This chapter describes the MultiNet administration commands you can run from the DCL prompt.
Table 1-1 describes the MultiNet administrative commands available at the DCL prompt.
Table 1-1 MultiNet Command Summary (Continued)
|
Command |
Description |
|
Processes the accounting file that FTP and SMTP can write. |
|
|
Tests the MultiNet configuration. |
|
|
MULTINET CONFIGURE /CONFIGURATION_FILE /DECNET /MENU /NETWORK /NOBOLD /PRINTERS /SERVERS /SERVER_IMAGE |
|
|
Tests the domain name service (DNS) system. |
|
|
Generates and maintains keys for DNS Security (DNSSEC) within the DNS. |
|
|
Signs zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). |
|
|
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file. |
|
|
Displays font server information. |
|
|
Lists font names and font information. |
|
|
Creates a DECW$FONT_DIRECTORY.DAT file when adding fonts. |
|
|
Displays font data. |
|
|
Uncompiles a PCF file into an ASCII BDF file. |
|
|
Checks the syntax of a GateD configuration file. |
|
|
Tells GateD to dump internal state into a text file. |
|
|
Loads new configuration file. |
|
|
Controls tracing in GateD. |
|
|
Queries OSPF routers. |
|
|
Request all routes known by a RIP gateway. |
|
|
MULTINET GATED/SHOW/TRACE |
Queries tracing in GateD. |
|
Tells the GateD process to halt in an orderly manner. |
|
|
Toggles GateD tracing on and off. |
|
|
Tells the GateD process to rescan the network interfaces. |
|
|
Retrieves a HOSTS.TXT file. |
|
|
Installs host tables as global sections. |
|
|
Allows a user to learn the capabilities supported by an IPP server. |
|
|
Stores the contents of the Kerberos database in an ASCII text file. |
|
|
Adds principal information to the database. |
|
|
Initializes the Kerberos database. |
|
|
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. |
|
|
Permits the Kerberos master key to be changed. |
|
|
Creates an encrypted server key file for a remote system. |
|
|
Saves the Kerberos master key in a protected file for the KDC. |
|
|
Loads and invokes the network image. |
|
|
Sends commands to MULTINET_SERVER internal services. |
|
|
Dismounts a locally-mounted remote NFS file system. |
|
|
Mounts a remote NFS file system so it can be used locally. |
|
|
Sends a test query to DNS. |
|
|
Performs dynamic updates to the domain name service (DNS) server. |
|
|
Tests connections by sending ICMP echo requests. |
|
|
Queries the remote system for time and sets the local clock accordingly. |
|
|
Allocates a remote tape drive or CD-ROM for access by a single process. |
|
|
Sends a message to all system users. |
|
|
Changes ARP tables. |
|
|
Configures DECnet devices to run DECnet-over-UDP circuits. |
|
|
Sets parameters for network devices |
|
|
Specifies static IP routing. |
|
|
Specifies the local timezone name. |
|
|
Decodes network packets selected by a boolean expression. |
|
|
Traces packets and interprets the results. |
|
|
Determines the route to the specified host. |
|
|
Performs tests on the most common causes of problems when running X11 clients over MultiNet. |
Processes the accounting file that session accounting writes for SMTP and for FTP. It extracts the selected records from it and either displays it on the user's terminal or sends it to the specified output file.
FORMAT
$ MULTINET ACCOUNTING /INPUT=filename /SINCE=first_date_to_include
QUALIFIERS
/INPUT=accounting_file_name
/OUTPUT=output_file_name
/BEFORE=latest_date_to_include
/SINCE=first_date_to_include
/PROTOCOL=(MAIL,SMTP,FTP)
These are the protocols to include.
/CSV
Makes the output file a Comma Separated Values file that can be imported into an Excel-type document for processing.
Invokes the MultiNet configuration test utility to perform one or more checks for common MultiNet configuration problems. Requires CMKRNL, SYSPRV, and WORLD privileges.
FORMAT
MULTINET CHECK
[test,...]PARAMETER
test
Specifies the name of a test to be performed. Valid test names are ARP, BROADCASTS, DATABASES, HOST_NAME, HOST_TABLE, INTERFACES, LICENSE, MISCELLANEOUS, PARAMETERS, PROTOCOL_ERRORS, ROOT_NAMESERVERS, ROUTES, and VERSION. You can specify multiple tests by separating the names with commas. If you do not specify a test parameter, all tests are performed.
The host name check verifies that the address associated with the local host name matches one of the interface addresses.
QUALIFIERS
MULTINET CHECK usually stops when it encounters an error. Specify this qualifier to force MULTINET CHECK to continue testing even after an error is encountered.
MULTINET CHECK usually displays all output on the standard error output device. Specify this qualifier to either redirect output to the specified file or turn output off altogether.
Causes MULTINET CHECK to display more information about the tests it performs. By default, it only displays a message when it encounters an error or if all tests pass.
Invokes one of the MultiNet configuration utilities which are interactive programs that maintain network configuration information. If you do not specify a configuration utility with a qualifier, the network interface configuration utility (NET-CONFIG) is invoked.
FORMAT
MULTINET CONFIGURE
[/qualifier(s)]QUALIFIERS
Invokes the Access Configuration Utility (ACCESS-CONFIG) that lets you examine, modify, and save MultiNet Secure/IP configuration files. MultiNet Secure/IP is a TCP/IP-based authentication system that extends the OpenVMS login facility to support authentication "tokens."
The MultiNet Secure/IP Client becomes part of logging in via TELNET, FTP, LAT, DECnet, and "hardwired" devices (for example, TX and TT).
The MultiNet Secure/IP Server provides authentication information to MultiNet Secure/IP clients when users try to log in.
Invokes the DECnet Configuration Utility (DECNET-CONFIG) that lets you view and alter the configuration of DECnet-over-IP services. If used with the /CONFIGURATION_FILE qualifier, DECNET-CONFIG reads the specified configuration file (by default, MULTINET:DECNET-CIRCUITS.COM).
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
Invokes the Electronic Mail Configuration Utility (MAIL-CONFIG) that lets you view and alter SMTP configuration. If used with the /CONFIGURATION_FILE qualifier, MAIL-CONFIG reads the specified configuration file (by default, MULTINET_COMMON_ROOT:[MULTINET]START_SMTP.COM).
Invokes the MultiNet Menu-driven Configuration Utility (MENU-CONFIG) that lets you configure network interfaces, global parameters, services, electronic mail, printing, DECnet-over-IP circuits, and, if installed, NFS and MultiWare.
Context-sensitive online help describes each configuration parameter and how to navigate the configuration menus.
MENU-CONFIG provides access modes for beginning and advanced users. Press PF1 to toggle between modes.
By default, MENU-CONFIG downloads fonts to your terminal; to prevent it from doing so (for example, when operating it over serial connections), use the /NOBOLD qualifier.
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
MULTINET CONFGURE /NETWORK now has the command:
SET SNMP-AGENTX TRUE to enable SNMP Agent X service.
SET SNMP-AGENTX FALSE to disable SNMP Agent X service.
A line displays in the output of the SHOW command if SNMP Agent X subagents are enabled.
Invokes the MultiWare NFS Server Configuration Utility (NFS-CONFIG) for the MultiWare NFS Server option.
If used with the /CONFIGURATION_FILE qualifier, NFS-CONFIG reads the specified configuration file (by default, MULTINET:NFS.CONFIGURATION).
Invokes the NOT Configuration Utility NOT-CONFIG for DECnet applications services (formerly known as Phase/IP). DECnet application services allow you to run applications designed to use DECnet using TCP/IP instead. DECnet application services provide the DECnet API (Application Programming Interface) across TCP seamlessly, without DECnet protocols or software, and without the additional overhead of running both protocol stacks.
