aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Rhodes <trhodes@FreeBSD.org>2004-09-19 01:30:24 +0000
committerTom Rhodes <trhodes@FreeBSD.org>2004-09-19 01:30:24 +0000
commitb1e4bd53e00e9694dd378a884abd3f2dd790190d (patch)
tree97706b7f62557da0a2539b026e5cf66008ddf8c6
downloadsrc-b1e4bd53e00e9694dd378a884abd3f2dd790190d.tar.gz
src-b1e4bd53e00e9694dd378a884abd3f2dd790190d.zip
Vender import of BIND 9.3.0rc4.
Notes
Notes: svn path=/vendor/bind9/dist/; revision=135446
-rw-r--r--contrib/bind9/CHANGES5479
-rw-r--r--contrib/bind9/COPYRIGHT30
-rw-r--r--contrib/bind9/FAQ454
-rw-r--r--contrib/bind9/Makefile.in59
-rw-r--r--contrib/bind9/README344
-rw-r--r--contrib/bind9/acconfig.h141
-rw-r--r--contrib/bind9/bin/Makefile.in25
-rw-r--r--contrib/bind9/bin/check/Makefile.in95
-rw-r--r--contrib/bind9/bin/check/check-tool.c159
-rw-r--r--contrib/bind9/bin/check/check-tool.h46
-rw-r--r--contrib/bind9/bin/check/named-checkconf.859
-rw-r--r--contrib/bind9/bin/check/named-checkconf.c286
-rw-r--r--contrib/bind9/bin/check/named-checkconf.docbook146
-rw-r--r--contrib/bind9/bin/check/named-checkconf.html216
-rw-r--r--contrib/bind9/bin/check/named-checkzone.894
-rw-r--r--contrib/bind9/bin/check/named-checkzone.c200
-rw-r--r--contrib/bind9/bin/check/named-checkzone.docbook236
-rw-r--r--contrib/bind9/bin/check/named-checkzone.html367
-rw-r--r--contrib/bind9/bin/dig/Makefile.in101
-rw-r--r--contrib/bind9/bin/dig/dig.1401
-rw-r--r--contrib/bind9/bin/dig/dig.c1671
-rw-r--r--contrib/bind9/bin/dig/dig.docbook611
-rw-r--r--contrib/bind9/bin/dig/dig.html1174
-rw-r--r--contrib/bind9/bin/dig/dighost.c5074
-rw-r--r--contrib/bind9/bin/dig/host.1136
-rw-r--r--contrib/bind9/bin/dig/host.c754
-rw-r--r--contrib/bind9/bin/dig/host.docbook212
-rw-r--r--contrib/bind9/bin/dig/host.html434
-rw-r--r--contrib/bind9/bin/dig/include/dig/dig.h343
-rw-r--r--contrib/bind9/bin/dig/nslookup.1192
-rw-r--r--contrib/bind9/bin/dig/nslookup.c887
-rw-r--r--contrib/bind9/bin/dig/nslookup.docbook320
-rw-r--r--contrib/bind9/bin/dig/nslookup.html617
-rw-r--r--contrib/bind9/bin/dnssec/Makefile.in82
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.8174
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.c415
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.docbook342
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.html544
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-makekeyset.8113
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-makekeyset.c401
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-makekeyset.docbook233
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-makekeyset.html407
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signkey.8108
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signkey.c448
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signkey.docbook237
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signkey.html407
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.8167
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.c2102
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.docbook362
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.html553
-rw-r--r--contrib/bind9/bin/dnssec/dnssectool.c305
-rw-r--r--contrib/bind9/bin/dnssec/dnssectool.h76
-rw-r--r--contrib/bind9/bin/named/Makefile.in131
-rw-r--r--contrib/bind9/bin/named/aclconf.c233
-rw-r--r--contrib/bind9/bin/named/builtin.c228
-rw-r--r--contrib/bind9/bin/named/client.c2361
-rw-r--r--contrib/bind9/bin/named/config.c723
-rw-r--r--contrib/bind9/bin/named/control.c140
-rw-r--r--contrib/bind9/bin/named/controlconf.c1323
-rw-r--r--contrib/bind9/bin/named/include/named/aclconf.h72
-rw-r--r--contrib/bind9/bin/named/include/named/builtin.h29
-rw-r--r--contrib/bind9/bin/named/include/named/client.h337
-rw-r--r--contrib/bind9/bin/named/include/named/config.h75
-rw-r--r--contrib/bind9/bin/named/include/named/control.h87
-rw-r--r--contrib/bind9/bin/named/include/named/globals.h118
-rw-r--r--contrib/bind9/bin/named/include/named/interfacemgr.h173
-rw-r--r--contrib/bind9/bin/named/include/named/listenlist.h104
-rw-r--r--contrib/bind9/bin/named/include/named/log.h96
-rw-r--r--contrib/bind9/bin/named/include/named/logconf.h32
-rw-r--r--contrib/bind9/bin/named/include/named/lwaddr.h34
-rw-r--r--contrib/bind9/bin/named/include/named/lwdclient.h230
-rw-r--r--contrib/bind9/bin/named/include/named/lwresd.h111
-rw-r--r--contrib/bind9/bin/named/include/named/lwsearch.h110
-rw-r--r--contrib/bind9/bin/named/include/named/main.h32
-rw-r--r--contrib/bind9/bin/named/include/named/notify.h54
-rw-r--r--contrib/bind9/bin/named/include/named/query.h83
-rw-r--r--contrib/bind9/bin/named/include/named/server.h213
-rw-r--r--contrib/bind9/bin/named/include/named/sortlist.h84
-rw-r--r--contrib/bind9/bin/named/include/named/tkeyconf.h51
-rw-r--r--contrib/bind9/bin/named/include/named/tsigconf.h47
-rw-r--r--contrib/bind9/bin/named/include/named/types.h41
-rw-r--r--contrib/bind9/bin/named/include/named/update.h49
-rw-r--r--contrib/bind9/bin/named/include/named/xfrout.h38
-rw-r--r--contrib/bind9/bin/named/include/named/zoneconf.h61
-rw-r--r--contrib/bind9/bin/named/interfacemgr.c911
-rw-r--r--contrib/bind9/bin/named/listenlist.c136
-rw-r--r--contrib/bind9/bin/named/log.c217
-rw-r--r--contrib/bind9/bin/named/logconf.c295
-rw-r--r--contrib/bind9/bin/named/lwaddr.c92
-rw-r--r--contrib/bind9/bin/named/lwdclient.c465
-rw-r--r--contrib/bind9/bin/named/lwderror.c78
-rw-r--r--contrib/bind9/bin/named/lwdgabn.c655
-rw-r--r--contrib/bind9/bin/named/lwdgnba.c270
-rw-r--r--contrib/bind9/bin/named/lwdgrbn.c513
-rw-r--r--contrib/bind9/bin/named/lwdnoop.c86
-rw-r--r--contrib/bind9/bin/named/lwresd.8140
-rw-r--r--contrib/bind9/bin/named/lwresd.c861
-rw-r--r--contrib/bind9/bin/named/lwresd.docbook300
-rw-r--r--contrib/bind9/bin/named/lwresd.html497
-rw-r--r--contrib/bind9/bin/named/lwsearch.c199
-rw-r--r--contrib/bind9/bin/named/main.c884
-rw-r--r--contrib/bind9/bin/named/named.8177
-rw-r--r--contrib/bind9/bin/named/named.conf.5474
-rw-r--r--contrib/bind9/bin/named/named.conf.docbook532
-rw-r--r--contrib/bind9/bin/named/named.conf.html1893
-rw-r--r--contrib/bind9/bin/named/named.docbook370
-rw-r--r--contrib/bind9/bin/named/named.html625
-rw-r--r--contrib/bind9/bin/named/notify.c162
-rw-r--r--contrib/bind9/bin/named/query.c3539
-rw-r--r--contrib/bind9/bin/named/server.c4089
-rw-r--r--contrib/bind9/bin/named/sortlist.c162
-rw-r--r--contrib/bind9/bin/named/tkeyconf.c118
-rw-r--r--contrib/bind9/bin/named/tsigconf.c170
-rw-r--r--contrib/bind9/bin/named/unix/Makefile.in36
-rw-r--r--contrib/bind9/bin/named/unix/include/named/os.h64
-rw-r--r--contrib/bind9/bin/named/unix/os.c630
-rw-r--r--contrib/bind9/bin/named/update.c2811
-rw-r--r--contrib/bind9/bin/named/xfrout.c1718
-rw-r--r--contrib/bind9/bin/named/zoneconf.c729
-rw-r--r--contrib/bind9/bin/nsupdate/Makefile.in83
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.8369
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.c1983
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.docbook629
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.html962
-rw-r--r--contrib/bind9/bin/rndc/Makefile.in102
-rw-r--r--contrib/bind9/bin/rndc/include/rndc/os.h44
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.8140
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.c323
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.docbook273
-rw-r--r--contrib/bind9/bin/rndc/rndc-confgen.html538
-rw-r--r--contrib/bind9/bin/rndc/rndc.8118
-rw-r--r--contrib/bind9/bin/rndc/rndc.c687
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf36
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.5142
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.docbook210
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.html377
-rw-r--r--contrib/bind9/bin/rndc/rndc.docbook228
-rw-r--r--contrib/bind9/bin/rndc/rndc.html388
-rw-r--r--contrib/bind9/bin/rndc/unix/Makefile.in36
-rw-r--r--contrib/bind9/bin/rndc/unix/os.c68
-rw-r--r--contrib/bind9/bin/rndc/util.c55
-rw-r--r--contrib/bind9/bin/rndc/util.h49
-rw-r--r--contrib/bind9/config.guess1435
-rw-r--r--contrib/bind9/config.sub1537
-rw-r--r--contrib/bind9/configure.in2180
-rw-r--r--contrib/bind9/doc/Makefile.in29
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM-book.xml6571
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch01.html1131
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch02.html284
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch03.html1458
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch04.html1602
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch05.html265
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch06.html11479
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch07.html500
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch08.html272
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch09.html1587
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.html851
-rw-r--r--contrib/bind9/doc/arm/Makefile.in69
-rw-r--r--contrib/bind9/doc/arm/README-SGML329
-rw-r--r--contrib/bind9/doc/arm/isc.color.gifbin0 -> 6384 bytes
-rw-r--r--contrib/bind9/doc/arm/nominum-docbook-html.dsl.in148
-rw-r--r--contrib/bind9/doc/arm/nominum-docbook-print.dsl.in42
-rw-r--r--contrib/bind9/doc/arm/validate.sh.in21
-rw-r--r--contrib/bind9/doc/draft/draft-baba-dnsext-acl-reqts-01.txt336
-rw-r--r--contrib/bind9/doc/draft/draft-daigle-napstr-04.txt1232
-rw-r--r--contrib/bind9/doc/draft/draft-danisch-dns-rr-smtp-03.txt1960
-rw-r--r--contrib/bind9/doc/draft/draft-dnsext-opcode-discover-02.txt241
-rw-r--r--contrib/bind9/doc/draft/draft-durand-dnsop-dynreverse-00.txt240
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-axfr-clarify-05.txt393
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dhcid-rr-08.txt561
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-2535typecode-change-06.txt442
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-intro-11.txt1457
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-protocol-07.txt3193
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-records-09.txt1849
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-insensitive-04.txt639
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-interop3597-01.txt335
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-keyrr-key-signing-flag-12.txt560
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-mdns-33.txt1559
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-tkey-renewal-mode-04.txt1235
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-tsig-sha-00.txt466
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsext-wcard-clarify-02.txt1010
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-bad-dns-res-02.txt1120
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-dnssec-operational-practices-01.txt1344
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-configuration-02.txt1321
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-issues-09.txt1969
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-transport-guidelines-01.txt300
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-key-rollover-requirements-01.txt391
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-misbehavior-against-aaaa-00.txt505
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-respsize-01.txt485
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-dnsop-serverid-02.txt617
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-enum-e164-gstn-np-05.txt1588
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-ipseckey-rr-09.txt951
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-ipv6-node-requirements-08.txt1200
-rw-r--r--contrib/bind9/doc/draft/draft-ietf-secsh-dns-05.txt614
-rw-r--r--contrib/bind9/doc/draft/draft-ihren-dnsext-threshold-validation-00.txt519
-rw-r--r--contrib/bind9/doc/draft/draft-kato-dnsop-local-zones-00.txt295
-rw-r--r--contrib/bind9/doc/draft/draft-park-ipv6-extensions-dns-pnp-00.txt1830
-rw-r--r--contrib/bind9/doc/draft/update46
-rw-r--r--contrib/bind9/doc/misc/Makefile.in36
-rw-r--r--contrib/bind9/doc/misc/dnssec84
-rw-r--r--contrib/bind9/doc/misc/format-options.pl36
-rw-r--r--contrib/bind9/doc/misc/ipv6113
-rw-r--r--contrib/bind9/doc/misc/migration246
-rw-r--r--contrib/bind9/doc/misc/migration-4to957
-rw-r--r--contrib/bind9/doc/misc/options384
-rw-r--r--contrib/bind9/doc/misc/rfc-compliance62
-rw-r--r--contrib/bind9/doc/misc/roadmap47
-rw-r--r--contrib/bind9/doc/misc/sdb169
-rw-r--r--contrib/bind9/doc/rfc/index94
-rw-r--r--contrib/bind9/doc/rfc/rfc1032.txt781
-rw-r--r--contrib/bind9/doc/rfc/rfc1033.txt1229
-rw-r--r--contrib/bind9/doc/rfc/rfc1034.txt3077
-rw-r--r--contrib/bind9/doc/rfc/rfc1035.txt3077
-rw-r--r--contrib/bind9/doc/rfc/rfc1101.txt787
-rw-r--r--contrib/bind9/doc/rfc/rfc1122.txt6844
-rw-r--r--contrib/bind9/doc/rfc/rfc1123.txt5782
-rw-r--r--contrib/bind9/doc/rfc/rfc1183.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc1348.txt227
-rw-r--r--contrib/bind9/doc/rfc/rfc1535.txt283
-rw-r--r--contrib/bind9/doc/rfc/rfc1536.txt675
-rw-r--r--contrib/bind9/doc/rfc/rfc1537.txt507
-rw-r--r--contrib/bind9/doc/rfc/rfc1591.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc1611.txt1683
-rw-r--r--contrib/bind9/doc/rfc/rfc1612.txt1795
-rw-r--r--contrib/bind9/doc/rfc/rfc1706.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc1712.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc1750.txt1683
-rw-r--r--contrib/bind9/doc/rfc/rfc1876.txt1011
-rw-r--r--contrib/bind9/doc/rfc/rfc1886.txt268
-rw-r--r--contrib/bind9/doc/rfc/rfc1982.txt394
-rw-r--r--contrib/bind9/doc/rfc/rfc1995.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc1996.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2052.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc2104.txt620
-rw-r--r--contrib/bind9/doc/rfc/rfc2119.txt171
-rw-r--r--contrib/bind9/doc/rfc/rfc2133.txt1795
-rw-r--r--contrib/bind9/doc/rfc/rfc2136.txt1460
-rw-r--r--contrib/bind9/doc/rfc/rfc2137.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc2163.txt1459
-rw-r--r--contrib/bind9/doc/rfc/rfc2168.txt1123
-rw-r--r--contrib/bind9/doc/rfc/rfc2181.txt842
-rw-r--r--contrib/bind9/doc/rfc/rfc2230.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc2308.txt1067
-rw-r--r--contrib/bind9/doc/rfc/rfc2317.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc2373.txt1459
-rw-r--r--contrib/bind9/doc/rfc/rfc2374.txt675
-rw-r--r--contrib/bind9/doc/rfc/rfc2375.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc2418.txt1459
-rw-r--r--contrib/bind9/doc/rfc/rfc2535.txt2635
-rw-r--r--contrib/bind9/doc/rfc/rfc2536.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc2537.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc2538.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc2539.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2540.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc2541.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2553.txt2299
-rw-r--r--contrib/bind9/doc/rfc/rfc2671.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2672.txt507
-rw-r--r--contrib/bind9/doc/rfc/rfc2673.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2782.txt675
-rw-r--r--contrib/bind9/doc/rfc/rfc2825.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc2826.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc2845.txt843
-rw-r--r--contrib/bind9/doc/rfc/rfc2874.txt1123
-rw-r--r--contrib/bind9/doc/rfc/rfc2915.txt1011
-rw-r--r--contrib/bind9/doc/rfc/rfc2929.txt675
-rw-r--r--contrib/bind9/doc/rfc/rfc2930.txt899
-rw-r--r--contrib/bind9/doc/rfc/rfc2931.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc3007.txt507
-rw-r--r--contrib/bind9/doc/rfc/rfc3008.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc3071.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc3090.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc3110.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc3123.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc3152.txt227
-rw-r--r--contrib/bind9/doc/rfc/rfc3197.txt283
-rw-r--r--contrib/bind9/doc/rfc/rfc3225.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc3226.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc3258.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc3363.txt339
-rw-r--r--contrib/bind9/doc/rfc/rfc3364.txt619
-rw-r--r--contrib/bind9/doc/rfc/rfc3425.txt283
-rw-r--r--contrib/bind9/doc/rfc/rfc3445.txt563
-rw-r--r--contrib/bind9/doc/rfc/rfc3467.txt1739
-rw-r--r--contrib/bind9/doc/rfc/rfc3490.txt1235
-rw-r--r--contrib/bind9/doc/rfc/rfc3491.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc3492.txt1963
-rw-r--r--contrib/bind9/doc/rfc/rfc3493.txt2187
-rw-r--r--contrib/bind9/doc/rfc/rfc3513.txt1459
-rw-r--r--contrib/bind9/doc/rfc/rfc3596.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc3597.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc3645.txt1459
-rw-r--r--contrib/bind9/doc/rfc/rfc3655.txt451
-rw-r--r--contrib/bind9/doc/rfc/rfc3658.txt1067
-rw-r--r--contrib/bind9/doc/rfc/rfc3833.txt899
-rw-r--r--contrib/bind9/doc/rfc/rfc3845.txt395
-rw-r--r--contrib/bind9/doc/rfc/rfc952.txt340
-rwxr-xr-xcontrib/bind9/install-sh250
-rw-r--r--contrib/bind9/isc-config.sh.in149
-rw-r--r--contrib/bind9/lib/Makefile.in29
-rw-r--r--contrib/bind9/lib/bind/Makefile.in127
-rw-r--r--contrib/bind9/lib/bind/README4
-rw-r--r--contrib/bind9/lib/bind/aclocal.m42
-rw-r--r--contrib/bind9/lib/bind/api3
-rw-r--r--contrib/bind9/lib/bind/bsd/Makefile.in39
-rw-r--r--contrib/bind9/lib/bind/bsd/daemon.c79
-rw-r--r--contrib/bind9/lib/bind/bsd/ftruncate.c63
-rw-r--r--contrib/bind9/lib/bind/bsd/gettimeofday.c62
-rw-r--r--contrib/bind9/lib/bind/bsd/mktemp.c154
-rw-r--r--contrib/bind9/lib/bind/bsd/putenv.c25
-rw-r--r--contrib/bind9/lib/bind/bsd/readv.c38
-rw-r--r--contrib/bind9/lib/bind/bsd/setenv.c149
-rw-r--r--contrib/bind9/lib/bind/bsd/setitimer.c27
-rw-r--r--contrib/bind9/lib/bind/bsd/strcasecmp.c122
-rw-r--r--contrib/bind9/lib/bind/bsd/strdup.c18
-rw-r--r--contrib/bind9/lib/bind/bsd/strerror.c90
-rw-r--r--contrib/bind9/lib/bind/bsd/strpbrk.c68
-rw-r--r--contrib/bind9/lib/bind/bsd/strsep.c86
-rw-r--r--contrib/bind9/lib/bind/bsd/strtoul.c117
-rw-r--r--contrib/bind9/lib/bind/bsd/utimes.c39
-rw-r--r--contrib/bind9/lib/bind/bsd/writev.c87
-rw-r--r--contrib/bind9/lib/bind/config.h.in45
-rwxr-xr-xcontrib/bind9/lib/bind/configure31829
-rw-r--r--contrib/bind9/lib/bind/configure.in2407
-rw-r--r--contrib/bind9/lib/bind/dst/Makefile.in32
-rw-r--r--contrib/bind9/lib/bind/dst/dst_api.c1048
-rw-r--r--contrib/bind9/lib/bind/dst/dst_internal.h154
-rw-r--r--contrib/bind9/lib/bind/dst/hmac_link.c468
-rw-r--r--contrib/bind9/lib/bind/dst/md5.h101
-rw-r--r--contrib/bind9/lib/bind/dst/md5_dgst.c370
-rw-r--r--contrib/bind9/lib/bind/dst/md5_locl.h190
-rw-r--r--contrib/bind9/lib/bind/dst/support.c350
-rw-r--r--contrib/bind9/lib/bind/include/Makefile.in47
-rw-r--r--contrib/bind9/lib/bind/include/arpa/inet.h124
-rw-r--r--contrib/bind9/lib/bind/include/arpa/nameser.h576
-rw-r--r--contrib/bind9/lib/bind/include/arpa/nameser_compat.h232
-rw-r--r--contrib/bind9/lib/bind/include/fd_setsize.h9
-rw-r--r--contrib/bind9/lib/bind/include/hesiod.h38
-rw-r--r--contrib/bind9/lib/bind/include/irp.h103
-rw-r--r--contrib/bind9/lib/bind/include/irs.h345
-rw-r--r--contrib/bind9/lib/bind/include/isc/assertions.h122
-rw-r--r--contrib/bind9/lib/bind/include/isc/ctl.h109
-rw-r--r--contrib/bind9/lib/bind/include/isc/dst.h180
-rw-r--r--contrib/bind9/lib/bind/include/isc/eventlib.h200
-rw-r--r--contrib/bind9/lib/bind/include/isc/heap.h47
-rw-r--r--contrib/bind9/lib/bind/include/isc/irpmarshall.h115
-rw-r--r--contrib/bind9/lib/bind/include/isc/list.h112
-rw-r--r--contrib/bind9/lib/bind/include/isc/logging.h112
-rw-r--r--contrib/bind9/lib/bind/include/isc/memcluster.h49
-rw-r--r--contrib/bind9/lib/bind/include/isc/misc.h39
-rw-r--r--contrib/bind9/lib/bind/include/isc/tree.h58
-rw-r--r--contrib/bind9/lib/bind/include/netdb.h549
-rw-r--r--contrib/bind9/lib/bind/include/netgroup.h24
-rw-r--r--contrib/bind9/lib/bind/include/res_update.h65
-rw-r--r--contrib/bind9/lib/bind/include/resolv.h501
-rw-r--r--contrib/bind9/lib/bind/inet/Makefile.in35
-rw-r--r--contrib/bind9/lib/bind/inet/inet_addr.c206
-rw-r--r--contrib/bind9/lib/bind/inet/inet_cidr_ntop.c259
-rw-r--r--contrib/bind9/lib/bind/inet/inet_cidr_pton.c275
-rw-r--r--contrib/bind9/lib/bind/inet/inet_data.c44
-rw-r--r--contrib/bind9/lib/bind/inet/inet_lnaof.c63
-rw-r--r--contrib/bind9/lib/bind/inet/inet_makeaddr.c66
-rw-r--r--contrib/bind9/lib/bind/inet/inet_net_ntop.c277
-rw-r--r--contrib/bind9/lib/bind/inet/inet_net_pton.c405
-rw-r--r--contrib/bind9/lib/bind/inet/inet_neta.c87
-rw-r--r--contrib/bind9/lib/bind/inet/inet_netof.c62
-rw-r--r--contrib/bind9/lib/bind/inet/inet_network.c104
-rw-r--r--contrib/bind9/lib/bind/inet/inet_ntoa.c62
-rw-r--r--contrib/bind9/lib/bind/inet/inet_ntop.c203
-rw-r--r--contrib/bind9/lib/bind/inet/inet_pton.c222
-rw-r--r--contrib/bind9/lib/bind/inet/nsap_addr.c108
-rw-r--r--contrib/bind9/lib/bind/irs/Makefile.in70
-rw-r--r--contrib/bind9/lib/bind/irs/dns.c153
-rw-r--r--contrib/bind9/lib/bind/irs/dns_gr.c293
-rw-r--r--contrib/bind9/lib/bind/irs/dns_ho.c1150
-rw-r--r--contrib/bind9/lib/bind/irs/dns_nw.c589
-rw-r--r--contrib/bind9/lib/bind/irs/dns_p.h50
-rw-r--r--contrib/bind9/lib/bind/irs/dns_pr.c266
-rw-r--r--contrib/bind9/lib/bind/irs/dns_pw.c231
-rw-r--r--contrib/bind9/lib/bind/irs/dns_sv.c298
-rw-r--r--contrib/bind9/lib/bind/irs/gai_strerror.c86
-rw-r--r--contrib/bind9/lib/bind/irs/gen.c430
-rw-r--r--contrib/bind9/lib/bind/irs/gen_gr.c492
-rw-r--r--contrib/bind9/lib/bind/irs/gen_ho.c391
-rw-r--r--contrib/bind9/lib/bind/irs/gen_ng.c172
-rw-r--r--contrib/bind9/lib/bind/irs/gen_nw.c262
-rw-r--r--contrib/bind9/lib/bind/irs/gen_p.h113
-rw-r--r--contrib/bind9/lib/bind/irs/gen_pr.c226
-rw-r--r--contrib/bind9/lib/bind/irs/gen_pw.c233
-rw-r--r--contrib/bind9/lib/bind/irs/gen_sv.c227
-rw-r--r--contrib/bind9/lib/bind/irs/getaddrinfo.c1227
-rw-r--r--contrib/bind9/lib/bind/irs/getgrent.c223
-rw-r--r--contrib/bind9/lib/bind/irs/getgrent_r.c229
-rw-r--r--contrib/bind9/lib/bind/irs/gethostent.c1069
-rw-r--r--contrib/bind9/lib/bind/irs/gethostent_r.c262
-rw-r--r--contrib/bind9/lib/bind/irs/getnameinfo.c322
-rw-r--r--contrib/bind9/lib/bind/irs/getnetent.c343
-rw-r--r--contrib/bind9/lib/bind/irs/getnetent_r.c227
-rw-r--r--contrib/bind9/lib/bind/irs/getnetgrent.c156
-rw-r--r--contrib/bind9/lib/bind/irs/getnetgrent_r.c167
-rw-r--r--contrib/bind9/lib/bind/irs/getprotoent.c174
-rw-r--r--contrib/bind9/lib/bind/irs/getprotoent_r.c216
-rw-r--r--contrib/bind9/lib/bind/irs/getpwent.c200
-rw-r--r--contrib/bind9/lib/bind/irs/getpwent_r.c275
-rw-r--r--contrib/bind9/lib/bind/irs/getservent.c177
-rw-r--r--contrib/bind9/lib/bind/irs/getservent_r.c237
-rw-r--r--contrib/bind9/lib/bind/irs/hesiod.c507
-rw-r--r--contrib/bind9/lib/bind/irs/hesiod_p.h48
-rw-r--r--contrib/bind9/lib/bind/irs/irp.c592
-rw-r--r--contrib/bind9/lib/bind/irs/irp_gr.c408
-rw-r--r--contrib/bind9/lib/bind/irs/irp_ho.c429
-rw-r--r--contrib/bind9/lib/bind/irs/irp_ng.c272
-rw-r--r--contrib/bind9/lib/bind/irs/irp_nw.c375
-rw-r--r--contrib/bind9/lib/bind/irs/irp_p.h59
-rw-r--r--contrib/bind9/lib/bind/irs/irp_pr.c353
-rw-r--r--contrib/bind9/lib/bind/irs/irp_pw.c358
-rw-r--r--contrib/bind9/lib/bind/irs/irp_sv.c369
-rw-r--r--contrib/bind9/lib/bind/irs/irpmarshall.c2344
-rw-r--r--contrib/bind9/lib/bind/irs/irs_data.c230
-rw-r--r--contrib/bind9/lib/bind/irs/irs_data.h62
-rw-r--r--contrib/bind9/lib/bind/irs/irs_p.h49
-rw-r--r--contrib/bind9/lib/bind/irs/lcl.c140
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_gr.c354
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_ho.c576
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_ng.c444
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_nw.c371
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_p.h50
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_pr.c284
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_pw.c308
-rw-r--r--contrib/bind9/lib/bind/irs/lcl_sv.c431
-rw-r--r--contrib/bind9/lib/bind/irs/nis.c154
-rw-r--r--contrib/bind9/lib/bind/irs/nis_gr.c353
-rw-r--r--contrib/bind9/lib/bind/irs/nis_ho.c533
-rw-r--r--contrib/bind9/lib/bind/irs/nis_ng.c302
-rw-r--r--contrib/bind9/lib/bind/irs/nis_nw.c383
-rw-r--r--contrib/bind9/lib/bind/irs/nis_p.h46
-rw-r--r--contrib/bind9/lib/bind/irs/nis_pr.c300
-rw-r--r--contrib/bind9/lib/bind/irs/nis_pw.c287
-rw-r--r--contrib/bind9/lib/bind/irs/nis_sv.c308
-rw-r--r--contrib/bind9/lib/bind/irs/nul_ng.c126
-rw-r--r--contrib/bind9/lib/bind/irs/pathnames.h50
-rw-r--r--contrib/bind9/lib/bind/irs/util.c107
-rw-r--r--contrib/bind9/lib/bind/isc/Makefile.in35
-rw-r--r--contrib/bind9/lib/bind/isc/assertions.c91
-rw-r--r--contrib/bind9/lib/bind/isc/assertions.mdoc138
-rw-r--r--contrib/bind9/lib/bind/isc/base64.c320
-rw-r--r--contrib/bind9/lib/bind/isc/bitncmp.c66
-rw-r--r--contrib/bind9/lib/bind/isc/bitncmp.mdoc82
-rw-r--r--contrib/bind9/lib/bind/isc/ctl_clnt.c602
-rw-r--r--contrib/bind9/lib/bind/isc/ctl_p.c186
-rw-r--r--contrib/bind9/lib/bind/isc/ctl_p.h26
-rw-r--r--contrib/bind9/lib/bind/isc/ctl_srvr.c780
-rw-r--r--contrib/bind9/lib/bind/isc/ev_connects.c367
-rw-r--r--contrib/bind9/lib/bind/isc/ev_files.c283
-rw-r--r--contrib/bind9/lib/bind/isc/ev_streams.c306
-rw-r--r--contrib/bind9/lib/bind/isc/ev_timers.c497
-rw-r--r--contrib/bind9/lib/bind/isc/ev_waits.c245
-rw-r--r--contrib/bind9/lib/bind/isc/eventlib.c728
-rw-r--r--contrib/bind9/lib/bind/isc/eventlib.mdoc918
-rw-r--r--contrib/bind9/lib/bind/isc/eventlib_p.h219
-rw-r--r--contrib/bind9/lib/bind/isc/heap.c230
-rw-r--r--contrib/bind9/lib/bind/isc/heap.mdoc378
-rw-r--r--contrib/bind9/lib/bind/isc/hex.c116
-rw-r--r--contrib/bind9/lib/bind/isc/logging.c720
-rw-r--r--contrib/bind9/lib/bind/isc/logging.mdoc1056
-rw-r--r--contrib/bind9/lib/bind/isc/logging_p.h60
-rw-r--r--contrib/bind9/lib/bind/isc/memcluster.c545
-rw-r--r--contrib/bind9/lib/bind/isc/memcluster.mdoc376
-rw-r--r--contrib/bind9/lib/bind/isc/movefile.c35
-rw-r--r--contrib/bind9/lib/bind/isc/tree.c532
-rw-r--r--contrib/bind9/lib/bind/isc/tree.mdoc154
-rw-r--r--contrib/bind9/lib/bind/libtool.m45943
-rw-r--r--contrib/bind9/lib/bind/ltmain.sh4950
-rw-r--r--contrib/bind9/lib/bind/make/includes.in44
-rw-r--r--contrib/bind9/lib/bind/make/mkdep.in147
-rw-r--r--contrib/bind9/lib/bind/make/rules.in177
-rwxr-xr-xcontrib/bind9/lib/bind/mkinstalldirs40
-rw-r--r--contrib/bind9/lib/bind/nameser/Makefile.in31
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_date.c128
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_name.c963
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_netint.c56
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_parse.c203
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_print.c898
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_samedomain.c206
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_sign.c380
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_ttl.c159
-rw-r--r--contrib/bind9/lib/bind/nameser/ns_verify.c480
-rw-r--r--contrib/bind9/lib/bind/port/Makefile.in14
-rw-r--r--contrib/bind9/lib/bind/port/freebsd/Makefile.in14
-rw-r--r--contrib/bind9/lib/bind/port/freebsd/include/Makefile.in34
-rw-r--r--contrib/bind9/lib/bind/port/freebsd/include/sys/bitypes.h37
-rw-r--r--contrib/bind9/lib/bind/port_after.h.in395
-rw-r--r--contrib/bind9/lib/bind/port_before.h.in138
-rw-r--r--contrib/bind9/lib/bind/resolv/Makefile.in34
-rw-r--r--contrib/bind9/lib/bind/resolv/herror.c127
-rw-r--r--contrib/bind9/lib/bind/resolv/res_comp.c251
-rw-r--r--contrib/bind9/lib/bind/resolv/res_data.c291
-rw-r--r--contrib/bind9/lib/bind/resolv/res_debug.c1163
-rw-r--r--contrib/bind9/lib/bind/resolv/res_debug.h34
-rw-r--r--contrib/bind9/lib/bind/resolv/res_findzonecut.c722
-rw-r--r--contrib/bind9/lib/bind/resolv/res_init.c740
-rw-r--r--contrib/bind9/lib/bind/resolv/res_mkquery.c256
-rw-r--r--contrib/bind9/lib/bind/resolv/res_mkupdate.c1159
-rw-r--r--contrib/bind9/lib/bind/resolv/res_mkupdate.h24
-rw-r--r--contrib/bind9/lib/bind/resolv/res_private.h20
-rw-r--r--contrib/bind9/lib/bind/resolv/res_query.c432
-rw-r--r--contrib/bind9/lib/bind/resolv/res_send.c1052
-rw-r--r--contrib/bind9/lib/bind/resolv/res_sendsigned.c159
-rw-r--r--contrib/bind9/lib/bind/resolv/res_update.c212
-rw-r--r--contrib/bind9/lib/bind9/Makefile.in76
-rw-r--r--contrib/bind9/lib/bind9/api3
-rw-r--r--contrib/bind9/lib/bind9/check.c1412
-rw-r--r--contrib/bind9/lib/bind9/getaddresses.c229
-rw-r--r--contrib/bind9/lib/bind9/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/Makefile.in42
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/check.h54
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/getaddresses.h59
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/version.h26
-rw-r--r--contrib/bind9/lib/bind9/version.c26
-rw-r--r--contrib/bind9/lib/dns/Makefile.in164
-rw-r--r--contrib/bind9/lib/dns/acl.c446
-rw-r--r--contrib/bind9/lib/dns/adb.c3575
-rw-r--r--contrib/bind9/lib/dns/api3
-rw-r--r--contrib/bind9/lib/dns/byaddr.c314
-rw-r--r--contrib/bind9/lib/dns/cache.c1058
-rw-r--r--contrib/bind9/lib/dns/callbacks.c111
-rw-r--r--contrib/bind9/lib/dns/compress.c316
-rw-r--r--contrib/bind9/lib/dns/db.c793
-rw-r--r--contrib/bind9/lib/dns/dbiterator.c141
-rw-r--r--contrib/bind9/lib/dns/dbtable.c291
-rw-r--r--contrib/bind9/lib/dns/diff.c539
-rw-r--r--contrib/bind9/lib/dns/dispatch.c2199
-rw-r--r--contrib/bind9/lib/dns/dnssec.c857
-rw-r--r--contrib/bind9/lib/dns/ds.c83
-rw-r--r--contrib/bind9/lib/dns/forward.c195
-rw-r--r--contrib/bind9/lib/dns/gen-unix.h92
-rw-r--r--contrib/bind9/lib/dns/gen.c878
-rw-r--r--contrib/bind9/lib/dns/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/dns/include/dns/Makefile.in54
-rw-r--r--contrib/bind9/lib/dns/include/dns/acl.h221
-rw-r--r--contrib/bind9/lib/dns/include/dns/adb.h596
-rw-r--r--contrib/bind9/lib/dns/include/dns/bit.h37
-rw-r--r--contrib/bind9/lib/dns/include/dns/byaddr.h169
-rw-r--r--contrib/bind9/lib/dns/include/dns/cache.h255
-rw-r--r--contrib/bind9/lib/dns/include/dns/callbacks.h83
-rw-r--r--contrib/bind9/lib/dns/include/dns/cert.h67
-rw-r--r--contrib/bind9/lib/dns/include/dns/compress.h248
-rw-r--r--contrib/bind9/lib/dns/include/dns/db.h1271
