these "glue" records.
|
|
you definitely want this, it is on by default.
|
|
|
|
BOGUSNS (origin: Piet Beertema of EUNet)
|
|
enables the "bogusns" command in named.boot. this has the same
|
|
syntax as forwarders and sortlist. any NS RR's that come in whose addresses
|
|
are on the list of "bogusns" addresses will be ignored. this is the last
|
|
resort when someone is bogusly advertising themselves as a root server.
|
|
just in case, though you won't use it often.
|
|
you probably want this, it is on by default.
|
|
|
|
QRYLOG (origin: Bryan Beecher of UMich)
|
|
enables "query logging", such that SIGWINCH toggles tracing of all
|
|
incoming queries. the trace is sent to syslog, and is huge, but when you
|
|
need this you will need it bad and it does not slow named down or make it
|
|
larger.
|
|
If you define QRYLOG you may also start up named in query logging
|
|
mode by using the -q flag. If you do so you will probably want to analyze
|
|
the logs produced, the dnsstats and lamers scrips (in the contrib/umich
|
|
and contrib/lamers directories) will do it for you.
|
|
you probably want this, it is on by default.
|
|
|
|
LOGFAC (origin: various people)
|
|
If you start up named with the -q flag you will be logging
|
|
large amounts of data, and probably will not want them logged to the
|
|
default logging facility, which is LOG_DAEMON. You will want to
|
|
redefine LOGFAC, presumably to LOC_LOCALn (0 <= n <= 7). Remember to
|
|
modify /etc/syslog.conf appropriately.
|
|
This only works on a system with a modern syslogd.
|
|
as such, it is on by default.
|
|
|
|
YPKLUDGE (origin: Piet Beertema of EUNet)
|
|
certain versions of NIS/YP are capable of using the DNS for names
|
|
that cannot be found in the YP servers. of these, certain versions can't
|
|
tell the difference between a dotted quad and a domain name, and they send
|
|
queries to the DNS for dotted quads as if they were domain names. if your
|
|
named does not do anything special with these queries, they will end up
|
|
getting forwarded to other servers, effectively hosing all of you down with
|
|
endless useless network traffic. YPKLUDGE enables some checking in named
|
|
that lets it catch these bogus queries and send back immediate errors.
|
|
If you run "ypserv -i" you definitely want this, as a malconfigured
|
|
NIS server can cause DNS "flood" queries otherwise. Trust me.
|
|
this is off by default.
|
|
|
|
TRACEROOT (origin: pma@cnd.hp.com and Bryan Beecher of UMich)
|
|
enables some checking in named for bogus root nameservers. This
|
|
code has been in use at U-M for years, so it is pretty well tested, plus we
|
|
have never been burned by the "bogus root NS scares" that have plagued the
|
|
DNS off and on.
|
|
this feature people will very much want to use, it is on by default.
|
|
|
|
LOCALDOM (origin: Berkeley)
|
|
if set, the "domain" directive is recognized in the named.boot file.
|
|
this causes us to retry queries with the specified domain appended to the
|
|
name if the first lookup fails. this is a very bad idea since a given name
|
|
server will often be used by clients in more than one domain -- a name server
|
|
should _not_ make any presumptions as to the "home domain" of a requestor.
|
|
you almost certainly do not want this, it is off by default.
|
|
|
|
SLAVE_FORWARD (origin: pma@sdd.hp.com)
|
|
if set, "slave" servers behave in an arguably more-correct way. this
|
|
is an experimental addition to BIND 4.9 that causes slaves to time out queries
|
|
in 60/N seconds where N is the number of forwarders defined. previously a
|
|
query would time out almost immediately, which caused a lot of unnecessary
|
|
network traffic.
|
|
you probably want this, it is on by default.
|
|
|
|
FORCED_RELOAD (origin: pma@sdd.hp.com)
|
|
if set, then when a HUP signal is received, all secondary zones are
|
|
scheduled for serial-number comparison with the primaries. this has the effect
|
|
that if you HUP your server, it will refresh any zones which have changed,
|
|
even if those zones' refresh times have not been reached.