Invokes the MultiNet Printer Configuration Utility (PRINTER-CONFIG) that lets you view and alter the configuration of MultiNet-based print services. If used with the /CONFIGURATION_FILE qualifier, PRINTER-CONFIG reads the specified configuration file (by default, MULTINET:REMOTE-PRINTER-QUEUES.COM).
Invokes the MultiNet Service Configuration Utility (SERVER-CONFIG) that lets you view and alter the configuration of MultiNet services. If used with the /CONFIGURATION_FILE qualifier, SERVER-CONFIG reads the specified configuration file (by default, MULTINET:SERVICES.MASTER_SERVER).
/SERVER_IMAGE=server_image_file
Used with the /SERVERS qualifier, server_image_file specifies the MultiNet master server image associated with the server configuration file. This file is used by SERVER-CONFIG to determine which network services are available. If not specified, SERVER-CONFIG uses MULTINET:SERVER.EXE.
Used with the /MENU qualifier to prevent MENU-CONFIG from downloading fonts to your terminal. Use /NOBOLD if your terminal does not support boldface characters (for example, early VT terminal emulators), or if you are working over a serial connection and you do not want to wait for fonts to download.
/CONFIGURATION_FILE=config_file
Used with the /DECNET, /PRINTERS, or /SERVERS qualifier, specifies the configuration file read by the corresponding utility.
Similar to NSLOOKUP, DIG tests the domain name service (DNS) system. It uses the DNS resolver to send queries to the DNS server and prints out the response. DIG executes a single command or reads commands from a file (in "batch mode").
DIG can be used with the UNIX-style syntax by defining it as a foreign command:
$ DIG :== $MULTINET:DIG.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
FORMAT
MULTINET DIG
[name [type [class]]]PARAMETERS
name
Specifies a host or domain name.
Note! You must specify fully-qualified names. DIG will not append any domain names.
type
Specifies which TYPE resource records are asked for. The default is A (address records).
class
Specifies which CLASS resource records are asked for. The default is IN (internet records).
QUALIFIERS
+[no]addit
Tells the resolver to print the additional section of the reply.
-x ip-address
Convenient form to specify an inverse address mapping query. For example, MULTINET
+[no]answer
Tells the resolver to print the answer section of the reply.
+[no]author
Tells the resolver to print the authority section of the reply.
-c recordclass
Specifies which CLASS resource records are asked for. Alternative to specifying the class parameter. The recordclass value may be either the integer value of the class or the name of the class (ANY, IN, CHAOS, HESIOD). The default is IN (internet records).
+[no]cmd
Tells DIG to echo parsed arguments from the command.
+[no]debug
Causes the resolver to print debugging information.
+[no]d2
Causes the resolver to print additional, less useful debugging information.
-envsav
Specifies that the DIG environment (defaults, print options, etc.), after all of the arguments are parsed, should be saved to a file to become the default environment. This is useful if you do not like the standard set of defaults and do not desire to include a large number of options each time DIG is used. The environment consists of resolver state variable flags, timeout, and retries as well as the flags detailing DIG output. If the logical name LOCALDEF is set to the name of a file, this is where the default DIG environment is saved. If not, the file DIG.ENV is created in the current default directory.
Each time DIG is executed, it looks for DIG.ENV or the file specified by LOCALDEF. If such a file exists, then the environment is restored from this file before any arguments are parsed.
-envset
This qualifier only affects batch query runs. When -envset is specified on a line in a DIG batch file, the DIG environment after the arguments are parsed becomes the default environment for the duration of the batch file, or until the next line which specifies -envset. Remember that commands in the DIG batch file must be in UNIX-style syntax.
-f filename
Causes DIG to run in batch mode, executing the commands in the specified file. The commands in this file must be in the UNIX-style syntax.
"+[no]Header"
Tells the resolver to print basic header information.
+[no]header
Tells the resolver to print header flags.
+[no]ignore
Tells the resolver to ignore truncation in responses.
+[no]ko
If using virtual circuits (TCP), keeps the connection open.
-k keydir+keyname
Specifies a TSIG key for DIG to use to sign its queries. The default value for KEYDIR is the current default directory.
Note! On UNIX systems, the syntax is keydir:keyname. On OpenVMS, the colon is replaced by a plus sign (+). The keyname must be specified to match the key and private filenames, with periods instead of dollar signs. This may not match the domainname if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name.
+pfand=number
Causes DIG to do a bitwise-AND of the print flags with the specified value.
+pfdef
Sets the print flags to the default.
+pfmin
Sets the print flags to the minimum.
+pfor=number
Causes DIG to do a bitwise-OR of the print flags with the specified value.
+pfset=number
Sets the print flags to the specified value.
"-P" ping-command
Causes DIG to execute a ping command to the queried nameserver after the query returns, for response time comparison. If the optional ping-command is present, it is used as the ping command. The default ping command is "MULTINET PING".
-p port
Specifies a port other than the standard nameserver port of 53.
+[no]qr
Tells the resolver to print the outgoing query.
+[no]ques
Tells the resolver to print the question section of the reply.
+[no]recurse
Requests that the name server use recursion to answer the query.
+[no]reply
Tells the resolver to print the reply.
+retry=retrycount
Specifies the number of retries the resolver makes when querying a name server via UDP. The default is 4.
@server
Specifies the nameserver to query. May be specified as either a domain name or a dot-notation internet address. If a domain name is specified, DIG looks up the name using the default nameserver. If /SERVER is not specified, the default is to use the system's default nameserver.
+[no]stats
Tells the resolver to print query statistics.
-[no]stick
This qualifier only affects batch query runs. -stick specifies that the DIG environment (as read initially or set by -envset switch) is to be restored before each query (line) in a DIG batch file. The default -nostick means that the DIG environment does not stick, hence options specified on a single line in a DIG batch file will remain in effect for subsequent lines (i.e., they are not restored to the "sticky" default). Remember that commands in the DIG batch file must be in UNIX-style syntax.
+time=seconds
Specifies a different period to wait for responses. The default is 4 seconds.
"-T" seconds
Causes DIG to wait the specified number of seconds between the start of successive queries when running in batch mode. Can be used to keep two or more batch DIG commands running roughly in sync. The default is 0.
-t recordtype
Specifies which TYPE resource records are asked for. Alternative to specifying the type parameter. The recordtype value may be either the integer value of the type or the name of the type (see Table 1-36). The default is A (address records).
+[no]vc
Specifies that the resolver use virtual circuits (TCP) instead of datagram (UDP) queries.
The following is an example of the default DIG output:
$ multinet dig www.peh.com
; <<>> DiG 8.3 <<>> WWW.PEH.COM
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; WWW.PEH.COM, type = A, class = IN
;; ANSWER SECTION:
WWW.PEH.COM. 2H IN CNAME peh.com.
peh.com. 2H IN A 209.196.131.83
;; AUTHORITY SECTION:
peh.com. 2H IN NS ns1.pbi.net.
peh.com. 2H IN NS ns2.pbi.net.
;; ADDITIONAL SECTION:
ns1.pbi.net. 2D IN A 206.13.28.11
ns2.pbi.net. 2D IN A 206.13.29.11
;; Total query time: 14289 msec
;; FROM: bite.process.com to SERVER: default -- 127.0.0.1
;; WHEN: Thu Jun 1 14:52:49 2002
;; MSG SIZE sent: 29 rcvd: 141
DNSKEYGEN (DNS Key Generator) is a tool to generate and maintain keys for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSKEYGEN can generate public and private keys to authenticate zone data, and shared secret keys to be used for Request/Transaction Signatures.