-rw-r--r--contrib/bind9/lib/dns/include/dns/dbiterator.h298
-rw-r--r--contrib/bind9/lib/dns/include/dns/dbtable.h164
-rw-r--r--contrib/bind9/lib/dns/include/dns/diff.h279
-rw-r--r--contrib/bind9/lib/dns/include/dns/dispatch.h442
-rw-r--r--contrib/bind9/lib/dns/include/dns/dnssec.h179
-rw-r--r--contrib/bind9/lib/dns/include/dns/ds.h56
-rw-r--r--contrib/bind9/lib/dns/include/dns/events.h70
-rw-r--r--contrib/bind9/lib/dns/include/dns/fixedname.h83
-rw-r--r--contrib/bind9/lib/dns/include/dns/forward.h98
-rw-r--r--contrib/bind9/lib/dns/include/dns/journal.h271
-rw-r--r--contrib/bind9/lib/dns/include/dns/keyflags.h52
-rw-r--r--contrib/bind9/lib/dns/include/dns/keytable.h255
-rw-r--r--contrib/bind9/lib/dns/include/dns/keyvalues.h96
-rw-r--r--contrib/bind9/lib/dns/include/dns/lib.h39
-rw-r--r--contrib/bind9/lib/dns/include/dns/log.h103
-rw-r--r--contrib/bind9/lib/dns/include/dns/lookup.h138
-rw-r--r--contrib/bind9/lib/dns/include/dns/master.h214
-rw-r--r--contrib/bind9/lib/dns/include/dns/masterdump.h303
-rw-r--r--contrib/bind9/lib/dns/include/dns/message.h1297
-rw-r--r--contrib/bind9/lib/dns/include/dns/name.h1246
-rw-r--r--contrib/bind9/lib/dns/include/dns/ncache.h158
-rw-r--r--contrib/bind9/lib/dns/include/dns/nsec.h67
-rw-r--r--contrib/bind9/lib/dns/include/dns/opcode.h49
-rw-r--r--contrib/bind9/lib/dns/include/dns/order.h97
-rw-r--r--contrib/bind9/lib/dns/include/dns/peer.h177
-rw-r--r--contrib/bind9/lib/dns/include/dns/portlist.h99
-rw-r--r--contrib/bind9/lib/dns/include/dns/rbt.h835
-rw-r--r--contrib/bind9/lib/dns/include/dns/rcode.h96
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdata.h706
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataclass.h79
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatalist.h104
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataset.h468
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatasetiter.h171
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataslab.h167
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatatype.h81
-rw-r--r--contrib/bind9/lib/dns/include/dns/request.h371
-rw-r--r--contrib/bind9/lib/dns/include/dns/resolver.h431
-rw-r--r--contrib/bind9/lib/dns/include/dns/result.h186
-rw-r--r--contrib/bind9/lib/dns/include/dns/rootns.h35
-rw-r--r--contrib/bind9/lib/dns/include/dns/sdb.h206
-rw-r--r--contrib/bind9/lib/dns/include/dns/secalg.h69
-rw-r--r--contrib/bind9/lib/dns/include/dns/secproto.h69
-rw-r--r--contrib/bind9/lib/dns/include/dns/soa.h80
-rw-r--r--contrib/bind9/lib/dns/include/dns/ssu.h157
-rw-r--r--contrib/bind9/lib/dns/include/dns/stats.h57
-rw-r--r--contrib/bind9/lib/dns/include/dns/tcpmsg.h145
-rw-r--r--contrib/bind9/lib/dns/include/dns/time.h70
-rw-r--r--contrib/bind9/lib/dns/include/dns/timer.h50
-rw-r--r--contrib/bind9/lib/dns/include/dns/tkey.h196
-rw-r--r--contrib/bind9/lib/dns/include/dns/tsig.h242
-rw-r--r--contrib/bind9/lib/dns/include/dns/ttl.h76
-rw-r--r--contrib/bind9/lib/dns/include/dns/types.h299
-rw-r--r--contrib/bind9/lib/dns/include/dns/validator.h201
-rw-r--r--contrib/bind9/lib/dns/include/dns/version.h26
-rw-r--r--contrib/bind9/lib/dns/include/dns/view.h789
-rw-r--r--contrib/bind9/lib/dns/include/dns/xfrin.h107
-rw-r--r--contrib/bind9/lib/dns/include/dns/zone.h1430
-rw-r--r--contrib/bind9/lib/dns/include/dns/zonekey.h40
-rw-r--r--contrib/bind9/lib/dns/include/dns/zt.h167
-rw-r--r--contrib/bind9/lib/dns/journal.c2131
-rw-r--r--contrib/bind9/lib/dns/keytable.c396
-rw-r--r--contrib/bind9/lib/dns/lib.c62
-rw-r--r--contrib/bind9/lib/dns/log.c93
-rw-r--r--contrib/bind9/lib/dns/lookup.c487
-rw-r--r--contrib/bind9/lib/dns/master.c2376
-rw-r--r--contrib/bind9/lib/dns/masterdump.c1455
-rw-r--r--contrib/bind9/lib/dns/message.c3160
-rw-r--r--contrib/bind9/lib/dns/name.c2202
-rw-r--r--contrib/bind9/lib/dns/ncache.c554
-rw-r--r--contrib/bind9/lib/dns/nsec.c218
-rw-r--r--contrib/bind9/lib/dns/order.c157
-rw-r--r--contrib/bind9/lib/dns/peer.c522
-rw-r--r--contrib/bind9/lib/dns/portlist.c260
-rw-r--r--contrib/bind9/lib/dns/rbt.c2543
-rw-r--r--contrib/bind9/lib/dns/rbtdb.c5706
-rw-r--r--contrib/bind9/lib/dns/rbtdb.h43
-rw-r--r--contrib/bind9/lib/dns/rbtdb64.c21
-rw-r--r--contrib/bind9/lib/dns/rbtdb64.h44
-rw-r--r--contrib/bind9/lib/dns/rcode.c473
-rw-r--r--contrib/bind9/lib/dns/rdata.c1720
-rw-r--r--contrib/bind9/lib/dns/rdata/any_255/tsig_250.c593
-rw-r--r--contrib/bind9/lib/dns/rdata/any_255/tsig_250.h39
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/afsdb_18.c309
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/afsdb_18.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cert_37.c280
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cert_37.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cname_5.c232
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cname_5.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dlv_65323.c281
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dlv_65323.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dname_39.c233
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dname_39.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dnskey_48.c312
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dnskey_48.h36
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ds_43.c283
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ds_43.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/gpos_27.c252
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/gpos_27.h36
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hinfo_13.c224
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hinfo_13.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/isdn_20.c234
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/isdn_20.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/key_25.c312
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/key_25.h36
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/loc_29.c794
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/loc_29.h42
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mb_7.c234
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mb_7.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/md_3.c236
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/md_3.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mf_4.c235
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mf_4.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mg_8.c230
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mg_8.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/minfo_14.c324
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/minfo_14.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mr_9.c231
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mr_9.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mx_15.c288
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mx_15.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ns_2.c251
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ns_2.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec_47.c366
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec_47.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/null_10.c192
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/null_10.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nxt_30.c329
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nxt_30.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/opt_41.c280
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/opt_41.h54
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/proforma.c173
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/proforma.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ptr_12.c291
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ptr_12.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rp_17.c314
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rp_17.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rrsig_46.c551
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rrsig_46.h40
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rt_21.c311
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rt_21.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sig_24.c578
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sig_24.h41
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/soa_6.c443
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/soa_6.h36
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sshfp_44.c262
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sshfp_44.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tkey_249.c555
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tkey_249.h40
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/txt_16.c238
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/txt_16.h51
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/unspec_103.c189
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/unspec_103.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/x25_19.c219
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/x25_19.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/hs_4/a_1.c232
-rw-r--r--contrib/bind9/lib/dns/rdata/hs_4/a_1.h28
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a6_38.c461
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a6_38.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a_1.c236
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a_1.h28
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c233
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/aaaa_28.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/apl_42.c402
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/apl_42.h55
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/kx_36.c288
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/kx_36.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/naptr_35.c578
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/naptr_35.h39
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c245
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap_22.c255
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap_22.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/px_26.c374
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/px_26.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/srv_33.c373
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/srv_33.h36
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/wks_11.c349
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/wks_11.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/rdatastructpre.h42
-rw-r--r--contrib/bind9/lib/dns/rdata/rdatastructsuf.h22
-rw-r--r--contrib/bind9/lib/dns/rdatalist.c224
-rw-r--r--contrib/bind9/lib/dns/rdatalist_p.h55
-rw-r--r--contrib/bind9/lib/dns/rdataset.c626
-rw-r--r--contrib/bind9/lib/dns/rdatasetiter.c78
-rw-r--r--contrib/bind9/lib/dns/rdataslab.c715
-rw-r--r--contrib/bind9/lib/dns/request.c1455
-rw-r--r--contrib/bind9/lib/dns/resolver.c6473
-rw-r--r--contrib/bind9/lib/dns/result.c272
-rw-r--r--contrib/bind9/lib/dns/rootns.c247
-rw-r--r--contrib/bind9/lib/dns/sdb.c1528
-rw-r--r--contrib/bind9/lib/dns/sec/Makefile.in25
-rw-r--r--contrib/bind9/lib/dns/sec/dst/Makefile.in48
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_api.c1185
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_internal.h134
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_lib.c65
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_openssl.h33
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_parse.c412
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_parse.h95
-rw-r--r--contrib/bind9/lib/dns/sec/dst/dst_result.c86
-rw-r--r--contrib/bind9/lib/dns/sec/dst/gssapi_link.c220
-rw-r--r--contrib/bind9/lib/dns/sec/dst/gssapictx.c262
-rw-r--r--contrib/bind9/lib/dns/sec/dst/hmac_link.c282
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/dst/Makefile.in37
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/dst/dst.h570
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/dst/gssapi.h56
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/dst/lib.h39
-rw-r--r--contrib/bind9/lib/dns/sec/dst/include/dst/result.h68
-rw-r--r--contrib/bind9/lib/dns/sec/dst/key.c126
-rw-r--r--contrib/bind9/lib/dns/sec/dst/openssl_link.c219
-rw-r--r--contrib/bind9/lib/dns/sec/dst/openssldh_link.c608
-rw-r--r--contrib/bind9/lib/dns/sec/dst/openssldsa_link.c443
-rw-r--r--contrib/bind9/lib/dns/sec/dst/opensslrsa_link.c567
-rw-r--r--contrib/bind9/lib/dns/soa.c109
-rw-r--r--contrib/bind9/lib/dns/ssu.c357
-rw-r--r--contrib/bind9/lib/dns/stats.c53
-rw-r--r--contrib/bind9/lib/dns/tcpmsg.c240
-rw-r--r--contrib/bind9/lib/dns/time.c172
-rw-r--r--contrib/bind9/lib/dns/timer.c58
-rw-r--r--contrib/bind9/lib/dns/tkey.c1240
-rw-r--r--contrib/bind9/lib/dns/tsig.c1218
-rw-r--r--contrib/bind9/lib/dns/ttl.c214
-rw-r--r--contrib/bind9/lib/dns/validator.c2823
-rw-r--r--contrib/bind9/lib/dns/version.c26
-rw-r--r--contrib/bind9/lib/dns/view.c1332
-rw-r--r--contrib/bind9/lib/dns/xfrin.c1402
-rw-r--r--contrib/bind9/lib/dns/zone.c6804
-rw-r--r--contrib/bind9/lib/dns/zonekey.c53
-rw-r--r--contrib/bind9/lib/dns/zt.c320
-rw-r--r--contrib/bind9/lib/isc/Makefile.in111
-rw-r--r--contrib/bind9/lib/isc/api3
-rw-r--r--contrib/bind9/lib/isc/assertions.c93
-rw-r--r--contrib/bind9/lib/isc/base64.c246
-rw-r--r--contrib/bind9/lib/isc/bitstring.c125
-rw-r--r--contrib/bind9/lib/isc/buffer.c411
-rw-r--r--contrib/bind9/lib/isc/bufferlist.c62
-rw-r--r--contrib/bind9/lib/isc/commandline.c222
-rw-r--r--contrib/bind9/lib/isc/entropy.c1256
-rw-r--r--contrib/bind9/lib/isc/error.c101
-rw-r--r--contrib/bind9/lib/isc/event.c87
-rw-r--r--contrib/bind9/lib/isc/fsaccess.c101
-rw-r--r--contrib/bind9/lib/isc/hash.c387
-rw-r--r--contrib/bind9/lib/isc/heap.c252
-rw-r--r--contrib/bind9/lib/isc/hex.c199
-rw-r--r--contrib/bind9/lib/isc/hmacmd5.c113
-rw-r--r--contrib/bind9/lib/isc/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/include/isc/Makefile.in57
-rw-r--r--contrib/bind9/lib/isc/include/isc/app.h212
-rw-r--r--contrib/bind9/lib/isc/include/isc/assertions.h120
-rw-r--r--contrib/bind9/lib/isc/include/isc/base64.h97
-rw-r--r--contrib/bind9/lib/isc/include/isc/bitstring.h152
-rw-r--r--contrib/bind9/lib/isc/include/isc/boolean.h29
-rw-r--r--contrib/bind9/lib/isc/include/isc/buffer.h800
-rw-r--r--contrib/bind9/lib/isc/include/isc/bufferlist.h86
-rw-r--r--contrib/bind9/lib/isc/include/isc/commandline.h47
-rw-r--r--contrib/bind9/lib/isc/include/isc/entropy.h288
-rw-r--r--contrib/bind9/lib/isc/include/isc/error.h55
-rw-r--r--contrib/bind9/lib/isc/include/isc/event.h115
-rw-r--r--contrib/bind9/lib/isc/include/isc/eventclass.h53
-rw-r--r--contrib/bind9/lib/isc/include/isc/file.h252
-rw-r--r--contrib/bind9/lib/isc/include/isc/formatcheck.h34
-rw-r--r--contrib/bind9/lib/isc/include/isc/fsaccess.h177
-rw-r--r--contrib/bind9/lib/isc/include/isc/hash.h175
-rw-r--r--contrib/bind9/lib/isc/include/isc/heap.h51
-rw-r--r--contrib/bind9/lib/isc/include/isc/hex.h96
-rw-r--r--contrib/bind9/lib/isc/include/isc/hmacmd5.h60
-rw-r--r--contrib/bind9/lib/isc/include/isc/interfaceiter.h134
-rw-r--r--contrib/bind9/lib/isc/include/isc/ipv6.h148
-rw-r--r--contrib/bind9/lib/isc/include/isc/lang.h31
-rw-r--r--contrib/bind9/lib/isc/include/isc/lex.h410
-rw-r--r--contrib/bind9/lib/isc/include/isc/lfsr.h133
-rw-r--r--contrib/bind9/lib/isc/include/isc/lib.h39
-rw-r--r--contrib/bind9/lib/isc/include/isc/list.h180
-rw-r--r--contrib/bind9/lib/isc/include/isc/log.h879
-rw-r--r--contrib/bind9/lib/isc/include/isc/magic.h40
-rw-r--r--contrib/bind9/lib/isc/include/isc/md5.h72
-rw-r--r--contrib/bind9/lib/isc/include/isc/mem.h452
-rw-r--r--contrib/bind9/lib/isc/include/isc/msgcat.h132
-rw-r--r--contrib/bind9/lib/isc/include/isc/msgs.h183
-rw-r--r--contrib/bind9/lib/isc/include/isc/mutexblock.h69
-rw-r--r--contrib/bind9/lib/isc/include/isc/netaddr.h149
-rw-r--r--contrib/bind9/lib/isc/include/isc/netscope.h40
-rw-r--r--contrib/bind9/lib/isc/include/isc/ondestroy.h108
-rw-r--r--contrib/bind9/lib/isc/include/isc/os.h36
-rw-r--r--contrib/bind9/lib/isc/include/isc/parseint.h63
-rw-r--r--contrib/bind9/lib/isc/include/isc/platform.h.in255
-rw-r--r--contrib/bind9/lib/isc/include/isc/print.h81
-rw-r--r--contrib/bind9/lib/isc/include/isc/quota.h114
-rw-r--r--contrib/bind9/lib/isc/include/isc/random.h60
-rw-r--r--contrib/bind9/lib/isc/include/isc/ratelimiter.h132
-rw-r--r--contrib/bind9/lib/isc/include/isc/refcount.h164
-rw-r--r--contrib/bind9/lib/isc/include/isc/region.h95
-rw-r--r--contrib/bind9/lib/isc/include/isc/resource.h85
-rw-r--r--contrib/bind9/lib/isc/include/isc/result.h106
-rw-r--r--contrib/bind9/lib/isc/include/isc/resultclass.h54
-rw-r--r--contrib/bind9/lib/isc/include/isc/rwlock.h95
-rw-r--r--contrib/bind9/lib/isc/include/isc/serial.h76
-rw-r--r--contrib/bind9/lib/isc/include/isc/sha1.h58
-rw-r--r--contrib/bind9/lib/isc/include/isc/sockaddr.h202
-rw-r--r--contrib/bind9/lib/isc/include/isc/socket.h704
-rw-r--r--contrib/bind9/lib/isc/include/isc/stdio.h67
-rw-r--r--contrib/bind9/lib/isc/include/isc/stdlib.h38
-rw-r--r--contrib/bind9/lib/isc/include/isc/string.h76
-rw-r--r--contrib/bind9/lib/isc/include/isc/symtab.h127
-rw-r--r--contrib/bind9/lib/isc/include/isc/task.h615
-rw-r--r--contrib/bind9/lib/isc/include/isc/taskpool.h107
-rw-r--r--contrib/bind9/lib/isc/include/isc/timer.h336
-rw-r--r--contrib/bind9/lib/isc/include/isc/types.h103
-rw-r--r--contrib/bind9/lib/isc/include/isc/util.h225
-rw-r--r--contrib/bind9/lib/isc/include/isc/version.h26
-rw-r--r--contrib/bind9/lib/isc/inet_aton.c195
-rw-r--r--contrib/bind9/lib/isc/inet_ntop.c195
-rw-r--r--contrib/bind9/lib/isc/inet_pton.c211
-rw-r--r--contrib/bind9/lib/isc/lex.c921
-rw-r--r--contrib/bind9/lib/isc/lfsr.c161
-rw-r--r--contrib/bind9/lib/isc/lib.c77
-rw-r--r--contrib/bind9/lib/isc/log.c1753
-rw-r--r--contrib/bind9/lib/isc/md5.c249
-rw-r--r--contrib/bind9/lib/isc/mem.c1776
-rw-r--r--contrib/bind9/lib/isc/mutexblock.c57
-rw-r--r--contrib/bind9/lib/isc/netaddr.c357
-rw-r--r--contrib/bind9/lib/isc/netscope.c72
-rw-r--r--contrib/bind9/lib/isc/nls/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/nls/msgcat.c129
-rw-r--r--contrib/bind9/lib/isc/nothreads/Makefile.in38
-rw-r--r--contrib/bind9/lib/isc/nothreads/condition.c22
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/condition.h59
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/mutex.h39
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/once.h32
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/thread.h35
-rw-r--r--contrib/bind9/lib/isc/nothreads/mutex.c23
-rw-r--r--contrib/bind9/lib/isc/nothreads/thread.c28
-rw-r--r--contrib/bind9/lib/isc/ondestroy.c83
-rw-r--r--contrib/bind9/lib/isc/parseint.c70
-rw-r--r--contrib/bind9/lib/isc/print.c556
-rw-r--r--contrib/bind9/lib/isc/pthreads/Makefile.in38
-rw-r--r--contrib/bind9/lib/isc/pthreads/condition.c72
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/condition.h63
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/mutex.h139
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/once.h48
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/thread.h52
-rw-r--r--contrib/bind9/lib/isc/pthreads/mutex.c241
-rw-r--r--contrib/bind9/lib/isc/pthreads/thread.c68
-rw-r--r--contrib/bind9/lib/isc/quota.c92
-rw-r--r--contrib/bind9/lib/isc/random.c102
-rw-r--r--contrib/bind9/lib/isc/ratelimiter.c326
-rw-r--r--contrib/bind9/lib/isc/region.c43
-rw-r--r--contrib/bind9/lib/isc/result.c209
-rw-r--r--contrib/bind9/lib/isc/rwlock.c417
-rw-r--r--contrib/bind9/lib/isc/serial.c56
-rw-r--r--contrib/bind9/lib/isc/sha1.c309
-rw-r--r--contrib/bind9/lib/isc/sockaddr.c463
-rw-r--r--contrib/bind9/lib/isc/string.c165
-rw-r--r--contrib/bind9/lib/isc/strtoul.c128
-rw-r--r--contrib/bind9/lib/isc/symtab.c250
-rw-r--r--contrib/bind9/lib/isc/task.c1303
-rw-r--r--contrib/bind9/lib/isc/task_p.h29
-rw-r--r--contrib/bind9/lib/isc/taskpool.c89
-rw-r--r--contrib/bind9/lib/isc/timer.c920
-rw-r--r--contrib/bind9/lib/isc/timer_p.h29
-rw-r--r--contrib/bind9/lib/isc/unix/Makefile.in51
-rw-r--r--contrib/bind9/lib/isc/unix/app.c681
-rw-r--r--contrib/bind9/lib/isc/unix/dir.c225
-rw-r--r--contrib/bind9/lib/isc/unix/entropy.c589
-rw-r--r--contrib/bind9/lib/isc/unix/errno2result.c121
-rw-r--r--contrib/bind9/lib/isc/unix/errno2result.h37
-rw-r--r--contrib/bind9/lib/isc/unix/file.c435
-rw-r--r--contrib/bind9/lib/isc/unix/fsaccess.c90
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c178
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_ioctl.c1016
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_sysctl.c301
-rw-r--r--contrib/bind9/lib/isc/unix/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/Makefile.in38
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/dir.h90
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/int.h53
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/keyboard.h50
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/net.h327
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/netdb.h56
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/offset.h44
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/stat.h53
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/stdtime.h47
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/strerror.h42
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/syslog.h45
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/time.h299
-rw-r--r--contrib/bind9/lib/isc/unix/interfaceiter.c220
-rw-r--r--contrib/bind9/lib/isc/unix/ipv6.c23
-rw-r--r--contrib/bind9/lib/isc/unix/keyboard.c126
-rw-r--r--contrib/bind9/lib/isc/unix/net.c344
-rw-r--r--contrib/bind9/lib/isc/unix/os.c92
-rw-r--r--contrib/bind9/lib/isc/unix/resource.c204
-rw-r--r--contrib/bind9/lib/isc/unix/socket.c3505
-rw-r--r--contrib/bind9/lib/isc/unix/socket_p.h33
-rw-r--r--contrib/bind9/lib/isc/unix/stdio.c117
-rw-r--r--contrib/bind9/lib/isc/unix/stdtime.c83
-rw-r--r--contrib/bind9/lib/isc/unix/strerror.c72
-rw-r--r--contrib/bind9/lib/isc/unix/syslog.c82
-rw-r--r--contrib/bind9/lib/isc/unix/time.c412
-rw-r--r--contrib/bind9/lib/isc/version.c26
-rw-r--r--contrib/bind9/lib/isccc/Makefile.in86
-rw-r--r--contrib/bind9/lib/isccc/alist.c297
-rw-r--r--contrib/bind9/lib/isccc/api3
-rw-r--r--contrib/bind9/lib/isccc/base64.c63
-rw-r--r--contrib/bind9/lib/isccc/cc.c807
-rw-r--r--contrib/bind9/lib/isccc/ccmsg.c220
-rw-r--r--contrib/bind9/lib/isccc/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/Makefile.in42
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/alist.h72
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/base64.h70
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/cc.h88
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/ccmsg.h132
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/events.h35
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/lib.h40
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/result.h52
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/sexpr.h107
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/symtab.h123
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/symtype.h29
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/types.h38
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/util.h211
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/version.h26
-rw-r--r--contrib/bind9/lib/isccc/lib.c63
-rw-r--r--contrib/bind9/lib/isccc/result.c70
-rw-r--r--contrib/bind9/lib/isccc/sexpr.c310
-rw-r--r--contrib/bind9/lib/isccc/symtab.c278
-rw-r--r--contrib/bind9/lib/isccc/version.c26
-rw-r--r--contrib/bind9/lib/isccfg/Makefile.in83
-rw-r--r--contrib/bind9/lib/isccfg/api3
-rw-r--r--contrib/bind9/lib/isccfg/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/Makefile.in42
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/cfg.h415
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/grammar.h439
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/log.h53
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/namedconf.h44
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/version.h26
-rw-r--r--contrib/bind9/lib/isccfg/log.c50
-rw-r--r--contrib/bind9/lib/isccfg/namedconf.c1906
-rw-r--r--contrib/bind9/lib/isccfg/parser.c2289
-rw-r--r--contrib/bind9/lib/isccfg/version.c27
-rw-r--r--contrib/bind9/lib/lwres/Makefile.in82
-rw-r--r--contrib/bind9/lib/lwres/api3
-rw-r--r--contrib/bind9/lib/lwres/assert_p.h33
-rw-r--r--contrib/bind9/lib/lwres/context.c380
-rw-r--r--contrib/bind9/lib/lwres/context_p.h59
-rw-r--r--contrib/bind9/lib/lwres/gai_strerror.c52
-rw-r--r--contrib/bind9/lib/lwres/getaddrinfo.c691
-rw-r--r--contrib/bind9/lib/lwres/gethost.c219
-rw-r--r--contrib/bind9/lib/lwres/getipnode.c1026
-rw-r--r--contrib/bind9/lib/lwres/getnameinfo.c286
-rw-r--r--contrib/bind9/lib/lwres/getrrset.c211
-rw-r--r--contrib/bind9/lib/lwres/herror.c101
-rw-r--r--contrib/bind9/lib/lwres/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/Makefile.in46
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/context.h133
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/int.h32
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/ipv6.h118
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lang.h31
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/list.h119
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwbuffer.h402
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwpacket.h124
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwres.h579
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/netdb.h.in518
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/platform.h.in101
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/result.h40
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/version.h26
-rw-r--r--contrib/bind9/lib/lwres/lwbuffer.c287
-rw-r--r--contrib/bind9/lib/lwres/lwconfig.c703
-rw-r--r--contrib/bind9/lib/lwres/lwpacket.c85
-rw-r--r--contrib/bind9/lib/lwres/lwres_gabn.c415
-rw-r--r--contrib/bind9/lib/lwres/lwres_gnba.c328
-rw-r--r--contrib/bind9/lib/lwres/lwres_grbn.c416
-rw-r--r--contrib/bind9/lib/lwres/lwres_noop.c255
-rw-r--r--contrib/bind9/lib/lwres/lwresutil.c491
-rw-r--r--contrib/bind9/lib/lwres/man/Makefile.in232
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.3159
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.docbook244
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.html433
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.3279
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.docbook378
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.html576
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.3107
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.docbook159
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.html282
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.3196
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.docbook283
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.html478
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.3195
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.docbook255
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.html419
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.388
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook161
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.html295
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3249
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook372
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html693
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.3272
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.docbook407
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.html784
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.3189
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.docbook307
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.html512
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.386
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook154
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.html290
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3144
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook208
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html360
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.3188
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.docbook259
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.html409
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.369
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook124
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.html241
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.354
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.docbook99
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.html177
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.3162
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.docbook229
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.html388
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.3151
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.docbook218
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.html362
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.3153
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.docbook221
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.html387
-rw-r--r--contrib/bind9/lib/lwres/print.c553
-rw-r--r--contrib/bind9/lib/lwres/print_p.h86
-rw-r--r--contrib/bind9/lib/lwres/unix/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/unix/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/unix/include/lwres/Makefile.in34
-rw-r--r--contrib/bind9/lib/lwres/unix/include/lwres/net.h130
-rw-r--r--contrib/bind9/lib/lwres/version.c26
-rw-r--r--contrib/bind9/libtool.m45943
-rw-r--r--contrib/bind9/ltmain.sh6399
-rw-r--r--contrib/bind9/make/Makefile.in28
-rw-r--r--contrib/bind9/make/includes.in48
-rw-r--r--contrib/bind9/make/mkdep.in148
-rw-r--r--contrib/bind9/make/rules.in228
-rwxr-xr-xcontrib/bind9/mkinstalldirs40
-rw-r--r--contrib/bind9/version10
1090 files changed, 509412 insertions, 0 deletions
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES
new file mode 100644
index 000000000000..ac7f212853fa
--- /dev/null
+++ b/contrib/bind9/CHANGES
@@ -0,0 +1,5479 @@
+
+ --- 9.3.0rc4 released ---
+
+1709. [port] solaris: add SMF support.