|
|
you probably want this, it is on by default.
|
|
|
|
WANT_PIDFILE (origin: berkeley, parameterized by arc@sgi)
|
|
if set, a file called named.pid will be created in /etc or /var/run
|
|
when the name server has started. this file can be used to send signals to
|
|
BIND, as in "kill -HUP `cat /etc/named.pid`".
|
|
unless you are only on an SGI (where killall(1M) makes the pid file
|
|
unnecessary);
|
|
you probably want this, it is on by default.
|
|
|
|
DOTTED_SERIAL (origin: berkeley; parameterized by vixie)
|
|
if set, allows a somewhat arcane n.m syntax in the serial number
|
|
field of an SOA. this is officially deprecated for 4.9; you should use
|
|
straight integer values and find an encoding that does not depend on
|
|
scaled-integer pseudodecimals. i suggest YYYYMMDDnn where YYYY is the
|
|
four-digit year, MM is the two-digit month, DD is the two-digit day-of-month,
|
|
and nn is a daily version number in case you change your serial number more
|
|
than once in a day. this encoding will overflow in the year 4294 gregorian.
|
|
you almost certainly do not want this, but if you have old zone files
|
|
lying around and you don't want to think your way through converting their
|
|
serial numbers, this deprecated behaviour is available.
|
|
graciously, it is on by default.
|
|
|
|
SENSIBLE_DOTS (origin: kagotani@cs.titech.ac.jp; parameterized by vixie)
|
|
if set, changes the semantics of an "n.m" serial number from
|
|
n*10^(3+int(0.9+log10(m))) + m
|
|
to
|
|
n*10000+m
|
|
if you are using DOTTED_SERIAL in spite of its deprecated status,
|
|
and you are interested in a more predictable and sensible interpretation of
|
|
dotted numbers, then you probably want this.
|
|
it is off by default.
|
|
|
|
VALIDATE (origin: USC/ISI)
|
|
enables a validation procedure to provide some security in an
|
|
otherwise insecure environment. Any RRs are accepted from a server only if
|
|
the server is authoritative over that domain. We consider a server
|
|
authoritative (for validation purposes) for even the sub-domains that it has
|
|
delegated to others. RRs are validated against the data we have in cache
|
|
already. Invalid records are neither cached nor returned.
|
|
it is off by default because it is hopeless, and the code will all
|
|
be ripped out of BIND in the near future.
|
|
|
|
NCACHE (origin: USC/ISI)
|
|
enables negative caching. We cache only authoritative NXDOMAIN or
|
|
authoritative NOERROR with zero RR count. Non-authoritative NXDOMAIN answers
|
|
now contain NS records in the authority section. Non-authoritative NOERROR
|
|
responses have no authority or additional records to differentiate them from
|
|
referrals. They are cached for NTTL secs (currently 10 minutes) and are timed
|
|
out when the ttl expires.
|
|
you probably want this, it is on by default.
|
|
|
|
RESOLVSORT (origin: marka@syd.dms.csiro.au)
|
|
enable sorting of addresses returned by gethostbyname. Sorting order
|
|
is specified by address/netmask pairs. This enables a host to override the
|
|
sortlist specified in the nameserver.
|
|
you probably want this, it is on by default.
|
|
|
|
STUBS (origin: marka@syd.dms.csiro.au)
|
|
enable transfer and loading of NS records only for a zone.
|
|
still experimental. it won't hurt to enable it, but it may not work perfectly
|
|
so using it could lead to some confusion.
|
|
you probably don't care, it is on by default.
|
|
|
|
SUNSECURITY (origin: rossc@ucc.su.oz.au)
|
|
enable checking of PTR records in gethostbyaddr() to detect
|
|
spoofing. Forced on SunOS 4 shared library as rlogin etc. depend on this.
|
|
you should probably not set this by hand.
|
|
|
|
SECURE_ZONES (origin: gshapiro@guest.wpi.edu)
|
|
enables support for secure zones. This restricts access to
|
|
information in the zone according to the information found in the
|
|
secure_zone TXT RR found in the zone. If none is found, the zone is
|
|
world-readable. For information on the format of the secure_zone TXT
|
|
RR, see the Name Server Operations Guide for BIND.