DNSKEYGEN can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSKEYGEN :== $MULTINET:DNSKEYGEN.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
DNSKEYGEN stores each key in two files: Kname.alg-footprint-private and Kname.alg-footprint-key. name is the domainname with the periods replaced by dollar signs. The first file contains the private key in a portable format. The second file contains the public key in the DNS zone file format:
name IN KEY flags protocol algorithm exponent|module
If the domain name is too long for an OpenVMS filename, it is truncated to fit and the last six characters are replaced by unique digits. The full domain name can be found inside the key file.
FORMAT
MULTINET DNSKEYGEN name
-n name
name
Specifies the domain name to generate the key for.
QUALIFIERS
"-H" size
These flags specify the type of key to generate. You must specify one and only one of these.
If /DSA_DSS is specified, DNSKEYGEN generates a DSA/DSS key. size must be one of: 512, 576, 640, 704, 768, 832, 896, 960, or 1024.
If /HMAC_MD5 is specified, DNSKEYGEN generates an HMAC-MD5 key. size must be between 128 and 504.
If /RSA is specified, DNSKEYGEN generates an RSA key. size must be between 512 and 4096.
Used for RSA only. If specified, DNSKEYGEN uses a large exponent for key generation.
-z
These flags define the type of key being generated. You must specify one and only one of these.
• Zone (DNS validation) key
• Host (host or service) key
-a
Indicates that the key CANNOT be used for authentication.
-c
Indicates that the key CANNOT be used for encryption.
-p num
Sets the key's protocol field to num. If /ZONE_KEY (-z) or /HOST_KEY (-h) is specified, the default is 3 (DNSSEC); otherwise, the default is 2 (EMAIL). Other accepted values are 1 (TLS), 4 (IPSEC), and 255 (ANY).
-s num
Sets the key's strength field to num; the default is 0.
EXAMPLE
The following example generates an RSA key.
$ MULTINET DNSKEYGEN/RSA=512/ZONE_KEY zone.example
** Adding dot to the name to make it fully qualified domain name**
Generating 512 bit RSA Key for ZONE.EXAMPLE.
Generated 512 bit Key for ZONE.EXAMPLE. id=49663 alg=1 flags=257
DNSKEYGEN generates the following (for example):
File KZONE$EXAMPLE$.001-49663-KEY:
ZONE.EXAMPLE. IN KEY 257 3 1 AQOojr81q9PfmQXCUAJOoMu3CYaS78RZnhiV/uAfSbzZusWYLSeVF47OwZlmgwclswZoaM5NSuzFX3w5RDIEwf9c
File KZONE$EXAMPLE$.001-49663-PRIVATE:
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus: qI6/NbPT35kGwlACTqDLtwmGku/EWZ4Ylf7gH0m82arFmC0nlReOjsGJZoMHJbMGaGjOTUrsxV98OUQyAMH/Ww==
PublicExponent: Aw==
PrivateExponent: cF8qI8036mZD1uABjcCHz1uvDJ/YO767Dqmqv4Z95ntuhY7uIMmn8zy0Ur9kj/7P5Dvpu7ZG91ZtuQ1YhWAMyw==
Prime1: 2IQQP2+DvU/G0038OCoji00NDQHA0az8lDV1fh8Qf9k=
Prime2: x0vGgXRlWVIfp5xnuCORP0UB4rK3sKVhQ246rx2hbFM=
Exponent1: kFgK1PQCfjUvN4lS0BwXtN6Is1aBNnNTDXj4/r9gVTs=
Exponent2: hN0vABhDjja/xRLv0Be2Kl4BQcv6dcOWLPQnH2kWSDc=
Coefficient: YQGEh81Y720mRfAV/tEs3eWKd11Mm10b5R4lFjVwtAU=
DNSSIGNER is a tool to sign zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSSIGNER's job is to read the data of one zone of DNS data, and perform the necessary work to produce the data for a secured zone.
DNSSIGNER can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSSIGNER :== $MULTINET:DNSSIGNER.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
You can get help on the UNIX-style options using:
|
$ dnssigner -h |
! for short help |
|
$ dnssigner -help |
! for long help |
Signing is done on a zone-by-zone basis, regardless of the relationship of zones to name servers. DNSSIGNER is designed to operate in a dynamic environment, including those in which secret keys are not available to all of those covering a zone, and where information may be arriving after the beginning of the signing process. DNSSIGNER makes an effort to retain valid signatures instead of computing new signatures.
Using traditional BIND DNS zone master files, there are two things necessary as input to use DNSSIGNER to sign a zone. One is the names of the input files and the other is the names of the keys to use. There are two kinds of data files used as input to the signing process. The standard zone master file, and a master file introduced by DNSSEC called the parent file. A parent file contains output from the signing of the parent zone, most importantly the signature by the parent of the zone's keys.
The default input zone is START-ZONE. A different zone input file can be specified with
/ZONE=(INPUT=filename) (-zi). There is no default input parent file. A parent file can be specified with /PARENT=(INPUT=filename) (-pi).
The default output files are FINISH-ZONE. and FINISH-PARENT.
/ZONE=(OUTPUT=filename) (-zo) changes the name of the zone output file, and
/PARENT=(OUTPUT=filename) (-po) changes the name of the parent file generated by the zone.
There are two forms of parent file generation. One form is to place all of the parent files in one file (good for zones with many delegations), the other is to make a separate file for each delegation. Since it is easier to erase one file than potentially thousands, DNSSIGNER defaults to the single signer file.
/PARENT=NOBULK (-no-p1) turns single parent file generation off, /PARENT=BULK (-p1) turns it on. As mentioned earlier /PARENT=OUTPUT=filename (-po) sets the name of the single parent file (default FINISH-PARENT.).
/PARENT=INDIVIDUAL (-ps) turns on individual parent files, /PARENT=NOINDIVIDUAL
(-no-ps) turns it off. /PARENT=DIRECTORY=spec (-pd) sets the directory into which the individual files are put (default is the current working directory).
/NONXT (-no-n) turns off RFC 2065 NXT processing.
/NXT (-n) (default) turns on RFC 2065 NXT processing.
Use the -k1 flag (the /SIG=(KEY=( )) qualifier) or the -ks flag (no OpenVMS-style equivalent) to specify a key. -k1 is followed by a domain name owner of a key, the algorithm, and the key id. -ks is followed by a sequence of names, algorithms, and key ids until the end of the command line.
There are two time durations that are important to the handling of signatures. One is the duration until a newly generated signature is set to expire. The other is the duration in which existing signatures will be considered to be expired.
/SIG=DURATION=ttl (-dur) sets the duration for which a signature is valid.
The time included in the SIG RR expiration field is the current absolute time plus the duration. Wrapping around 32 bits is not a problem, as time is considered to be "circular."
/SIG=PURGE_PERIOD=ttl (-pt) sets the period into the future in which SIGs expiring then are considered to have expired. Any signature that has an expiry time in the past of the current time is thrown out, as well as signature whose expiry time falls into the span between now and the purge period duration. The past is considered to be the time from now back to 2 to the 31st seconds ago; the rest is the future.
FORMAT
MULTINET DNSSIGNER
QUALIFIERS
This section describes the syntax of all flags. The meanings can be found in RFC 2065 and the drafts associated with the DNSSEC working group.
/BIND (-bind) instructs DNSSIGNER to use BIND's extended TTLs and KEY flags when writing files. This is the default. Use /NOBIND (-no-bind) to turn this feature off. In this case TTLs and flags are written as numeric values.
