1/***************************************************************** 2** 3** @(#) zconf.h 4** 5** Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger. 6** All rights reserved. 7** 8** This software is open source. 9** 10** Redistribution and use in source and binary forms, with or without 11** modification, are permitted provided that the following conditions 12** are met: 13** 14** Redistributions of source code must retain the above copyright notice, 15** this list of conditions and the following disclaimer. 16** 17** Redistributions in binary form must reproduce the above copyright notice, 18** this list of conditions and the following disclaimer in the documentation 19** and/or other materials provided with the distribution. 20** 21** Neither the name of Jeroen Masar and Holger Zuleger nor the 22** names of its contributors may be used to endorse or promote products 23** derived from this software without specific prior written permission. 24** 25** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 26** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 29** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35** POSSIBILITY OF SUCH DAMAGE. 36** 37*****************************************************************/ 38#ifndef ZCONF_H 39# define ZCONF_H 40 41 42# define MINSEC 60L 43# define HOURSEC (MINSEC * 60) 44# define DAYSEC (HOURSEC * 24) 45# define WEEKSEC (DAYSEC * 7) 46# define YEARSEC (DAYSEC * 365) 47# define DAY (1) 48# define WEEK (DAY * 7) 49# define MONTH (DAY * 30) 50# define YEAR (DAY * 365) 51 52# define SIG_VALID_DAYS (10) /* or 3 Weeks ? */ 53# define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC) 54# define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */ 55# define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */ 56# define PROPTIME ( 5 * MINSEC) /* expected slave propagation time */ 57 /* should be small if notify is used */ 58#if defined (DEF_TTL) 59# define DEF_TTL (MAX_TTL/2) /* currently not used */ 60#endif 61 62# define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC) 63# define KSK_LIFETIME (1 * YEARSEC) 64#if 0 65# define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */ 66#else 67# if 0 68# define ZSK_LIFETIME ((MONTH * 3) * DAYSEC) /* set fixed to 3 month */ 69# else 70# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ 71# endif 72#endif 73 74/* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */ 75# define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */ 76# define ADDITIONAL_KEY_ALGO 0 77# define KSK_BITS (1300) 78# define KSK_RANDOM "/dev/urandom" /* was NULL before v0.94 */ 79/* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */ 80# define ZSK_BITS (512) 81# define ZSK_RANDOM "/dev/urandom" 82# define NSEC3 0 /* by default nsec3 is off */ 83# define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/ 84 85# define ZONEDIR "." 86# define RECURSIVE 0 87# define PRINTTIME 1 88# define PRINTAGE 0 89# define LJUST 0 90# define LSCOLORTERM NULL /* or "" */ 91# define KEYSETDIR NULL /* keysets */ 92# define LOGFILE "" 93# define LOGLEVEL "error" 94# define LOGDOMAINDIR "" 95# define SYSLOGFACILITY "none" 96# define SYSLOGLEVEL "notice" 97# define VERBOSELOG 0 98# define ZONEFILE "zone.db" 99# define DNSKEYFILE "dnskey.db" 100# define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */ 101# define SIG_RANDOM NULL /* "/dev/urandom" */ 102# define SIG_PSEUDO 0 103# define SIG_GENDS 1 104# define SIG_DNSKEY_KSK 0 /* Sign DNSKEY RR with KSK only */ 105# define SIG_PARAM "" 106# define DIST_CMD NULL /* default is to run "rndc reload" */ 107# define NAMED_CHROOT NULL /* default is none */ 108 109#ifndef CONFIG_PATH 110# define CONFIG_PATH "/var/named/" 111#endif 112# define CONFIG_FILE CONFIG_PATH "dnssec.conf" 113# define LOCALCONF_FILE "dnssec.conf" 114 115/* external command execution path (should be set via config.h) */ 116#ifndef BIND_UTIL_PATH 117# define BIND_UTIL_PATH "/usr/local/sbin/" /* beware of trailing '/' */ 118#endif 119# define SIGNCMD BIND_UTIL_PATH "dnssec-signzone" 120# define KEYGENCMD BIND_UTIL_PATH "dnssec-keygen" 121# define RELOADCMD BIND_UTIL_PATH "rndc" 122 123typedef enum { 124 Unixtime = 1, 125 Incremental 126} serial_form_t; 127 128typedef enum { 129 NSEC3_OFF = 0, 130 NSEC3_ON, 131 NSEC3_OPTOUT 132} nsec3_t; 133 134typedef enum { 135 none = 0, 136 user, 137 local0, local1, local2, local3, local4, local5, local6, local7 138} syslog_facility_t; 139 140typedef struct zconf { 141 char *zonedir; 142 int recursive; 143 int printtime; 144 int printage; 145 int ljust; 146 char *colorterm; 147 long sigvalidity; /* should be less than expire time */ 148 long max_ttl; /* should be set to the maximum used ttl in the zone */ 149 long key_ttl; 150 long proptime; /* expected time offset for zone propagation */ 151#if defined (DEF_TTL) 152 long def_ttl; /* default ttl set in soa record */ 153#endif 154 serial_form_t serialform; /* format of serial no */ 155 long resign; /* resign interval */ 156 157 int k_algo; 158 int k2_algo; 159 long k_life; 160 int k_bits; 161 char *k_random; 162 long z_life; 163 /* int z_algo; no longer used; renamed to k2_algo (v0.99) */ 164 int z_bits; 165 char *z_random; 166 nsec3_t nsec3; /* 0 == off; 1 == on; 2 == on with optout */ 167 int saltbits; 168 169 char *view; 170 int noexec; 171 // char *errlog; 172 char *logfile; 173 char *loglevel; 174 char *logdomaindir; 175 char *syslogfacility; 176 char *sysloglevel; 177 int verboselog; 178 int verbosity; 179 char *keyfile; 180 char *zonefile; 181 char *keysetdir; 182 char *lookaside; 183 char *sig_random; 184 int sig_pseudo; 185 int sig_gends; 186 int sig_dnskeyksk; 187 char *sig_param; 188 char *dist_cmd; /* cmd to run instead of "rndc reload" */ 189 char *chroot_dir; /* chroot directory of named */ 190} zconf_t; 191 192extern const char *timeint2str (unsigned long val); 193extern zconf_t *loadconfig (const char *filename, zconf_t *z); 194extern zconf_t *loadconfig_fromstr (const char *str, zconf_t *z); 195extern zconf_t *dupconfig (const zconf_t *conf); 196extern zconf_t *freeconfig (zconf_t *conf); 197extern int setconfigpar (zconf_t *conf, char *entry, const void *pval); 198extern int printconfig (const char *fname, const zconf_t *cp); 199extern int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z); 200extern int checkconfig (const zconf_t *z); 201extern void setconfigversion (int version); 202 203#endif 204