|
|
you probably want this, it is on by default.
|
|
|
|
ROUND_ROBIN (origin: Marshall Rose of TPC.INT)
|
|
if set, causes the databuf list in a namebuf to be rotated by one
|
|
slot after each access to it. this has the effect that if multiple RR's
|
|
of a given type are present, they will be given in "round robin" order
|
|
instead of always being given in the same order.
|
|
you probably want this, it is on by default.
|
|
|
|
ADDAUTH (origin: marka@syd.dms.csiro.au)
|
|
if set, cause NS and glue A records to be returned with authoritative
|
|
answers. this causes slightly larger replies but less DNS traffic overall.
|
|
unless you have Mac's with an older version of Mac/TCP;
|
|
you probably want this, it is on by default.
|
|
|
|
RFC1535 (origin: paul@vix.com)
|
|
if set, the resolver's default "search" list will be just the entire
|
|
"domain" name rather than the sliding window it had before 4.9.2. this will
|
|
make the default search list shorter, so folks who are saying "domain a.b.c"
|
|
and relying on the implicit "search a.b.c a.b c" will miss "a.b" and "c".
|
|
this option is on for compatibility with RFC 1535.
|
|
you should NOT turn it off, it is on by default.
|
|
|
|
GEN_AXFR (origin: mark@comp.vuw.ac.nz, tytso@ATHENA.MIT.EDU, gdmr@dcs.ed.ac.uk)
|
|
if set, allows specification of zones in classes other than "IN" in
|
|
the named.boot file. Allows an optional "/class" on the "primary" and
|
|
"secondary" directives. Also fixes zone transfers so only data in the class
|
|
requested is transfered.
|
|
you probably want this, it is on by default.
|
|
|
|
DATUMREFCNT (origin: mark andrews)
|
|
you want this. it will not be optional in future releases.
|
|
|
|
LAME_DELEGATION (origin: don lewis; reworked by bryan beecher and don lewis)
|
|
this will detect the condition where some other server has told you
|
|
that a given set of servers is authoritative for some domain, and at least
|
|
one of those "delegated" servers disagrees (i.e., answers non-authoritatively).
|
|
you probably want this, it is on by default.
|
|
|
|
LAME_LOGGING (origin: don lewis)
|
|
enable logging of lame delegations and set the log level
|
|
you may want this, it is on by default.
|
|
|
|
RETURNSOA (origin: mark andrews)
|
|
This allows negative caching to work. Without this, older
|
|
pre-4.9.3 nameservers will not accept -ve cached anwsers. We actually
|
|
store the SOA record from the authority section rather that what was
|
|
requested because it is the existence of the NXDOMAIN that matters not
|
|
the type of data. The zone of the SOA record is tagged to the end of
|
|
the SOA record to allow it to be reconstructed.
|
|
You probably DO NOT WANT THIS, it's experimental and dangerous.
|
|
it is off by default.
|
|
|
|
CLEANCACHE (origin: mark andrews)
|
|
Bind consumes memory without bound without this option. This
|
|
patch allows bind to periodically remove any stale entries in the
|
|
cache. Bind's memory usage should stabilize after approximately 1 day of
|
|
operation, as most TTL's are <= 1 day. Without this option stale entries
|
|
are only removed when they are looked up.
|
|
You probably want this, it is on by default.
|
|
|
|
PURGE_ZONE (origin: mark andrews)
|
|
Various junk below a zone tends to hang around and corrupt future
|
|
zone data if a zone grows deeper. PURGE_ZONE will remove all traces of or
|
|
data which could be part of zone before loading a new one.
|
|
You probably want this, it is on by default.
|
|
|
|
STATS (origin: Paul Vixie)
|
|
Named's internal statistics can take a fair amount of memory and
|
|
if you aren't interested in looking at these numbers you should disable
|
|
the feature. Future versions may require this.
|
|
You probably want this, it is on by default.