+
+1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
+ for conformance to the name space convention. Binary
+ backward compatibility to the old function name is
+ provided. [RT #12376]
+
+1707. [contrib] sdb/ldap updated to version 1.0-beta.
+
+1706. [bug] 'rndc stop' failed to cause zones to be flushed
+ sometimes. [RT #12328]
+
+1704. [port] lwres needed a snprintf() implementation for
+ platforms without snprintf(). Add missing
+ "#include <isc/print.h>". [RT #12321]
+
+1703. [bug] named would loop sending NOTIFY messages when it
+ failed to receive a response. [RT #12322]
+
+1702. [bug] also-notify should not be applied to builtin zones.
+ [RT #12323]
+
+1701. [doc] A minimal named.conf man page.
+
+1700. [func] nslookup is no longer to be treated as deprecated.
+ Remove "deprecated" warning message. Add man page.
+
+1699. [bug] dnssec-signzone can generate "not exact" errors
+ when resigning. [RT #12281]
+
+1698. [doc] Use reserved IPv6 documentation prefix.
+
+1697. [bug] xxx-source{,-v6} was not effective when it
+ specified one of listening addresses and a
+ different port than the listening port. [RT #12257]
+
+ --- 9.3.0rc3 released ---
+
+1696. [bug] dnssec-signzone failed to clean out nodes that
+ consisted of only NSEC and RRSIG records.
+ [RT #12154]
+
+1695. [bug] DS records when forwarding require special handling.
+ [RT #12133]
+
+1694. [bug] Report if the builtin views of "_default" / "_bind"
+ are defined in named.conf. [RT #12023]
+
+1693. [bug] max-journal-size was not effective for master zones
+ with ixfr-from-differences set. [RT# 12024]
+
+1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
+ /usr/lib. [RT #11971]
+
+1691. [bug] sdb's attachversion was not complete. [RT #11990]
+
+1690. [bug] Delay detaching view from the client until UPDATE
+ processing completes when shutting down. [RT #11714]
+
+1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
+ contained gratuitous semicolons. [RT #11707]
+
+1688. [bug] LDFLAGS was not supported.
+
+1687. [bug] Race condition in dispatch. [RT #10272]
+
+1686. [bug] Named sent a extraneous NOTIFY when it received a
+ redundant UPDATE request. [RT #11943]
+
+ --- 9.3.0rc2 released ---
+
+1685. [bug] Change #1679 loop tests weren't quite right.
+
+1683. [bug] dig +sigchase could leak memory. [RT #11445]
+
+1682. [port] Update configure test for (long long) printf format.
+ [RT #5066]
+
+1681. [bug] Only set SO_REUSEADDR when a port is specified in
+ isc_socket_bind(). [RT #11742]
+
+1679. [bug] When there was a single nameserver with multiple
+ addresses for a zone not all addresses were tried.
+ [RT #11706]
+
+1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
+
+1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
+
+1675. [bug] named would sometimes add extra NSEC records to
+ the authority section.
+
+1674. [port] linux: increase buffer size used to scan
+ /proc/net/if_inet6.
+
+1673. [port] linux: issue a error messages if IPv6 interface
+ scans fails.
+
+1672. [cleanup] Tests which only function in a threaded build
+ now return R:THREADONLY (rather than R:UNTESTED)
+ in a non-threaded build.
+
+1671. [contrib] queryperf: add NAPTR to the list of known types.
+
+1670. [func] Log UPDATE requests to slave zones without an acl as
+ "disabled" at debug level 3. [RT# 11657]
+
+1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
+
+1667. [port] linux: not all versions have IF_NAMESIZE.
+
+1666. [bug] The optional port on hostnames in dual-stack-servers
+ was being ignored.
+
+1663. [func] Look for OpenSSL by default.
+
+1661. [bug] Restore dns_name_concatenate() call in
+ adb.c:set_target(). [RT #11582]
+
+1660. [bug] win32: connection_reset_fix() was being called
+ unconditionally. [RT #11595]
+
+ --- 9.3.0rc1 released ---
+
+1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
+
+1662. [bug] Change #1658 failed to change one use of 'type'
+ to 'keytype'.
+
+1659. [cleanup] Cleanup some messages that were referring to KEY vs
+ DNSKEY, NXT vs NSEC and SIG vs RRSIG.
+
+1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
+ and DH. Tighten which options apply to KEY and
+ DNSKEY records.
+
+1657. [doc] ARM: document query log output.
+
+1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
+ DNSKEY and RRSIG. [RT #11542]
+
+1655. [bug] Logging multiple versions w/o a size was broken.
+ [RT #11446]
+
+1654. [bug] isc_result_totext() contained array bounds read
+ error.
+
+1653. [func] Add key type checking to dst_key_fromfilename(),
+ DST_TYPE_KEY should be used to read TSIG, TKEY and
+ SIG(0) keys.
+
+1652. [bug] TKEY still uses KEY.
+
+1651. [bug] dig: process multiple dash options.
+
+1650. [bug] dig, nslookup: flush standard out after each command.
+
+1649. [bug] Silence "unexpected non-minimal diff" message.
+ [RT #11206]
+
+1648. [func] Update dnssec-lookaside named.conf syntax to support
+ multiple dnssec-lookaside namespaces (not yet
+ implemented).
+
+1647. [bug] It was possible trigger a INSIST when chasing a DS
+ record that required walking back over a empty node.
+ [RT #11445]
+
+1646. [bug] win32: logging file versions didn't work with
+ non-UNC filenames. [RT#11486]
+
+1645. [bug] named could trigger a REQUIRE failure if multiple
+ masters with keys are specified.
+
+1644. [bug] Update the journal modification time after a
+ sucessfull refresh query. [RT #11436]
+
+1643. [bug] dns_db_closeversion() could leak memory / node
+ references. [RT #11163]
+
+1642. [port] Support OpenSSL implementations which don't have
+ DSA support. [RT #11360]
+
+1641. [bug] Update the check-names description in ARM. [RT #11389]
+
+ --- 9.3.0beta4 released ---
+
+1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
+ incorrectly closing the socket. [RT #11291]
+
+1639. [func] Initial dlv system test.
+
+1638. [bug] "ixfr-from-differences" could generate a REQUIRE
+ failure if the journal open failed. [RT #11347]
+
+1637. [bug] Node reference leak on error in addnoqname().
+
+1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
+ a error had occured. The database version no longer
+ matched the version of the database that was dumped.
+
+1635. [bug] Memory leak on error in query_addds().
+
+1634. [bug] named didn't supply a useful error message when it
+ detected duplicate views. [RT #11208]
+
+1633. [bug] named should return NOTIMP to update requests to a
+ slaves without a allow-update-forwarding acl specified.
+ [RT #11331]
+
+1632. [bug] nsupdate failed to send prerequisite only UPDATE
+ messages. [RT #11288]
+
+1631. [bug] dns_journal_compact() could sometimes corrupt the
+ journal. [RT #11124]
+
+1630. [contrib] queryperf: add support for IPv6 transport.
+
+1629. [func] dig now supports IPv6 scoped addresses with the
+ extended format in the local-server part. [RT #8753]
+
+1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
+
+1627. [bug] win32: sockets were not being closed when the
+ last external reference was removed. [RT# 11179]
+
+1626. [bug] --enable-getifaddrs was broken. [RT#11259]
+
+1625. [bug] named failed to load/transfer RFC2535 signed zones
+ which contained CNAMES. [RT# 11237]
+
+1606. [bug] DLV insecurity proof was failing.
+
+1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
+
+ --- 9.3.0beta3 released ---
+
+1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
+
+1623. [bug] A serial number of zero was being displayed in the
+ "sending notifies" log message when also-notify was
+ used. [RT #11177]
+
+1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
+ available, and suppress wildcard binding if not.
+
+1621. [bug] match-destinations did not work for IPv6 TCP queries.
+ [RT# 11156]
+
+1620. [func] When loading a zone report if it is signed. [RT #11149]
+
+1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
+ [RT# 11118]
+
+1618. [bug] Fencepost errors in dns_name_ishostname() and
+ dns_name_ismailbox() could trigger a INSIST().
+
+1617. [port] win32: VC++ 6.0 support.
+
+1616. [compat] Ensure that named's version is visible in the core
+ dump. [RT #11127]
+
+1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
+ it is defined.
+
+1614. [port] win32: silence resource limit messages. [RT# 11101]
+
+1613. [bug] Builds would fail on machines w/o a if_nametoindex().
+ Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
+ [RT #11119]
+
+1612. [bug] check-names at the option/view level could trigger
+ an INSIST. [RT# 11116]
+
+1611. [bug] solaris: IPv6 interface scanning failed to cope with
+ no active IPv6 interfaces.
+
+1610. [bug] On dual stack machines "dig -b" failed to set the
+ address type to be looked up with "@server".
+ [RT #11069]
+
+1600. [bug] Duplicate zone pre-load checks were not case
+ insensitive.
+
+1599. [bug] Fix memory leak on error path when checking named.conf.
+
+1598. [func] Specify that certain parts of the namespace must
+ be secure (dnssec-must-be-secure).
+
+ --- 9.3.0beta2 released ---
+
+1609. [func] dig now has support to chase DNSSEC signature chains.
+ Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
+
+1608. [func] dig and host now accept -4/-6 to select IP transport
+ to use when making queries.
+
+1607. [bug] dig, host and nslookup were still using random()
+ to generate query ids. [RT# 11013]
+
+1604. [bug] A xfrout_ctx_create() failure would result in
+ xfrout_ctx_destroy() being called with a
+ partially initialized structure.
+
+1603. [bug] nsupdate: set interactive based on isatty().
+ [RT# 10929]
+
+1602. [bug] Logging to a file failed unless a size was specified.
+ [RT# 10925]
+
+1601. [bug] Silence spurious warning 'both "recursion no;" and
+ "allow-recursion" active' warning from view "_bind".
+ [RT# 10920]
+
+1594. [bug] 'rndc dumpdb' could prevent named from answering
+ queries while the dump was in progress. [RT #10565]
+
+1593. [bug] rndc should return "unknown command" to unknown
+ commands. [RT# 10642]
+
+ --- 9.3.0beta1 released ---
+
+1592. [bug] configure_view() could leak a dispatch. [RT #10675]
+
+1591. [bug] libbind: updated to BIND 8.4.5.
+
+1590. [port] netbsd: update thread support.
+
+1589. [func] DNSSEC lookaside validation.
+
+1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
+
+1587. [bug] dns_message_settsigkey() failed to clear existing key.
+ [RT #10590]
+
+1586. [func] "check-names" is now implemented.
+
+1584. [bug] "make test" failed with a read only source tree.
+ [RT #10461]
+
+1583. [bug] Records add via UPDATE failed to get the correct trust
+ level. [RT #10452]
+
+1582. [bug] rrset-order failed to work on RRsets with more
+ than 32 elements. [RT #10381]
+
+1581. [func] Disable DNSSEC support by default. To enable
+ DNSSEC specify "dnssec-enable yes;" in named.conf.
+
+1580. [bug] Zone destruction on final detach takes a long time.
+ [RT #3746]
+
+1579. [bug] Multiple task managers could not be created.
+
+1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
+ [RT #10346]
+
+1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
+ workaround code. [RT #10331]
+
+1576. [bug] Race condition in dns_dispatch_addresponse().
+ [RT# 10272]
+
+1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
+
+1574. [bug] Don't attempt to open the controls socket(s) when
+ running tests. [RT #9091]
+
+1573. [port] linux: update to libtool 1.5.2 so that
+ "make install DESTDIR=/xx" works with
+ "configure --with-libtool". [RT #9941]
+
+1572. [bug] nsupdate: sign the soa query to find the enclosing
+ zone if the server is specified. [RT #10148]
+
+1571. [bug] rbt:hash_node() could fail leaving the hash table
+ in an inconsistent state. [RT #10208]
+
+1570. [bug] nsupdate failed to handle classes other than IN.
+ New keyword 'class' which sets the default class.
+ [RT #10202]
+
+1569. [func] nsupdate new command 'answer' which displays the
+ complete answer message to the last update.
+
+1568. [bug] nsupdate now reports that the update failed in
+ interactive mode. [RT# 10236]
+
+1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
+
+1566. [port] Support for the cmsg framework on Solaris and HP/UX.
+ This also solved the problem that match-destinations
+ for IPv6 addresses did not work on these systems.
+ [RT #10221]
+
+1565. [bug] CD flag should be copied to outgoing queries unless
+ the query is under a secure entry point in which case
+ CD should be set.
+
+1564. [func] Attempt to provide a fallback entropy source to be
+ used if named is running chrooted and named is unable
+ to open entropy source within the chroot area.
+ [RT #10133]
+
+1563. [bug] Gracefully fail when unable to obtain neither an IPv4
+ nor an IPv6 dispatch. [RT #10230]
+
+1562. [bug] isc_socket_create() and isc_socket_accept() could
+ leak memory under error conditions. [RT #10230]
+
+1561. [bug] It was possible to release the same name twice if
+ named ran out of memory. [RT #10197]
+
+1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
+ and EAI_NONAME to the same value.
+
+1559. [port] named should ignore SIGFSZ.
+
+1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
+ child zones for which we don't have a supported
+ algorithm. Such child zones are treated as unsigned.
+
+1557. [func] Implement missing DNSSEC tests for
+ * NOQNAME proof with wildcard answers.
+ * NOWILDARD proof with NXDOMAIN.
+ Cache and return NOQNAME with wildcard answers.
+
+1556. [bug] nsupdate now treats all names as fully qualified.
+ [RT #6427]
+
+1555. [func] 'rrset-order cyclic' no longer has a random starting
+ point. [RT #7572]
+
+1554. [bug] dig, host, nslookup failed when no nameservers
+ were specified in /etc/resolv.conf. [RT #8232]
+
+1553. [bug] The windows socket code could stop accepting
+ connections. [RT#10115]
+
+1552. [bug] Accept NOTIFY requests from mapped masters if
+ matched-mapped is set. [RT #10049]
+
+1551. [port] Open "/dev/null" before calling chroot().
+
+1550. [port] Call tzset(), if available, before calling chroot().
+
+1549. [func] named-checkzone can now write out the zone contents
+ in a easily parsable format (-D and -o).
+
+1548. [bug] When parsing APL records it was possible to silently
+ accept out of range ADDRESSFAMILY values. [RT# 9979]
+
+1547. [bug] Named wasted memory recording duplicate lame zone
+ entries. [RT #9341]
+
+1546. [bug] We were rejecting valid secure CNAME to negative
+ answers.
+
+1545. [bug] It was possible to leak memory if named was unable to
+ bind to the specified transfer source and TSIG was
+ being used. [RT #10120]
+
+1544. [bug] Named would logged a single entry to a file despite it
+ being over the specified size limit.
+
+1543. [bug] Logging using "versions unlimited" did not work.
+
+1541. [func] NSEC now uses new bitmap format.
+
+1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
+ [RT #8934]
+
+1539. [bug] Open UDP sockets for notify-source and transfer-source
+ that use reserved ports at startup. [RT #9475]
+
+1537. [func] New option "querylog". If set specify whether query
+ logging is to be enabled or disabled at startup.
+
+1536. [bug] Windows socket code failed to log a error description
+ when returning ISC_R_UNEXPECTED. [RT #9998]
+
+1534. [bug] Race condition when priming cache. [RT# 9940]
+
+1533. [func] Warn if both "recursion no;" and "allow-recursion"
+ are active. [RT# 4389]
+
+1532. [port] netbsd: the configure test for <sys/sysctl.h>
+ requires <sys/param.h>.
+
+1531. [port] AIX more libtool fixes.
+
+1530. [bug] It was possible to trigger a INSIST() failure if a
+ slave master file was removed at just the correct
+ moment. [RT #9462]
+
+1529. [bug] "notify explicit;" failed to log that NOTIFY messages
+ were being sent for the zone. [RT# 9442]
+
+1528. [cleanup] Simplify some dns_name_ functions based on the
+ deprecation of bitstring labels.
+
+1527. [cleanup] Reduce the number of gettimeofday() calls without
+ losing necessary timer granularity.
+
+1525. [bug] dns_cache_create() could trigger a REQUIRE
+ failure in isc_mem_put() during error cleanup.
+ [RT# 9360]
+
+1524. [port] AIX needs to be able to resolve all symbols when
+ creating shared libraries (--with-libtool).
+
+1523. [bug] Fix race condition in rbtdb. [RT# 9189]
+
+1522. [bug] dns_db_findnode() relax the requirements on 'name'.
+ [RT# 9286]
+
+1521. [bug] dns_view_createresolver() failed to check the
+ result from isc_mem_create(). [RT# 9294]
+
+1520. [protocol] Add SSHFP (SSH Finger Print) type.
+
+1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
+ length of the new bitmap.
+
+1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
+ contained a off-by-one error when working out the
+ number of octets in the bitmap.
+
+1517. [port] Support for IPv6 interface scanning on HP/UX and
+ TrueUNIX 5.1.
+
+1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
+
+1515. [func] Allow transfer source to be set in a server statement.
+ [RT #6496]
+
+1514. [bug] named: isc_hash_destroy() was being called too early.
+ [RT #9160]
+
+1513. [doc] Add "US" to root-delegation-only exclude list.
+
+1512. [bug] Extend the delegation-only logging to return query
+ type, class and responding nameserver.
+
+1511. [bug] delegation-only was generating false positives
+ on negative answers from subzones.
+
+1510. [func] New view option "root-delegation-only". Apply
+ delegation-only check to all TLDs and root.
+ Note there are some TLDs that are NOT delegation
+ only (e.g. DE, LV, US and MUSEUM) these can be excluded
+ from the checks by using exclude.
+
+ root-delegation-only exclude {
+ "DE"; "LV"; "US"; "MUSEUM";
+ };
+
+1509. [bug] Hint zones should accept delegation-only. Forward
+ zone should not accept delegation-only.
+
+1508. [bug] Don't apply delegation-only checks to answers from
+ forwarders.
+
+1507. [bug] Handle BIND 8 style returns to NS queries to parents
+ when making delegation-only checks.
+
+1506. [bug] Wrong return type for dns_view_isdelegationonly().
+
+1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
+
+1504. [func] New zone type "delegation-only".
+
+1503. [port] win32: install libeay32.dll outside of system32.
+
+1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
+
+1501. [func] Allow TCP queue length to be specified via
+ named.conf, tcp-listen-queue.
+
+1500. [bug] host failed to lookup MX records. Also look up
+ AAAA records.
+
+1475. [port] Probe for old sprintf().
+
+1474. [port] Provide strtoul() and memmove() for platforms
+ without them.
+
+1469. [func] Log end of outgoing zone transfer at same level
+ as the start of transfer is logged. [RT #4441]
+
+1468. [func] Internal zones are no longer counted for
+ 'rndc status'. [RT #4706]
+
+1467. [func] $GENERATES now supports optional class and ttl.
+
+1458. [cleanup] sprintf() -> snprintf().
+
+1457. [port] Provide strlcat() and strlcpy() for platforms without
+ them.
+
+1455. [bug] <netaddr> missing from server grammar in
+ doc/misc/options. [RT #5616]
+
+1454. [port] Use getifaddrs() if available for interface scanning.
+ --disable-getifaddrs to override. Glibc currently
+ has a getifaddrs() that does not support IPv6.
+ Use --enable-getifaddrs=glibc to force the use of
+ this version under linux machines.
+
+1446. [func] Implemented undocumented alternate transfer sources
+ from BIND 8. See use-alt-transfer-source,
+ alt-transfer-source and alt-transfer-source-v6.
+
+ SECURITY: use-alt-transfer-source is ENABLED unless
+ you are using views. This may cause a security risk
+ resulting in accidental disclosure of wrong zone
+ content if the master supplying different source
+ content based on IP address. If you are not certain
+ ISC recommends setting use-alt-transfer-source no;
+
+1444. [func] dns_view_findzonecut2() allows you to specify if the
+ cache should be searched for zone cuts.
+
+1443. [func] Masters lists can now be specified and referenced
+ in zone masters clauses and other masters lists.
+
+1442. [func] New functions for manipulating port lists:
+ dns_portlist_create(), dns_portlist_add(),
+ dns_portlist_remove(), dns_portlist_match(),
+ dns_portlist_attach() and dns_portlist_detach().
+
+1441. [func] It is now possible to tell dig to bind to a specific
+ source port.
+
+1440. [func] It is now possible to tell named to avoid using
+ certain source ports (avoid-v4-udp-ports,
+ avoid-v6-udp-ports).
+
+1438. [func] Log TSIG (if any) when logging NOTIFY requests.
+
+1436. [func] dns_zonemgr_resumexfrs() can be used to restart
+ stalled transfers.
+
+1433. [bug] named could trigger a REQUIRE failure if it could
+ not get a file descriptor when attempting to write
+ a master file. [RT #4347]
+
+1432. [func] The advertised EDNS UDP buffer size can now be set
+ via named.conf (edns-udp-size).
+
+1430. [port] linux: IPv6 interface scanning support.
+
+1422. [func] Log name/type/class when denying a query. [RT #4663]
+
+1421. [func] Differentiate updates that don't succeed due to
+ prerequisites (unsuccessful) vs other reasons
+ (failed).
+
+1417. [func] ID.SERVER/CHAOS is now a built in zone.
+ See "server-id" for how to configure.
+
+1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
+ from SOA MINIMUM.
+
+1414. [func] Support for KSK flag.
+
+1413. [func] Explictly request the (re-)generation of DS records from
+ keysets (dnssec-signzone -g).
+
+1412. [func] You can now specify servers to be tried if a nameserver
+ has IPv6 address and you only support IPv4 or the
+ reverse. See dual-stack-servers.
+
+1410. [func] Handle records that live in the parent zone, e.g. DS.
+
+1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
+
+1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
+ buffer.
+
+1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
+ dnssec-signkey now report their version in the
+ usage message.
+
+1402. [cleanup] A6 has been moved to experimental and is no longer
+ fully supported.
+
+1400. [bug] Block the addition of wildcard NS records by IXFR
+ or UPDATE. [RT #3502]
+
+1398. [doc] ARM: notify-also should have been also-notify.
+ [RT #4345]
+
+1396. [func] dnssec-signzone: adjust the default signing time by
+ 1 hour to allow for clock skew.
+
+1394. [func] It is now possible to check if a particular element is
+ in a acl. Remove duplicate entries from the localnets
+ acl.
+
+1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
+ is not available in the kernel to prevent accidently
+ listening on IPv4 interfaces.
+
+1392. [bug] named-checkzone: update usage.
+
+1391. [func] Add support for IPv6 scoped addresses in named.
+
+1390. [func] host now supports ixfr.
+
+1386. [bug] named-checkzone -z stopped on errors in a zone.
+ [RT #3653]
+
+1383. [func] Track the serial number in a IXFR response and log if
+ a mismatch occurs. This is a more specific error than
+ "not exact". [RT #3445]
+
+1380. [func] 'rndc recursing' dump recursing queries to
+ 'recursing-file = "named.recursing";'.
+
+1379. [func] 'rndc status' now reports tcp and recursion quota
+ states.
+
+1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
+
+1377. [func] dns_zone_load{new}() now reports if the zone was
+ loaded, queued for loading to up to date.
+
+1376. [func] New function dns_zone_logc() to log to specified
+ category.
+
+1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
+ data cache.
+
+1374. [func] dns_adb_dump() now logs the lame zones associated
+ with each server.
+
+1371. [bug] notify-source-v6, transfer-source-v6 and
+ query-source-v6 with explicit addresses and using the
+ same ports as named was listening on could interfere
+ with named's ability to answer queries sent to those
+ addresses.
+
+1368. [func] remove support for bitstring labels.
+
+1367. [func] Use response times to select forwarders.
+
+1365. [func] "localhost" and "localnets" acls now include IPv6
+ addresses / prefixes.
+
+1364. [func] Log file name when unable to open memory statistics
+ and dump database files. [RT# 3437]
+
+1363. [func] Listen-on-v6 now supports specific addresses.
+
+1362. [bug] remove IFF_RUNNING test when scanning interfaces.
+
+1361. [func] log the reason for rejecting a server when resolving
+ queries.
+
+1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
+
+1344. [func] Log if the serial number on the master has gone
+ backwards.
+ If you have multiple machines specified in the masters
+ clause you may want to set 'multi-master yes;' to
+ suppress this warning.
+
+1343. [func] Log successful notifies received (info). Adjust log
+ level for failed notifies to notice.
+
+1342. [func] Log remote address with TCP dispatch failures.
+
+1341. [func] Allow a rate limiter to be stalled.
+
+1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
+ lookups. Bit string lookups are no longer attempted.
+
+1336. [func] Nibble lookups under IP6.ARPA are now supported by
+ dns_byaddr_create(). dns_byaddr_createptrname() is
+ deprecated, use dns_byaddr_createptrname2() instead.
+
+1332. [func] Report the current serial with periodic commits when
+ rolling forward the journal.
+
+1331. [func] Generate DNSSEC wildcard proofs.
+
+1329. [func] named-checkzone will now check if nameservers that
+ appear to be IP addresses. Available modes "fail",
+ "warn" (default) and "ignore" the results of the
+ check.
+
+1328. [bug] The validator could incorrectly verify an invalid
+ negative proof.
+
+1322. [bug] dnssec-signzone usage message was misleading.
+
+1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
+ would incorrectly duplicate its output and sign it.
+
+1313. [func] Query log now says if the query was signed (S) or
+ if EDNS was used (E).
+
+1312. [func] Log TSIG key used w/ outgoing zone transfers.
+
+1309. [func] Log that a zone transfer was covered by a TSIG.
+
+1308. [func] DS (delegation signer) support.
+
+1304. [func] New function: dns_zone_name().
+
+1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
+
+1302. [func] Extended rndc dumpdb to support dumping of zones and
+ view selection: 'dumpdb [-all|-zones|-cache] [view]'.
+
+1301. [func] New category 'update-security'.
+
+1300. [port] Compaq Trucluster support.
+
+1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
+
+1292. [func] Enable IPv6 support when using ioctl style interface
+ scanning and OS supports SIOCGLIFADDR using struct
+ if_laddrreq.
+
+1291. [func] Enable IPv6 support when using sysctl style interface
+ scanning.
+
+1290. [func] "dig axfr" now reports the number of messages
+ as well as the number of records.
+
+1285. [func] lwres: probe the system to see what address families
+ are currently in use.
+
+1283. [func] Use "dataready" accept filter if available.
+
+1281. [func] Log zone when unable to get private keys to update
+ zone. Log zone when NXT records are missing from
+ secure zone.
+
+1278. [func] dig: now supports +[no]cl +[no]ttlid.
+
+1277. [func] You can now create your own customized printing
+ styles: dns_master_stylecreate() and
+ dns_master_styledestroy().
+
+1271. [bug] "recursion available: {denied,approved}" was too
+ confusing.
+
+1267. [func] isc_file_openunique() now creates file using mode
+ 0666 rather than 0600.
+
+1254. [func] preferred-glue option from BIND 8.3.
+
+1250. [func] Nsupdate will report the address the update was
+ sent to.
+
+1247. [bug] Don't reset the interface index for link/site local
+ addresses. [RT #2576]
+
+1246. [func] New functions isc_sockaddr_issitelocal(),
+ isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
+ and isc_netaddr_islinklocal().
+
+1243. [bug] It was possible to trigger a REQUIRE() in
+ dns_message_findtype(). [RT #2659]
+
+1235. [func] Report 'out of memory' errors from openssl.
+
+1234. [bug] contrib/sdb: 'zonetodb' failed to call
+ dns_result_register(). DNS_R_SEENINCLUDE should not
+ be fatal.
+
+1233. [bug] The flags field of a KEY record can be expressed in
+ hex as well as decimal.
+
+1226. [func] Use EDNS for zone refresh queries. [RT #2551]
+
+1225. [func] dns_message_setopt() no longer requires that
+ dns_message_renderbegin() to have been called.
+
+1224. [bug] 'rrset-order' and 'sortlist' should be additive
+ not exclusive.
+
+1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
+ are supported.
+
+1220. [func] Support for APL rdata type.
+
+1219. [func] Named now reports the TSIG extended error code when
+ signature verification fails. [RT #1651]
+
+1217. [func] Report locations of previous key definition when a
+ duplicate is detected.
+
+1213. [func] Report view associated with client if it is not a
+ standard view (_default or _bind).
+
+1203. [func] Report locations of previous acl and zone definitions
+ when a duplicate is detected.
+
+1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
+
+1192. [bug] The seconds fields in LOC records were restricted
+ to three decimal places. More decimal places should
+ be allowed but warned about.
+
+1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
+ [RT #2394]
+
+1187. [bug] named was incorrectly returning DNSSEC records
+ in negative responses when the DO bit was not set.
+
+1181. [func] Add the "key-directory" configuration statement,
+ which allows the server to look for online signing
+ keys in alternate directories.
+
+1180. [func] dnssec-keygen should always generate keys with
+ protocol 3 (DNSSEC), since it's less confusing
+ that way.
+
+1179. [func] Add SIG(0) support to nsupdate.
+
+1177. [func] Report view when loading zones if it is not a
+ standard view (_default or _bind). [RT #2270]
+
+1171. [func] Added function isc_region_compare(), updated files in
+ lib/dns to use this function instead of local one.
+
+1169. [func] Identify recursive queries in the query log.
+
+1163. [func] isc_time_formattimestamp() now includes the year.
+
+1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
+
+1158. [func] Report the client's address when logging notify
+ messages.
+
+1157. [func] match-clients and match-destinations now accept
+ keys. [RT #2045]
+
+1155. [func] Recover from master files being removed from under
+ us.
+
+1153. [func] 'rndc {stop|halt} -p' now reports the process id
+ of the instance of named being shutdown.