-l option
Specifies the level of output (debug) messages that DNSSIGNER should print. Specify one of the following levels: (UNIX-syntax equivalents are also shown)
|
-l 7-l debDEBUGGER |
Print source code locations, errors, and warnings. |
|
-l 10-l devDEVELOPER |
Print source code locations and cryptography messages. |
|
-l 1-l mMINIMAL |
Print just errors. |
|
-l 4-l uUSER |
Print errors and warnings. This is the default. |
/NXT (-n) (default) instructs DNSSIGNER to generate NXT RRs for the zone, signing them with the keys that sign the SOA record. (If none sign the SOA, no NXT's are signed.). Use /NONXT
(-no-n) to turn this feature off.
-or domain
This is equivalent to the $ORIGIN domain directive in the zone file, except that the terminating period is not needed in the domain name. Specifying an origin is only mandatory for the root zones and other zones using relative names in the zone files. It is recommended that the $ORIGIN domain directive be put in the data file. By default, this is unspecified.
Specifies options related to parent zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows.
There are two ways in which parent files are made: individual and bulk. The two methods use independent keywords. Both can be used, neither can be used, or just one. By default, the bulk approach is used.
|
-[no-]p1[NO]BULK |
BULK (-p1) (default) tells DNSSIGNER to place all of the generated parent data for the zone's delegation points into one file. Separating lines are added to identify the start and end of the information destined for individual zones. Use NOBULK (-no-p1) to turn this feature off. |
|
-pd directoryDIRECTORY=directory |
Specifies the directory to put individual parent files into. The default is the current default directory. |
|
-[no-]ps[NO]INDIVIDUAL |
INDIVIDUAL (-ps) tells DNSSIGNER to place the generated parent data into individual files, named zone.PARENT. For large delegated zones, there will be many files. The default is NOINDIVIDUAL (-no-ps). |
|
-pi fileINPUT=file |
Specifies the parent file received from the parent zone to be used as input to this zone. If specified, all records that would conflict with it (apex upper NXT, KEYs, and SIGs for these) are dropped. If the UP policy is specified, then the parent's KEY, NS, and glue are also dropped. The default is to have no parent file. |
|
-pa domainNAME=domain |
Specifies the apex's parent zone. If the keys for this zone are known and the UP policy is used, the apex zone keys sign the key. If UP is used and this is not specified, then DNSSIGNER acts as if it does not otherwise know the parent's identity. This is equivalent to the $PARENT directive in the zone file, except that relative domain names are treated as absolute names. By default, the parent's domain name is unspecified. |
|
-po fileOUTPUT=file |
Specifies the name of the file to hold the bulk generated parent data. The default is FINISH-PARENT. |
Specifies what policy to use when signing the zone. Specify one of the following options: (UNIX-syntax equivalents are also shown)
|
-dnDOWN |
DNSSIGNER signs according to the DOWN policy. That is, the apex does not sign the parent's keys. The parent's keys and glue data are not expected from nor written to the parent files. This is the default. |
|
-upUP |
DNSSIGNER signs according to the UP policy. That is, the apex signs the parent's keys. The parent's keys and glue data are expected from and written to the parent files. Note! This policy is not recommended. |
/SELF_SIGN (-ess) instructs DNSSIGNER to make sure each key in the file is signed by its corresponding private key. This is done by implicitly adding $SIGNER directives to the zone file around each key set, adding those keys for just the set. If no private key is available, the $SIGNER directive remains in the output file.
The intent of this feature is to insert proof into DNS that the public key's corresponding private key is held by the owner (or at least the entity signing the zone).
The default is /NOSELF_SIGN (-no-ess).
Specifies options related to the generation of SIG RRs. Possible keywords (and their UNIX-style equivalents) are as follows.
For DURATION and PURGE_PERIOD, ttl format is taken from the BIND definition of TTL. Numeric seconds is accepted, as well as:
|
numberW |
weeks |
|
numberD |
days |
|
numberH |
hours |
|
numberM |
minutes (not months!) |
|
numberS |
seconds |
The "end of the future" and "beginning of the past" are points in time which have the same time representation (one second apart) in a 32-bit roll-over specification of time. The end of the future is 2 to the 31st power seconds from the current time.
/STATISTICS (-st) instructs DNSSIGNER to print summary statistics at the end of the run. The default is /NOSTATISTICS (-no-st).
Specifies options related to zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows:
|
-zi fileINPUT=file |
Specifies the zone data input file. The first RR must be an SOA. The first record may be found in an $INCLUDEd file. The default is START-ZONE. |
|
-zo fileOUTPUT=file |
Specifies the file where signed zone data is left. The default is FINISH-ZONE. |
EXAMPLES
1. Assuming that the zone data is in f.zone and the parent file is in f.parent, to run the files through DNSSIGNER, do the following:
$ multinet dnssigner/zone=(input=f.zone)/parent=(input=f.parent)
or
$ dnssigner :== $multinet:dnssigner.exe
$ dnssigner -zi f.zone -pi f.parent
The outputs default to FINISH-ZONE. and FINISH-PARENT. This does no signing, but merges the files, removes duplicates, generates NXT resource records, and makes signing instructions for them (if the zone is judged to be signed).
2. To sign the above zone with the key of test. key id 27782:
$ multinet dnssigner/zone=(input=f.zone)/parent=(input=f.parent) -
/sig=(key=(domain=test.,alg=dsa,key_id=27782)
or
$ dnssigner -zi f.zone -pi f.parent -k1 test. dsa 27782
3. To sign with both keys 27782 and 3696:
$ dnssigner -zi f.zone -pi f.parent -ks test. dsa 27782 test. dsa 3696
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file.
FORMAT
MULTINET FONT COMPILE
[qualifiers] [bdf_font_file]QUALIFIERS
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the order in which multibyte data in the file is written. Multibyte data includes metrics and bitmaps. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies an output file name in which the results are written.
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
The /SERVER qualifier specifies the server from which the font is read. The default value is LOCALHOST:7000.
Displays X font information useful for determining the capabilities and defined values of a font server.
FORMAT
MULTINET FONT INFO
[qualifiers]QUALIFIERS
Specifies an output file name in which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
Lists the font names that match a specified pattern.
FORMAT
MULTINET FONT LIST
[qualifiers] [pattern]PARAMETER
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
QUALIFIERS
Indicates long listings should display the minimum and maximum bounds of each font.
Indicates listings should display in multiple columns.
Specifies the relative length of a font listing. Accepted values are SMALL, MEDIUM, LONG, and VERYLONG.
Consider using /NOSORT if you want LONG or VERYLONG listings faster; otherwise, these types of listings can take a long time to generate. You can also use /OUTPUT to write the results to a file.
Indicates the listing is not sorted. Using this qualifier decreases the time required to produce a listing.
Specifies an output file name in which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
Specifies the width of the columns (by default, 79).
Creates a DECW$FONT_DIRECTORY.DAT file in each specified directory.
MKFONTDIR reads all font files in each specified directory. The order in which font files are read is *.PCF files, *.SNF files, then *.BDF files. For scalable fonts, you must edit the created DECW$FONT_DIRECTORY.DAT file to insert the X font name. If you edit this file, back up your changes so they are not lost when MKFONTDIR is run again.
The command fails if you don't have the necessary privileges to write into the directory you specify.
FORMAT
MULTINET FONT MKFONTDIR
[directory_names]PARAMETER
directory_names
Specifies the list of directories in which MULTINET FONT MKFONTDIR creates a DECW$FONT_DIRECTORY.DAT file.
Displays font information from files that match the specified pattern.
FORMAT
MULTINET FONT SHOW
[qualifiers] [pattern]PARAMETER
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
QUALIFIERS
Specifies how a character bitmap is padded. Accepted values are MINIMUM, MAXIMUM, and MAXWIDTH.