|
|
|
|
RENICE (origin: bp@deins.informatik.uni-dortmund.de)
|
|
if set, the process priority of the AXFR subprocesses is changed to
|
|
"normal". If you are planning to raise the priority of the main nameserver
|
|
process, you will use this.
|
|
You probably want this, it is on by default.
|
|
|
|
GETSER_LOGGING (origin: Paul Vixie)
|
|
if set, errors that occur during the fetch of serial numbers for zone
|
|
transfer consideration will be syslog()'d. this can lead to a lot of logging,
|
|
but is very helpful if you don't know why a zone isn't transfering.
|
|
You may not want this, but it is on by default.
|
|
|
|
SHORT_FNAMES (origin: pma@sdd.hp.com)
|
|
on systems whose file names can only be 14 characters long, the temp
|
|
files created by named-xfer need to be constructed somewhat differently. this
|
|
should probably become the default since it is harmless.
|
|
you probably don't care one way or the other, it is off by default.
|
|
|
|
XSTATS (origin: Benoit.Grange@inria.fr)
|
|
if set, the name server keeps more STATS about requests
|
|
received, and logs to syslog total counters from time to time. If you
|
|
aren't interested in looking at these numbers you should disable the
|
|
feature. Requires STATS.
|
|
You may want this, it is on by default.
|
|
|
|
BIND_NOTIFY (origin: paul@vix.com)
|
|
experimental at this time; an internet draft is circulating. this
|
|
option informs slaves ("secondary" servers in BIND's erroneous terminology)
|
|
instantly when the master (primary, or another slave) loads a new zone. it
|
|
works fine and seems to cause no problems with slaves that don't support it,
|
|
but it does not implement the current internet draft (it lacks some necessary
|
|
delays) and causes a lot of extra syslog traffic, especially at startup. if
|
|
you don't mind running code that will absolutely NOT be compatible with the
|
|
eventual standard when the RFC is released, go ahead and turn this on.
|
|
vendors should not enable this in versions shipped to customers.
|
|
You will want this when it becomes compliant, it is off by default.
|
|
|
|
LOC_RR (origin: ckd@kei.com)
|
|
incorporates support for the LOC RR type, currently in the
|
|
internet-draft stage.
|
|
you don't want this yet, it is off by default.
|
|
|
|
SORT_RESPONSE (legacy)
|
|
should responses be sorted in what the server considers an optimal
|
|
order for the client? this is on by default but it does very little good.
|
|
|
|
## ++Copyright++ 1989
|
|
## -
|
|
## Copyright (c) 1989
|
|
## The Regents of the University of California. All rights reserved.
|
|
##
|
|
## Redistribution and use in source and binary forms, with or without
|
|
## modification, are permitted provided that the following conditions
|
|
## are met:
|
|
## 1. Redistributions of source code must retain the above copyright
|
|
## notice, this list of conditions and the following disclaimer.
|
|
## 2. Redistributions in binary form must reproduce the above copyright
|
|
## notice, this list of conditions and the following disclaimer in the
|
|
## documentation and/or other materials provided with the distribution.
|
|
## 3. All advertising materials mentioning features or use of this software
|
|
## must display the following acknowledgement:
|
|
## This product includes software developed by the University of
|
|
## California, Berkeley and its contributors.
|
|
## 4. Neither the name of the University nor the names of its contributors
|
|
## may be used to endorse or promote products derived from this software
|
|
## without specific prior written permission.
|
|
##
|
|
## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
## SUCH DAMAGE.
|
|
## -
|
|
## Portions Copyright (c) 1993 by Digital Equipment Corporation.
|
|
##
|
|
## Permission to use, copy, modify, and distribute this software for any
|
|
## purpose with or without fee is hereby granted, provided that the above
|
|
## copyright notice and this permission notice appear in all copies, and that
|
|
## the name of Digital Equipment Corporation not be used in advertising or
|
|
## publicity pertaining to distribution of the document or software without
|
|
## specific, written prior permission.
|
|
##
|
|
## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
|
|
## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
|
|
## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
|
|
## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
|
## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
|
## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
|
## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
|
## SOFTWARE.
|
|
## -
|
|
## --Copyright--
|