+
+1151. [bug] nslookup failed to check that the arguments to
+ the port, timeout, and retry options were
+ valid integers and in range. [RT #2099]
+
+1150. [bug] named incorrectly accepted TTL values
+ containing plus or minus signs, such as
+ 1d+1h-1s.
+
+1149. [func] New function isc_parse_uint32().
+
+1148. [func] 'rndc-confgen -a' now provides positive feedback.
+
+1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
+ the OS. listen-on-v6 { any; }; should no longer
+ result in IPv4 queries be accepted. Similarly
+ control { inet :: ... }; should no longer result
+ in IPv4 connections being accepted. This can be
+ overridden at compile time by defining
+ ISC_ALLOW_MAPPED=1.
+
+1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
+ supported by the OS by a new function
+ isc_socket_ipv6only().
+
+1145. [func] "host" no longer reports a NOERROR/NODATA response
+ by printing nothing. [RT #2065]
+
+1143. [bug] When a trusted-keys statement was present and named
+ was built without crypto support, it would leak memory.
+
+1139. [func] It is now possible to flush a given name from the
+ cache(s) via 'rndc flushname name [view]'. [RT #2051]
+
+1138. [func] It is now possible to flush a given name from the
+ cache by calling the new function
+ dns_cache_flushname().
+
+1137. [func] It is now possible to flush a given name from the
+ ADB by calling the new function dns_adb_flushname().
+
+1135. [func] You can now override the default syslog() facility for
+ named/lwresd at compile time. [RT #1982]
+
+1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
+
+1128. [func] sdb drivers can now provide RR data in either text
+ or wire format, the latter using the new functions
+ dns_sdb_putrdata() and dns_sdb_putnamedrdata().
+
+1127. [func] rndc: If the server to contact has multiple addresses,
+ try all of them.
+
+1119. [func] Added support in Win32 for NTFS file/directory ACL's
+ for access control.
+
+1115. [func] Set maximum values for cleaning-interval,
+ heartbeat-interval, interface-interval,
+ max-transfer-idle-in, max-transfer-idle-out,
+ max-transfer-time-in, max-transfer-time-out,
+ statistics-interval of 28 days and
+ sig-validity-interval of 3660 days. [RT #2002]
+
+1110. [bug] dig should only accept valid abbreviations of +options.
+ [RT #2003]
+
+1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
+
+1080. [bug] BIND 8 compatibility: accept bare IP prefixes
+ as the second element of a two-element top level
+ sort list statement. [RT #1964]
+
+1079. [bug] BIND 8 compatibility: accept bare elements at top
+ level of sort list treating them as if they were
+ a single element list. [RT #1963]
+
+1077. [func] Do not accept further recursive clients when
+ the total number of recursive lookups being
+ processed exceeds max-recursive-clients, even
+ if some of the lookups are internally generated.
+ [RT #1915, #1938]
+
+1073. [bug] The ADB cache cleaning should also be space driven.
+ [RT #1915, #1938]
+
+1067. [func] Allow quotas to be soft, isc_quota_soft().
+
+1065. [func] Runtime support to select new / old style interface
+ scanning using ioctls.
+
+1060. [func] Move refresh, stub and notify UDP retry processing
+ into dns_request.
+
+1059. [func] dns_request now support will now retry UDP queries,
+ dns_request_createvia2() and dns_request_createraw2().
+
+1058. [func] Limited lifetime ticker timers are now available,
+ isc_timertype_limited.
+
+1055. [func] Version and hostname queries can now be disabled
+ using "version none;" and "hostname none;",
+ respectively.
+
+1049. [func] "pid-file none;" will disable writing a pid file.
+ [RT #1848]
+
+1037. [bug] Negative responses whose authority section contain
+ SOA or NS records whose owner names are not equal
+ equal to or parents of the query name should be
+ rejected. [RT #1862]
+
+1036. [func] Silently drop requests received via multicast as
+ long as there is no final multicast DNS standard.
+
+1035. [bug] If we respond to multicast queries (which we
+ currently do not), respond from a unicast address
+ as specified in RFC 1123. [RT #137]
+
+1034. [bug] Ignore the RD bit on multicast queries as specified
+ in RFC 1123. [RT #137]
+
+1032. [func] hostname.bind/txt/chaos now returns the name of
+ the machine hosting the nameserver. This is useful
+ in diagnosing problems with anycast servers.
+
+1025. [bug] Don't use multicast addresses to resolve iterative
+ queries. [RT #101]
+
+1024. [port] Compilation failed on HP-UX 11.11 due to
+ incompatible use of the SIOCGLIFCONF macro
+ name. [RT #1831]
+
+1023. [func] Accept hints without TTLs.
+
+1011. [cleanup] Removed isc_dir_current().
+
+1009. [port] OpenUNIX 8 support. [RT #1728]
+
+1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
+
+1007. [port] config.guess, config.sub from autoconf-2.52.
+
+1003. [func] Add the +retry option to dig.
+
+ 999. [func] "rndc retransfer zone [class [view]]" added.
+ [RT #1752]
+
+ 998. [func] named-checkzone now has arguments to specify the
+ chroot directory (-t) and working directory (-w).
+ [RT #1755]
+
+ 997. [func] Add support for RSA-SHA1 keys (RFC3110).
+
+ 996. [func] Issue warning if the configuration filename contains
+ the chroot path.
+
+ 994. [func] Treat non-authoritative responses to queries for type
+ NS as referrals even if the NS records are in the
+ answer section, because BIND 8 servers incorrectly
+ send them that way. This is necessary for DNSSEC
+ validation of the NS records of a secure zone to
+ succeed when the parent is a BIND 8 server. [RT #1706]
+
+ 993. [func] dig: -v now reports the version.
+
+ 991. [func] Lower UDP refresh timeout messages to level
+ debug 1.
+
+ 985. [func] Consider network interfaces to be up iff they have
+ a nonzero IP address rather than based on the
+ IFF_UP flag. [RT #1160]
+
+ 983. [func] The server now supports generating IXFR difference
+ sequences for non-dynamic zones by comparing zone
+ versions, when enabled using the new config
+ option "ixfr-from-differences". [RT #1727]
+
+ 982. [func] If "memstatistics-file" is set in options the memory
+ statistics will be written to it.
+
+ 981. [func] The dnssec tools can now take multiple '-r randomfile'
+ arguments.
+
+ 979. [func] Incremental master file dumping. dns_master_dumpinc(),
+ dns_master_dumptostreaminc(), dns_dumpctx_attach(),
+ dns_dumpctx_detach(), dns_dumpctx_cancel(),
+ dns_dumpctx_db() and dns_dumpctx_version().
+
+ 976. [func] named-checkconf can now test load master zones
+ (named-checkconf -z). [RT #1468]
+
+ 970. [func] 'max-journal-size' can now be used to set a target
+ size for a journal.
+
+ 969. [func] dig now supports the undocumented dig 8 feature
+ of allowing arbitrary labels, not just dotted
+ decimal quads, with the -x option. This can be
+ used to conveniently look up RFC2317 names as in
+ "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
+
+ --- 9.2.3rc1 released ---
+
+1499. [bug] isc_random need to be seeded better if arc4random()
+ is not used.
+
+1498. [port] bsdos: 5.x support.
+
+1497. [protocol] dig, nslookup and host now perform nibble lookups
+ under IP6.ARPA, use -i for IP6.INT (dig and host).
+ lwres now uses IP6.ARPA.
+
+1496. [port] test for pthread_attr_setstacksize().
+
+1495. [cleanup] Replace hash functions with universal hash.
+
+1494. [security] Turn on RSA BLINDING as a precaution.
+
+1493. [doc] A6 and "bitstring" labels are now experimental.
+
+1492. [cleanup] Preserve rwlock quota context when upgrading /
+ downgrading. [RT #5599]
+
+1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
+ lines. [RT #6206]
+
+1490. [bug] Accept reading state as well as working state in
+ ns_client_next(). [RT #6813]
+
+1489. [compat] Treat 'allow-update' on slave zones as a warning.
+ [RT #3469]
+
+1488. [bug] Don't override trust levels for glue addresses.
+ [RT #5764]
+
+1487. [bug] A REQUIRE() failure could be triggered if a zone was
+ queued for transfer and the zone was then removed.
+ [RT #6189]
+
+1486. [bug] isc_print_snprintf() '%%' consumed one too many format
+ characters. [RT# 8230]
+
+1485. [bug] gen failed to handle high type values. [RT #6225]
+
+1484. [bug] The number of records reported after a AXFR was wrong.
+ [RT #6229]
+
+1483. [bug] dig axfr failed if the message id in the answer failed
+ to match that in the request. Only the id in the first
+ message is required to match. [RT #8138]
+
+1482. [bug] named could fail to start if the kernel supports
+ IPv6 but no interfaces are configured. Similarly
+ for IPv4. [RT #6229]
+
+1481. [bug] Refresh and stub queries failed to use masters keys
+ if specified. [RT #7391]
+
+1480. [bug] Provide replay protection for rndc commands. Full
+ replay protection requires both rndc and named to
+ be updated. Partial replay protection (limited
+ exposure after restart) is provided if just named
+ is updated.
+
+1479. [bug] cfg_create_tuple() failed to handle out of
+ memory cleanup. parse_list() would leak memory
+ on syntax errors.
+
+1478. [port] ifconfig.sh didn't account for other virtual
+ interfaces. It now takes a optional argument
+ to specify the first interface number. [RT #3907]
+
+1477. [bug] memory leak using stub zones and TSIG.
+
+1476. [port] win32: port unreachables were blocking further i/o
+ on sockets (Windows 2000 SP2 and later).
+
+1473. [bug] create_map() and create_string() failed to handle out
+ of memory cleanup. [RT #6813]
+
+1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
+
+1471. [bug] libbind: updated to BIND 8.4.0.
+
+1470. [bug] Incorrect length passed to snprintf. [RT #5966]
+
+1466. [bug] lwresd configuration errors resulted in memory
+ and lock leaks. [RT #5228]
+
+1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
+ failed to check that trailing bits were zero allowing
+ some invalid base64 strings to be accepted. [RT #5397]
+
+1464. [bug] Preserve "out of zone" data for outgoing zone
+ transfers. [RT #5192]
+
+1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
+ NXT bit maps. [RT #5577]
+
+1462. [bug] parse_sizeval() failed to check the token type.
+ [RT #5586]
+
+1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
+
+1460. [bug] inet_pton() failed to reject certain malformed
+ IPv6 literals.
+
+1459. [bug] win32: we were leaking a bits in the exception
+ fd_set resulting in "Socket operation on non-socket"
+ errors from select(). [RT #2966]
+
+1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
+
+1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
+
+1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.
+
+1451. [bug] rndc-confgen didn't exit with a error code for all
+ failures. [RT #5209]
+
+1450. [bug] Fetching expired glue failed under certain
+ circumstances. [RT #5124]
+
+1449. [bug] query_addbestns() didn't handle running out of memory
+ gracefully.
+
+1448. [bug] Handle empty wildcards labels.
+
+1447. [bug] We were casting (unsigned int) to and from (void *).
+ rdataset->private4 is now rdataset->privateuint4
+ to reflect a type change.
+
+1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
+ been replaced with DNS_ADBFIND_STARTATZONE which
+ causes the search to start using the closest zone.
+
+1439. [bug] Named could return NOERROR with certain NOTIFY
+ failures. Return NOTAUTH if the NOTIFY zone is
+ not being served.
+
+1435. [bug] zmgr_resume_xfrs() was being called read locked
+ rather than write locked. zmgr_resume_xfrs()
+ was not being called if the zone was being
+ shutdown.
+
+1437. [bug] Leave space for stdio to work in. [RT #5033]
+
+1434. [bug] "rndc reconfig" failed to initiate the initial
+ zone transfer of new slave zones.
+
+1431. [bug] isc_print_snprintf() "%s" with precision could walk off
+ end of argument. [RT #5191]
+
+1429. [bug] Prevent the cache getting locked to old servers.
+
+1424. [bug] EDNS version not being correctly printed.
+
+1423. [contrib] queryperf: added A6 and SRV.
+
+1420. [port] solaris: work around gcc optimizer bug.
+
+1419. [port] openbsd: use /dev/arandom. [RT #4950]
+
+1418. [bug] 'rndc reconfig' did not cause new slaves to load.
+
+1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
+ [RT #4715]
+
+1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
+
+1408. [bug] "make distclean" was not complete. [RT #4700]
+
+1407. [bug] lfsr incorrectly implements the shift register.
+ [RT #4617]
+
+1406. [bug] dispatch initializes one of the LFSR's with a incorrect
+ polynomial. [RT #4617]
+
+1405. [func] Use arc4random() if available.
+
+1401. [bug] adb wasn't clearing state when the timer expired.
+
+1399. [bug] Use serial number arithmetic when testing SIG
+ timestamps. [RT #4268]
+
+1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
+
+1389. [bug] named could fail to rotate long log files. [RT #3666]
+
+1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
+ defining HAVE_IFLIST_SYSCTL. [RT #3770]
+
+1387. [bug] named could crash due to an access to invalid memory
+ space (which caused an assertion failure) in
+ incremental cleaning. [RT #3588]
+
+1385. [bug] Setting serial-query-rate to 10 would trigger a
+ REQUIRE failure.
+
+1384. [bug] host was incompatible with BIND 8 in its exit code and
+ in the output with the -l option. [RT #3536]
+
+1373. [bug] Recovery from expired glue failed under certain
+ circumstances.
+
+1372. [bug] named crashes with an assertion failure on exit when
+ sharing the same port for listening and querying, and
+ changing listening addresses several times. [RT# 3509]
+
+1370. [bug] dig '+[no]recurse' was incorrectly documented.
+
+1369. [bug] Adding an NS record as the lexicographically last
+ record in a secure zone didn't work.
+
+1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
+
+1348. [port] win32: Rewrote code to use I/O Completion Ports
+ in socket.c and eliminating a host of socket
+ errors. Performance is enhanced.
+
+1333. [contrib] queryperf now reports a summary of returned
+ rcodes (-c), rcodes are printed in mnemonic form (-v).
+
+1299. [bug] Set AI_ADDRCONFIG when looking up addresses
+ via getaddrinfo() (affects dig, host, nslookup, rndc
+ and nsupdate).
+
+1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
+ [RT #2436]
+
+1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
+ [RT #2046]
+
+ 992. [doc] dig: ~/.digrc is now documented.
+
+ --- 9.2.2 released ---
+
+1428. [port] hpux: temporary work around of hpux 11.11 interface
+ scanning.
+
+1427. [bug] Race condition in adb with threaded build.
+
+1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
+ with the forthcoming DS style DNSSEC.
+
+1425. [port] linux/libbind: define __USE_MISC when testing *_r()
+ function prototypes in netdb.h. [RT #4921]
+
+1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
+ have a working implementation. [RT #4079]
+
+1382. [bug] make install failed with --enable-libbind. [RT #3656]
+
+1381. [bug] named failed to correctly process answers that
+ contained DNAME records where the resulting CNAME
+ resulted in a negative answer.
+
+ --- 9.2.2rc1 released ---
+
+1360. [bug] --enable-libbind would fail when not built in the
+ source tree for certain OS's.
+
+1359. [security] Support patches OpenSSL libraries.
+ http://www.cert.org/advisories/CA-2002-23.html
+
+1358. [bug] It was possible to trigger a INSIST when debugging
+ large dynamic updates. [RT #3390]
+
+1357. [bug] nsupdate was extremely wasteful of memory.
+
+1356. [tuning] Reduce the number of events / quantum for zone tasks.
+
+1354. [doc] lwres man pages had illegal nroff.
+
+1353. [contrib] sdb/ldap to version 0.9.
+
+1352. [bug] dig, host, nslookup when falling back to TCP use the
+ current search entry (if any). [RT #3374]
+
+1351. [bug] lwres_getipnodebyname() returned the wrong name
+ when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
+ was set.
+
+1350. [bug] dns_name_fromtext() failed to handle too many labels
+ gracefully.
+
+1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
+ http://www.cert.org/advisories/CA-2002-23.html
+
+1346. [bug] Win32: select timeout in socket.c was too small
+ as value given was meant to be milliseconds and
+ timeval structure requires microseconds. This
+ caused high CPU loads with a compute bound loop.
+ [RT #3358]
+
+1345. [port] Use a explicit -Wformat with gcc. Not all versions
+ include it in -Wall.
+
+1340. [bug] Delay and spread out the startup refresh load.
+
+1335. [bug] When performing a nonexistence proof, the validator
+ should discard parent NXTs from higher in the DNS.
+
+1334. [bug] When signing/verifying rdatasets, duplicate rdatas
+ need to be suppressed.
+
+1330. [bug] When processing events (non-threaded) only allow
+ the task one chance to use to use its quantum.
+
+1327. [bug] The validator would incorrectly mark data as insecure
+ when seeing a bogus signature before a correct
+ signature.
+
+1326. [bug] DNAME/CNAME signatures were not being cached when
+ validation was not being performed. [RT #3284]
+
+1325. [bug] If the tcpquota was exhausted it was possible to
+ to trigger a INSIST() failure.
+
+1324. [port] darwin: ifconfig.sh now supports darwin.
+
+1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
+
+1320. [doc] query-source-v6 was missing from options section.
+ [RT #3218]
+
+1319. [func] libbind: log attempts to exploit #1318.
+
+1318. [bug] libbind: Remote buffer overrun.
+
+1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
+ element name.
+
+1316. [bug] libbind: gethostans() could get out of sync parsing
+ the response if there was a very long CNAME chain.
+
+1315. [bug] Options should apply to the internal _bind view.
+
+1314. [port] Handle ECONNRESET from sendmsg() [unix].
+
+1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
+
+1310. [bug] 'rndc stop' failed to cause zones to be flushed
+ sometimes. [RT #3157]
+
+1307. [bug] nsupdate: allow white space base64 key data.
+
+1306. [bug] Badly encoded LOC record when the size, horizontal
+ precision or vertical precision was 0.1m.
+
+1305. [bug] Document that internal zones are included in the
+ rndc status results.
+
+1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
+ could be left with a trailing "\" after configure
+ has been run.
+
+1297. [port] linux: make handling EINVAL from socket() no longer
+ conditional on #ifdef LINUX.
+
+1296. [bug] isc_log_closefilelogs() needed to lock the log
+ context.
+
+1295. [bug] isc_log_setdebuglevel() needed to lock the log
+ context.
+
+1294. [func] libbind: no longer attempts bit string labels for
+ IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
+ for nibble style resolution.
+
+1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
+
+1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
+ reflect written requirements.
+
+1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
+ a rdataset to a zone db in the rbtdb implementation of
+ addrdataset.
+
+1286. [bug] dns_name_downcase() enforce requirement that
+ target != NULL or name->buffer != NULL.
+
+1284. [bug] The RTT estimate on unused servers was not aged.
+ [RT #2569]
+
+1282. [port] libbind: hpux 11.11 interface scanning.
+
+1280. [bug] libbind: escape '(' and ')' when converting to
+ presentation form.
+
+1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
+
+1276. [bug] libbind: const pointer conflicts in res_debug.c.
+
+1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
+
+1274. [bug] Memory leak in lwres_gnbarequest_parse().
+
+1273. [port] libbind: solaris: 64 bit binary compatibility.
+
+1272. [contrib] Berkeley DB 4.0 sdb implementation from
+ Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
+
+1270. [bug] Check that system inet_pton() and inet_ntop() support
+ AF_INET6.
+
+1269. [port] Openserver: ifconfig.sh support.
+
+1268. [port] Openserver: the value FD_SETSIZE depends on whether
+ <sys/param.h> is included or not. Be consistent.
+
+1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
+ __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
+ are not C++ compatible, use *_TYPE versions instead.
+
+1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
+ C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
+
+1263. [bug] Reference after free error if dns_dispatchmgr_create()
+ failed.
+
+1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
+
+1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
+ support for compressed TSIG owner names.
+
+1260. [func] libbind: res_update can now update IPv6 servers,
+ new function res_findzonecut2().
+
+1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
+ w/o sa_len.
+
+1258. [bug] libbind: res_nametotype() and res_nametoclass() were
+ broken.
+
+1257. [bug] Failure to write pid-file should not be fatal on
+ reload. [RT #2861]
+
+1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
+
+1255. [bug] When verifying that an NXT proves nonexistence, check
+ the rcode of the message and only do the matching NXT
+ check. That is, for NXDOMAIN responses, check that
+ the name is in the range between the NXT owner and
+ next name, and for NOERROR NODATA responses, check
+ that the type is not present in the NXT bitmap.
+
+1253. [bug] The dnssec system test failed to remove the correct
+ files.
+
+1252. [bug] Dig, host and nslookup were not checking the address
+ the answer was coming from against the address it was
+ sent to. [RT# 2692]
+
+1248. [bug] DESTDIR was not being propagated between makes.
+
+1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
+ accept().
+
+1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
+
+1241. [bug] Drop received UDP messages with a zero source port
+ as these are invariably forged. [RT #2621]
+
+1209. [bug] Dig, host, nslookup were not checking the message ids
+ on the responses. [RT #2454]
+
+1097. [func] libbind: RES_PRF_TRUNC for dig.
+
+1096. [func] libbind: "DNSSEC OK" (DO) support.
+
+1095. [func] libbind: resolver option: no-tld-query. disables
+ trying unqualified as a tld. no_tld_query is also
+ supported for FreeBSD compatibility.
+
+1094. [func] libbind: add support gcc's format string checking.
+
+1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
+ support.
+
+ --- 9.2.1 released ---
+
+1251. [port] win32: a make file contained absolute version specific
+ references.
+
+1249. [bug] Missing masters clause was not handled gracefully.
+ [RT #2703]
+
+1244. [bug] Receiving a TCP message from a blackhole address would
+ prevent further messages being received over that
+ interface.
+
+1178. [bug] Follow and cache (if appropriate) A6 and other
+ data chains to completion in the additional section.
+
+ --- 9.2.1rc2 released ---
+
+1240. [bug] It was possible to leak zone references by
+ specifying an incorrect zone to rndc.
+
+1239. [bug] Under certain circumstances named could continue to
+ use a name after it had been freed triggering
+ INSIST() failures. [RT #2614]
+
+1238. [bug] It is possible to lockup the server when shutting down
+ if notifies were being processed. [RT #2591]
+
+1237. [bug] nslookup: "set q=type" failed.
+
+1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
+ NULL terminated text regions. [RT #2588]
+
+1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
+
+1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
+
+1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
+
+1229. [bug] named would crash if it received a TSIG signed
+ query as part of an AXFR response. [RT #2570]
+
+1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
+
+1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
+ if a number was expected and some other token was
+ found. [RT#2532]
+
+1222. [bug] Specifying 'port *' did not always result in a system
+ selected (non-reserved) port being used. [RT #2537]
+
+1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
+ compared case insensitively. [RT #2542]
+
+1218. [bug] Named incorrectly returned SERVFAIL rather than
+ NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
+
+1216. [bug] Multiple server clauses for the same server were not
+ reported. [RT #2514]
+
+1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
+
+1214. [bug] Win32: isc_file_renameunique() could leave zero length
+ files behind.
+
+1212. [port] libbind: 64k answer buffers were causing stack space
+ to be exceeded for certain OS. Use heap space instead.
+
+1211. [bug] dns_name_fromtext() incorrectly handled certain
+ valid octal bitlabels. [RT #2483]
+
+1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
+ compatible addresses. [RT #2461]
+
+1208. [bug] dns_master_load*() failed to log a error message if
+ an error was detected when parsing the ownername of
+ a record. [RT #2448]
+
+ --- 9.2.1rc1 released ---
+
+1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
+ an invalid pointer.
+
+1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
+ trigger a non-EDNS retry.
+
+1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
+ of the message. [RT #2449]
+
+1204. [bug] libbind: res_nupdate() failed to update the name
+ server addresses before sending the update.
+
+1201. [bug] Require that if 'callbacks' is passed to
+ dns_rdata_fromtext(), callbacks->error and
+ callbacks->warn are initialized.
+
+1200. [bug] Log 'errno' that we are unable to convert to
+ isc_result_t. [RT #2404]
+
+1198. [bug] OPT printing style was not consistent with the way the
+ header fields are printed. The DO bit was not reported
+ if set. Report if any of the MBZ bits are set.
+
+1197. [bug] Attempts to define the same acl multiple times were not
+ detected.
+
+1196. [contrib] update mdnkit to 2.2.3.
+
+1195. [bug] Attempts to redefine builtin acls should be caught.
+ [RT #2403]
+
+1194. [bug] Not all duplicate zone definitions were being detected
+ at the named.conf checking stage. [RT #2431]
+
+1193. [bug] Best effort parsing didn't handle packet truncation.
+
+1191. [bug] A dynamic update removing the last non-apex name in
+ a secure zone would fail. [RT #2399]
+
+1189. [bug] On some systems, malloc(0) returns NULL, which
+ could cause the caller to report an out of memory
+ error. [RT #2398]
+
+1188. [bug] Dynamic updates of a signed zone would fail if
+ some of the zone private keys were unavailable.
+
+1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
+ EOL token when reading to end of line.
+
+1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
+ unless RES_INIT is set when calling res_*init().
+
+1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
+ when res_*init() is called.
+
+1183. [bug] Handle ENOSR error when writing to the internal
+ control pipe. [RT #2395]
+
+1182. [bug] The server could throw an assertion failure when
+ constructing a negative response packet.
+
+1176. [doc] Document that allow-v6-synthesis is only performed
+ for clients that are supplied recursive service.
+ [RT #2260]
+
+1175. [bug] named-checkzone failed to call dns_result_register()
+ at startup which could result in runtime
+ exceptions when printing "out of memory" errors.
+ [RT #2335]
+
+1174. [bug] Win32: add WSAECONNRESET to the expected errors
+ from connect(). [RT #2308]
+
+1173. [bug] Potential memory leaks in isc_log_create() and
+ isc_log_settag(). [RT #2336]
+
+1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
+ table of RR types in ARM.
+
+1170. [bug] Don't attempt to print the token when a I/O error
+ occurs when parsing named.conf. [RT #2275]
+
+1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
+
+1167. [contrib] nslint-2.1a3 (from author).
+
+1166. [bug] "Not Implemented" should be reported as NOTIMP,
+ not NOTIMPL. [RT #2281]
+
+1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
+
+1164. [bug] Empty masters clauses in slave / stub zones were not
+ handled gracefully. [RT #2262]
+
+1162. [bug] The allow-notify option was not accepted in slave
+ zone statements.
+
+1161. [bug] named-checkzone looped on unbalanced brackets.
+ [RT #2248]
+
+1160. [bug] Generating Diffie-Hellman keys longer than 1024
+ bits could fail. [RT #2241]
+
+1156. [port] The configure test for strsep() incorrectly
+ succeeded on certain patched versions of
+ AIX 4.3.3. [RT #2190]
+
+1154. [bug] Don't attempt to obtain the netmask of a interface
+ if there is no address configured. [RT #2176]
+
+1152. [bug] libbind: read buffer overflows.
+
+1144. [bug] rndc-confgen would crash if both the -a and -t
+ options were specified. [RT #2159]
+
+1142. [bug] dnssec-signzone would fail to delete temporary files
+ in some failure cases. [RT #2144]
+
+1141. [bug] When named rejected a control message, it would
+ leak a file descriptor and memory. It would also
+ fail to respond, causing rndc to hang.
+ [RT #2139, #2164]
+
+1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
+ to the -s option. [RT #2138]
+
+1136. [bug] CNAME records synthesized from DNAMEs did not
+ have a TTL of zero as required by RFC2672.
+ [RT #2129]
+
+1125. [bug] rndc: -k option was missing from usage message.
+ [RT #2057]
+
+1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
+ are now documented. [RT #2052]
+
+1123. [bug] dig +[no]fail did not match description. [RT #2052]
+
+1109. [bug] nsupdate accepted illegal ttl values.
+
+1108. [bug] On Win32, rndc was hanging when named was not running
+ due to failure to select for exceptional conditions
+ in select(). [RT #1870]
+
+1081. [bug] Multicast queries were incorrectly identified
+ based on the source address, not the destination
+ address.
+
+1072. [bug] The TCP client quota could be exceeded when
+ recursion occurred. [RT #1937]
+
+1071. [bug] Sockets listening for TCP DNS connections
+ specified an excessive listen backlog. [RT #1937]
+
+1070. [bug] Copy DNSSEC OK (DO) to response as specified by
+ draft-ietf-dnsext-dnssec-okbit-03.txt.
+
+1014. [bug] Some queries would cause statistics counters to
+ increment more than once or not at all. [RT #1321]
+
+1012. [bug] The -p option to named did not behave as documented.
+
+ 988. [bug] 'additional-from-auth no;' did not work reliably
+ in the case of queries answered from the cache.
+ [RT #1436]
+
+ 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
+ target address should be fatal on a IPv4 only system.
+
+ --- 9.2.0 released ---
+
+1134. [bug] Multi-threaded servers could deadlock in ferror()
+ when reloading zone files. [RT #1951, #1998]
+
+1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
+ platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
+
+ --- 9.2.0rc10 released ---
+
+1131. [bug] The match-destinations view option did not work with
+ IPv6 destinations. [RT #2073, #2074]
+
+1130. [bug] Log messages reporting an out-of-range serial number
+ did not include the out-of-range number but the
+ following token. [RT #2076]
+
+1129. [bug] Multi-threaded servers could crash under heavy
+ resolution load due to a race condition. [RT #2018]
+
+1126. [bug] The server could access a freed event if shut
+ down while a client start event was pending
+ delivery. [RT #2061]
+
+1121. [bug] The server could attempt to access a NULL zone
+ table if shut down while resolving.
+ [RT #1587, #2054]
+
+1120. [bug] Errors in options were not fatal. [RT #2002]
+
+1118. [bug] On multi-threaded servers, a race condition
+ could cause an assertion failure in resolver.c
+ during resolver shutdown. [RT #2029]
+
+1117. [port] The configure check for in6addr_loopback incorrectly
+ succeeded on AIX 4.3 when compiling with -O2
+ because the test code was optimized away.
+ [RT #2016]
+
+1116. [bug] Setting transfers in a server clause, transfers-in,
+ or transfers-per-ns to a value greater than
+ 2147483647 disabled transfers. [RT #2002]
+
+1114. [port] Ignore more accept() errors. [RT #2021]
+
+1113. [bug] The allow-update-forwarding option was ignored
+ when specified in a view. [RT #2014]
+
+1111. [bug] Multi-threaded servers could deadlock processing
+ recursive queries due to a locking hierarchy
+ violation in adb.c. [RT #2017]
+
+ --- 9.2.0rc9 released ---
+
+1107. [bug] nsupdate could catch an assertion failure if an
+ invalid domain name was given as the argument to
+ the "zone" command.
+
+1106. [bug] After seeing an out of range TTL, nsupdate would
+ treat all TTLs as out of range. [RT #2001]
+
+1104. [bug] Invalid arguments to the transfer-format option
+ could cause an assertion failure. [RT #1995]
+
+1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
+
+1102. [doc] Note that query logging is enabled by directing the
+ queries category to a channel.
+
+1101. [bug] Array bounds read error in lwres_gai_strerror.
+
+1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
+
+1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
+ compile time errors.
+
+1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
+
+1093. [doc] libbind: miscellaneous nroff fixes.
+
+1092. [bug] libbind: get*by*() failed to check if res_init() had
+ been called.
+
+1091. [bug] libbind: misplaced va_end().
+
+1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
+ the amount of memory consumed resulting in garbage
+ address being returned. Alignment calculations were
+ wasting space. We weren't suppressing duplicate
+ addresses.
+
+1088. [port] libbind: MPE/iX C.70 (incomplete)
+
+1087. [bug] libbind: struct __res_state too large on 64 bit arch.
+
+1086. [port] libbind: sunos: old sprintf.
+
+1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
+ exist when compiling in 64 bit mode.
