BIND 10 trac2005, updated. 56a203c83779dd8695712b2df56198eb5d5fad69 [2005] described -h, and some other small editorial updates
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Jun 15 17:46:29 UTC 2012
The branch, trac2005 has been updated
via 56a203c83779dd8695712b2df56198eb5d5fad69 (commit)
via 7dd6d4083029074dd029f2e4be1875dc477a71e1 (commit)
via afb888c27e574c98bdcac814bd5260d4faa599c7 (commit)
via 4f1848c0b300fba25d8b26800fccd21b3b1506b1 (commit)
from a897869e543b1bc56558adccc5ca67d1d0a1aeaf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 56a203c83779dd8695712b2df56198eb5d5fad69
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 10:46:09 2012 -0700
[2005] described -h, and some other small editorial updates
commit 7dd6d4083029074dd029f2e4be1875dc477a71e1
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 10:42:06 2012 -0700
[2005] wording update based on review suggestion
commit afb888c27e574c98bdcac814bd5260d4faa599c7
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 10:39:56 2012 -0700
[2005] revised ACL config using "add" for each rule than setting all list
commit 4f1848c0b300fba25d8b26800fccd21b3b1506b1
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Fri Jun 15 10:13:19 2012 -0700
[2005] noted that xfrout is effectively a mandatory component too
(and one minor editorial update)
-----------------------------------------------------------------------
Summary of changes:
doc/guide/bind10-guide.xml | 28 +++++++++++++-------
src/bin/ddns/b10-ddns.xml | 62 ++++++++++++++++++++++++++++++++++----------
2 files changed, 66 insertions(+), 24 deletions(-)
-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index a8e7750..67b0ae0 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1964,6 +1964,10 @@ what is XfroutClient xfr_client??
<command>b10-ddns</command> depends are configured to run,
which are <command>b10-auth</command>
and <command>b10-zonemgr</command>.
+ In addition, <command>b10-xfrout</command> should also be
+ configured to run; otherwise the notification after an update
+ (see above) will fail with a timeout, suspending the DDNS
+ service while <command>b10-ddns</command> waits for the response.
If BIND 10 is already configured to provide authoritative DNS
service they should normally be configured to run already.
</para>
@@ -2053,9 +2057,10 @@ what is XfroutClient xfr_client??
> <userinput>config add DDNS/zones</userinput>
> <userinput>config set DDNS/zones[0]/origin example.org</userinput>
> <userinput>config set DDNS/zones[0]/class IN</userinput>
-> <userinput>config set DDNS/zones[0]/update_acl [{"action": "ACCEPT", "key": "key.example.org"}]</userinput>
+> <userinput>config add DDNS/zones[0]/update_acl {"action": "ACCEPT", "key": "key.example.org"}</userinput>
> <userinput>config commit</userinput>
</screen>
+ (The <quote>class</quote> can be omitted).
The TSIG key must be configured system wide
(see <xref linkend="xfrout"/>.)
</para>
@@ -2064,15 +2069,16 @@ what is XfroutClient xfr_client??
Multiple rules can be specified in the ACL, and an ACL rule
can consist of multiple constraints, such as a combination of
IP address and TSIG.
- The following ACL is to allow update requests that meet the
- above condition, or requests sent from a client using TSIG key
- name of "key.example" and has an IPv6 address of ::1.
+ The following configuration sequence will add to the previous
+ ACL a rule that allows update requests sent from a client
+ using TSIG key name of "key.example" and has an IPv6 address of ::1.
<screen>
-> <userinput>config set DDNS/zones[0]/update_acl [{"action": "ACCEPT", "key": "key.example.org"}, {"action": "ACCEPT", "from": "::1", "key": "key.example"}]</userinput>
+> <userinput>config add DDNS/zones[0]/update_acl {"action": "ACCEPT", "from": "::1", "key": "key.example"}</userinput>
+> <userinput>config show DDNS/zones[0]/update_acl</userinput>
+DDNS/zones[0]/update_acl[0] {"action": "ACCEPT", "key": "key.example.org"} any (modified)
+DDNS/zones[0]/update_acl[1] {"action": "ACCEPT", "from": "::1", "key": "key.example"} any (modified)
> <userinput>config commit</userinput>
</screen>
- (Right now, ACL cannot be updated incrementally; you need to
- specify the entire new list of rules at once.)