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the order in which multibyte data (including metrics and bitmaps) in the file is written. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the ending character number (in decimal) about which you want font information listed. Use /END with the /START qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
Indicates that only the extents for a font are displayed.
Specifies an output file name in which the results are written.
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
/START=decimal_character_value
Specifies the starting character number (in decimal) about which you want font information listed. Use /START with the /END qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
Converts a binary PCF-format font file to an ASCII BDF-format file.
FORMAT
MULTINET FONT UNCOMPILE
[qualifiers] [pcf_font_file]QUALIFIERS
Specifies the output file name into which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
EXAMPLE
$ MULTINET FONT UNCOMPILE -
Checks the syntax of a GateD configuration file. If no input file is specified, MultiNet checks the default configuration file, MULTINET:GATED.CONF. This command does not affect a running GateD process.
MULTINET GATED/CHECK
Parameter
filename
Name of the configuration file to check. If omitted, defaults to MULTINET:GATED.CONF.
Example
Checks the syntax of a GateD configuration file called TEST.CONF located in the user's current working directory.
MULTINET GATED/CHECK TEST.CONF
Tells GateD to dump its internal state into a text file. If you omit the filename, the default is MULTINET:GATED.DUMP.
MULTINET GATED/DUMP [log]
Parameter
log
Contains log statements generated by GateD. If omitted, defaults to MULTINET:GATED.DUMP.
Tells the GateD process to load a configuration file. If no file is specified, the default file MULTINET:GATED.CONF is loaded.
CAUTION! If the GateD process detects an error in the configuration file being loaded, it stops running.
MULTINET GATED/LOAD [file]
Parameter
file
Name of the configuration file to load. If omitted, defaults to MULTINET:GATED.CONF.
Example
This example tells the GateD process to load a new configuration file called TEST_CONFIG.CONF from the system manager's current working directory.
MULTINET GATED/LOAD TEST_CONFIG.CONF
Tells the GateD process to turn on or off various tracing flags. This controls what is placed in the MULTINET:GATED.LOG file. By default, minimal tracing is done.
Format
MULTINET GATED/SET/TRACE qualifier
Qualifiers
/ALL
Turns on all tracing.
/DETAILS
Sets tracing of all send and receive information.
/RECV_DETAILS
Sets tracing of receive information.
/SEND_DETAILS
Sets tracing of send information.
/EVENTS
Sets tracing of normal events.
/NONE
Turns off all tracing.
/PACKETS
Sets tracing of packet sends and receives.
/RECV_PACKETS
Sets tracing of packet receives.
/SEND_PACKETS
Sets tracing of packet sends.
/PARSING
Sets tracing of configuration file parsing.
/POLICY
Sets tracing of policy decisions.
/ROUTING
Sets tracing of routing table changes.
/STATES
Sets tracing of state machine transitions.
/SYMBOLS
Sets tracing of kernel symbols.
/TASKS
Sets tracing of task and job functions.
/TIMER
Sets tracing of timer functions.
Example
This example tells the GateD process to turn on tracing of policy decisions and turn off tracing of state machine transitions.
MULTINET GATED/SET/TRACE/POLICY/NOSTATES
Queries OSPF routers. You can obtain a wide variety of detailed information from these routers using these commands.
All of the SHOW OSPF commands use a file called MULTINET:OSPF_DESTS.DAT. This is a file of OSPF destination records. Each record is a single line entry listing the destination IP address, the destination host name, and an optional OSPF authentication key (if the destination activates authentication).
CAUTION! Since the OSPF_DESTS.DAT file may contain authentication information, you should restrict access to it.
Note! To stop the output of this command, enter a Ctrl/C at the command line.
MULTINET GATED/SHOW/OSPF option
Options
/ADVERTISE area-id
Displays link state advertisements. The parameters and qualifiers for MULTINET SHOW OSPF ADVERTISE are as follows:
|
Parameter and Qualifier |
Description |
|
area-id |
OSPF area for which the query is directed. |
|
type |
The available types are /INTERFACES Requests the router links advertisements. Describes the collected states of the router's interfaces. For this request, the ls-id field should be set to the originating router's Router ID. /ROUTERS Requests the network links advertisements. Describes the set of routers attached to the network. For this request, the ls-id field should be set to the IP interface address of the network's Designated Router. /NETWORK_ROUTES Requests the summary link advertisements describing routes to networks. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the destination network's IP address. /BOUNDARY_ROUTES Requests the summary link advertisements describing routes to AS boundary routers. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the Router ID of the described AS boundary router. /EXTERNAL_ROUTES Requests the AS external link advertisements. Describes routes to destinations external to the AS. For this request, the ls-id field should be set to the destination network's IP address. |
|
ls-id |
See the type parameter. |
|
adv-route |
Router ID of the router that originated this link state advertisement. |
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
:
/AS index
Shows the Autonomous System (AS) external database entries. This table reports the advertising router, forwarding address, age, length, sequence number, and metric for each AS external route. The parameters and qualifiers for MULTINET GATED/ SHOW/OSPF/AS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
DESTINATIONS/OUTPUT=file
/FILE=file
This command displays the list of destinations and their indices described in an OSPF destination records file. The parameters and qualifiers for
MULTINET GATED/SHOW/OSPF/ DESTINATIONS are as follows:
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
/ERRORS index
Shows the error log. This reports the different error conditions that can happen between OSPF routing neighbors and shows the number of occurrences for each. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/ERRORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/HOPS index
Shows the set of next hops for the OSPF router being queried. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/HOPS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/INTERFACES index
Displays all interfaces. This shows all the interfaces configured for OSPF. The information includes the area, interface IP address, interface type, interface state, cost, priority and the IP address of the DR and BDR of the network. The parameters and qualifiers for MULTINET GATED SHOW OSPF INTERFACES are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/LOG index
Shows the cumulative log. This log includes input and output statistics for monitor requests, hellos, database descriptions, link state updates, and link state ACK packets. Area statistics are provided that describe the total number of routing neighbors and number of active OSPF interfaces. Routing table statistics are summarized and reported as the number of intra-area routes, inter-area routes, and AS external database entries.
The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/LOG are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/NEIGHBORS index
This command shows all OSPF routing neighbors. The information shown includes the area, local interface address, router ID, neighbor IP address, state and mode. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/NEIGHBORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit list of neighbors. |
/ROUTING index
Shows the OSPF routing table. This table reports the AS border routes, area border routes, summary AS border routes, and the networks managed using OSPF. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/ROUTING are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/STATE index
Shows the link state database (except for ASEs). This describes the routers and networks making up the AS. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/STATE are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit link state database. |
Examples
1 Displays the OSPF cumulative log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/LOG 1
2 Displays the OSPF interface log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/INTERFACE 1
3 Displays the OSPF destination records in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/DESTINATIONS
4 Displays the OSPF link state database log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/STATE 1
5 Displays the OSPF next hops log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/HOPS 1
6
Displays the OSPF error log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/ERRORS 1
Used to request all routes known by a RIP gateway. The routing information in any routing packets returned is displayed numerically and symbolically. This command is intended to be used as a tool for debugging gateways, not for network management.
Note! To stop the output of this command, enter a Ctrl/C at the command line.
MULTINET GATED/SHOW/RIP gateway-ia
Parameter
gateway-ia
Internet address or name of the gateway to be queried.
Qualifiers
/AUTHENTICATION=authkey
Authentication password to use for queries. If specified, an authentication type of SIMPLE is used. The default authentication type is NONE.
/NONAME
Prevents the responding host's address from being looked up to determine the symbolic name.
/POLL
Requests information from the gateway's routing table. This is the default. If there is no response to the /POLL qualifier, the /REQUEST qualifier is tried.