+
+1084. [cleanup] libbind: gai_strerror() rewritten.
+
+1083. [bug] The default control channel listened on the
+ wildcard address, not the loopback as documented.
+ [RT #1975]
+
+1082. [bug] The -g option to named incorrectly caused logging
+ to be sent to syslog in addition to stderr.
+ [RT #1974]
+
+1078. [bug] We failed to correct bad tv_usec values in one case.
+ [RT #1966]
+
+1076. [bug] A badly defined global key could trigger an assertion
+ on load/reload if views were used. [RT #1947]
+
+1075. [bug] Out-of-range network prefix lengths were not
+ reported. [RT #1954]
+
+1074. [bug] Running out of memory in dump_rdataset() could
+ cause an assertion failure. [RT #1946]
+
+ --- 9.2.0rc8 released ---
+
+1068. [bug] errno could be overwritten by catgets(). [RT #1921]
+
+1066. [bug] Provide a thread safe wrapper for strerror().
+ [RT #1689]
+
+1064. [bug] Do not shut down active network interfaces if we
+ are unable to scan the interface list. [RT #1921]
+
+1063. [bug] libbind: "make install" was failing on IRIX.
+ [RT #1919]
+
+1062. [bug] If the control channel listener socket was shut
+ down before server exit, the listener object could
+ be freed twice. [RT #1916]
+
+1061. [bug] If periodic cache cleaning happened to start
+ while cleaning due to reaching the configured
+ maximum cache size was in progress, the server
+ could catch an assertion failure. [RT #1912]
+
+1057. [bug] Reloading the server after adding a "file" clause
+ to a zone statement could cause the server to
+ crash due to a typo in change 1016.
+
+1056. [bug] Rndc could catch an assertion failure on SIGINT due
+ to an uninitialized variable. [RT #1908]
+
+ --- 9.2.0rc7 released ---
+
+1054. [bug] On Win32, cfg_categories and cfg_modules need to be
+ exported from the libisccfg DLL.
+
+1053. [bug] Dig did not increase its timeout when receiving
+ AXFRs unless the +time option was used. [RT #1904]
+
+1052. [bug] Journals were not being created in binary mode
+ resulting in "journal format not recognized" error
+ under Win32. [RT #1889]
+
+1051. [bug] Do not ignore a network interface completely just
+ because it has a noncontiguous netmask. Instead,
+ omit it from the localnets ACL and issue a warning.
+ [RT #1891]
+
+1050. [bug] Log messages reporting malformed IP addresses in
+ address lists such as that of the forwarders option
+ failed to include the correct error code, file
+ name, and line number. [RT #1890]
+
+1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
+ didn't work.
+
+1047. [bug] named was incorrectly refusing all requests signed
+ with a TSIG key derived from an unsigned TKEY
+ negotiation with a NOERROR response. [RT #1886]
+
+1046. [bug] The help message for the --with-openssl configure
+ option was inaccurate. [RT #1880]
+
+1045. [bug] It was possible to skip saving glue for a nameserver
+ for a stub zone.
+
+1044. [bug] Specifying allow-transfer, notify-source, or
+ notify-source-v6 in a stub zone was not treated
+ as an error.
+
+1043. [bug] Specifying a transfer-source or transfer-source-v6
+ option in the zone statement for a master zone was
+ not treated as an error. [RT #1876]
+
+1042. [bug] The "config" logging category did not work properly.
+ [RT #1873]
+
+1041. [bug] Dig/host/nslookup could catch an assertion failure
+ on SIGINT due to an uninitialized variable. [RT #1867]
+
+1040. [bug] Multiple listen-on-v6 options with different ports
+ were not accepted. [RT #1875]
+
+1039. [bug] Negative responses with CNAMEs in the answer section
+ were cached incorrectly. [RT #1862]
+
+1038. [bug] In servers configured with a tkey-domain option,
+ TKEY queries with an owner name other than the root
+ could cause an assertion failure. [RT #1866, #1869]
+
+1033. [bug] Always respond to requests with an unsupported opcode
+ with NOTIMP, even if we don't have a matching view
+ or cannot determine the class.
+
+ --- 9.2.0rc6 released ---
+
+1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
+ [RT #1858]
+
+1030. [bug] On systems with no resolv.conf file, nsupdate
+ exited with an error rather than defaulting
+ to using the loopback address. [RT #1836]
+
+1029. [bug] Some named.conf errors did not cause the loading
+ of the configuration file to return a failure
+ status even though they were logged. [RT #1847]
+
+1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
+ in the wrong directory. [RT #1833]
+
+1027. [bug] RRs having the reserved type 0 should be rejected.
+ [RT #1471]
+
+1026. [port] Recognize OpenUNIX 8 in config.guess. [RT #1830]
+
+1022. [bug] Don't report empty root hints as "extra data".
+ [RT #1802]
+
+ --- 9.2.0rc5 released ---
+
+1021. [bug] On Win32, log message timestamps were one month
+ later than they should have been, and the server
+ would exhibit unspecified behavior in December.
+
+1020. [bug] IXFR log messages did not distinguish between
+ true IXFRs, AXFR-style IXFRs, and mere version
+ polls. [RT #1811]
+
+1019. [bug] The value of the lame-ttl option was limited to 18000
+ seconds, not 1800 seconds as documented. [RT #1803]
+
+1018. [bug] The default log channel was not always initialized
+ correctly. [RT #1813]
+
+1017. [bug] When specifying TSIG keys to dig and nsupdate using
+ the -k option, they must be HMAC-MD5 keys. [RT #1810]
+
+1016. [bug] Slave zones with no backup file were re-transferred
+ on every server reload.
+
+1015. [bug] Log channels that had a "versions" option but no
+ "size" option failed to create numbered log
+ files. [RT #1783]
+
+ --- 9.2.0rc4 released ---
+
+1013. [bug] It was possible to cancel a query twice when marking
+ a server as bogus or by having a blackhole acl.
+ [RT #1776]
+
+1010. [bug] The server could attempt to execute a command channel
+ command after initiating server shutdown, causing
+ an assertion failure. [RT #1766]
+
+1006. [bug] If a KEY RR was found missing during DNSSEC validation,
+ an assertion failure could subsequently be triggered
+ in the resolver. [RT #1763]
+
+1005. [bug] Don't copy nonzero RCODEs from request to response.
+ [RT #1765]
+
+1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
+
+1002. [bug] When reporting an unknown class name in named.conf,
+ including the file name and line number. [RT #1759]
+
+1001. [bug] win32 socket code doio_recv was not catching a
+ WSACONNRESET error when a client was timing out
+ the request and closing its socket. [RT #1745]
+
+1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
+ for class "HS". [RT #1759]
+
+ --- 9.2.0rc3 released ---
+
+ 990. [bug] The rndc-confgen man page was not installed.
+
+ 989. [bug] Report filename if $INCLUDE fails for file related
+ errors. [RT #1736]
+
+ 987. [bug] "dig -help" didn't show "+[no]stats".
+
+ 986. [bug] "dig +noall" failed to clear stats and command
+ printing.
+
+ 984. [bug] Multi-threading should be enabled by default on
+ Solaris 2.7 and newer, but it wasn't.
+
+ --- 9.2.0rc2 released ---
+
+ 980. [bug] Incoming zone transfers restarting after an error
+ could trigger an assertion failure. [RT #1692]
+
+ 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
+ condition.
+
+ 977. [bug] Improve "not at top of zone" error message.
+
+ 975. [bug] "max-cache-size default;" as a view option
+ caused an assertion failure.
+
+ 974. [bug] "max-cache-size unlimited;" as a global option
+ was not accepted.
+
+ 973. [bug] Failed to log the question name when logging:
+ "bad zone transfer request: non-authoritative zone
+ (NOTAUTH)".
+
+ 972. [bug] The file modification time code in zone.c was using the
+ wrong epoch. [RT #1667]
+
+ 968. [bug] On win32, the isc_time_now() function was unnecessarily
+ calling strtime(). [RT #1671]
+
+ 967. [bug] On win32, the link for bindevt was not including the
+ required resource file to enable the event viewer
+ to interpret the error messages in the event log,
+ [RT #1668]
+
+ 966. [placeholder]
+
+ 965. [bug] Including data other than root server NS and A
+ records in the root hint file could cause a rbtdb
+ node reference leak. [RT #1581, #1618]
+
+ 964. [func] Warn if data other than root server NS and A records
+ are found in the root hint file. [RT #1581, #1618]
+
+ 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
+
+ 962. [bug] libbind: bad "#undef", don't attempt to install
+ non-existant nlist.h. [RT #1640]
+
+ 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
+ was not defined. [RT #1482]
+
+ 960. [port] liblwres failed to build on systems with support for
+ getrrsetbyname() in the OS. [RT #1592]
+
+ 959. [port] On FreeBSD, determine the number of CPUs by calling
+ sysctlbyname(). [RT #1584]
+
+ 958. [port] ssize_t is not available on all platforms. [RT #1607]
+
+ 957. [bug] sys/select.h inclusion was broken on older platforms.
+ [RT #1607]
+
+ 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
+ in named/win32/os.c due to code changes in
+ change #953. win32 .make file for rndc-confgen
+ updated to add include path for os.h header.
+
+ --- 9.2.0rc1 released ---
+
+ 955. [bug] When using views, the zone's class was not being
+ inherited from the view's class. [RT #1583]
+
+ 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
+ nslookup, the RD bit should not be set as zone
+ transfers are inherently nonrecursive. [RT #1575]
+
+ 953. [func] The /var/run/named.key file from change #843
+ has been replaced by /etc/rndc.key. Both
+ named and rndc will look for this file and use
+ it to configure a default control channel key
+ if not already configured using a different
+ method (rndc.conf / controls). Unlike
+ named.key, rndc.key is not created automatically;
+ it must be created by manually running
+ "rndc-confgen -a".
+
+ 952. [bug] The server required manual intervention to serve the
+ affected zones if it died between creating a journal
+ and committing the first change to it.
+
+ 951. [bug] CFLAGS was not passed to the linker when
+ linking some of the test programs under
+ bin/tests. [RT #1555].
+
+ 950. [bug] Explicit TTLs did not properly override $TTL
+ due to a bug in change 834. [RT #1558]
+
+ 949. [bug] host was unable to print records larger than 512
+ bytes. [RT #1557]
+
+ --- 9.2.0b2 released ---
+
+ 948. [port] Integrated support for building on Windows NT /
+ Windows 2000.
+
+ 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
+ was really the RNAME field from RFC1035. To avoid
+ confusion and silent errors that would occur it the
+ "origin" and "mname" elements were given their correct
+ names "mname" and "rname" respectively, the "mname"
+ element is renamed to "contact".
+
+ 946. [cleanup] doc/misc/options is now machine-generated from the
+ configuration parser syntax tables, and therefore
+ more likely to be correct.
+
+ 945. [func] Add the new view-specific options
+ "match-destinations" and "match-recursive-only".
+
+ 944. [func] Check for expired signatures on load.
+
+ 943. [bug] The server could crash when receiving a command
+ via rndc if the configuration file listed only
+ nonexistent keys in the controls statement. [RT #1530]
+
+ 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
+ defined on some platforms.
+
+ 941. [bug] The configuration checker crashed if a slave
+ zone didn't contain a masters statement. [RT #1514]
+
+ 940. [bug] Double zone locking failure on error path. [RT #1510]
+
+ --- 9.2.0b1 released ---
+
+ 939. [port] Add the --disable-linux-caps option to configure for
+ systems that manage capabilities outside of named.
+ [RT #1503]
+
+ 938. [placeholder]
+
+ 937. [bug] A race when shutting down a zone could trigger a
+ INSIST() failure. [RT #1034]
+
+ 936. [func] Warn about IPv4 addresses that are not complete
+ dotted quads. [RT #1084]
+
+ 935. [bug] inet_pton failed to reject leading zeros.
+
+ 934. [port] Deal with systems where accept() spuriously returns
+ ECONNRESET.
+
+ 933. [bug] configure failed doing libbind on platforms not
+ supported by BIND 8. [RT #1496]
+
+ --- 9.2.0a3 released ---
+
+ 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
+ when installing isc-config.sh.
+ [RT #198, #1466]
+
+ 931. [bug] The controls statement only attempted to verify
+ messages using the first key in the key list.
+ (9.2.0a1/a2 only).
+
+ 930. [func] Query performance testing tool added as
+ contrib/queryperf.
+
+ 929. [placeholder]
+
+ 928. [bug] nsupdate would send empty update packets if the
+ send (or empty line) command was run after
+ another send but before any new updates or
+ prerequisites were specified. It should simply
+ ignore this command.
+
+ 927. [bug] Don't hold the zone lock for the entire dump to disk.
+ [RT #1423]
+
+ 926. [bug] The resolver could deadlock with the ADB when
+ shutting down (multi-threaded builds only).
+ [RT #1324]
+
+ 925. [cleanup] Remove openssl from the distribution; require that
+ --with-openssl be specified if DNSSEC is needed.
+
+ 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
+ [RT #987]
+
+ 923. [bug] Multiline TSIG secrets (and other multiline strings)
+ were not accepted in named.conf. [RT #1469]
+
+ 922. [func] Added two new lwres_getrrsetbyname() result codes,
+ ERR_NONAME and ERR_NODATA.
+
+ 921. [bug] lwres returned an incorrect error code if it received
+ a truncated message.
+
+ 920. [func] Increase the lwres receive buffer size to 16K.
+ [RT #1451]
+
+ 919. [placeholder]
+
+ 918. [func] In nsupdate, TSIG errors are no longer treated as
+ fatal errors.
+
+ 917. [func] New nsupdate command 'key', allowing TSIG keys to
+ be specified in the nsupdate command stream rather
+ than the command line.
+
+ 916. [bug] Specifying type ixfr to dig without specifying
+ a serial number failed in unexpected ways.
+
+ 915. [func] The named-checkconf and named-checkzone programs
+ now have a '-v' option for printing their version.
+ [RT #1151]
+
+ 914. [bug] Global 'server' statements were rejected when
+ using views, even though they were accepted
+ in 9.1. [RT #1368]
+
+ 913. [bug] Cache cleaning was not sufficiently aggressive.
+ [RT #1441, #1444]
+
+ 912. [bug] Attempts to set the 'additional-from-cache' or
+ 'additional-from-auth' option to 'no' in a
+ server with recursion enabled will now
+ be ignored and cause a warning message.
+ [RT #1145]
+
+ 911. [placeholder]
+
+ 910. [port] Some pre-RFC2133 IPv6 implementations do not define
+ IN6ADDR_ANY_INIT. [RT #1416]
+
+ 908. [func] New program, rndc-confgen, to simplify setting up rndc.
+
+ 907. [func] The ability to get entropy from either the
+ random device, a user-provided file or from
+ the keyboard was migrated from the DNSSEC tools
+ to libisc as isc_entropy_usebestsource().
+
+ 906. [port] Separated the system independent portion of
+ lib/isc/unix/entropy.c into lib/isc/entropy.c
+ and added lib/isc/win32/entropy.c.
+
+ 905. [bug] Configuring a forward "zone" for the root domain
+ did not work. [RT #1418]
+
+ 904. [bug] The server would leak memory if attempting to use
+ an expired TSIG key. [RT #1406]
+
+ 903. [bug] dig should not crash when receiving a TCP packet
+ of length 0.
+
+ 902. [bug] The -d option was ignored if both -t and -g were also
+ specified.
+
+ 901. [placeholder]
+
+ 900. [bug] A config.guess update changed the system identification
+ string of FreeBSD systems; configure and
+ bin/tests/system/ifconfig.sh now recognize the new
+ string.
+
+ --- 9.2.0a2 released ---
+
+ 899. [bug] lib/dns/soa.c failed to compile on many platforms
+ due to inappropriate use of a void value.
+ [RT #1372, #1373, #1386, #1387, #1395]
+
+ 898. [bug] "dig" failed to set a nonzero exit status
+ on UDP query timeout. [RT #1323]
+
+ 897. [bug] A config.guess update changed the system identification
+ string of UnixWare systems; configure now recognizes
+ the new string.
+
+ 896. [bug] If a configuration file is set on named's command line
+ and it has a relative pathname, the current directory
+ (after any possible jailing resulting from named -t)
+ will be prepended to it so that reloading works
+ properly even when a directory option is present.
+
+ 895. [func] New function, isc_dir_current(), akin to POSIX's
+ getcwd().
+
+ 894. [bug] When using the DNSSEC tools, a message intended to warn
+ when the keyboard was being used because of the lack
+ of a suitable random device was not being printed.
+
+ 893. [func] Removed isc_file_test() and added isc_file_exists()
+ for the basic functionality that was being added
+ with isc_file_test().
+
+ 892. [placeholder]
+
+ 891. [bug] Return an error when a SIG(0) signed response to
+ an unsigned query is seen. This should actually
+ do the verification, but it's not currently
+ possible. [RT #1391]
+
+ 890. [cleanup] The man pages no longer require the mandoc macros
+ and should now format cleanly using most versions of
+ nroff, and HTML versions of the man pages have been
+ added. Both are generated from DocBook source.
+
+ 889. [port] Eliminated blank lines before .TH in nroff man
+ pages since they cause problems with some versions
+ of nroff. [RT #1390]
+
+ 888. [bug] Don't die when using TKEY to delete a nonexistent
+ TSIG key. [RT #1392]
+
+ 887. [port] Detect broken compilers that can't call static
+ functions from inline functions. [RT #1212]
+
+ 866. [func] Close debug only file channels when debug is set to
+ zero. [RT #1246]
+
+ 865. [bug] The new configuration parser did not allow
+ the optional debug level in a "severity debug"
+ clause of a logging channel to be omitted.
+ This is now allowed and treated as "severity
+ debug 1;" like it does in BIND 8.2.4, not as
+ "severity debug 0;" like it did in BIND 9.1.
+ [RT #1367]
+
+ 864. [cleanup] Multi-threading is now enabled by default on
+ OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
+
+ 863. [bug] If an error occurred while an outgoing zone transfer
+ was starting up, the server could access a domain
+ name that had already been freed when logging a
+ message saying that the transfer was starting.
+ [RT #1383]
+
+ 862. [bug] Use after realloc(), non portable pointer arithmetic in
+ grmerge().
+
+ 861. [port] Add support for Mac OS X, by making it equivalent
+ to Darwin. This was derived from the config.guess
+ file shipped with Mac OS X. [RT #1355]
+
+ 860. [func] Drop cross class glue in zone transfers.
+
+ 859. [bug] Cache cleaning now won't swamp the CPU if there
+ is a persistent overlimit condition.
+
+ 858. [func] isc_mem_setwater() no longer requires that when the
+ callback function is non-NULL then its hi_water
+ argument must be greater than its lo_water argument
+ (they can now be equal) or that they be non-zero.
+
+ 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
+ structs, for our friends in EBCDIC-land.
+
+ 856. [func] Allow partial rdatasets to be returned in answer and
+ authority sections to help non-TCP capable clients
+ recover from truncation. [RT #1301]
+
+ 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
+
+ 854. [bug] The config parser didn't properly handle config
+ options that were specified in units of time other
+ than seconds. [RT #1372]
+
+ 853. [bug] configure_view_acl() failed to detach existing acls.
+ [RT #1374]
+
+ 852. [bug] Handle responses from servers which do not know
+ about IXFR.
+
+ 851. [cleanup] The obsolete support-ixfr option was not properly
+ ignored.
+
+ --- 9.2.0a1 released ---
+
+ 850. [bug] dns_rbt_findnode() would not find nodes that were
+ split on a bitstring label somewhere other than in
+ the last label of the node. [RT #1351]
+
+ 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
+
+ 848. [func] A minimum max-cache-size of two megabytes is enforced
+ by the cache cleaner.
+
+ 847. [func] Added isc_file_test(), which currently only has
+ some very basic functionality to test for the
+ existence of a file, whether a pathname is absolute,
+ or whether a pathname is the fundamental representation
+ of the current directory. It is intended that this
+ function can be expanded to test other things a
+ programmer might want to know about a file.
+
+ 846. [func] A non-zero 'param' to dst_key_generate() when making an
+ hmac-md5 key means that good entropy is not required.
+
+ 845. [bug] The access rights on the public file of a symmetric
+ key are now restricted as soon as the file is opened,
+ rather than after it has been written and closed.
+
+ 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
+ just as <lwres/net.h> does.
+
+ 843. [func] If no controls statement is present in named.conf,
+ or if any inet phrase of a controls statement is
+ lacking a keys clause, then a key will be automatically
+ generated by named and an rndc.conf-style file
+ named named.key will be written that uses it. rndc
+ will use this file only if its normal configuration
+ file, or one provided on the command line, does not
+ exist.
+
+ 842. [func] 'rndc flush' now takes an optional view.
+
+ 841. [bug] When sdb modules were not declared threadsafe, their
+ create and destroy functions were not serialized.
+
+ 840. [bug] The config file parser could print the wrong file
+ name if an error was detected after an included file
+ was parsed. [RT #1353]
+
+ 839. [func] Dump packets for which there was no view or that the
+ class could not be determined to category "unmatched".
+
+ 838. [port] UnixWare 7.x.x is now suported by
+ bin/tests/system/ifconfig.sh.
+
+ 837. [cleanup] Multi-threading is now enabled by default only on
+ OSF1, Solaris 2.7 and newer, and AIX.
+
+ 836. [func] Upgraded libtool to 1.4.
+
+ 835. [bug] The dispatcher could enter a busy loop if
+ it got an I/O error receiving on a UDP socket.
+ [RT #1293]
+
+ 834. [func] Accept (but warn about) master files beginning with
+ an SOA record without an explicit TTL field and
+ lacking a $TTL directive, by using the SOA MINTTL
+ as a default TTL. This is for backwards compatibility
+ with old versions of BIND 8, which accepted such
+ files without warning although they are illegal
+ according to RFC1035.
+
+ 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
+ <dns/soa.h>, and extended them to support
+ all the integer-valued fields of the SOA RR.
+
+ 832. [bug] The default location for named.conf in named-checkconf
+ should depend on --sysconfdir like it does in named.
+ [RT #1258]
+
+ 831. [placeholder]
+
+ 830. [func] Implement 'rndc status'.
+
+ 829. [bug] The DNS_R_ZONECUT result code should only be returned
+ when an ANY query is made with DNS_DBFIND_GLUEOK set.
+ In all other ANY query cases, returning the delegation
+ is better.
+
+ 828. [bug] The errno value from recvfrom() could be overwritten
+ by logging code. [RT #1293]
+
+ 827. [bug] When an IXFR protocol error occurs, the slave
+ should retry with AXFR.
+
+ 826. [bug] Some IXFR protocol errors were not detected.
+
+ 825. [bug] zone.c:ns_query() detached from the wrong zone
+ reference. [RT #1264]
+
+ 824. [bug] Correct line numbers reported by dns_master_load().
+ [RT #1263]
+
+ 823. [func] The output of "dig -h" now goes to stdout so that it
+ can easily be piped through "more". [RT #1254]
+
+ 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
+ [RT #1248]
+
+ 821. [bug] The program name used when logging to syslog should
+ be stripped of leading path components.
+ [RT #1178, #1232]
+
+ 820. [bug] Name server address lookups failed to follow
+ A6 chains into the glue of local authoritative
+ zones.
+
+ 819. [bug] In certain cases, the resolver's attempts to
+ restart an address lookup at the root could cause
+ the fetch to deadlock (with itself) instead of
+ restarting. [RT #1225]
+
+ 818. [bug] Certain pathological responses to ANY queries could
+ cause an assertion failure. [RT #1218]
+
+ 817. [func] Adjust timeouts for dialup zone queries.
+
+ 816. [bug] Report potential problems with log file accessibility
+ at configuration time, since such problems can't
+ reliably be reported at the time they actually occur.
+
+ 815. [bug] If a log file was specified with a path separator
+ character (i.e. "/") in its name and the directory
+ did not exist, the log file's name was treated as
+ though it were the directory name. [RT #1189]
+
+ 814. [bug] Socket objects left over from accept() failures
+ were incorrectly destroyed, causing corruption
+ of socket manager data structures.
+
+ 813. [bug] File descriptors exceeding FD_SETSIZE were handled
+ badly. [RT #1192]
+
+ 812. [bug] dig sometimes printed incomplete IXFR responses
+ due to an uninitialized variable. [RT #1188]
+
+ 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
+
+ 810. [bug] The signer name in SIG records was not properly
+ downcased when signing/verifying records. [RT #1186]
+
+ 809. [bug] Configuring a non-local address as a transfer-source
+ could cause an assertion failure during load.
+
+ 808. [func] Add 'rndc flush' to flush the server's cache.
+
+ 807. [bug] When setting up TCP connections for incoming zone
+ transfers, the transfer-source port was not
+ ignored like it should be.
+
+ 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
+ the calling stack to the zone maintence level, causing
+ zones to not reload when an included file was touched
+ but the top-level zone file was not.
+
+ 805. [bug] When using "forward only", missing root hints should
+ not cause queries to fail. [RT #1143]
+
+ 804. [bug] Attempting to obtain entropy could fail in some
+ situations. This would be most common on systems
+ with user-space threads. [RT #1131]
+
+ 803. [bug] Treat all SIG queries as if they have the CD bit set,
+ otherwise no data will be returned [RT #749]
+
+ 802. [bug] DNSSEC key tags were computed incorrectly in almost
+ all cases. [RT #1146]
+
+ 801. [bug] nsupdate should treat lines beginning with ';' as
+ comments. [RT #1139]
+
+ 800. [bug] dnssec-signzone produced incorrect statistics for
+ large zones. [RT #1133]
+
+ 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
+ glue was also present.
+
+ 798. [bug] nsupdate should be able to reject bad input lines
+ and continue. [RT #1130]
+
+ 797. [func] Issue a warning if the 'directory' option contains
+ a relative path. [RT #269]
+
+ 796. [func] When a size limit is associated with a log file,
+ only roll it when the size is reached, not every
+ time the log file is opened. [RT #1096]
+
+ 795. [func] Add the +multiline option to dig. [RT #1095]
+
+ 794. [func] Implement the "port" and "default-port" statements
+ in rndc.conf.
+
+ 793. [cleanup] The DNSSEC tools could create filenames that were
+ illegal or contained shell metacharacters. They
+ now use a different text encoding of names that
+ doesn't have these problems. [RT #1101]
+
+ 792. [cleanup] Replace the OMAPI command channel protocol with a
+ simpler one.
+
+ 791. [bug] The command channel now works over IPv6.
+
+ 790. [bug] Wildcards created using dynamic update or IXFR
+ could fail to match. [RT #1111]
+
+ 789. [bug] The "localhost" and "localnets" ACLs did not match
+ when used as the second element of a two-element
+ sortlist item.
+
+ 788. [func] Add the "match-mapped-addresses" option, which
+ causes IPv6 v4mapped addresses to be treated as
+ IPv4 addresses for the purpose of acl matching.
+
+ 787. [bug] The DNSSEC tools failed to downcase domain
+ names when mapping them into file names.
+
+ 786. [bug] When DNSSEC signing/verifying data, owner names were
+ not properly downcased.
+
+ 785. [bug] A race condition in the resolver could cause
+ an assertion failure. [RT #673, #872, #1048]
+
+ 784. [bug] nsupdate and other programs would not quit properly
+ if some signals were blocked by the caller. [RT #1081]
+
+ 783. [bug] Following CNAMEs could cause an assertion failure
+ when either using an sdb database or under very
+ rare conditions.
+
+ 782. [func] Implement the "serial-query-rate" option.
+
+ 781. [func] Avoid error packet loops by dropping duplicate FORMERR
+ responses. [RT #1006]
+
+ 780. [bug] Error handling code dealing with out of memory or
+ other rare errors could lead to assertion failures
+ by calling functions on unitialized names. [RT #1065]
+
+ 779. [func] Added the "minimal-responses" option.
+
+ 778. [bug] When starting cache cleaning, cleaning_timer_action()
+ returned without first pausing the iterator, which
+ could cause deadlock. [RT #998]
+
+ 777. [bug] An empty forwarders list in a zone failed to override
+ global forwarders. [RT #995]
+
+ 776. [func] Improved error reporting in denied messages. [RT #252]
+
+ 775. [placeholder]
+
+ 774. [func] max-cache-size is implemented.
+
+ 773. [func] Added isc_rwlock_trylock() to attempt to lock without
+ blocking.
+
+ 772. [bug] Owner names could be incorrectly omitted from cache
+ dumps in the presence of negative caching entries.
+ [RT #991]
+
+ 771. [cleanup] TSIG errors related to unsynchronized clocks
+ are logged better. [RT #919]
+
+ 770. [func] Add the "edns yes_or_no" statement to the server
+ clause. [RT #524]
+
+ 769. [func] Improved error reporting when parsing rdata. [RT #740]
+
+ 768. [bug] The server did not emit an SOA when a CNAME
+ or DNAME chain ended in NXDOMAIN in an
+ authoritative zone.
+
+ 767. [placeholder]
+
+ 766. [bug] A few cases in query_find() could leak fname.
+ This would trigger the mpctx->allocated == 0
+ assertion when the server exited.
+ [RT #739, #776, #798, #812, #818, #821, #845,
+ #892, #935, #966]
+
+ 765. [func] ACL names are once again case insensitive, like
+ in BIND 8. [RT #252]
+
+ 764. [func] Configuration files now allow "include" directives
+ in more places, such as inside the "view" statement.
+ [RT #377, #728, #860]
+
+ 763. [func] Configuration files no longer have reserved words.
+ [RT #731, #753]
+
+ 762. [cleanup] The named.conf and rndc.conf file parsers have
+ been completely rewritten.
+
+ 761. [bug] _REENTRANT was still defined when building with
+ --disable-threads.
+
+ 760. [contrib] Significant enhancements to the pgsql sdb driver.
+
+ 759. [bug] The resolver didn't turn off "avoid fetches" mode
+ when restarting, possibly causing resolution
+ to fail when it should not. This bug only affected
+ platforms which support both IPv4 and IPv6. [RT #927]
+
+ 758. [bug] The "avoid fetches" code did not treat negative
+ cache entries correctly, causing fetches that would
+ be useful to be avoided. This bug only affected
+ platforms which support both IPv4 and IPv6. [RT #927]
+
+ 757. [func] Log zone transfers.
+
+ 756. [bug] dns_zone_load() could "return" success when no master
+ file was configured.
+
+ 755. [bug] Fix incorrectly formatted log messages in zone.c.
+
+ 754. [bug] Certain failure conditions sending UDP packets
+ could cause the server to retry the transmission
+ indefinitely. [RT #902]
+
+ 753. [bug] dig, host, and nslookup would fail to contact a
+ remote server if getaddrinfo() returned an IPv6
+ address on a system that doesn't support IPv6.
+ [RT #917]
+
+ 752. [func] Correct bad tv_usec elements returned by
+ gettimeofday().
+
+ 751. [func] Log successful zone loads / transfers. [RT #898]
+
+ 750. [bug] A query should not match a DNAME whose trust level
+ is pending. [RT #916]
+
+ 749. [bug] When a query matched a DNAME in a secure zone, the
+ server did not return the signature of the DNAME.
+ [RT #915]
+
+ 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
+ [RT #781]
+
+ 747. [bug] The code to determine whether an IXFR was possible
+ did not properly check for a database that could
+ not have a journal. [RT #865, #908]
+
+ 746. [bug] The sdb didn't clone rdatasets properly, causing
+ a crash when the server followed delegations. [RT #905]
+
+ 745. [func] Report the owner name of records that fail
+ semantic checks while loading.
+
+ 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
+ result of an ANY or SIG query, the resolver failed
+ to setup the return event's rdatasets, causing an
+ assertion failure in the query code. [RT #881]
+
+ 743. [bug] Receiving a large number of certain malformed
+ answers could cause named to stop responding.
