1*00b67f09SDavid van Moolenbroek /* $NetBSD: zconf.h,v 1.1.1.1 2015/07/08 15:37:48 christos Exp $ */ 2*00b67f09SDavid van Moolenbroek 3*00b67f09SDavid van Moolenbroek /***************************************************************** 4*00b67f09SDavid van Moolenbroek ** 5*00b67f09SDavid van Moolenbroek ** @(#) zconf.h 6*00b67f09SDavid van Moolenbroek ** 7*00b67f09SDavid van Moolenbroek ** Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger. 8*00b67f09SDavid van Moolenbroek ** All rights reserved. 9*00b67f09SDavid van Moolenbroek ** 10*00b67f09SDavid van Moolenbroek ** This software is open source. 11*00b67f09SDavid van Moolenbroek ** 12*00b67f09SDavid van Moolenbroek ** Redistribution and use in source and binary forms, with or without 13*00b67f09SDavid van Moolenbroek ** modification, are permitted provided that the following conditions 14*00b67f09SDavid van Moolenbroek ** are met: 15*00b67f09SDavid van Moolenbroek ** 16*00b67f09SDavid van Moolenbroek ** Redistributions of source code must retain the above copyright notice, 17*00b67f09SDavid van Moolenbroek ** this list of conditions and the following disclaimer. 18*00b67f09SDavid van Moolenbroek ** 19*00b67f09SDavid van Moolenbroek ** Redistributions in binary form must reproduce the above copyright notice, 20*00b67f09SDavid van Moolenbroek ** this list of conditions and the following disclaimer in the documentation 21*00b67f09SDavid van Moolenbroek ** and/or other materials provided with the distribution. 22*00b67f09SDavid van Moolenbroek ** 23*00b67f09SDavid van Moolenbroek ** Neither the name of Jeroen Masar and Holger Zuleger nor the 24*00b67f09SDavid van Moolenbroek ** names of its contributors may be used to endorse or promote products 25*00b67f09SDavid van Moolenbroek ** derived from this software without specific prior written permission. 26*00b67f09SDavid van Moolenbroek ** 27*00b67f09SDavid van Moolenbroek ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28*00b67f09SDavid van Moolenbroek ** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29*00b67f09SDavid van Moolenbroek ** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30*00b67f09SDavid van Moolenbroek ** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 31*00b67f09SDavid van Moolenbroek ** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32*00b67f09SDavid van Moolenbroek ** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33*00b67f09SDavid van Moolenbroek ** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34*00b67f09SDavid van Moolenbroek ** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35*00b67f09SDavid van Moolenbroek ** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36*00b67f09SDavid van Moolenbroek ** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37*00b67f09SDavid van Moolenbroek ** POSSIBILITY OF SUCH DAMAGE. 38*00b67f09SDavid van Moolenbroek ** 39*00b67f09SDavid van Moolenbroek *****************************************************************/ 40*00b67f09SDavid van Moolenbroek #ifndef ZCONF_H 41*00b67f09SDavid van Moolenbroek # define ZCONF_H 42*00b67f09SDavid van Moolenbroek 43*00b67f09SDavid van Moolenbroek 44*00b67f09SDavid van Moolenbroek # define MINSEC 60L 45*00b67f09SDavid van Moolenbroek # define HOURSEC (MINSEC * 60) 46*00b67f09SDavid van Moolenbroek # define DAYSEC (HOURSEC * 24) 47*00b67f09SDavid van Moolenbroek # define WEEKSEC (DAYSEC * 7) 48*00b67f09SDavid van Moolenbroek # define YEARSEC (DAYSEC * 365) 49*00b67f09SDavid van Moolenbroek # define DAY (1) 50*00b67f09SDavid van Moolenbroek # define WEEK (DAY * 7) 51*00b67f09SDavid van Moolenbroek # define MONTH (DAY * 30) 52*00b67f09SDavid van Moolenbroek # define YEAR (DAY * 365) 53*00b67f09SDavid van Moolenbroek 54*00b67f09SDavid van Moolenbroek # define SIG_VALID_DAYS (21) /* 3 Weeks */ 55*00b67f09SDavid van Moolenbroek # define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC) 56*00b67f09SDavid van Moolenbroek # define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */ 57*00b67f09SDavid van Moolenbroek # define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */ 58*00b67f09SDavid van Moolenbroek # define PROPTIME ( 5 * MINSEC) /* expected slave propagation time */ 59*00b67f09SDavid van Moolenbroek /* should be small if notify is used */ 60*00b67f09SDavid van Moolenbroek #if defined (DEF_TTL) 61*00b67f09SDavid van Moolenbroek # define DEF_TTL (MAX_TTL/2) /* currently not used */ 62*00b67f09SDavid van Moolenbroek #endif 63*00b67f09SDavid van Moolenbroek 64*00b67f09SDavid van Moolenbroek # define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC) 65*00b67f09SDavid van Moolenbroek # define KSK_LIFETIME (2 * YEARSEC) 66*00b67f09SDavid van Moolenbroek #if 1 67*00b67f09SDavid van Moolenbroek # define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */ 68*00b67f09SDavid van Moolenbroek #else 69*00b67f09SDavid van Moolenbroek # define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ 70*00b67f09SDavid van Moolenbroek #endif 71*00b67f09SDavid van Moolenbroek 72*00b67f09SDavid van Moolenbroek /* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */ 73*00b67f09SDavid van Moolenbroek # define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */ 74*00b67f09SDavid van Moolenbroek # define ADDITIONAL_KEY_ALGO 0 75*00b67f09SDavid van Moolenbroek # define KSK_BITS (1300) 76*00b67f09SDavid van Moolenbroek # define KSK_RANDOM NULL 77*00b67f09SDavid van Moolenbroek /* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */ 78*00b67f09SDavid van Moolenbroek # define ZSK_BITS (512) 79*00b67f09SDavid van Moolenbroek # define ZSK_ALWAYS 0 80*00b67f09SDavid van Moolenbroek # define ZSK_RANDOM "/dev/urandom" 81*00b67f09SDavid van Moolenbroek # define NSEC3 0 /* by default nsec3 is off */ 82*00b67f09SDavid van Moolenbroek # define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/ 83*00b67f09SDavid van Moolenbroek 84*00b67f09SDavid van Moolenbroek #if 0 85*00b67f09SDavid van Moolenbroek # define ZONEDIR "." 86*00b67f09SDavid van Moolenbroek #else 87*00b67f09SDavid van Moolenbroek # define ZONEDIR CONFIG_PATH 88*00b67f09SDavid van Moolenbroek #endif 89*00b67f09SDavid van Moolenbroek # define RECURSIVE 0 90*00b67f09SDavid van Moolenbroek # define PRINTTIME 1 91*00b67f09SDavid van Moolenbroek # define PRINTAGE 0 92*00b67f09SDavid van Moolenbroek # define LJUST 0 93*00b67f09SDavid van Moolenbroek # define LSCOLORTERM NULL /* or "" */ 94*00b67f09SDavid van Moolenbroek # define KEYSETDIR ".." /* keysets */ 95*00b67f09SDavid van Moolenbroek # define LOGFILE "" 96*00b67f09SDavid van Moolenbroek # define LOGLEVEL "error" 97*00b67f09SDavid van Moolenbroek # define LOGDOMAINDIR "" 98*00b67f09SDavid van Moolenbroek # define SYSLOGFACILITY "none" 99*00b67f09SDavid van Moolenbroek # define SYSLOGLEVEL "notice" 100*00b67f09SDavid van Moolenbroek # define VERBOSELOG 0 101*00b67f09SDavid van Moolenbroek # define ZONEFILE "zone.db" 102*00b67f09SDavid van Moolenbroek # define DNSKEYFILE "dnskey.db" 103*00b67f09SDavid van Moolenbroek # define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */ 104*00b67f09SDavid van Moolenbroek # define SIG_RANDOM NULL /* "/dev/urandom" */ 105*00b67f09SDavid van Moolenbroek # define SIG_PSEUDO 0 106*00b67f09SDavid van Moolenbroek # define SIG_GENDS 1 107*00b67f09SDavid van Moolenbroek # define SIG_DNSKEY_KSK 0 /* Sign DNSKEY RR with KSK only */ 108*00b67f09SDavid van Moolenbroek # define SIG_PARAM "" 109*00b67f09SDavid van Moolenbroek # define DEPENDFILES "" 110*00b67f09SDavid van Moolenbroek # define DIST_CMD NULL /* default is to run "rndc reload" */ 111*00b67f09SDavid van Moolenbroek # define NAMED_CHROOT NULL /* default is none */ 112*00b67f09SDavid van Moolenbroek 113*00b67f09SDavid van Moolenbroek #ifndef CONFIG_PATH 114*00b67f09SDavid van Moolenbroek # define CONFIG_PATH "/var/named/" 115*00b67f09SDavid van Moolenbroek #endif 116*00b67f09SDavid van Moolenbroek # define CONFIG_FILE CONFIG_PATH "dnssec.conf" 117*00b67f09SDavid van Moolenbroek # define LOCALCONF_FILE "dnssec.conf" 118*00b67f09SDavid van Moolenbroek 119*00b67f09SDavid van Moolenbroek /* external command execution path (should be set via config.h) */ 120*00b67f09SDavid van Moolenbroek #ifndef BIND_UTIL_PATH 121*00b67f09SDavid van Moolenbroek # define BIND_UTIL_PATH "/usr/local/sbin/" /* beware of trailing '/' */ 122*00b67f09SDavid van Moolenbroek #endif 123*00b67f09SDavid van Moolenbroek # define SIGNCMD BIND_UTIL_PATH "dnssec-signzone" 124*00b67f09SDavid van Moolenbroek # define KEYGENCMD BIND_UTIL_PATH "dnssec-keygen" 125*00b67f09SDavid van Moolenbroek # define RELOADCMD BIND_UTIL_PATH "rndc" 126*00b67f09SDavid van Moolenbroek 127*00b67f09SDavid van Moolenbroek /* macros */ 128*00b67f09SDavid van Moolenbroek # define isflistdelim(c) ( (c) == ':' || (c) == ',' || isspace (c) ) 129*00b67f09SDavid van Moolenbroek 130*00b67f09SDavid van Moolenbroek typedef enum { 131*00b67f09SDavid van Moolenbroek Unixtime = 1, 132*00b67f09SDavid van Moolenbroek Incremental 133*00b67f09SDavid van Moolenbroek } serial_form_t; 134*00b67f09SDavid van Moolenbroek 135*00b67f09SDavid van Moolenbroek typedef enum { 136*00b67f09SDavid van Moolenbroek NSEC3_OFF = 0, 137*00b67f09SDavid van Moolenbroek NSEC3_ON, 138*00b67f09SDavid van Moolenbroek NSEC3_OPTOUT 139*00b67f09SDavid van Moolenbroek } nsec3_t; 140*00b67f09SDavid van Moolenbroek 141*00b67f09SDavid van Moolenbroek typedef enum { 142*00b67f09SDavid van Moolenbroek none = 0, 143*00b67f09SDavid van Moolenbroek user, 144*00b67f09SDavid van Moolenbroek local0, local1, local2, local3, local4, local5, local6, local7 145*00b67f09SDavid van Moolenbroek } syslog_facility_t; 146*00b67f09SDavid van Moolenbroek 147*00b67f09SDavid van Moolenbroek typedef struct zconf { 148*00b67f09SDavid van Moolenbroek char *zonedir; 149*00b67f09SDavid van Moolenbroek int recursive; 150*00b67f09SDavid van Moolenbroek int printtime; 151*00b67f09SDavid van Moolenbroek int printage; 152*00b67f09SDavid van Moolenbroek int ljust; 153*00b67f09SDavid van Moolenbroek char *colorterm; 154*00b67f09SDavid van Moolenbroek long sigvalidity; /* should be less than expire time */ 155*00b67f09SDavid van Moolenbroek long max_ttl; /* should be set to the maximum used ttl in the zone */ 156*00b67f09SDavid van Moolenbroek long key_ttl; 157*00b67f09SDavid van Moolenbroek long proptime; /* expected time