</para>
<note><simpara>
@@ -2155,9 +2161,11 @@ what is XfroutClient xfr_client??
</para>
<para>
The difference of two versions of a zone, before and after a
- DDNS transaction is automatically recorded in the underlying
- data source, and can be retrieved in the form of outbound IXFR.
- There has to be no configuration to make this possible.
+ DDNS transaction, is automatically recorded in the underlying
+ data source, and can be retrieved in the form of outbound
+ IXFR.
+ This is done automaticallyl; it does not require specific
+ configuration to make this possible.
</para>
</section>
</chapter>
diff --git a/src/bin/ddns/b10-ddns.xml b/src/bin/ddns/b10-ddns.xml
index 15fcb1a..b8c5815 100644
--- a/src/bin/ddns/b10-ddns.xml
+++ b/src/bin/ddns/b10-ddns.xml
@@ -58,23 +58,32 @@
Normally it is started by the
<citerefentry><refentrytitle>bind10</refentrytitle><manvolnum>8</manvolnum></citerefentry>
boss process.
- When the <command>b10-auth</command> DNS server receives
- a DDNS update, <command>b10-ddns</command> updates the zone
- in the BIND 10 zone data store.
</para>
- <note><para>
- Currently installed is a dummy component. It does not provide
- any functionality. It is a skeleton implementation that
- will be expanded later.
-<!-- TODO: #1458 -->
- </para></note>
+ <para>
+ When the <command>b10-auth</command> authoritative DNS server
+ receives an UPDATE request, it internally forwards the request
+ to <command>b10-ddns</command>, which handles the rest of
+ request processing.
+ When the processing is completed <command>b10-ddns</command>
+ will send a response to the client with the processing result.
+ If the zone has been changed as a result, it will internally
+ notify <command>b10-auth</command> and
+ <command>b10-xfrout</command> so the new version of the zone will
+ be served, and other secondary servers will be notified via the
+ DNS notify protocol.
+ </para>
<para>
This daemon communicates with BIND 10 over a
<citerefentry><refentrytitle>b10-msgq</refentrytitle><manvolnum>8</manvolnum></citerefentry>
C-Channel connection. If this connection is not established,
<command>b10-ddns</command> will exit.
+ The <command>b10-ddns</command> daemon also depends on some other
+ BIND 10 components (either directly or indirectly):
+ <citerefentry><refentrytitle>b10-auth</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>b10-xfrout</refentrytitle><manvolnum>8</manvolnum></citerefentry>, and
+ <citerefentry><refentrytitle>b10-zonemgr</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
<para>
@@ -92,13 +101,24 @@
<varlistentry>
<term>
+ <option>-h</option>,
+ <option>--help</option>
+ </term>
+ <listitem>
+ <para>
+ Print the command line arguments and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-v</option>,
<option>--verbose</option>
</term>
<listitem>
<para>
This value is ignored at this moment, but is provided for
- compatibility with the bind10 Boss process
+ compatibility with the bind10 Boss process.
</para>
</listitem>
</varlistentry>
@@ -112,10 +132,18 @@
</para>
<para>
<varname>zones</varname>
- The zones option is a named set of zones that can be updated with
- DDNS. Each entry has one element called update_acl, which is
- a list of access control rules that define update permissions.
- By default this is empty; DDNS must be explicitely enabled per zone.
+ The zones option is a list of configuration items for specific
+ zones that can be updated with DDNS. Each entry is a map that
+ can contain the following items:
+ <varname>origin</varname> is a textual domain name of the zone;
+ <varname>class</varname> (text) is the RR class of the zone;
+ <varname>update_acl</varname> is an ACL that controls
+ permission for updates.
+ See the BIND 10 Guide for configuration details.
+ Note that not listing a zone in this list does not directly
+ mean update requests for the zone are rejected, but the end
+ result is the same because the default ACL for updates is to
+ deny all requests.
</para>
<para>
@@ -145,6 +173,12 @@
<refentrytitle>b10-msgq</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
+ <refentrytitle>b10-xfrout</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>b10-zonemgr</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>bind10</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 10 Guide</citetitle>.
More information about the bind10-changes
mailing list