+ [RT #861]
+
+ 742. [placeholder]
+
+ 741. [port] Support openssl-engine. [RT #709]
+
+ 740. [port] Handle openssl library mismatches slightly better.
+
+ 739. [port] Look for /dev/random in configure, rather than
+ assuming it will be there for only a predefined
+ set of OSes.
+
+ 738. [bug] If a non-threadsafe sdb driver supported AXFR and
+ received an AXFR request, it would deadlock or die
+ with an assertion failure. [RT #852]
+
+ 737. [port] stdtime.c failed to compile on certain platforms.
+
+ 736. [func] New functions isc_task_{begin,end}exclusive().
+
+ 735. [doc] Add BIND 4 migration notes.
+
+ 734. [bug] An attempt to re-lock the zone lock could occur if
+ the server was shutdown during a zone tranfer.
+ [RT #830]
+
+ 733. [bug] Reference counts of dns_acl_t objects need to be
+ locked but were not. [RT #801, #821]
+
+ 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
+
+ 731. [bug] Certain zone errors could cause named-checkzone to
+ fail ungracefully. [RT #819]
+
+ 730. [bug] lwres_getaddrinfo() returns the correct result when
+ it fails to contact a server. [RT #768]
+
+ 729. [port] pthread_setconcurrency() needs to be called on Solaris.
+
+ 728. [bug] Fix comment processing on master file directives.
+ [RT# 757]
+
+ 727. [port] Work around OS bug where accept() succeeds but
+ fails to fill in the peer address of the accepted
+ connection, by treating it as an error rather than
+ an assertion failure. [RT #809]
+
+ 726. [func] Implement the "trace" and "notrace" commands in rndc.
+
+ 725. [bug] Installing man pages could fail.
+
+ 724. [func] New libisc functions isc_netaddr_any(),
+ isc_netaddr_any6().
+
+ 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
+ to return DNS_R_SERVFAIL. [RT #783]
+
+ 722. [func] Allow incremental loads to be canceled.
+
+ 721. [cleanup] Load manager and dns_master_loadfilequota() are no
+ more.
+
+ 720. [bug] Server could enter infinite loop in
+ dispatch.c:do_cancel(). [RT #733]
+
+ 719. [bug] Rapid reloads could trigger an assertion failure.
+ [RT #743, #763]
+
+ 718. [cleanup] "internal" is no longer a reserved word in named.conf.
+ [RT #753, #731]
+
+ 717. [bug] Certain TKEY processing failure modes could
+ reference an uninitialized variable, causing the
+ server to crash. [RT #750]
+
+ 716. [bug] The first line of a $INCLUDE master file was lost if
+ an origin was specified. [RT #744]
+
+ 715. [bug] Resolving some A6 chains could cause an assertion
+ failure in adb.c. [RT #738]
+
+ 714. [bug] Preserve interval timers across reloads unless changed.
+ [RT# 729]
+
+ 713. [func] named-checkconf takes '-t directory' similar to named.
+ [RT #726]
+
+ 712. [bug] Sending a large signed update message caused an
+ assertion failure. [RT #718]
+
+ 711. [bug] The libisc and liblwres implementations of
+ inet_ntop contained an off by one error.
+
+ 710. [func] The forwarders statement now takes an optional
+ port. [RT #418]
+
+ 709. [bug] ANY or SIG queries for data with a TTL of 0
+ would return SERVFAIL. [RT #620]
+
+ 708. [bug] When building with --with-openssl, the openssl headers
+ included with BIND 9 should not be used. [RT #702]
+
+ 707. [func] The "filename" argument to named-checkzone is no
+ longer optional, to reduce confusion. [RT #612]
+
+ 706. [bug] Zones with an explicit "allow-update { none; };"
+ were considered dynamic and therefore not reloaded
+ on SIGHUP or "rndc reload".
+
+ 705. [port] Work out resource limit type for use where rlim_t is
+ not available. [RT #695]
+
+ 704. [port] RLIMIT_NOFILE is not available on all platforms.
+ [RT #695]
+
+ 703. [port] sys/select.h is needed on older platforms. [RT #695]
+
+ 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
+ use 127.0.0.1 instead. [RT #693]
+
+ 701. [func] Root hints are now fully optional. Class IN
+ views use compiled-in hints by default, as
+ before. Non-IN views with no root hints now
+ provide authoritative service but not recursion.
+ A warning is logged if a view has neither root
+ hints nor authoritative data for the root. [RT #696]
+
+ 700. [bug] $GENERATE range check was wrong. [RT #688]
+
+ 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
+
+ 698. [bug] Aborting nsupdate with ^C would lead to several
+ race conditions.
+
+ 697. [bug] nsupdate was not compatible with the undocumented
+ BIND 8 behavior of ignoring TTLs in "update delete"
+ commands. [RT #693]
+
+ 696. [bug] lwresd would die with an assertion failure when passed
+ a zero-length name. [RT #692]
+
+ 695. [bug] If the resolver attempted to query a blackholed or
+ bogus server, the resolution would fail immediately.
+
+ 694. [bug] $GENERATE did not produce the last entry.
+ [RT #682, #683]
+
+ 693. [bug] An empty lwres statement in named.conf caused
+ the server to crash while loading.
+
+ 692. [bug] Deal with systems that have getaddrinfo() but not
+ gai_strerror(). [RT #679]
+
+ 691. [bug] Configuring per-view forwarders caused an assertion
+ failure. [RT #675, #734]
+
+ 690. [func] $GENERATE now supports DNAME. [RT #654]
+
+ 689. [doc] man pages are now installed. [RT #210]
+
+ 688. [func] "make tags" now works on systems with the
+ "Exuberant Ctags" etags.
+
+ 687. [bug] Only say we have IPv6, with sufficent functionality,
+ if it has actually been tested. [RT #586]
+
+ 686. [bug] dig and nslookup can now be properly aborted during
+ blocking operations. [RT #568]
+
+ 685. [bug] nslookup should use the search list/domain options
+ from resolv.conf by default. [RT #405, #630]
+
+ 684. [bug] Memory leak with view forwarders. [RT #656]
+
+ 683. [bug] File descriptor leak in isc_lex_openfile().
+
+ 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
+
+ 681. [bug] $GENERATE specifying output format was broken. [RT #653]
+
+ 680. [bug] dns_rdata_fromstruct() mishandled options bigger
+ than 255 octets.
+
+ 679. [bug] $INCLUDE could leak memory and file descriptors on
+ reload. [RT #639]
+
+ 678. [bug] "transfer-format one-answer;" could trigger an assertion
+ failure. [RT #646]
+
+ 677. [bug] dnssec-signzone would occasionally use the wrong ttl
+ for database operations and fail. [RT #643]
+
+ 676. [bug] Log messages about lame servers to category
+ 'lame-servers' rather than 'resolver', so as not
+ to be gratuitously incompatible with BIND 8.
+
+ 675. [bug] TKEY queries could cause the server to leak
+ memory.
+
+ 674. [func] Allow messages to be TSIG signed / verified using
+ a offset from the current time.
+
+ 673. [func] The server can now convert RFC1886-style recursive
+ lookup requests into RFC2874-style lookups, when
+ enabled using the new option "allow-v6-synthesis".
+
+ 672. [bug] The wrong time was in the "time signed" field when
+ replying with BADTIME error.
+
+ 671. [bug] The message code was failing to parse a message with
+ no question section and a TSIG record. [RT #628]
+
+ 670. [bug] The lwres replacements for getaddrinfo and
+ getipnodebyname didn't properly check for the
+ existence of the sockaddr sa_len field.
+
+ 669. [bug] dnssec-keygen now makes the public key file
+ non-world-readable for symmetric keys. [RT #403]
+
+ 668. [func] named-checkzone now reports multiple errors in master
+ files.
+
+ 667. [bug] On Linux, running named with the -u option and a
+ non-world-readable configuration file didn't work.
+ [RT #626]
+
+ 666. [bug] If a request sent by dig is longer than 512 bytes,
+ use TCP.
+
+ 665. [bug] Signed responses were not sent when the size of the
+ TSIG + question exceeded the maximum message size.
+ [RT #628]
+
+ 664. [bug] The t_tasks and t_timers module tests are now skipped
+ when building without threads, since they require
+ threads.
+
+ 663. [func] Accept a size_spec, not just an integer, in the
+ (unimplemented and ignored) max-ixfr-log-size option
+ for compatibility with recent versions of BIND 8.
+ [RT #613]
+
+ 662. [bug] dns_rdata_fromtext() failed to log certain errors.
+
+ 661. [bug] Certain UDP IXFR requests caused an assertion failure
+ (mpctx->allocated == 0). [RT #355, #394, #623]
+
+ 660. [port] Detect multiple CPUs on HP-UX and IRIX.
+
+ 659. [performance] Rewrite the name compression code to be much faster.
+
+ 658. [cleanup] Remove all vestiges of 16 bit global compression.
+
+ 657. [bug] When a listen-on statement in an lwres block does not
+ specify a port, use 921, not 53. Also update the
+ listen-on documentation. [RT #616]
+
+ 656. [func] Treat an unescaped newline in a quoted string as
+ an error. This means that TXT records with missing
+ close quotes should have meaningful errors printed.
+
+ 655. [bug] Improve error reporting on unexpected eof when loading
+ zones. [RT #611]
+
+ 654. [bug] Origin was being forgotten in TCP retries in dig.
+ [RT #574]
+
+ 653. [bug] +defname option in dig was reversed in sense.
+ [RT #549]
+
+ 652. [bug] zone_saveunique() did not report the new name.
+
+ 651. [func] The AD bit in responses now has the meaning
+ specified in <draft-ietf-dnsext-ad-is-secure>.
+
+ 650. [bug] SIG(0) records were being generated and verified
+ incorrectly. [RT #606]
+
+ 649. [bug] It was possible to join to an already running fctx
+ after it had "cloned" its events, but before it sent
+ them. In this case, the event of the newly joined
+ fetch would not contain the answer, and would
+ trigger the INSIST() in fctx_sendevents(). In
+ BIND 9.0, this bug did not trigger an INSIST(), but
+ caused the fetch to fail with a SERVFAIL result.
+ [RT #588, #597, #605, #607]
+
+ 648. [port] Add support for pre-RFC2133 IPv6 implementations.
+
+ 647. [bug] Resolver queries sent after following multiple
+ referrals had excessively long retransmission
+ timeouts due to incorrectly counting the referrals
+ as "restarts".
+
+ 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
+ didn't _cleanly_ fix the problem it was trying to fix.
+
+ 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
+
+ 644. [bug] #622 needed more work. [RT #562]
+
+ 643. [bug] xfrin error messages made more verbose, added class
+ of the zone. [RT# 599]
+
+ 642. [bug] Break the exit_check() race in the zone module.
+ [RT #598]
+
+ --- 9.1.0b2 released ---
+
+ 641. [bug] $GENERATE caused a uninitialized link to be used.
+ [RT #595]
+
+ 640. [bug] Memory leak in error path could cause
+ "mpctx->allocated == 0" failure. [RT #584]
+
+ 639. [bug] Reading entropy from the keyboard would sometimes fail.
+ [RT #591]
+
+ 638. [port] lib/isc/random.c needed to explicitly include time.h
+ to get a prototype for time() when pthreads was not
+ being used. [RT #592]
+
+ 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
+ lib/isc/print.c. Also allow lib/isc/print.c to
+ be compiled even if the platform does not need it.
+ [RT #592]
+
+ 636. [port] Shut up MSVC++ about a possible loss of precision
+ in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
+
+ 635. [bug] Reloading a server with a configured blackhole list
+ would cause an assertion. [RT #590]
+
+ 634. [bug] A log file will completely stop being written when
+ it reaches the maximum size in all cases, not just
+ when versioning is also enabled. [RT #570]
+
+ 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
+
+ 632. [bug] The index array of the journal file was
+ corrupted as it was written to disk.
+
+ 631. [port] Build without thread support on systems without
+ pthreads.
+
+ 630. [bug] Locking failure in zone code. [RT #582]
+
+ 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
+ when responding to a UDP IXFR request.
+
+ 628. [bug] If the root hints contained only AAAA addresses,
+ named would be unable to perform resolution.
+
+ 627. [bug] The EDNS0 blackhole detection code of change 324
+ waited for three retransmissions to each server,
+ which takes much too long when a domain has many
+ name servers and all of them drop EDNS0 queries.
+ Now we retry without EDNS0 after three consecutive
+ timeouts, even if they are all from different
+ servers. [RT #143]
+
+ 626. [bug] The lightweight resolver daemon no longer crashes
+ when asked for a SIG rrset. [RT #558]
+
+ 625. [func] Zones now inherit their class from the enclosing view.
+
+ 624. [bug] The zone object could get timer events after it had
+ been destroyed, causing a server crash. [RT #571]
+
+ 623. [func] Added "named-checkconf" and "named-checkzone" program
+ for syntax checking named.conf files and zone files,
+ respectively.
+
+ 622. [bug] A canceled request could be destroyed before
+ dns_request_destroy() was called. [RT #562]
+
+ 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
+ This mostly affects Red Hat Linux 7.0, which has
+ conflicts between libc and the kernel.
+
+ 620. [bug] dns_master_load*inc() now require 'task' and 'load'
+ to be non-null. Also 'done' will not be called if
+ dns_master_load*inc() fails immediately. [RT #565]
+
+ 618. [bug] Queries to a signed zone could sometimes cause
+ an assertion failure.
+
+ 617. [bug] When using dynamic update to add a new RR to an
+ existing RRset with a different TTL, the journal
+ entries generated from the update did not include
+ explicit deletions and re-additions of the existing
+ RRs to update their TTL to the new value.
+
+ 616. [func] dnssec-signzone -t output now includes performance
+ statistics.
+
+ 615. [bug] dnssec-signzone did not like child keysets signed
+ by multiple keys.
+
+ 614. [bug] Checks for uninitialized link fields were prone
+ to false positives, causing assertion failures.
+ The checks are now disabled by default and may
+ be re-enabled by defining ISC_LIST_CHECKINIT.
+
+ 613. [bug] "rndc reload zone" now reloads primary zones.
+ It previously only updated slave and stub zones,
+ if an SOA query indicated an out of date serial.
+
+ 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
+ complains relentlessly about how its treatment
+ of 'const' has changed as well as how casting
+ sometimes tightens alignment constraints.
+
+ 611. [func] allow-notify can be used to permit processing of
+ notify messages from hosts other than a slave's
+ masters.
+
+ 610. [func] rndc dumpdb is now supported.
+
+ 609. [bug] getrrsetbyname() would crash lwresd if the server
+ found more SIGs than answers. [RT #554]
+
+ 608. [func] dnssec-signzone now adds a comment to the zone
+ with the time the file was signed.
+
+ 607. [bug] nsupdate would fail if it encountered a CNAME or
+ DNAME in a response to an SOA query. [RT #515]
+
+ 606. [bug] Compiling with --disable-threads failed due
+ to isc_thread_self() being incorrectly defined
+ as an integer rather than a function.
+
+ 605. [func] New function isc_lex_getlasttokentext().
+
+ 604. [bug] The named.conf parser could print incorrect line
+ numbers when long comments were present.
+
+ 603. [bug] Make dig handle multiple types or classes on the same
+ query more correctly.
+
+ 602. [func] Cope automatically with UnixWare's broken
+ IN6_IS_ADDR_* macros. [RT #539]
+
+ 601. [func] Return a non-zero exit code if an update fails
+ in nsupdate.
+
+ 600. [bug] Reverse lookups sometimes failed in dig, etc...
+
+ 599. [func] Added four new functions to the libisc log API to
+ support i18n messages. isc_log_iwrite(),
+ isc_log_ivwrite(), isc_log_iwrite1() and
+ isc_log_ivwrite1() were added.
+
+ 598. [bug] An update-policy statement would cause the server
+ to assert while loading. [RT #536]
+
+ 597. [func] dnssec-signzone is now multi-threaded.
+
+ 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
+ not mutually exclusive.
+
+ 595. [port] On Linux 2.2, socket() returns EINVAL when it
+ should return EAFNOSUPPORT. Work around this.
+ [RT #531]
+
+ 594. [func] sdb drivers are now assumed to not be thread-safe
+ unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
+
+ 593. [bug] If a secure zone was missing all its NXTs and
+ a dynamic update was attempted, the server entered
+ an infinite loop.
+
+ 592. [bug] The sig-validity-interval option now specifies a
+ number of days, not seconds. This matches the
+ documentation. [RT #529]
+
+ --- 9.1.0b1 released ---
+
+ 591. [bug] Work around non-reentrancy in openssl by disabling
+ precomputation in keys.
+
+ 590. [doc] There are now man pages for the lwres library in
+ doc/man/lwres.
+
+ 589. [bug] The server could deadlock if a zone was updated
+ while being transferred out.
+
+ 588. [bug] ctx->in_use was not being correctly initialized when
+ when pushing a file for $INCLUDE. [RT #523]
+
+ 587. [func] A warning is now printed if the "allow-update"
+ option allows updates based on the source IP
+ address, to alert users to the fact that this
+ is insecure and becoming increasingly so as
+ servers capable of update forwarding are being
+ deployed.
+
+ 586. [bug] multiple views with the same name were fatal. [RT #516]
+
+ 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
+ now support 'exact' additions in a similar manner to
+ dns_db_subtractrdataset() and dns_rdataslab_subtract().
+
+ 584. [func] You can now say 'notify explicit'; to suppress
+ notification of the servers listed in NS records
+ and notify only those servers listed in the
+ 'also-notify' option.
+
+ 583. [func] "rndc querylog" will now toggle logging of
+ queries, like "ndc querylog" in BIND 8.
+
+ 582. [bug] dns_zone_idetach() failed to lock the zone.
+ [RT #199, #463]
+
+ 581. [bug] log severity was not being correctly processed.
+ [RT #485]
+
+ 580. [func] Ignore trailing garbage on incoming DNS packets,
+ for interoperability with broken server
+ implementations. [RT #491]
+
+ 579. [bug] nsupdate did not take a filename to read update from.
+ [RT #492]
+
+ 578. [func] New config option "notify-source", to specify the
+ source address for notify messages.
+
+ 577. [func] Log illegal RDATA combinations. e.g. multiple
+ singlton types, cname and other data.
+
+ 576. [doc] isc_log_create() description did not match reality.
+
+ 575. [bug] isc_log_create() was not setting internal state
+ correctly to reflect the default channels created.
+
+ 574. [bug] TSIG signed queries sent by the resolver would fail to
+ have their responses validated and would leak memory.
+
+ 573. [bug] The journal files of IXFRed slave zones were
+ inadvertantly discarded on server reload, causing
+ "journal out of sync with zone" errors on subsequent
+ reloads. [RT #482]
+
+ 572. [bug] Quoted strings were not accepted as key names in
+ address match lists.
+
+ 571. [bug] It was possible to create an rdataset of singleton
+ type which had more than one rdata. [RT #154]
+ [RT #279]
+
+ 570. [bug] rbtdb.c allowed zones containing nodes which had
+ both a CNAME and "other data". [RT #154]
+
+ 569. [func] The DNSSEC AD bit will not be set on queries which
+ have not requested a DNSSEC response.
+
+ 568. [func] Add sample simple database drivers in contrib/sdb.
+
+ 567. [bug] Setting the zone transfer timeout to zero caused an
+ assertion failure. [RT #302]
+
+ 566. [func] New public function dns_timer_setidle().
+
+ 565. [func] Log queries more like BIND 8: query logging is now
+ done to category "queries", level "info". [RT #169]
+
+ 564. [func] Add sortlist support to lwresd.
+
+ 563. [func] New public functions dns_rdatatype_format() and
+ dns_rdataclass_format(), for convenient formatting
+ of rdata type/class mnemonics in log messages.
+
+ 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
+
+ 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
+ clauses of the options{} statement are now implemented.
+
+ 560. [bug] dns_name_split did not properly the resulting prefix
+ when a maximal length bitstring label was split which
+ was preceded by another bitstring label. [RT #429]
+
+ 559. [bug] dns_name_split did not properly create the suffix
+ when splitting within a maximal length bitstring label.
+
+ 558. [func] New functions, isc_resource_getlimit and
+ isc_resource_setlimit.
+
+ 557. [func] Symbolic constants for libisc integral types.
+
+ 556. [func] The DNSSEC OK bit in the EDNS extended flags
+ is now implemented. Responses to queries without
+ this bit set will not contain any DNSSEC records.
+
+ 555. [bug] A slave server attempting a zone transfer could
+ crash with an assertion failure on certain
+ malformed responses from the master. [RT #457]
+
+ 554. [bug] In some cases, not all of the dnssec tools were
+ properly installed.
+
+ 553. [bug] Incoming zone transfers deferred due to quota
+ were not started when quota was increased but
+ only when a transfer in progress finished. [RT #456]
+
+ 552. [bug] We were not correctly detecting the end of all c-style
+ comments. [RT #455]
+
+ 551. [func] Implemented the 'sortlist' option.
+
+ 550. [func] Support unknown rdata types and classes.
+
+ 549. [bug] "make" did not immediately abort the build when a
+ subdirectory make failed [RT #450].
+
+ 548. [func] The lexer now ungets tokens more correctly.
+
+ 546. [func] Option 'lame-ttl' is now implemented.
+
+ 545. [func] Name limit and counting options removed from dig;
+ they didn't work properly, and cannot be correctly
+ implemented without significant changes.
+
+ 544. [func] Add statistics option, enable statistics-file option,
+ add RNDC option "dump-statistics" to write out a
+ query statistics file.
+
+ 543. [doc] The 'port' option is now documented.
+
+ 542. [func] Add support for update forwarding as required for
+ full compliance with RFC2136. It is turned off
+ by default and can be enabled using the
+ 'allow-update-forwarding' option.
+
+ 541. [func] Add bogus server support.
+
+ 540. [func] Add dialup support.
+
+ 539. [func] Support the blackhole option.
+
+ 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
+
+ 536. [func] Use transfer-source{-v6} when sending refresh queries.
+ Transfer-source{-v6} now take a optional port
+ parameter for setting the UDP source port. The port
+ parameter is ignored for TCP.
+
+ 535. [func] Use transfer-source{-v6} when forwarding update
+ requests.
+
+ 534. [func] Ancestors have been removed from RBT chains. Ancestor
+ information can be discerned via node parent pointers.
+
+ 533. [func] Incorporated name hashing into the RBT database to
+ improve search speed.
+
+ 532. [func] Implement DNS UPDATE pseudo records using
+ DNS_RDATA_UPDATE flag.
+
+ 531. [func] Rdata really should be initialized before being assigned
+ to (dns_rdata_fromwire(), dns_rdata_fromtext(),
+ dns_rdata_clone(), dns_rdata_fromregion()),
+ check that it is.
+
+ 530. [func] New function dns_rdata_invalidate().
+
+ 529. [bug] 521 contained a bug which caused zones to always
+ reload. [RT #410]
+
+ 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
+ on their arguments. ISC_LIST_XXXXUNSAFE can be use
+ to skip the checks however use with caution.
+
+ 527. [func] New function dns_rdata_clone().
+
+ 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
+ of 0.
+
+ 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
+ and 'flags' for dns_rdataslab_subtract() allowing you
+ to request that the RR's must exist prior to deletion.
+ DNS_R_NOTEXACT is returned if the condition is not met.
+
+ 524. [func] The 'forward' and 'forwarders' statement in
+ non-forward zones should work now.
+
+ 523. [doc] The source to the Administrator Reference Manual is
+ now an XML file using the DocBook DTD, and is included
+ in the distribution. The plain text version of the
+ ARM is temporarily unavailable while we figure out
+ how to generate readable plain text from the XML.
+
+ 522. [func] The lightweight resolver daemon can now use
+ a real configuration file, and its functionality
+ can be provided by a name server. Also, the -p and -P
+ options to lwresd have been reversed.
+
+ 521. [bug] Detect master files which contain $INCLUDE and always
+ reload. [RT #196]
+
+ 520. [bug] Upgraded libtool to 1.3.5, which makes shared
+ library builds almost work on AIX (and possibly
+ others).
+
+ 519. [bug] dns_name_split() would improperly split some bitstring
+ labels, zeroing a few of the least signficant bits in
+ the prefix part. When such an improperly created
+ prefix was returned to the RBT database, the bogus
+ label was dutifully stored, corrupting the tree.
+ [RT #369]
+
+ 518. [bug] The resolver did not realize that a DNAME which was
+ "the answer" to the client's query was "the answer",
+ and such queries would fail. [RT #399]
+
+ 517. [bug] The resolver's DNAME code would trigger an assertion
+ if there was more than one DNAME in the chain.
+ [RT #399]
+
+ 516. [bug] Cache lookups which had a NULL node pointer, e.g.
+ those by dns_view_find(), and which would match a
+ DNAME, would trigger an INSIST(!search.need_cleanup)
+ assertion. [RT #399]
+
+ 515. [bug] The ssu table was not being attached / detached
+ by dns_zone_[sg]etssutable. [RT#397]
+
+ 514. [func] Retry refresh and notify queries if they timeout.
+ [RT #388]
+
+ 513. [func] New functionality added to rdnc and server to allow
+ individual zones to be refreshed or reloaded.
+
+ 512. [bug] The zone transfer code could throw an execption with
+ an invalid IXFR stream.
+
+ 511. [bug] The message code could throw an assertion on an
+ out of memory failure. [RT #392]
+
+ 510. [bug] Remove spurious view notify warning. [RT #376]
+
+ 509. [func] Add support for write of zone files on shutdown.
+
+ 508. [func] dns_message_parse() can now do a best-effort
+ attempt, which should allow dig to print more invalid
+ messages.
+
+ 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
+ and dns_view_flushanddetach().
+
+ 506. [func] Do not fail to start on errors in zone files.
+
+ 505. [bug] nsupdate was printing "unknown result code". [RT #373]
+
+ 504. [bug] The zone was not being marked as dirty when updated via
+ IXFR.
+
+ 503. [bug] dumptime was not being set along with
+ DNS_ZONEFLG_NEEDDUMP.
+
+ 502. [func] On a SERVFAIL reply, DiG will now try the next server
+ in the list, unless the +fail option is specified.
+
+ 501. [bug] Incorrect port numbers were being displayed by
+ nslookup. [RT #352]
+
+ 500. [func] Nearly useless +details option removed from DiG.
+
+ 499. [func] In DiG, specifying a class with -c or type with -t
+ changes command-line parsing so that classes and
+ types are only recognized if following -c or -t.
+ This allows hosts with the same name as a class or
+ type to be looked up.
+
+ 498. [doc] There is now a man page for "dig"
+ in doc/man/bin/dig.1.
+
+ 497. [bug] The error messages printed when an IP match list
+ contained a network address with a nonzero host
+ part where not sufficiently detailed. [RT #365]
+
+ 496. [bug] named didn't sanity check numeric parameters. [RT #361]
+
+ 495. [bug] nsupdate was unable to handle large records. [RT #368]
+
+ 494. [func] Do not cache NXDOMAIN responses for SOA queries.
+
+ 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
+ for SOA queries. This makes it easier to locate
+ the containing zone without polluting intermediate
+ caches.
+
+ 492. [bug] attempting to reload a zone caused the server fail
+ to shutdown cleanly. [RT #360]
+
+ 491. [bug] nsupdate would segfault when sending certain
+ prerequisites with empty RDATA. [RT #356]
+
+ 490. [func] When a slave/stub zone has not yet successfully
+ obtained an SOA containing the zone's configured
+ retry time, perform the SOA query retries using
+ exponential backoff. [RT #337]
+
+ 489. [func] The zone manager now has a "i/o" queue.
+
+ 488. [bug] Locks weren't properly destroyed in some cases.
+
+ 487. [port] flockfile() is not defined on all systems.
+
+ 486. [bug] nslookup: "set all" and "server" commands showed
+ the incorrect port number if a port other than 53
+ was specified. [RT #352]
+
+ 485. [func] When dig had more than one server to query, it would
+ send all of the messages at the same time. Add
+ rate limiting of the transmitted messages.
+
+ 484. [bug] When the server was reloaded after removing addresses
+ from the named.conf "listen-on" statement, sockets
+ were still listening on the removed addresses due
+ to reference count loops. [RT #325]
+
+ 483. [bug] nslookup: "set all" showed a "search" option but it
+ was not settable.
+
+ 482. [bug] nslookup: a plain "server" or "lserver" should be
+ treated as a lookup.
+
+ 481. [bug] nslookup:get_next_command() stack size could exceed
+ per thread limit.
+
+ 480. [bug] strtok() is not thread safe. [RT #349]
+
+ 479. [func] The test suite can now be run by typing "make check"
+ or "make test" at the top level.
+
+ 478. [bug] "make install" failed if the directory specified with
+ --prefix did not already exist.
+
+ 477. [bug] The the isc-config.sh script could be installed before
+ its directory was created. [RT #324]
+
+ 476. [bug] A zone could expire while a zone transfer was in
+ progress triggering a INSIST failure. [RT #329]
+
+ 475. [bug] query_getzonedb() sometimes returned a non-null version
+ on failure. This caused assertion failures when
+ generating query responses where names subject to
+ additional section processing pointed to a zone
+ to which access had been denied by means of the
+ allow-query option. [RT #336]
+
+ 474. [bug] The mnemonic of the CHAOS class is CH according to
+ RFC1035, but it was printed and read only as CHAOS.
+ We now accept both forms as input, and print it
+ as CH. [RT #305]
+
+ 473. [bug] nsupdate overran the end of the list of name servers
+ when no servers could be reached, typically causing
+ it to print the error message "dns_request_create:
+ not implemented".
+
+ 472. [bug] Off-by-one error caused isc_time_add() to sometimes
+ produce invalid time values.
+
+ 471. [bug] nsupdate didn't compile on HP/UX 10.20
+
+ 470. [func] $GENERATE is now supported. See also
+ doc/misc/migration.
+
+ 469. [bug] "query-source address * port 53;" now works.
+
+ 468. [bug] dns_master_load*() failed to report file and line
+ number in certain error conditions.
+
+ 467. [bug] dns_master_load*() failed to log an error if
+ pushfile() failed.
+
+ 466. [bug] dns_master_load*() could return success when it failed.
+
+ 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
+ omapi_value_storeint().
+
+ 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
+
+ 463. [bug] nsupdate sent malformed SOA queries to the second
+ and subsequent name servers in resolv.conf if the
+ query sent to the first one failed.
+
+ 462. [bug] --disable-ipv6 should work now.
+
+ 461. [bug] Specifying an unknown key in the "keys" clause of the
+ "controls" statement caused a NULL pointer dereference.
+ [RT #316]
+
+ 460. [bug] Much of the DNSSEC code only worked with class IN.
+
+ 459. [bug] Nslookup processed the "set" command incorrectly.
+
+ 458. [bug] Nslookup didn't properly check class and type values.
+ [RT #305]
+
+ 457. [bug] Dig/host/hslookup didn't properly handle connect
+ timeouts in certain situations, causing an
+ unnecessary warning message to be printed.
+
+ 456. [bug] Stub zones were not resetting the refresh and expire
+ counters, loadtime or clearing the DNS_ZONE_REFRESH
+ (refresh in progress) flag upon successful update.
+ This disabled further refreshing of the stub zone,
+ causing it to eventually expire. [RT #300]
+
+ 455. [doc] Document IPv4 prefix notation does not require a
+ dotted decimal quad but may be just dotted decimal.
+
+ 454. [bug] Enforce dotted decimal and dotted decimal quad where
+ documented as such in named.conf. [RT #304, RT #311]
+
+ 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
+ is specified in named.conf. [RT #306]
+
+ 452. [bug] Warn if the unimplemented option "statistics-file"
+ is specified in named.conf. [RT #301]
+
+ 451. [func] Update forwarding implememted.
+
+ 450. [func] New function ns_client_sendraw().