/REQUEST
Requests information from the gateway's routing table. Unlike the /POLL qualifier, all gateways should support this command. If there is no response, the /POLL qualifier is tried.
/TIMEOUT=seconds
Number of seconds to wait for the initial response from a gateway. Default is 5 seconds.
/TRACE
Traces the RIP packets being sent and received by this command.
/V1
Sends the query as a RIP version 1 packet.
/V2
Sends the query as a RIP version 2 packet.
Example
Shows the routers known by RIP gateway 192.168.10.2.
MULTINET GATED/SHOW/RIP 192.168.10.2
Queries tracing in GateD.
MULTINET GATED/SHOW/TRACE
Example
$ multinet gated/show/trace
Summary of GateD tracing
--------------------------------------------------
State Machine Transitions Logging is : 'OFF'
Internal Events Logging is : 'OFF'
Policy Decision Logging is : 'OFF
Task Information Logging is : 'OFF'
Timer Logging is : 'OFF'
Routing Information Logging is : 'OFF'
General Send and Receive Logging is : 'OFF'
General Receive Logging is : 'OFF'
General Send Logging is : 'OFF'
Packet Send and Receive Logging is : 'OFF'
Packet Receive Logging is : 'OFF'
Packet Send Logging is : 'OFF'
Configuration File Parsing Logging is : 'OFF'
Route Advertisement Logging is : 'OFF'
Kernel Symbols Logging is : 'OFF
Network Interface Logging is : 'OFF'
Tells the GateD process to halt in an orderly manner.
Format
Toggles GateD tracing on and off. This command opens and closes the GateD log file MULTINET:GATED.LOG as needed.
MULTINET GATED/TOGGLE_TRACING
Tells the GateD process to rescan the network interfaces.
FORMAT
MULTINET GATED/UPDATE_INTERFACES
The MultiNet host table compiler generates binary host tables from the ASCII host table files. After modifying a MultiNet host table, use this command to compile it into its binary form.
After recompiling your host tables, reinstall the host tables by rebooting, or by invoking the @MULTINET:INSTALL_DATABASES command. Then make the host table usable to the MULTINET_SERVER process servers by restarting this process with the @MULTINET:START_SERVER command. MultiNet uses the compiled host tables for fast lookups of host names, and for translation of host, network, protocol, and service names to numbers.
FORMAT
MULTINET HOST_TABLE COMPILE
[files]PARAMETER
files
Contains a comma-separated list of one or more input files to be compiled. These files must be in the format described in RFC-952 "DoD Internet Host Table Specification." If not specified, the input files default to MULTINET:HOSTS.SERVICES, MULTINET:HOSTS.LOCAL, and MULTINET:HOSTS.TXT.
QUALIFIERS
Specifies the file to which the compiler writes the binary host table (by default, MULTINET:NETWORK_DATABASE).
Determines whether the compilation proceeds quietly. The default, /NOSILENTLY, can take some time to process.
Specifies the initial hash size for the host table hash. Starting at this value, the host table compiler searches for an acceptable hashing function. The default for this qualifier is the "best value," which is computed from the size of the data as the utility attempts to create 512-byte units.
When you run HOST TABLE COMPILE, the hash value is listed in the displayed messages. To select a value for this qualifier, choose a number from the displayed range of values.
Specifies the file to which the compiler writes the "host-completion" database, used by programs that allow for escape-completion of partially typed host names. The default is MULTINET:HOSTTBLUK.DAT.
Specifies the file to which the compiler writes a UNIX-style hosts file that can be used on most UNIX systems and with many other vendors' TCP implementations. The default, /NOUNIX_HOST_FILE, inhibits the creation of a UNIX-style hosts file.
Connects to the HOSTNAME port of NIC.DDN.MIL and uses the HOSTNAME protocol to retrieve the HOSTS.TXT file. After retrieving a new MultiNet host table, compile it into binary form with the MULTINET HOST_TABLE COMPILE command so the host table can be accessed.
CAUTION! The HOSTS.TXT file located on NIC.DDN.MIL is no longer maintained by the DDN NIC (or anyone else). This file contains out-of-date information and should be used with caution. If your host is connected to the Internet, DNS is a desirable alternative to using host tables.
QUALIFIERS
/HOST=host (default NIC.DDN.MIL)
Specifies a host other than NIC.DDN.MIL. If you specify the host name instead of the address, the host name must exist in your existing host tables.
Specifies a different output file (by default, MULTINET:HOSTS.TXT).
Specifies that various debugging information is written to SYS$ERROR as the program executes.
Specifies an arbitrary HOSTNAME protocol request to the host of interest as follows:
• If the /QUERY qualifier is present, use its value
• Otherwise, if the /VERSION qualifier is present, user "VERSION"
• Otherwise, use "ALL"
Retrieves only the HOSTS.TXT version number.
The HOSTNAME protocol supports simple text query requests of the form:
command_key argument(s)
[options]command_key is a keyword indicating the nature of the request and square brackets ( [ ] ) indicate an optional field. The defined keys are described in the following table:
|
Keyword |
Response |
|
HELP |
The information in this table. |
|
VERSION |
"VERSION: string" where string is different for each version of the host table. |
|
HNAME hostname |
One or more matching host table entries. |
|
HADDR hostaddr |
One or more matching host table entries. |
|
ALL |
The entire host table. |
|
ALL-OLD |
The entire host table without domain-style names. |
|
DOMAINS |
The entire top-level domain table (domains only). |
|
ALL-DOM |
Both the entire domain table and the host table. |
|
ALL-INGWAY |
All known gateways in TENEX/TOPS-20 INTERNET.GATEWAYS format. |
Installs the binary host tables as global sections. Do not run HOST_TABLE INSTALL directly. Instead, use the MULTINET:INSTALL_DATABASES.COM command procedure.
FORMAT
The MULTINET IPP SHOW utility allows a user to learn the capabilities supported by an IPP server. This utility queries the server and displays the supported attributes. The program can be used to see what a given server supports, by a program to gather information about a number of printers, or by a DCL or other program to check the capabilities of a given server before submitting a print job to a queue. The command syntax is:
$ MULTINET IPP SHOW server_URI /qualifiers...
/ATTRIBUTE=attribute
Puts the program into a mode suitable for use from a DCL command procedure. Not compatible with the /FORMAT or /OUTPUT qualifiers or those associated with them. It causes the program to return the value of a single attribute as a character string in a DCL symbol. The symbol may be specified with the /SYMBOL qualifier if the default of "IPP_SHOW_RESULT" is not desired. This is intended for use in a procedure to check to see if, for example, a given server supports color printing before submitting a job to a queue that requires color output. Allowable values for attribute are:
|
Charset_ConfiguredCharset_SupportedColor_SupportedCompression_SupportedCopies_DefaultCopies_SupportedDocument_Format_DefaultDocument_Format_SupportedFinishings_DefaultFinishings_SupportedGen_Natural_Language_SupportedJob_Hold_Until_DefaultJob_Hold_Until_SupportedJob_Impressions_SupportedJob_K_Octets_SupportedJob_Media_Sheets_SupportedJob_Priority_DefaultJob_Priority_SupportedJob_Sheets_DefaultJob_Sheets_SupportedMedia_DefaultMedia_SupportedMultiple_Doc_Handling_DefaultMultiple_Doc_Handling_SupportedMultiple_Operation_TimeoutNatural_Language_ConfiguredNumber_Up_DefaultNumber_Up_SupportedOperations_Supported |
Orientation_Requested_DefaultOrientation_Requested_SupportedPage_Ranges_DefaultPage_Ranges_SupportedPDL_Override_SupportedPrint_Quality_DefaultPrint_Quality_SupportedPrinter_Current_TimePrinter_Driver_InstallerPrinter_InfoPrinter_Is_Accepting_JobsPrinter_LocationPrinter_Make_and_ModelPrinter_Message_From_OperatorPrinter_More_InfoPrinter_More_Info_ManufacturerPrinter_NamePrinter_Resolution_DefaultPrinter_Resolution_SupportedPrinter_StatePrinter_State_MessagePrinter_State_ReasonsPrinter_UptimePrinter_URI_SupportedQueued_Job_CountReference_URI_Schemes_SupportedSides_DefaultSides_SupportedURI_Security_Supported |
/[NO]APPEND
Specifies that output should be appended to an existing output file if possible. /NOAPPEND is the default.