offset for zone propagation */ 158*00b67f09SDavid van Moolenbroek #if defined (DEF_TTL) 159*00b67f09SDavid van Moolenbroek long def_ttl; /* default ttl set in soa record */ 160*00b67f09SDavid van Moolenbroek #endif 161*00b67f09SDavid van Moolenbroek serial_form_t serialform; /* format of serial no */ 162*00b67f09SDavid van Moolenbroek long resign; /* resign interval */ 163*00b67f09SDavid van Moolenbroek 164*00b67f09SDavid van Moolenbroek int k_algo; 165*00b67f09SDavid van Moolenbroek int k2_algo; 166*00b67f09SDavid van Moolenbroek long k_life; 167*00b67f09SDavid van Moolenbroek int k_bits; 168*00b67f09SDavid van Moolenbroek char *k_random; 169*00b67f09SDavid van Moolenbroek long z_life; 170*00b67f09SDavid van Moolenbroek /* int z_algo; no longer used; renamed to k2_algo (v0.99) */ 171*00b67f09SDavid van Moolenbroek int z_bits; 172*00b67f09SDavid van Moolenbroek int z_always; /* always pre-publish zsk ? */ 173*00b67f09SDavid van Moolenbroek char *z_random; 174*00b67f09SDavid van Moolenbroek nsec3_t nsec3; /* 0 == off; 1 == on; 2 == on with optout */ 175*00b67f09SDavid van Moolenbroek int saltbits; 176*00b67f09SDavid van Moolenbroek 177*00b67f09SDavid van Moolenbroek char *view; 178*00b67f09SDavid van Moolenbroek int noexec; 179*00b67f09SDavid van Moolenbroek // char *errlog; 180*00b67f09SDavid van Moolenbroek char *logfile; 181*00b67f09SDavid van Moolenbroek char *loglevel; 182*00b67f09SDavid van Moolenbroek char *logdomaindir; 183*00b67f09SDavid van Moolenbroek char *syslogfacility; 184*00b67f09SDavid van Moolenbroek char *sysloglevel; 185*00b67f09SDavid van Moolenbroek int verboselog; 186*00b67f09SDavid van Moolenbroek int verbosity; 187*00b67f09SDavid van Moolenbroek char *keyfile; 188*00b67f09SDavid van Moolenbroek char *zonefile; 189*00b67f09SDavid van Moolenbroek char *keysetdir; 190*00b67f09SDavid van Moolenbroek char *lookaside; 191*00b67f09SDavid van Moolenbroek char *sig_random; 192*00b67f09SDavid van Moolenbroek int sig_pseudo; 193*00b67f09SDavid van Moolenbroek int sig_gends; 194*00b67f09SDavid van Moolenbroek int sig_dnskeyksk; 195*00b67f09SDavid van Moolenbroek char *sig_param; 196*00b67f09SDavid van Moolenbroek char *dependfiles; 197*00b67f09SDavid van Moolenbroek char *dist_cmd; /* cmd to run instead of "rndc reload" */ 198*00b67f09SDavid van Moolenbroek char *chroot_dir; /* chroot directory of named */ 199*00b67f09SDavid van Moolenbroek } zconf_t; 200*00b67f09SDavid van Moolenbroek 201*00b67f09SDavid van Moolenbroek extern const char *timeint2str (unsigned long val); 202*00b67f09SDavid van Moolenbroek extern zconf_t *loadconfig (const char *filename, zconf_t *z); 203*00b67f09SDavid van Moolenbroek extern zconf_t *loadconfig_fromstr (const char *str, zconf_t *z); 204*00b67f09SDavid van Moolenbroek extern zconf_t *dupconfig (const zconf_t *conf); 205*00b67f09SDavid van Moolenbroek extern zconf_t *freeconfig (zconf_t *conf); 206*00b67f09SDavid van Moolenbroek extern int setconfigpar (zconf_t *conf, char *entry, const void *pval); 207*00b67f09SDavid van Moolenbroek extern int printconfig (const char *fname, const zconf_t *cp); 208*00b67f09SDavid van Moolenbroek extern int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z); 209*00b67f09SDavid van Moolenbroek extern int checkconfig (const zconf_t *z); 210*00b67f09SDavid van Moolenbroek extern void setconfigversion (int version); 211*00b67f09SDavid van Moolenbroek 212*00b67f09SDavid van Moolenbroek #endif 213