+
+ 449. [bug] isc_bitstring_copy() only works correctly if the
+ two bitstrings have the same lsb0 value, but this
+ requirement was not documented, nor was there a
+ REQUIRE for it.
+
+ 448. [bug] Host output formatting change, to match v8. [RT #255]
+
+ 447. [bug] Dig didn't properly retry in TCP mode after
+ a truncated reply. [RT #277]
+
+ 446. [bug] Confusing notify log message. [RT #298]
+
+ 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
+ bitstring triggered a REQUIRE statement. The REQUIRE
+ statement was incorrect. [RT #297]
+
+ 444. [func] "recursion denied" messages are always logged at
+ debug level 1, now, rather than sometimes at ERROR.
+ This silences these warnings in the usual case, where
+ some clients set the RD bit in all queries.
+
+ 443. [bug] When loading a master file failed because of an
+ unrecognized RR type name, the error message
+ did not include the file name and line number.
+ [RT #285]
+
+ 442. [bug] TSIG signed messages that did not match any view
+ crashed the server. [RT #290]
+
+ 441. [bug] Nodes obscured by a DNAME were inaccessible even
+ when DNS_DBFIND_GLUEOK was set.
+
+ 440. [func] New function dns_zone_forwardupdate().
+
+ 439. [func] New function dns_request_createraw().
+
+ 438. [func] New function dns_message_getrawmessage().
+
+ 437. [func] Log NOTIFY activity to the notify channel.
+
+ 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
+ which sometimes happens on Linux, named would enter
+ a busy loop. Also, unexpected socket errors were
+ not logged at a high enough logging level to be
+ useful in diagnosing this situation. [RT #275]
+
+ 435. [bug] dns_zone_dump() overwrote existing zone files
+ rather than writing to a temporary file and
+ renaming. This could lead to empty or partial
+ zone files being left around in certain error
+ conditions involving the initial transfer of a
+ slave zone, interfering with subsequent server
+ startup. [RT #282]
+
+ 434. [func] New function isc_file_isabsolute().
+
+ 433. [func] isc_base64_decodestring() now accepts newlines
+ within the base64 data. This makes it possible
+ to break up the key data in a "trusted-keys"
+ statement into multiple lines. [RT #284]
+
+ 432. [func] Added refresh/retry jitter. The actual refresh/
+ retry time is now a random value between 75% and
+ 100% of the configured value.
+
+ 431. [func] Log at ISC_LOG_INFO when a zone is successfully
+ loaded.
+
+ 430. [bug] Rewrote the lightweight resolver client management
+ code to handle shutdown correctly and general
+ cleanup.
+
+ 429. [bug] The space reserved for a TSIG record in a response
+ was 2 bytes too short, leading to message
+ generation failures.
+
+ 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
+ DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
+ (e.g. glue). This could cause SERVFAILs when
+ generating negative responses in a secure zone.
+
+ 427. [bug] Avoid going into an infinite loop when the validator
+ gets a negative response to a key query where the
+ records are signed by the missing key.
+
+ 426. [bug] Attempting to generate an oversized RSA key could
+ cause dnssec-keygen to dump core.
+
+ 425. [bug] Warn about the auth-nxdomain default value change
+ if there is no auth-nxdomain statement in the
+ config file. [RT #287]
+
+ 424. [bug] notify_createmessage() could trigger an assertion
+ failure when creating the notify message failed,
+ e.g. due to corrupt zones with multiple SOA records.
+ [RT #279]
+
+ 423. [bug] When responding to a recusive query, errors that occur
+ after following a CNAME should cause the query to fail.
+ [RT #274]
+
+ 422. [func] get rid of isc_random_t, and make isc_random_get()
+ and isc_random_jitter() use rand() internally
+ instead of local state. Note that isc_random_*()
+ functions are only for weak, non-critical "randomness"
+ such as timing jitter and such.
+
+ 421. [bug] nslookup would exit when given a blank line as input.
+
+ 420. [bug] nslookup failed to implement the "exit" command.
+
+ 419. [bug] The certificate type PKIX was misspelled as SKIX.
+
+ 418. [bug] At debug levels >= 10, getting an unexpected
+ socket receive error would crash the server
+ while trying to log the error message.
+
+ 417. [func] Add isc_app_block() and isc_app_unblock(), which
+ allow an application to handle signals while
+ blocking.
+
+ 416. [bug] Slave zones with no master file tried to use a
+ NULL pointer for a journal file name when they
+ received an IXFR. [RT #273]
+
+ 415. [bug] The logging code leaked file descriptors.
+
+ 414. [bug] Server did not shut down until all incoming zone
+ transfers were finished.
+
+ 413. [bug] Notify could attempt to use the zone database after
+ it had been unloaded. [RT#267]
+
+ 412. [bug] named -v didn't print the version.
+
+ 411. [bug] A typo in the HS A code caused an assertion failure.
+
+ 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
+ to a random value on success.
+
+ 409. [bug] If named was shut down early in the startup
+ process, ns_omapi_shutdown() would attempt to lock
+ an unintialized mutex. [RT #262]
+
+ 408. [bug] stub zones could leak memory and reference counts if
+ all the masters were unreachable.
+
+ 407. [bug] isc_rwlock_lock() would needlessly block
+ readers when it reached the read quota even
+ if no writers were waiting.
+
+ 406. [bug] Log messages were occasionally lost or corrupted
+ due to a race condition in isc_log_doit().
+
+ 405. [func] Add support for selective forwarding (forward zones)
+
+ 404. [bug] The request library didn't completely work with IPv6.
+
+ 403. [bug] "host" did not use the search list.
+
+ 402. [bug] Treat undefined acls as errors, rather than
+ warning and then later throwing an assertion.
+ [RT #252]
+
+ 401. [func] Added simple database API.
+
+ 400. [bug] SIG(0) signing and verifying was done incorrectly.
+ [RT #249]
+
+ 399. [bug] When reloading the server with a config file
+ containing a syntax error, it could catch an
+ assertion failure trying to perform zone
+ maintenance on, or sending notifies from,
+ tentatively created zones whose views were
+ never fully configured and lacked an address
+ database and request manager.
+
+ 398. [bug] "dig" sometimes caught an assertion failure when
+ using TSIG, depending on the key length.
+
+ 397. [func] Added utility functions dns_view_gettsig() and
+ dns_view_getpeertsig().
+
+ 396. [doc] There is now a man page for "nsupdate"
+ in doc/man/bin/nsupdate.8.
+
+ 395. [bug] nslookup printed incorrect RR type mnemonics
+ for RRs of type >= 21 [RT #237].
+
+ 394. [bug] Current name was not propagated via $INCLUDE.
+
+ 393. [func] Initial answer while loading (awl) support.
+ Entry points: dns_master_loadfileinc(),
+ dns_master_loadstreaminc(), dns_master_loadbufferinc().
+ Note: calls to dns_master_load*inc() should be rate
+ be rate limited so as to not use up all file
+ descriptors.
+
+ 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
+ not support the given address family requested.
+
+ 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
+
+ 390. [func] The function dns_zone_setdbtype() now takes
+ an argc/argv style vector of words and sets
+ both the zone database type and its arguments,
+ making the functions dns_zone_adddbarg()
+ and dns_zone_cleardbargs() unnecessary.
+
+ 389. [bug] Attempting to send a reqeust over IPv6 using
+ dns_request_create() on a system without IPv6
+ support caused an assertion failure [RT #235].
+
+ 388. [func] dig and host can now do reverse ipv6 lookups.
+
+ 387. [func] Add dns_byaddr_createptrname(), which converts
+ an address into the name used by a PTR query.
+
+ 386. [bug] Missing strdup() of ACL name caused random
+ ACL matching failures [RT #228].
+
+ 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
+ and dns_zt_print().
+
+ 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
+ of 2147483647.
+
+ 383. [func] When writing a master file, print the SOA and NS
+ records (and their SIGs) before other records.
+
+ 382. [bug] named -u failed on many Linux systems where the
+ libc provided kernel headers do not match
+ the current kernel.
+
+ 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
+ IPV6_PKTINFO if found. [RT #229]
+
+ 380. [bug] nsupdate didn't work with IPv6.
+
+ 379. [func] New library function isc_sockaddr_anyofpf().
+
+ 378. [func] named and lwresd will log the command line arguments
+ they were started with in the "starting ..." message.
+
+ 377. [bug] When additional data lookups were refused due to
+ "allow-query", the databases were still being
+ attached causing reference leaks.
+
+ 376. [bug] The server should always use good entropy when
+ performing cryptographic functions needing entropy.
+
+ 375. [bug] Per-zone "allow-query" did not properly override the
+ view/global one for CNAME targets and additional
+ data [RT #220].
+
+ 374. [bug] SOA in authoritative negative responses had wrong TTL.
+
+ 373. [func] nslookup is now installed by "make install".
+
+ 372. [bug] Deal with Microsoft DNS servers appending two bytes of
+ garbage to zone transfer requests.
+
+ 371. [bug] At high debug levels, doing an outgoing zone transfer
+ of a very large RRset could cause an assertion failure
+ during logging.
+
+ 370. [bug] The error messages for rollforward failures were
+ overly terse.
+
+ 369. [func] Support new named.conf options, view and zone
+ statements:
+
+ max-retry-time, min-retry-time,
+ max-refresh-time, min-refresh-time.
+
+ 368. [func] Restructure the internal ".bind" view so that more
+ zones can be added to it.
+
+ 367. [bug] Allow proper selection of server on nslookup command
+ line.
+
+ 366. [func] Allow use of '-' batch file in dig for stdin.
+
+ 365. [bug] nsupdate -k leaked memory.
+
+ 364. [func] Added additional-from-{cache,auth}
+
+ 362. [bug] rndc no longer aborts if the configuration file is
+ missing an options statement. [RT #209]
+
+ 361. [func] When the RBT find or chain functions set the name and
+ origin for a node that stores the root label
+ the name is now set to an empty name, instead of ".",
+ to simplify later use of the name and origin by
+ dns_name_concatenate(), dns_name_totext() or
+ dns_name_format().
+
+ 360. [func] dns_name_totext() and dns_name_format() now allow
+ an empty name to be passed, which is formatted as "@".
+
+ 359. [bug] dnssec-signzone occasionally signed glue records.
+
+ 358. [cleanup] Rename the intermediate files used by the dnssec
+ programs.
+
+ 357. [bug] The zone file parser crashed if the argument
+ to $INCLUDE was a quoted string.
+
+ 356. [cleanup] isc_task_send no longer requires event->sender to
+ be non-null.
+
+ 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
+
+ 354. [doc] Man pages for the dnssec tools are now included in
+ the distribution, in doc/man/dnssec.
+
+ 353. [bug] double increment in lwres/gethost.c:copytobuf().
+ [RT# 187]
+
+ 352. [bug] Race condition in dns_client_t startup could cause
+ an assertion failure.
+
+ 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
+ signed query could crash the server.
+
+ 350. [bug] Also-notify lists specified in the global options
+ block were not correctly reference counted, causing
+ a memory leak.
+
+ 349. [bug] Processing a query with the CD bit set now works
+ as expected.
+
+ 348. [func] New boolean named.conf options 'additional-from-auth'
+ and 'additional-from-cache' now supported in view and
+ global options statement.
+
+ 347. [bug] Don't crash if an argument is left off options in dig.
+
+ 346. [func] Add support for .digrc config file, in the
+ user's current directory.
+
+ 345. [bug] Large-scale changes/cleanups to dig:
+ * Significantly improve structure handling
+ * Don't pre-load entire batch files
+ * Add name/rr counting/limiting
+ * Fix SIGINT handling
+ * Shorten timeouts to match v8's behavior
+
+ 344. [bug] When shutting down, lwresd sometimes tried
+ to shut down its client tasks twice,
+ triggering an assertion.
+
+ 343. [bug] Although zone maintenance SOA queries and
+ notify requests were signed with TSIG keys
+ when configured for the server in case,
+ the TSIG was not verified on the response.
+
+ 342. [bug] The wrong name was being passed to
+ dns_name_dup() when generating a TSIG
+ key using TKEY.
+
+ 341. [func] Support 'key' clause in named.conf zone masters
+ statement to allow authentication via TSIG keys:
+
+ masters {
+ 10.0.0.1 port 5353 key "foo";
+ 10.0.0.2 ;
+ };
+
+ 340. [bug] The top-level COPYRIGHT file was missing from
+ the distribution.
+
+ 339. [bug] DNSSEC validation of the response to an ANY
+ query at a name with a CNAME RR in a secure
+ zone triggered an assertion failure.
+
+ 338. [bug] lwresd logged to syslog as named, not lwresd.
+
+ 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
+ on the command line.
+
+ 336. [bug] "dig -f" used 64 k of memory for each line in
+ the file. It now uses much less, though still
+ proportionally to the file size.
+
+ 335. [bug] named would occasionally attempt recursion when
+ it was disallowed or undesired.
+
+ 334. [func] Added hmac-md5 to libisc.
+
+ 333. [bug] The resolver incorrectly accepted referrals to
+ domains that were not parents of the query name,
+ causing assertion failures.
+
+ 332. [func] New function dns_name_reset().
+
+ 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
+
+ 330. [bug] Many debugging messages were partially formatted
+ even when debugging was turned off, causing a
+ significant decrease in query performance.
+
+ 329. [func] omapi_auth_register() now takes a size_t argument for
+ the length of a key's secret data. Previously
+ OMAPI only stored secrets up to the first NUL byte.
+
+ 328. [func] Added isc_base64_decodestring().
+
+ 327. [bug] rndc.conf parser wasn't correctly recognising an IP
+ address where a host specification was required.
+
+ 326. [func] 'keys' in an 'inet' control statement is now
+ required and must have at least one item in it.
+ A "not supported" warning is now issued if a 'unix'
+ control channel is defined.
+
+ 325. [bug] isc_lex_gettoken was processing octal strings when
+ ISC_LEXOPT_CNUMBER was not set.
+
+ 324. [func] In the resolver, turn EDNS0 off if there is no
+ response after a number of retransmissions.
+ This is to allow queries some chance of succeeding
+ even if all the authoritative servers of a zone
+ silently discard EDNS0 requests instead of
+ sending an error response like they ought to.
+
+ 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
+ Because of this, servers authoritative for a parent
+ and grandchild zone but not authoritative for the
+ intervening child zone did not correctly issue
+ referrals to the servers of the child zone.
+
+ 322. [bug] Queries for KEY RRs are now sent to the parent
+ server before the authoritative one, making
+ DNSSEC insecurity proofs work in many cases
+ where they previously didn't.
+
+ 321. [bug] When synthesizing a CNAME RR for a DNAME
+ response, query_addcname() failed to intitialize
+ the type and class of the CNAME dns_rdata_t,
+ causing random failures.
+
+ 320. [func] Multiple rndc changes: parses an rndc.conf file,
+ uses authentication to talk to named, command
+ line syntax changed. This will all be described
+ in the ARM.
+
+ 319. [func] The named.conf "controls" statement is now used
+ to configure the OMAPI command channel.
+
+ 318. [func] dns_c_ndcctx_destroy() could never return anything
+ except ISC_R_SUCCESS; made it have void return instead.
+
+ 317. [func] Use callbacks from libomapi to determine if a
+ new connection is valid, and if a key requested
+ to be used with that connection is valid.
+
+ 316. [bug] Generate a warning if we detect an unexpected <eof>
+ but treat as <eol><eof>.
+
+ 315. [bug] Handle non-empty blanks lines. [RT #163]
+
+ 314. [func] The named.conf controls statement can now have
+ more than one key specified for the inet clause.
+
+ 313. [bug] When parsing resolv.conf, don't terminate on an
+ error. Instead, parse as much as possible, but
+ still return an error if one was found.
+
+ 312. [bug] Increase the number of allowed elements in the
+ resolv.conf search path from 6 to 8. If there
+ are more than this, ignore the remainder rather
+ than returning a failure in lwres_conf_parse.
+
+ 311. [bug] lwres_conf_parse failed when the first line of
+ resolv.conf was empty or a comment.
+
+ 310. [func] Changes to named.conf "controls" statement (inet
+ subtype only)
+
+ - support "keys" clause
+
+ controls {
+ inet * port 1024
+ allow { any; } keys { "foo"; }
+ }
+
+ - allow "port xxx" to be left out of statement,
+ in which case it defaults to omapi's default port
+ of 953.
+
+ 309. [bug] When sending a referral, the server did not look
+ for name server addresses as glue in the zone
+ holding the NS RRset in the case where this zone
+ was not the same as the one where it looked for
+ name server addresses as authoritative data.
+
+ 308. [bug] Treat a SOA record not at top of zone as an error
+ when loading a zone. [RT #154]
+
+ 307. [bug] When canceling a query, the resolver didn't check for
+ isc_socket_sendto() calls that did not yet have their
+ completion events posted, so it could (rarely) end up
+ destroying the query context and then want to use
+ it again when the send event posted, triggering an
+ assertion as it tried to cancel an already-canceled
+ query. [RT #77]
+
+ 306. [bug] Reading HMAC-MD5 private key files didn't work.
+
+ 305. [bug] When reloading the server with a config file
+ containing a syntax error, it could catch an
+ assertion failure trying to perform zone
+ maintenance on tentatively created zones whose
+ views were never fully configured and lacked
+ an address database.
+
+ 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
+ are listed in resolv.conf, silently ignore them
+ instead of returning failure.
+
+ 303. [bug] Add additional sanity checks to differentiate a AXFR
+ response vs a IXFR response. [RT #157]
+
+ 302. [bug] In dig, host, and nslookup, MXNAME should be large
+ enough to hold any legal domain name in presentation
+ format + terminating NULL.
+
+ 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
+
+ 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
+ on platforms lacking IPv6 because each included their
+ own ipv6 header file for the missing definitions. Now
+ each library's ipv6.h defines the wrapper symbol of
+ the other (ISC_IPV6_H and LWRES_IPV6_H).
+
+ 299. [cleanup] Get the user and group information before changing the
+ root directory, so the administrator does not need to
+ keep a copy of the user and group databases in the
+ chroot'ed environment. Suggested by Hakan Olsson.
+
+ 298. [bug] A mutex deadlock occurred during shutdown of the
+ interface manager under certain conditions.
+ Digital Unix systems were the most affected.
+
+ 297. [bug] Specifying a key name that wasn't fully qualified
+ in certain parts of the config file could cause
+ an assertion failure.
+
+ 296. [bug] "make install" from a separate build directory
+ failed unless configure had been run in the source
+ directory, too.
+
+ 295. [bug] When invoked with type==CNAME and a message
+ not constructed by dns_message_parse(),
+ dns_message_findname() failed to find anything
+ due to checking for attribute bits that are set
+ only in dns_message_parse(). This caused an
+ infinite loop when constructing the response to
+ an ANY query at a CNAME in a secure zone.
+
+ 294. [bug] If we run out of space in while processing glue
+ when reading a master file and commit "current name"
+ reverts to "name_current" instead of staying as
+ "name_glue".
+
+ 293. [port] Add support for FreeBSD 4.0 system tests.
+
+ 292. [bug] Due to problems with the way some operating systems
+ handle simultaneous listening on IPv4 and IPv6
+ addresses, the server no longer listens on IPv6
+ addresses by default. To revert to the previous
+ behavior, specify "listen-on-v6 { any; };" in
+ the config file.
+
+ 291. [func] Caching servers no longer send outgoing queries
+ over TCP just because the incoming recursive query
+ was a TCP one.
+
+ 290. [cleanup] +twiddle option to dig (for testing only) removed.
+
+ 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
+ host is now installed in $bindir. (Be sure to remove
+ any $sbindir/dig from a previous release.)
+
+ 288. [func] rndc is now installed by "make install" into $sbindir.
+
+ 287. [bug] rndc now works again as "rndc 127.1 reload" (for
+ only that task). Parsing its configuration file and
+ using digital signatures for authentication has been
+ disabled until named supports the "controls" statement,
+ post-9.0.0.
+
+ 286. [bug] On Solaris 2, when named inherited a signal state
+ where SIGHUP had the SIG_IGN action, SIGHUP would
+ be ignored rather than causing the server to reload
+ its configuration.
+
+ 285. [bug] A change made to the dst API for beta4 inadvertently
+ broke OMAPI's creation of a dst key from an incoming
+ message, causing an assertion to be triggered. Fixed.
+
+ 284. [func] The DNSSEC key generation and signing tools now
+ generate randomness from keyboard input on systems
+ that lack /dev/random.
+
+ 283. [cleanup] The 'lwresd' program is now a link to 'named'.
+
+ 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
+ too big for an unsigned long.
+
+ 281. [bug] Fixed list of recognized config file category names.
+
+ 280. [func] Add isc-config.sh, which can be used to more
+ easily build applications that link with
+ our libraries.
+
+ 279. [bug] Private omapi function symbols shared between
+ two or more files in libomapi.a were not namespace
+ protected using the ISC convention of starting with
+ the library name and two underscores ("omapi__"...)
+
+ 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
+ note of when isc_log_categorybyname() wasn't able
+ to find the category name and would then apply the
+ channel list of the unknown category to all categories.
+
+ 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
+ would fail to find the first member of any category
+ or module array apart from the internal defaults.
+ Thus, for example, the "notify" category was improperly
+ configured by named.
+
+ 276. [bug] dig now supports maximum sized TCP messages.
+
+ 275. [bug] The definition of lwres_gai_strerror() was missing
+ the lwres_ prefix.
+
+ 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
+ server.
+
+ 273. [func] The default for the 'transfer-format' option is
+ now 'many-answers'. This will break zone transfers
+ to BIND 4.9.5 and older unless there is an explicit
+ 'one-answer' configuration.
+
+ 272. [bug] The sending of large TCP responses was canceled
+ in mid-transmission due to a race condition
+ caused by the failure to set the client object's
+ "newstate" variable correctly when transitioning
+ to the "working" state.
+
+ 271. [func] Attempt to probe the number of cpus in named
+ if unspecified rather than defaulting to 1.
+
+ 270. [func] Allow maximum sized TCP answers.
+
+ 269. [bug] Failed DNSSEC validations could cause an assertion
+ failure by causing clone_results() to be called with
+ with hevent->node == NULL.
+
+ 268. [doc] A plain text version of the Administrator
+ Reference Manual is now included in the distribution,
+ as doc/arm/Bv9ARM.txt.
+
+ 267. [func] Nsupdate is now provided in the distribution.
+
+ 266. [bug] zone.c:save_nsrrset() node was not initialized.
+
+ 265. [bug] dns_request_create() now works for TCP.
+
+ 264. [func] Dispatch can not take TCP sockets in connecting
+ state. Set DNS_DISPATCHATTR_CONNECTED when calling
+ dns_dispatch_createtcp() for connected TCP sockets
+ or call dns_dispatch_starttcp() when the socket is
+ connected.
+
+ 263. [func] New logging channel type 'stderr'
+
+ channel some-name {
+ stderr;
+ severity error;
+ }
+
+ 262. [bug] 'master' was not initialized in zone.c:stub_callback().
+
+ 261. [func] Add dns_zone_markdirty().
+
+ 260. [bug] Running named as a non-root user failed on Linux
+ kernels new enough to support retaining capabilities
+ after setuid().
+
+ 259. [func] New random-device and random-seed-file statements
+ for global options block of named.conf. Both accept
+ a single string argument.
+
+ 258. [bug] Fixed printing of lwres_addr_t.address field.
+
+ 257. [bug] The server detached the last zone manager reference
+ too early, while it could still be in use by queries.
+ This manifested itself as assertion failures during the
+ shutdown process for busy name servers. [RT #133]
+
+ 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
+ isc_ratelimiter_shutdown guarantees that the rate
+ limiter is detached from its task.
+
+ 255. [func] New function dns_zonemgr_attach().
+
+ 254. [bug] Suppress "query denied" messages on additional data
+ lookups.
+
+ --- 9.0.0b4 released ---
+
+ 253. [func] resolv.conf parser now recognises ';' and '#' as
+ comments (anywhere in line, not just as the beginning).
+
+ 252. [bug] resolv.conf parser mishandled masks on sortlists.
+ It also aborted when an unrecognized keyword was seen,
+ now it silently ignores the entire line.
+
+ 251. [bug] lwresd caught an assertion failure on startup.
+
+ 250. [bug] fixed handling of size+unit when value would be too
+ large for internal representation.
+
+ 249. [cleanup] max-cache-size config option now takes a size-spec
+ like 'datasize', except 'default' is not allowed.
+
+ 248. [bug] global lame-ttl option was not being printed when
+ config structures were written out.
+
+ 247. [cleanup] Rename cache-size config option to max-cache-size.
+
+ 246. [func] Rename global option cachesize to cache-size and
+ add corresponding option to view statement.
+
+ 245. [bug] If an uncompressed name will take more than 255
+ bytes and the buffer is sufficiently long,
+ dns_name_fromwire should return DNS_R_FORMERR,
+ not ISC_R_NOSPACE. This bug caused cause the
+ server to catch an assertion failure when it
+ received a query for a name longer than 255
+ bytes.
+
+ 244. [bug] empty named.conf file and empty options statement are
+ now parsed properly.
+
+ 243. [func] new cachesize option for named.conf
+
+ 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
+
+ 241. [cleanup] nscount and soacount have been removed from the
+ dns_master_*() argument lists.
+
+ 240. [func] databases now come in three flavours: zone, cache
+ and stub.
+
+ 239. [func] If ISC_MEM_DEBUG is enabled, the variable
+ isc_mem_debugging controls whether messages
+ are printed or not.
+
+ 238. [cleanup] A few more compilation warnings have been quieted:
+ + missing sigwait prototype on BSD/OS 4.0/4.0.1.
+ + PTHREAD_ONCE_INIT unbraced initializer warnings on
+ Solaris 2.8.
+ + IN6ADDR_ANY_INIT unbraced initializer warnings on
+ BSD/OS 4.*, Linux and Solaris 2.8.
+
+ 237. [bug] If connect() returned ENOBUFS when the resolver was
+ initiating a TCP query, the socket didn't get
+ destroyed, and the server did not shut down cleanly.
+
+ 236. [func] Added new listen-on-v6 config file statement.
+
+ 235. [func] Consider it a config file error if a listen-on
+ statement has an IPv6 address in it, or a
+ listen-on-v6 statement has an IPv4 address in it.
+
+ 234. [bug] Allow a trusted-key's first field (domain-name) be
+ either a quoted or an unquoted string, instead of
+ requiring a quoted string.
+
+ 233. [cleanup] Convert all config structure integer values to unsigned
+ integer (isc_uint32_t) to match grammer.
+
+ 232. [bug] Allow slave zones to not have a file.
+
+ 231. [func] Support new 'port' clause in config file options
+ section. Causes 'listen-on', 'masters' and
+ 'also-notify' statements to use its value instead of
+ default (53).
+
+ 230. [func] Replace the dst sign/verify API with a cleaner one.
+
+ 229. [func] Support config file sig-validity-interval statement
+ in options, views and zone statements (master
+ zones only).
+
+ 228. [cleanup] Logging messages in config module stripped of
+ trailing period.
+
+ 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
+ dns_rcode_*, dns_opcode_*, and dns_trust_* are
+ also now cast to their appropriate types, as with
+ dns_rdatatype_* in item number 225 below.
+
+ 226. [func] dns_name_totext() now always prints the root name as
+ '.', even when omit_final_dot is true.
+
+ 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
+ cast to dns_rdatatype_t via macros of their same name
+ so that they are of the proper integral type wherever
+ a dns_rdatatype_t is needed.
+
+ 224. [cleanup] The entire project builds cleanly with gcc's
+ -Wcast-qual and -Wwrite-strings warnings enabled,
+ which is now the default when using gcc. (Warnings
+ from confparser.c, because of yacc's code, are
+ unfortunately to be expected.)
+
+ 223. [func] Several functions were reprototyped to qualify one
+ or more of their arguments with "const". Similarly,
+ several functions that return pointers now have
+ those pointers qualified with const.
+
+ 222. [bug] The global 'also-notify' option was ignored.
+
+ 221. [bug] An uninitialized variable was sometimes passed to
+ dns_rdata_freestruct() when loading a zone, causing
+ an assertion failure.
+
+ 220. [cleanup] Set the default outgoing port in the view, and
+ set it in sockaddrs returned from the ADB.
+ [31-May-2000 explorer]
+
+ 219. [bug] Signed truncated messages more correctly follow
+ the respective specs.
+
+ 218. [func] When an rdataset is signed, its ttl is normalized
+ based on the signature validity period.
+
+ 217. [func] Also-notify and trusted-keys can now be used in
+ the 'view' statement.
+
+ 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
+ now work.
+
+ 215. [bug] Failures at certain points in request processing
+ could cause the assertion INSIST(client->lockview
+ == NULL) to be triggered.
+
+ 214. [func] New public function isc_netaddr_format(), for
+ formatting network addresses in log messages.
+
+ 213. [bug] Don't leak memory when reloading the zone if
+ an update-policy clause was present in the old zone.
+
+ 212. [func] Added dns_message_get/settsigkey, to make TSIG
+ key management reasonable.
+
+ 211. [func] The 'key' and 'server' statements can now occur
+ inside 'view' statements.
+
+ 210. [bug] The 'allow-transfer' option was ignored for slave
+ zones, and the 'transfers-per-ns' option was
+ was ignored for all zones.
+
+ 209. [cleanup] Upgraded openssl files to new version 0.9.5a
+
+ 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
+ of an isc_offset_t.
+
+ 207. [func] The dnssec tools properly use the logging subsystem.
+
+ 206. [cleanup] dst now stores the key name as a dns_name_t, not
+ a char *.
+
+ 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
+ ("prototyped function redeclared without prototype")
+ and 1552 ("variable ... set but not used") when
+ compiling in the lib/dns/sec/{dnssafe,openssl}
+ directories, which contain code imported from outside
+ sources.
+
+ 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
+ to quiet the warnings that "The linked output may not
+ run on a PA 1.x system."
+
+ 203. [func] notify and zone soa queries are now tsig signed when
+ appropriate.
+
+ 202. [func] isc_lex_getsourceline() changed from returning int
+ to returning unsigned long, the type of its underlying
+ counter.
+
+ 201. [cleanup] Removed the test/sdig program, it has been
+ replaced by bin/dig/dig.
+
+
+ --- 9.0.0b3 released ---
+
+ 200. [bug] Failures in sending query responses to clients
+ (e.g., running out of network buffers) were
+ not logged.
+
+ 199. [bug] isc_heap_delete() sometimes violated the heap
+ invariant, causing timer events not to be posted
+ when due.
+
+ 198. [func] Dispatch managers hold memory pools which
+ any managed dispatcher may use. This allows
+ us to avoid dipping into the memory context for
+ most allocations. [19-May-2000 explorer]
+
+ 197. [bug] When an incoming AXFR or IXFR completes, the
+ zone's internal state is refreshed from the
+ SOA data. [19-May-2000 explorer]
+
+ 196. [func] Dispatchers can be shared easily between views
+ and/or interfaces. [19-May-2000 explorer]
+
+ 195. [bug] Including the NXT record of the root domain
+ in a negative response caused an assertion
+ failure.
+
+ 194. [doc] The PDF version of the Administrator's Reference
+ Manual is no longer included in the ISC BIND9
+ distribution.
+
+ 193. [func] changed dst_key_free() prototype.
+
+ 192. [bug] Zone configuration validation is now done at end
+ of config file parsing, and before loading
+ callbacks.
+
+ 191. [func] Patched to compile on UnixWare 7.x. This platform
+ is not directly supported by the ISC.
+
+ 190. [cleanup] The DNSSEC tools have been moved to a separate
+ directory dnssec/ and given the following new,
+ more descriptive names:
+
+ dnssec-keygen
+ dnssec-signzone
+ dnssec-signkey
+ dnssec-makekeyset
+
+ Their command line arguments have also been changed to
+ be more consistent. dnssec-keygen now prints the
+ name of the generated key files (sans extension)
+ on standard output to simplify its use in automated
+ scripts.