/FORMAT=style
Specifies what print style to use. style is either
• "SCREEN" (default) which writes in a human-friendly screen-formatted mode or
• "LIST" which writes an easy to parse, name=value format, one name/value pair per line.
/[NO]FULL
Causes all IPP attributes to be included in the display, whether the server supports them or not. Those not supported are marked as such. /NOFULL is the default.
/[NO]GLOBAL
Specifies whether the named symbol should be created as a DCL global symbol. Used only with
/ATTRIBUTE. If specified as "/NOGLOBAL", the symbol will be local to the calling procedure level. /GLOBAL is the default.
/OUTPUT=file
Specifies a file to write output to. "SYS$OUTPUT:" is the default.
/SYMBOL=symbolname
Specifies a DCL symbol name that should be set to the value of the specified attribute. Used only with /ATTRIBUTE. The default is "IPP_SHOW_RESULT" if /SYMBOL is not specified.
EXAMPLES of MULTINET IPP SHOW Use and Output
1 Basic operation with all defaults:
$ MULTINET IPP SHOW LILLIES.FLOWERPOTS.COM
LILLIES.FLOWERPOTS.COM as of Tue Mar 9 16:08:43 2004
CURRENT INFO:
Printer State: Idle
State Reasons: none
Accepting Jobs?: Yes
Queued Job Count: 0
PRINTER INFO:
Name: Lexmark Optra T610
Make & Model: Lexmark Optra T610
DEFAULTS:
Document Format: application/octet-stream
Orientation: Portrait
Number-Up: 1
Copies: 1
Job Media Sheets: none
Character Set: utf-8
Natural Language: en-us
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: No
Orientation: Portrait, Landscape
Document Formats: application/octet-stream, application/postscript,
application/vnd.hp-PCL, text/plain
Job Sheets: none, standard
Number-Up: 1:16
Copies: 1:999
PDL Override: not-attempted
Character Sets: utf-8, us-ascii
Natural Languages: en-us
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes, Unknown: 18
URIs Supported and associated security options:
URI: http://192.168.50.2/
Security: none
URI: http://192.168.50.2:631/
Security: none
2 Operation with /FULL and output to a file (note that the "/" character in the URI requires use of quotes around the server URI parameter):
$ MULTINET IPP SHOW "LILLIES.FLOWERPOTS.COM/IPP" /FULL /OUTPUT=FOO.BAR
FOO.BAR contains:
LILLIES.FLOWERPOTS.COM/IPP as of Tue Mar 9 16:11:54 2004
CURRENT INFO:
Printer State: Idle
State Reasons: none
State Message: <not supported>
Accepting Jobs?: Yes
Queued Job Count: <not supported>
Uptime (seconds): <not supported>
Printer Time: <not supported>
PRINTER INFO:
Name: LILLIES
Printer Location: <not supported>
Printer Info: MANUFACTURER:Hewlett-Packard;COMMAND SET:PJL,ML -
C,PCL,PCLXL,POSTSCRIPT;MODEL:HP LaserJet 2100 -
Series;CLASS:PRINTER;DESCRIPTION:H
URL for more info: <not supported>
URL for driver: <not supported>
Make & Model: <not supported>
URL for Maker: <not supported>
DEFAULTS:
Document Format: application/octet-stream
Orientation: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Print Quality: <not supported>
Printer Resolution: <not supported>
Character Set: us-ascii
Natural Language: en-us
Mult. Op. Timout: <not supported>
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: <not supported>
Orientation: <not supported>
Document Formats: text/plain, text/plain; charset=US-ASCII,
application/postscript, application/vnd.hp-PCL,
application/octet-stream
Job Sheets: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media Names: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Page Ranges?: <not supported>
Print Qualities: <not supported>
Resolutions: <not supported>
Compression Modes: <not supported>
Job K-octets: <not supported>
Job Impressions: <not supported>
PDL Override: not-attempted
Character Sets: us-ascii, utf-8
Natural Languages: en-us
URI Schemes: <not supported>
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes
URIs Supported and associated security options:
URI: /ipp
Security: none
URI: /ipp/port1
Security: none
MESSAGE FROM OPERATOR:
<no Message>
3 Operation with /attribute and /SYMBOL and /GLOBAL to get a single attribute into a DCL symbol:
$ MULT IPP SHOW LEXIM /ATTRIB=NUMBER_UP_SUPPORTED /SYMBOL=NUMUP /GLOBAL
$ SHO SYM NUMUP
NUMUP == "1:16"
$
Stores the contents of the Kerberos database in an ASCII text file. Use this command to transfer the contents of a master KDC database to another system which acts as a backup KDC. The ASCII format allows interchange among different vendors' implementations of Kerberos on different platforms. Passwords are output as encrypted text strings. Dumping the database to a text file and then editing it is the only way to delete users or principals from the database. Use MULTINET KERBEROS DATABASE LOAD to reload a dumped database.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE DUMP
[outfile]QUALIFIER
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
EXAMPLES
This example stores the Kerberos database named FOO into the DUMP_FILE.TXT text file. This text file can be loaded with the following command:
$ MULTINET KERBEROS DATABASE DUMP -
_$ /DATABASE_FILE=MULTINET:FOO. DUMP_FILE.TXT
In this example, the /DATABASE_FILE qualifier specifies the name of the database that is created.
$ MULTINET KERBEROS DATABASE LOAD -
_$ /DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
This example lists the contents of the database.
$ MULTINET KERBEROS DATABASE DUMP TT:
Interactively adds principal information to the database.
FORMAT
MULTINET KERBEROS DATABASE EDIT
QUALIFIERS
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
Specifies that you are prompted to supply the master key password. /NOPROMPT_FOR_KEY causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
DESCRIPTION
MULTINET KERBEROS DATABASE EDIT adds principal information to the database. The principal can be either a user or a program.
Note! This command applies to Kerberos V4 only.
Table 1-2 describes the prompts displayed by this utility.
Table 1-2 KERBEROS DATABASE EDIT Prompts (Continued)
|
At This Prompt... |
Enter This Information |
|
Enter Kerberos master key: |
The encryption key for the Kerberos database. This is the master password for Kerberos administration and must be safeguarded. This is a standard VMS-style password except the value is case-sensitive and can be up to 64 bytes in length. |
|
Principal name |
A case-sensitive value, which generally is a user name if you are adding a user to the database, or the name of a principal used by a Kerberized server if you are entering a class of service. Exit KERBEROS DATABASE EDIT by pressing RETURN at the Principal name prompt. |
|
Instance |
A case-sensitive string value. When adding users to the database, enter an empty string (press RETURN). When associating a service type with a system, the instance is the system name. If the principal name is for a new user or application, the next prompt is "Not found, Create [y] ?". Enter y to create the principal entry, or n to enter another principal name. |
|
Change password |
Change the password for a user or service. This prompt only appears if you specified an existing principal or instance name. If you enter y, you are prompted with the "New Password:" prompt; if you enter n, you are prompted for the Expiration date. |
|
New password |
Enter a new password. You can enter "RANDOM" for the password, which indicates the password is known only within the software. This feature adds additional security. Note: you must specify RANDOM in all uppercase letters. The only use for the RANDOM password feature with user accounts is to prevent users from accessing the Kerberos system. If you did not select the RANDOM feature and chose to change the pass-word, enter a new password. You are prompted to verify the password you entered. |
|
Expiration date |
The date on which a user can no longer access the system, or the date that an application is no longer valid. |
|
Max ticket lifetime |
The maximum lifetime, in minutes, for a user's ticket. This can be any value from 5 to 1275 minutes (21 hours, 15 minutes). |
|
Attributes |
The valid range of this value is 0 to 65535, inclusive. The meaning of this value is system- and application-dependent. MultiNet applications do not currently use this value. |
EXAMPLE
$ MULTINET KERBEROS DATABASE EDIT /NOPROMPT
Opening database...
