1 /* $NetBSD: zconf.h,v 1.1.1.1 2015/07/08 15:37:48 christos Exp $ */
3 /*****************************************************************
7 ** Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger.
8 ** All rights reserved.
10 ** This software is open source.
12 ** Redistribution and use in source and binary forms, with or without
13 ** modification, are permitted provided that the following conditions
16 ** Redistributions of source code must retain the above copyright notice,
17 ** this list of conditions and the following disclaimer.
19 ** Redistributions in binary form must reproduce the above copyright notice,
20 ** this list of conditions and the following disclaimer in the documentation
21 ** and/or other materials provided with the distribution.
23 ** Neither the name of Jeroen Masar and Holger Zuleger nor the
24 ** names of its contributors may be used to endorse or promote products
25 ** derived from this software without specific prior written permission.
27 ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 ** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
29 ** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 ** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
31 ** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 ** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 ** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 ** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 ** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 ** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 ** POSSIBILITY OF SUCH DAMAGE.
39 *****************************************************************/
45 # define HOURSEC (MINSEC * 60)
46 # define DAYSEC (HOURSEC * 24)
47 # define WEEKSEC (DAYSEC * 7)
48 # define YEARSEC (DAYSEC * 365)
50 # define WEEK (DAY * 7)
51 # define MONTH (DAY * 30)
52 # define YEAR (DAY * 365)
54 # define SIG_VALID_DAYS (21) /* 3 Weeks */
55 # define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC)
56 # define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */
57 # define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */
58 # define PROPTIME ( 5 * MINSEC) /* expected slave propagation time */
59 /* should be small if notify is used */
61 # define DEF_TTL (MAX_TTL/2) /* currently not used */
64 # define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC)
65 # define KSK_LIFETIME (2 * YEARSEC)
67 # define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */
69 # define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */
72 /* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */
73 # define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */
74 # define ADDITIONAL_KEY_ALGO 0
75 # define KSK_BITS (1300)
76 # define KSK_RANDOM NULL
77 /* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */
78 # define ZSK_BITS (512)
80 # define ZSK_RANDOM "/dev/urandom"
81 # define NSEC3 0 /* by default nsec3 is off */
82 # define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/
87 # define ZONEDIR CONFIG_PATH
93 # define LSCOLORTERM NULL /* or "" */
94 # define KEYSETDIR ".." /* keysets */
96 # define LOGLEVEL "error"
97 # define LOGDOMAINDIR ""
98 # define SYSLOGFACILITY "none"
99 # define SYSLOGLEVEL "notice"
100 # define VERBOSELOG 0
101 # define ZONEFILE "zone.db"
102 # define DNSKEYFILE "dnskey.db"
103 # define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */
104 # define SIG_RANDOM NULL /* "/dev/urandom" */
105 # define SIG_PSEUDO 0
107 # define SIG_DNSKEY_KSK 0 /* Sign DNSKEY RR with KSK only */
108 # define SIG_PARAM ""
109 # define DEPENDFILES ""
110 # define DIST_CMD NULL /* default is to run "rndc reload" */
111 # define NAMED_CHROOT NULL /* default is none */
114 # define CONFIG_PATH "/var/named/"
116 # define CONFIG_FILE CONFIG_PATH "dnssec.conf"
117 # define LOCALCONF_FILE "dnssec.conf"
119 /* external command execution path (should be set via config.h) */
120 #ifndef BIND_UTIL_PATH
121 # define BIND_UTIL_PATH "/usr/local/sbin/" /* beware of trailing '/' */
123 # define SIGNCMD BIND_UTIL_PATH "dnssec-signzone"
124 # define KEYGENCMD BIND_UTIL_PATH "dnssec-keygen"
125 # define RELOADCMD BIND_UTIL_PATH "rndc"
128 # define isflistdelim(c) ( (c) == ':' || (c) == ',' || isspace (c) )
144 local0
, local1
, local2
, local3
, local4
, local5
, local6
, local7
147 typedef struct zconf
{
154 long sigvalidity
; /* should be less than expire time */
155 long max_ttl
; /* should be set to the maximum used ttl in the zone */
157 long proptime
; /* expected time offset for zone propagation */
158 #if defined (DEF_TTL)
159 long def_ttl
; /* default ttl set in soa record */
161 serial_form_t serialform
; /* format of serial no */
162 long resign
; /* resign interval */
170 /* int z_algo; no longer used; renamed to k2_algo (v0.99) */
172 int z_always
; /* always pre-publish zsk ? */
174 nsec3_t nsec3
; /* 0 == off; 1 == on; 2 == on with optout */
183 char *syslogfacility
;
197 char *dist_cmd
; /* cmd to run instead of "rndc reload" */
198 char *chroot_dir
; /* chroot directory of named */
201 extern const char *timeint2str (unsigned long val
);
202 extern zconf_t
*loadconfig (const char *filename
, zconf_t
*z
);
203 extern zconf_t
*loadconfig_fromstr (const char *str
, zconf_t
*z
);
204 extern zconf_t
*dupconfig (const zconf_t
*conf
);
205 extern zconf_t
*freeconfig (zconf_t
*conf
);
206 extern int setconfigpar (zconf_t
*conf
, char *entry
, const void *pval
);
207 extern int printconfig (const char *fname
, const zconf_t
*cp
);
208 extern int printconfigdiff (const char *fname
, const zconf_t
*ref
, const zconf_t
*z
);
209 extern int checkconfig (const zconf_t
*z
);
210 extern void setconfigversion (int version
);