Current Kerberos master key version is 1
Previous or default values are in [brackets],
enter Return to leave the same, or new value.
Principal name: rcmd
Instance: bigboote
<Not found>, Create [y] RETURN
Principal: rcmd, Instance: bigboote, kdc_key_ver: 1
New password: password
Verifying, please re-enter New Password: password
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: john
Instance: RETURN
<Not found>, Create [y] RETURN
Principal: john, Instance: , kdc_key_ver: 1
New password: password
Verifying, please re-enter New Password: password
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: RETURN
$
Initializes the Kerberos database. If you need to run this command on an already configured system, shut down Kerberos by first disabling the Kerberos and KADMIN servers using the MULTINET CONFIGURE /SERVERS command, then restart the MultiNet master server. Refer to the examples later in this section.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE INITIALIZE
QUALIFIERS
Specifies the use of an alternative database instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
Specifies the Kerberos realm to use instead of the default (the local domain name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
EXAMPLES
This example initializes the Kerberos database.
$ MULTINET KERBEROS DATABASE INITIALIZE
Realm name [REALM]: FLOWERS.COM
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Kerberos master key: password
Verifying, please re-enter Kerberos master key: password
$
This example shuts down Kerberos by disabling the KERBEROS and KADMIN servers, restarts the MASTER_SERVER process, then exits.
$ MULTINET CONFIGURE /SERVERS
MultiNet Server Configuration Utility 5.1 (nnn)
[Reading in symbols from SERVER image MULTINET:SERVER.EXE]
[Reading in configuration from MULTINET:SERVICES.MASTER_SERVER]
SERVER-CONFIG>DISABLE KERBEROS
SERVER-CONFIG>DISABLE KADMIN
SERVER-CONFIG>RESTART
%RUN-S-PROC_ID, identification of created process is 2060005C
SERVER-CONFIG>EXIT
[Writing configuration to MULTINET_COMMON_ROOT:[MULTINET]
SERVICES.MASTER_SERVER]
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. The ASCII text allows for interchange between different vendors' Kerberos implementations and different platforms, so the file being loaded does not need to be generated by the MultiNet Kerberos implementation.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE LOAD
[outfile]QUALIFIER
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
EXAMPLES
1 $ MULTINET KERBEROS DATABASE DUMP -
_$ /DATABASE_FILE=MULTINET:FOO. DUMP_FILE.TXT
$
This example stores the Kerberos database named FOO. into the DUMP_FILE.TXT text file. This text file can be restored with this command:
2 $ MULTINET KERBEROS DATABASE LOAD -
_$ /DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
The /DATABASE_FILE qualifier specifies the name of the created database.
Permits the master key to be changed. After changing the master key, rebuild the database. Dump the database to an ASCII text file before using this command to change the master key. (You can dump the database to an ASCII text file with the MULTINET KERBEROS DATABASE UTILITY DUMP command.) After changing the key, re-stash the master key with the MULTINET KERBEROS DATABASE STASH command, and reload the database from the ASCII dump file with the MULTINET KERBEROS DATABASE UTILITY LOAD command.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE NEW_MASTER_KEY
Creates a service key file for use by server programs on the named system to decode KERBEROS authenticators. The output file name is of the form server-NEW-KERBEROS.SRVTAB, where server is the name of the remote system for which this file is being created. After creating the key file, transport it manually (not over the network, unless encryption is available) to the remote system, and copy it to MULTINET:KERBEROS.SRVTAB.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE SRVTAB
host(s)PARAMETER
host(s)
Specifies one or more host names. host is not a fully qualified name and does not include dots. If specified in double quotes, mixed-case host names (for example, "Lot49") are preserved. If not specified in double quotes, all letters are converted to lowercase. If you do not supply this parameter, you are prompted for the host name(s).
QUALIFIERS
Controls whether or not you are prompted to supply the master key password. /NOPROMPT causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
Specifies the Kerberos realm to use instead of the default (the local realm name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
EXAMPLE
$ MULTINET KERBEROS DATABASE SRVTAB /REALM=FLOWERS.COM /NOPROMPT
Saves the master key in a protected file both for the KDC, which needs the master key to read the Kerberos database, and for the convenience of the administrator who does not have to enter the master password when accessing the Kerberos configuration utilities.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE STASH
EXAMPLE
$ MULTINET KERBEROS DATABASE STASH
$
Kerberos master key: password
Verifying, please re-enter Kerberos master key: password
Current Kerberos master key version is 1.
Invokes the MultiNet network LOADER. This program loads a network image into the VMS kernel and starts the network.
Note! This utility is invoked automatically by the network startup command file generated by the Network Configuration Utility and should not be invoked by a user.
FORMAT
Sends commands to services internal to the MULTINET_SERVER process. NETCONTROL can select any server provided in the MultiNet configuration or those previously added with the Server Configuration Utility. This command affects only the currently running configuration.
FORMAT
MULTINET NETCONTROL
[service] [command]PARAMETERS
service
Connects to the specified service (by default, NETCONTROL).
command
Sends a specified command string to the server. If you do not specify a command string, NETCONTROL enters interactive mode.
QUALIFIERS
Connects to the NETCONTROL service on the specified host (by default, the NETCONTROL service on the local host).
Displays the entire NETCONTROL protocol conversation. This qualifier is useful only for debugging purposes.
DESCRIPTION
The NETCONTROL program sends commands to services internal to the MULTINET_SERVER process. NETCONTROL currently provides access to the following MultiNet services:
Table 1-3 MultiNet NETCONTROL Services (Continued)
|
ACCESS |
BOOTP |
BWNFSD |
CLUSTERALIAS |
|
DHCLIENT |
DHCP |
DOMAINNAME |
EKLOGIN |
|
FONTSERVER |
GATED |
IPXRIP |
KERBEROS |
|
KLOGIN |
KSHELL |
NETCONTROL |
NFS |
|
NOT |
NTP |
PCNFSD |
RARP |
|
"R" Server |
RDISC |
REXEC |
RLOGIN |
|
RPCBOOTPARAMS |
RPCLOCKMGR |
RPCMOUNT |
RPCPORTMAP |
|
RPCQUOTAD |
RPCSTATUS |
RSHELL |
SAP |
|
SNMP |
SSH |
SYSLOG |
TELNET |
|
TFTP |
UCXQIO |
VIADECNET |
VIAPSI |
|
XDM |
|
|
|
For loadable services (those with an INIT setting of Merge_image), you can use the SERVER-CONFIG SET PROCESS process_name command to have the service run in an auxiliary master server process with the specified name, rather than in the main master server process (which has a process name of MULTINET_SERVER).
Unlike earlier versions of MultiNet:
• The auxiliary server n