+
+ 189. [func] isc_time_secondsastimet(), a new function, will ensure
+ that the number of seconds in an isc_time_t does not
+ exceed the range of a time_t, or return ISC_R_RANGE.
+ Similarly, isc_time_now(), isc_time_nowplusinterval(),
+ isc_time_add() and isc_time_subtract() now check the
+ range for overflow/underflow. In the case of
+ isc_time_subtract, this changed a calling requirement
+ (ie, something that could generate an assertion)
+ into merely a condition that returns an error result.
+ isc_time_add() and isc_time_subtract() were void-
+ valued before but now return isc_result_t.
+
+ 188. [func] Log a warning message when an incoming zone transfer
+ contains out-of-zone data.
+
+ 187. [func] isc_ratelimter_enqueue() has an additional argument
+ 'task'.
+
+ 186. [func] dns_request_getresponse() has an additional argument
+ 'preserve_order'.
+
+ 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
+ public functions did not have an isc__ prefix, and
+ referred to functions that had previously been
+ renamed.
+
+ 184. [cleanup] Variables/functions which began with two leading
+ underscores were made to conform to the ANSI/ISO
+ standard, which says that such names are reserved.
+
+ 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
+ for logging the program name or other identifier.
+
+ 182. [cleanup] New commandline parameters for dnssec tools
+
+ 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
+
+ 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
+
+ 179. [func] options named.conf statement *must* now come
+ before any zone or view statements.
+
+ 178. [func] Post-load of named.conf check verifies a slave zone
+ has non-empty list of masters defined.
+
+ 177. [func] New per-zone boolean:
+
+ enable-zone yes | no ;
+
+ intended to let a zone be disabled without having
+ to comment out the entire zone statement.
+
+ 176. [func] New global and per-view option:
+
+ max-cache-ttl number
+
+ 175. [func] New global and per-view option:
+
+ additional-data internal | minimal | maximal;
+
+ 174. [func] New public function isc_sockaddr_format(), for
+ formatting socket addresses in log messages.
+
+ 173. [func] Keep a queue of zones waiting for zone transfer
+ quota so that a new transfer can be dispatched
+ immediately whenever quota becomes available.
+
+ 172. [bug] $TTL directive was sometimes missing from dumped
+ master files because totext_ctx_init() failed to
+ initialize ctx->current_ttl_valid.
+
+ 171. [cleanup] On NetBSD systems, the mit-pthreads or
+ unproven-pthreads library is now always used
+ unless --with-ptl2 is explicitly specified on
+ the configure command line. The
+ --with-mit-pthreads option is no longer needed
+ and has been removed.
+
+ 170. [cleanup] Remove inter server consistancy checks from zone,
+ these should return as a seperate module in 9.1.
+ dns_zone_checkservers(), dns_zone_checkparents(),
+ dns_zone_checkchildren(), dns_zone_checkglue().
+
+ Remove dns_zone_setadb(), dns_zone_setresolver(),
+ dns_zone_setrequestmgr() these should now be found
+ via the view.
+
+ 169. [func] ratelimiter can now process N events per interval.
+
+ 168. [bug] include statements in named.conf caused syntax errors
+ due to not consuming the semicolon ending the include
+ statement before switching input streams.
+
+ 167. [bug] Make lack of masters for a slave zone a soft error.
+
+ 166. [bug] Keygen was overwriting existing keys if key_id
+ conflicted, now it will retry, and non-null keys
+ with key_id == 0 are not generated anymore. Key
+ was not able to generate NOAUTHCONF DSA key,
+ increased RSA key size to 2048 bits.
+
+ 165. [cleanup] Silence "end-of-loop condition not reached" warnings
+ from Solaris compiler.
+
+ 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
+ isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
+ isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
+ to encapsulate nonportable usage of errno and sync.
+
+ 163. [func] Added result codes ISC_R_FILENOTFOUND and
+ ISC_R_FILEEXISTS.
+
+ 162. [bug] Ensure proper range for arguments to ctype.h functions.
+
+ 161. [cleanup] error in yyparse prototype that only HPUX caught.
+
+ 160. [cleanup] getnet*() are not going to be implemented at this
+ stage.
+
+ 159. [func] Redefinition of config file elements is now an
+ error (instead of a warning).
+
+ 158. [bug] Log channel and category list copy routines
+ weren't assigning properly to output parameter.
+
+ 157. [port] Fix missing prototype for getopt().
+
+ 156. [func] Support new 'database' statement in zone.
+
+ database "quoted-string";
+
+ 155. [bug] ns_notify_start() was not detaching the found zone.
+
+ 154. [func] The signer now logs libdns warnings to stderr even when
+ not verbose, and in a nicer format.
+
+ 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
+ is NULL then you need to preserve the 'rdata' until
+ you have finished using the structure as there may be
+ references to the associated memory. If 'mctx' is
+ non-NULL it is guaranteed that there are no references
+ to memory associated with 'rdata'.
+
+ dns_rdata_freestruct() must be called if 'mctx' was
+ non-NULL and may safely be called if 'mctx' was NULL.
+
+ 152. [bug] keygen dumped core if domain name argument was omitted
+ from command line.
+
+ 151. [func] Support 'disabled' statement in zone config (causes
+ zone to be parsed and then ignored). Currently must
+ come after the 'type' clause.
+
+ 150. [func] Support optional ports in masters and also-notify
+ statements:
+
+ masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
+
+ 149. [cleanup] Removed usused argument 'olist' from
+ dns_c_view_unsetordering().
+
+ 148. [cleanup] Stop issuing some warnings about some configuration
+ file statements that were not implemented, but now are.
+
+ 147. [bug] Changed yacc union size to be smaller for yaccs that
+ put yacc-stack on the real stack.
+
+ 146. [cleanup] More general redundant header file cleanup. Rather
+ than continuing to itemize every header which changed,
+ this changelog entry just notes that if a header file
+ did not need another header file that it was including
+ in order to provide its advertized functionality, the
+ inclusion of the other header file was removed. See
+ util/check-includes for how this was tested.
+
+ 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
+ ISC_LANG_ENDDECLS to header files that had function
+ prototypes, and removed it from those that did not.
+
+ 144. [cleanup] libdns header files too numerous to name were made
+ to conform to the same style for multiple inclusion
+ protection.
+
+ 143. [func] Added function dns_rdatatype_isknown().
+
+ 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
+ <isc/result.h>.
+
+ 141. [bug] Corrupt requests with multiple questions could
+ cause an assertion failure.
+
+ 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
+
+ 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
+ <isc/int.h> and <isc/result.h>.
+
+ 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
+ renamed isc_string_touint64. isc_strsep moved from
+ strsep.c to string.c and renamed isc_string_separate.
+
+ 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
+ <isc/serial.h>, <isc/string.h> and <isc/offset.h>
+ made to conform to the same style for multiple
+ inclusion protection.
+
+ 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
+ <isc/net.h> and Win32's <isc/thread.h> needed
+ ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
+
+ 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
+ or <isc/boolean.h>, now uses <isc/types.h> in place
+ of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
+ and ISC_LANG_ENDDECLS.
+
+ 134. [cleanup] <isc/dir.h> does not need <limits.h>.
+
+ 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
+
+ 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
+ need <isc/eventclass.h>.
+
+ 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
+ for ISC_R_* codes used in macros.
+
+ 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
+ <isc/boolean.h>, and now includes <isc/types.h>
+ instead of <isc/time.h>.
+
+ 129. [bug] The 'default_debug' log channel was not set up when
+ 'category default' was present in the config file
+
+ 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
+ ISC_LANG_ENDDECLS at end of header.
+
+ 127. [cleanup] The contracts for the comparision routines
+ dns_name_fullcompare(), dns_name_compare(),
+ dns_name_rdatacompare(), and dns_rdata_compare() now
+ specify that the order value returned is < 0, 0, or > 0
+ instead of -1, 0, or 1.
+
+ 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
+
+ 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
+ <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
+ <isc/resultclass.h> do not need <isc/lang.h>.
+
+ 124. [func] signer now imports parent's zone key signature
+ and creates null keys/sets zone status bit for
+ children when necessary
+
+ 123. [cleanup] <isc/event.h> does not need <stddef.h>.
+
+ 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
+ <isc/result.h>.
+
+ 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
+ <isc/result.h>. Multiple inclusion protection
+ symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
+ isc_symtab_t moved to <isc/types.h>.
+
+ 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
+ <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
+ <isc/net.h>.
+
+ 119. [cleanup] structure definitions for generic rdata stuctures do
+ not have _generic_ in their names.
+
+ 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
+ YACC crust (yyparse, etc) [2000-apr-27 explorer]
+
+ 117. [cleanup] libdns.a changes:
+ dns_zone_clearnotify() and dns_zone_addnotify()
+ are replaced by dns_zone_setnotifyalso().
+ dns_zone_clearmasters() and dns_zone_addmaster()
+ are replaced by dns_zone_setmasters().
+
+ 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
+ on Unix systems).
+
+ 115. [port] Shut up the -Wmissing-declarations warning about
+ <stdio.h>'s __sputaux on BSD/OS pre-4.1.
+
+ 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
+ <isc/list.h>.
+
+ 113. [func] Utility programs dig and host added.
+
+ 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
+
+ 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
+ <isc/mutex.h>.
+
+ 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
+ <isc/list.h>.
+
+ 109. [bug] "make depend" did nothing for
+ bin/tests/{db,mem,sockaddr,tasks,timers}/.
+
+ 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
+ <dns/types.h> to <dns/bit.h> and renamed to
+ DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
+
+ 107. [func] Add keysigner and keysettool.
+
+ 106. [func] Allow dnssec verifications to ignore the validity
+ period. Used by several of the dnssec tools.
+
+ 105. [doc] doc/dev/coding.html expanded with other
+ implicit conventions the developers have used.
+
+ 104. [bug] Made compress_add and compress_find static to
+ lib/dns/compress.c.
+
+ 103. [func] libisc buffer API changes for <isc/buffer.h>:
+ Added:
+ isc_buffer_base(b) (pointer)
+ isc_buffer_current(b) (pointer)
+ isc_buffer_active(b) (pointer)
+ isc_buffer_used(b) (pointer)
+ isc_buffer_length(b) (int)
+ isc_buffer_usedlength(b) (int)
+ isc_buffer_consumedlength(b) (int)
+ isc_buffer_remaininglength(b) (int)
+ isc_buffer_activelength(b) (int)
+ isc_buffer_availablelength(b) (int)
+ Removed:
+ ISC_BUFFER_USEDCOUNT(b)
+ ISC_BUFFER_AVAILABLECOUNT(b)
+ isc_buffer_type(b)
+ Changed names:
+ isc_buffer_used(b, r) ->
+ isc_buffer_usedregion(b, r)
+ isc_buffer_available(b, r) ->
+ isc_buffer_available_region(b, r)
+ isc_buffer_consumed(b, r) ->
+ isc_buffer_consumedregion(b, r)
+ isc_buffer_active(b, r) ->
+ isc_buffer_activeregion(b, r)
+ isc_buffer_remaining(b, r) ->
+ isc_buffer_remainingregion(b, r)
+
+ Buffer types were removed, so the ISC_BUFFERTYPE_*
+ macros are no more, and the type argument to
+ isc_buffer_init and isc_buffer_allocate were removed.
+ isc_buffer_putstr is now void (instead of isc_result_t)
+ and requires that the caller ensure that there
+ is enough available buffer space for the string.
+
+ 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
+ on BSD/OS 4.1.
+
+ 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
+
+ 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
+ <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
+
+ 99. [cleanup] Rate limiter now has separate shutdown() and
+ destroy() functions, and it guarantees that all
+ queued events are delivered even in the shutdown case.
+
+ 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
+ unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
+
+ 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
+ <isc/event.h>.
+
+ 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
+
+ 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
+
+ 94. [cleanup] Some installed header files did not compile as C++.
+
+ 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
+
+ 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
+ or <isc/result.h>.
+
+ 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
+ <isc/result.h>.
+
+ 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
+ from <named/listenlist.h>.
+
+ 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
+
+ 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
+ <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
+ moved to <isc/types.h>.
+
+ 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
+ <isc/mem.h> or <isc/result.h>.
+
+ 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
+ <isc/types.h>.
+
+ 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
+ <isc/list.h>, <isc/mem.h>, <isc/region.h> or
+ <isc/int.h>.
+
+ 84. [func] allow-query ACL checks now apply to all data
+ added to a response.
+
+ 83. [func] If the server is authoritative for both a
+ delegating zone and its (nonsecure) delegatee, and
+ a query is made for a KEY RR at the top of the
+ delegatee, then the server will look for a KEY
+ in the delegator if it is not found in the delegatee.
+
+ 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
+
+ 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
+ <isc/lang.h>.
+
+ 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
+
+ 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
+
+ 78. [cleanup] lwres_conftest renamed to lwresconf_test for
+ consistency with other *_test programs.
+
+ 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
+ <isc/time.h> to <isc/types.h>.
+
+ 76. [cleanup] Rewrote keygen.
+
+ 75. [func] Don't load a zone if its database file is older
+ than the last time the zone was loaded.
+
+ 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
+ subsumed by file.o.
+
+ 73. [func] New "file" API in libisc, including new function
+ isc_file_getmodtime, isc_mktemplate renamed to
+ isc_file_mktemplate and isc_ufile renamed to
+ isc_file_openunique. By no means an exhaustive API,
+ it is just what's needed for now.
+
+ 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
+ added for dns_rbt_findnode, the former to disable the
+ setting of the chain to the predecessor, and the
+ latter to make clear when no options are set.
+
+ 71. [cleanup] Made explicit the implicit REQUIREs of
+ isc_time_seconds, isc_time_nanoseconds, and
+ isc_time_subtract.
+
+ 70. [func] isc_time_set() added.
+
+ 69. [bug] The zone object's master and also-notify lists grew
+ longer with each server reload.
+
+ 68. [func] Partial support for SIG(0) on incoming messages.
+
+ 67. [performance] Allow use of alternate (compile-time supplied)
+ OpenSSL libraries/headers.
+
+ 66. [func] Data in authoritative zones should have a trust level
+ beyond secure.
+
+ 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
+ from <dns/types.h>.
+
+ 64. [func] The RBT, DB, and zone table APIs now allow the
+ caller find the most-enclosing superdomain of
+ a name.
+
+ 63. [func] Generate NOTIFY messages.
+
+ 62. [func] Add UDP refresh support.
+
+ 61. [cleanup] Use single quotes consistently in log messages.
+
+ 60. [func] Catch and disallow singleton types on message
+ parse.
+
+ 59. [bug] Cause net/host unreachable to be a hard error
+ when sending and receiving.
+
+ 58. [bug] bin/named/query.c could sometimes trigger the
+ (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
+ == 0 assertion in query_newname().
+
+ 57. [func] Added dns_nxt_typepresent()
+
+ 56. [bug] SIG records were not properly returned in cached
+ negative answers.
+
+ 55. [bug] Responses containing multiple names in the authority
+ section were not negatively cached.
+
+ 54. [bug] If a fetch with sigrdataset==NULL joined one with
+ sigrdataset!=NULL or vice versa, the resolver
+ could catch an assertion or lose signature data,
+ respectively.
+
+ 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
+ <sys/param.h>.
+
+ 52. [bug] rndc: taskmgr and socketmgr were not initialized
+ to NULL.
+
+ 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
+ dns/rbt.h; it was needed only by compress.c and zt.c.
+
+ 50. [func] RBT deletion no longer requires a valid chain to work,
+ and dns_rbt_deletenode was added.
+
+ 49. [func] Each cache now has its own mctx.
+
+ 48. [func] isc_task_create() no longer takes an mctx.
+ isc_task_mem() has been eliminated.
+
+ 47. [func] A number of modules now use memory context reference
+ counting.
+
+ 46. [func] Memory contexts are now reference counted.
+ Added isc_mem_inuse() and isc_mem_preallocate().
+ Renamed isc_mem_destroy_check() to
+ isc_mem_setdestroycheck().
+
+ 45. [bug] The trusted-key statement incorrectly loaded keys.
+
+ 44. [bug] Don't include authority data if it would force us
+ to unset the AD bit in the message.
+
+ 43. [bug] DNSSEC verification of cached rdatasets was failing.
+
+ 42. [cleanup] Simplified logging of messages with embedded domain
+ names by introducing a new convenience function
+ dns_name_format().
+
+ 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
+ to allow 'named' to run as a non-root user while
+ retaining the ability to bind() to privileged
+ ports.
+
+ 40. [func] Introduced new logging category "dnssec" and
+ logging module "dns/validator".
+
+ 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
+ and isc_lex_t to <isc/types.h>.
+
+ 38. [bug] TSIG signed incoming zone transfers work now.
+
+ 37. [bug] If the first RR in an incoming zone transfer was
+ not an SOA, the server died with an assertion failure
+ instead of just reporting an error.
+
+ 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
+
+ 35. [performance] Log messages which are of a level too high to be
+ logged by any channel in the logging configuration
+ will not cause the log mutex to be locked.
+
+ 34. [bug] Recursion was allowed even with 'recursion no'.
+
+ 33. [func] The RBT now maintains a parent pointer at each node.
+
+ 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
+ prototype.
+
+ 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
+
+ 30. [func] config file grammer change to support optional
+ class type for a view.
+
+ 29. [func] support new config file view options:
+
+ auth-nxdomain recursion query-source
+ query-source-v6 transfer-source
+ transfer-source-v6 max-transfer-time-out
+ max-transfer-idle-out transfer-format
+ request-ixfr provide-ixfr cleaning-interval
+ fetch-glue notify rfc2308-type1 lame-ttl
+ max-ncache-ttl min-roots
+
+ 28. [func] support lame-ttl, min-roots and serial-queries
+ config global options.
+
+ 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
+ Including it on other platforms (eg, NetBSD) can
+ cause a forced #error from the C preprocessor.
+
+ 26. [func] new match-clients statement in config file view.
+
+ 25. [bug] make install failed to install <isc/log.h> and
+ <isc/ondestroy.h>.
+
+ 24. [cleanup] Eliminate some unnecessary #includes of header
+ files from header files.
+
+ 23. [cleanup] Provide more context in log messages about client
+ requests, using a new function ns_client_log().
+
+ 22. [bug] SIGs weren't returned in the answer section when
+ the query resulted in a fetch.
+
+ 21. [port] Look at STD_CINCLUDES after CINCLUDES during
+ compilation, so additional system include directories
+ can be searched but header files in the bind9 source
+ tree with conflicting names take precedence. This
+ avoids issues with installed versions of dnssafe and
+ openssl.
+
+ 20. [func] Configuration file post-load validation of zones
+ failed if there were no zones.
+
+ 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
+ lock in certain error cases.
+
+ 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
+ configure.in to check for presence of in6addr_any.
+
+ 17. [func] Do configuration file post-load validation of zones.
+
+ 16. [bug] put quotes around key names on config file
+ output to avoid possible keyword clashes.
+
+ 15. [func] Add dns_name_dupwithoffsets(). This function is
+ improves comparison performance for duped names.
+
+ 14. [bug] free_rbtdb() could have 'put' unallocated memory in
+ an unlikely error path.
+
+ 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
+ out-of-zone data.
+
+ 12. [bug] Fixed possible unitialized variable error.
+
+ 11. [bug] axfr_rrstream_first() didn't check the result code of
+ db_rr_iterator_first(), possibly causing an assertion
+ to be triggered later.
+
+ 10. [bug] A bug in the code which makes EDNS0 OPT records in
+ bin/named/client.c and lib/dns/resolver.c could
+ trigger an assertion.
+
+ 9. [cleanup] replaced bit-setting code in confctx.c and replaced
+ repeated code with macro calls.
+
+ 8. [bug] Shutdown of incoming zone transfer accessed
+ freed memory.
+
+ 7. [cleanup] removed 'listen-on' from view statement.
+
+ 6. [bug] quote RR names when generating config file to
+ prevent possible clash with config file keywords
+ (such as 'key').
+
+ 5. [func] syntax change to named.conf file: new ssu grant/deny
+ statements must now be enclosed by an 'update-policy'
+ block.
+
+ 4. [port] bin/named/unix/os.c didn't compile on systems with
+ linux 2.3 kernel includes due to conflicts between
+ C library includes and the kernel includes. We now
+ get only what we need from <linux/capability.h>, and
+ avoid pulling in other linux kernel .h files.
+
+ 3. [bug] TKEYs go in the answer section of responses, not
+ the additional section.
+
+ 2. [bug] Generating cryptographic randomness failed on
+ systems without /dev/random.
+
+ 1. [bug] The installdirs rule in
+ lib/isc/unix/include/isc/Makefile.in had a typo which
+ prevented the isc directory from being created if it
+ didn't exist.
+
+ --- 9.0.0b2 released ---
+
+# This tells Emacs to use hard tabs in this file.
+# Local Variables:
+# indent-tabs-mode: t
+# End:
diff --git a/contrib/bind9/COPYRIGHT b/contrib/bind9/COPYRIGHT
new file mode 100644
index 000000000000..ee104781f533
--- /dev/null
+++ b/contrib/bind9/COPYRIGHT
@@ -0,0 +1,30 @@
+Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2003 Internet Software Consortium.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+$Id: COPYRIGHT,v 1.6.2.2.8.2 2004/03/08 04:04:12 marka Exp $
+
+Portions Copyright (C) 1996-2001 Nominum, Inc.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/contrib/bind9/FAQ b/contrib/bind9/FAQ
new file mode 100644
index 000000000000..25eb00ce38b8
--- /dev/null
+++ b/contrib/bind9/FAQ
@@ -0,0 +1,454 @@
+
+
+
+Frequently Asked Questions about BIND 9
+
+
+Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
+
+A: Linux threads do not fully implement the Posix threads (pthreads) standard.
+In particular, setuid() operates only on the current thread, not the full
+process. Because of this limitation, BIND 9 cannot use setuid() on Linux as it
+can on all other supported platforms. setuid() cannot be called before
+creating threads, since the server does not start listening on reserved ports
+until after threads have started.
+
+ In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
+capabilities across a setuid() call is present. This allows BIND 9 to call
+setuid() early, while retaining the ability to bind reserved ports. This is
+a Linux-specific hack.
+
+ On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
+of a security risk than a root process that has not dropped privileges.
+
+ If Linux threads ever work correctly, this restriction will go away.
+
+ Configuring BIND9 with the --disable-threads option (the default) causes a
+non-threaded version to be built, which will allow -u to be used.
+
+
+Q: Why does named log the warning message "no TTL specified - using SOA
+MINTTL instead"?
+
+A: Your zone file is illegal according to RFC1035. It must either
+have a line like
+
+ $TTL 86400
+
+at the beginning, or the first record in it must have a TTL field,
+like the "84600" in this example:
+
+ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
+
+Q: Why do I see 5 (or more) copies of named on Linux?
+
+A: Linux threads each show up as a process under ps. The approximate
+number of threads running is n+4, where n is the number of CPUs. Note that
+the amount of memory used is not cumulative; if each process is using 10M of
+memory, only a total of 10M is used.
+
+
+Q: Why does BIND 9 log "permission denied" errors accessing its
+configuration files or zones on my Linux system even though it is running
+as root?
+
+A: On Linux, BIND 9 drops most of its root privileges on startup.
+This including the privilege to open files owned by other users.
+Therefore, if the server is running as root, the configuration files
+and zone files should also be owned by root.
+
+
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file
+bar: ran out of space"
+
+A: This is often caused by TXT records with missing close quotes. Check that
+all TXT records containing quoted strings have both open and close quotes.
+
+
+Q: How do I produce a usable core file from a multithreaded named on Linux?
+
+A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps
+are usable (that is, the correct thread is dumped). Otherwise, if using
+a 2.2 kernel, apply the kernel patch found in contrib/linux/coredump-patch
+and rebuild the kernel. This patch will cause multithreaded programs to dump
+the correct thread.
+
+
+Q: How do I restrict people from looking up the server version?
+
+A: Put a "version" option containing something other than the real
+version in the "options" section of named.conf. Note doing this will
+not prevent attacks and may impede people trying to diagnose problems
+with your server. Also it is possible to "fingerprint" nameservers to
+determine their version.
+
+
+Q: How do I restrict only remote users from looking up the server
+version?
+
+A: The following view statement will intercept lookups as the internal
+view that holds the version information will be matched last. The
+caveats of the previous answer still apply, of course.
+
+ view "chaos" chaos {
+ match-clients { <those to be refused>; };
+ allow-query { none; };
+ zone "." {
+ type hint;
+ file "/dev/null"; // or any empty file
+ };
+ };
+
+
+Q: What do "no source of entropy found" or "could not open entropy source foo"
+mean?
+
+A: The server requires a source of entropy to perform certain operations,
+mostly DNSSEC related. These messages indicate that you have no source
+of entropy. On systems with /dev/random or an equivalent, it is used by
+default. A source of entropy can also be defined using the random-device
+option in named.conf.
+
+
+Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
+
+A: BIND 9 is installed under /usr/local by default. BIND 8 is often
+installed under /usr. Check that the correct named is running.
+
+
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone
+transfers. I'm sure I have the keys set up correctly, but the server
+is rejecting the TSIG. Why?
+
+A: This may be a clock skew problem. Check that the the clocks on
+the client and server are properly synchronized (e.g., using ntp).
+
+
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not
+being found. Why?
+
+A: Using a parallel or distributed "make" to build BIND 9 is not
+supported, and doesn't work. If you are using one of these, use
+normal make or gmake instead.
+
+
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is
+logging error messages like "notify to 10.0.0.1#53 failed: unexpected
+end of input". What's wrong?
+
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed
+in BIND 8.2.4. It can be safely ignored - the notify has been acted on by
+the slave despite the error message.
+
+
+Q: I keep getting log messages like the following. Why?
+
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
+ update failed: 'RRset exists (value dependent)' prerequisite not
+ satisfied (NXRRSET)
+
+A: DNS updates allow the update request to test to see if certain
+conditions are met prior to proceeding with the update. The message
+above is saying that conditions were not met and the update is not
+proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
+
+
+Q: I keep getting log messages like the following. Why?
+
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+
+A: Someone is trying to update your DNS data using the RFC2136 Dynamic
+Update protocol. Windows 2000 machines have a habit of sending dynamic
+update requests to DNS servers without being specifically configured to
+do so. If the update requests are coming from a Windows 2000 machine,
+see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
+for information about how to turn them off.
+
+
+Q: I see a log message like the following. Why?
+
+ couldn't open pid file '/var/run/named.pid': Permission denied
+
+A: You are most likely running named as a non-root user, and that user
+does not have permission to write in /var/run. The common ways of
+fixing this are to create a /var/run/named directory owned by the named
+user and set pid-file to "/var/run/named/named.pid", or set
+pid-file to "named.pid", which will put the file in the directory
+specified by the directory option (which, in this case, must be writable
+by the named user).
+
+
+Q: When I do a "dig . ns", many of the A records for the root
+servers are missing. Why?
+
+A: This is normal and harmless. It is a somewhat confusing side effect
+of the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
+makes to avoid promoting glue into answers.
+
+When BIND 9 first starts up and primes its cache, it receives the root
+server addresses as additional data in an authoritative response from
+a root server, and these records are eligible for inclusion as
+additional data in responses. Subsequently it receives a subset of
+the root server addresses as additional data in a non-authoritative
+(referral) response from a root server. This causes the addresses to
+now be considered non-authoritative (glue) data, which is not eligible
+for inclusion in responses.
+
+The server does have a complete set of root server addresses cached
+at all times, it just may not include all of them as additional data,
+depending on whether they were last received as answers or as glue.
+You can always look up the addresses with explicit queries like
+"dig a.root-servers.net A".
+
+
+Q: Zone transfers from my BIND 9 master to my Windows 2000 slave
+fail. Why?
+
+A: This may be caused by a bug in the Windows 2000 DNS server where
+DNS messages larger than 16K are not handled properly. This can be
+worked around by setting the option "transfer-format one-answer;".
+Also check whether your zone contains domain names with embedded
+spaces or other special characters, like "John\032Doe\213s\032Computer",
+since such names have been known to cause Windows 2000 slaves to
+incorrectly reject the zone.
+
+
+Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+
+A: A zone can be updated either by editing zone files and reloading
+the server or by dynamic update, but not both. If you have enabled
+dynamic update for a zone using the "allow-update" option, you are not
+supposed to edit the zone file by hand, and the server will not
+attempt to reload it.
+
+
+Q: I can query the nameserver from the nameserver but not from other
+machines. Why?
+
+A: This is usually the result of the firewall configuration stopping
+the queries and / or the replies.
+
+
+Q: How can I make a server a slave for both an internal and
+an external view at the same time? When I tried, both views
+on the slave were transferred from the same view on the master.
+
+A: You will need to give the master and slave multiple IP addresses and
+use those to make sure you reach the correct view on the other machine.
+
+ e.g.
+ Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.1;
+ transfer-source 10.0.1.1;
+ query-source address 10.0.1.1;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.2;
+ transfer-source 10.0.1.2;
+ query-source address 10.0.1.2;
+
+ Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.3;
+ transfer-source 10.0.1.3;
+ query-source address 10.0.1.3;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.4;
+ transfer-source 10.0.1.4;
+ query-source address 10.0.1.4;
+
+ You put the external address on the alias so that all the other
+ dns clients on these boxes see the internal view by default.
+
+A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.2 { keys external; };
+ recursion no;
+ ...
+ };
+
+ Slave 10.0.1.2:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.0.1 { keys external; };
+ recursion no;
+ ...
+ };
+
+
+Q: I have Freebsd 4.x and "rndc-confgen -a" just sits there.
+
+A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel
+to use certain interrupts as a source of random events. You can make this
+permanent by setting rand_irqs in /etc/rc.conf.
+
+e.g.
+ /etc/rc.conf
+ rand_irqs="3 14 15"
+
+See also http://people.freebsd.org/~dougb/randomness.html
+
+
+Q: Why is named listening on UDP port other than 53?
+
+A: Named uses a system selected port to make queries of other nameservers.
+This behaviour can be overridden by using query-source to lock down the
+port and/or address. See also notify-source and transfer-source.
+
+
+Q: I get error messages like "multiple RRs of singleton type" and
+"CNAME and other data" when transferring a zone. What does this mean?
+
+A: These indicate a malformed master zone. You can identify the
+exact records involved by transferring the zone using dig then
+running named-checkzone on it.
+
+ e.g.
+ dig axfr example.com @master-server > tmp
+ named-checkzone example.com tmp
+
+
+Q: I get error messages like "named.conf:99: unexpected end of input" where
+99 is the last line of named.conf.
+
+A: Some text editors (notepad and wordpad) fail to put a line termination
+indication (e.g. CR/LF) on the last line of a text file. This can be fixed
+by "adding" a blank line to the end of the file. Named expects to see EOF
+immediately after EOL and treats text files where this is not met as truncated.
+
+
+Q: I get warning messages like "zone example.com/IN: refresh: failure trying master
+1.2.3.4#53: timed out".
+
+A: Check that you can make UDP queries from the slave to the master
+
+ dig +norec example.com soa @1.2.3.4
+
+A: You could be generating queries faster than the slave can cope with. Lower
+the serial query rate.
+
+ serial-query-rate 5; // default 20
+
+Q: How do I share a dynamic zone between multiple views?
+
+A: You choose one view to be master and the second a slave and transfer
+the zone between views.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+
+ key "mykey" {
+ algorithm hmac-md5;
+ secret "yyyyyyyy";
+ };
+
+ view "internal" {
+ match-clients { !external; 10.0.1/24; };
+ server 10.0.1.1 {
+ /* Deliver notify messages to external view. */
+ keys { external; };
+ };
+ zone "example.com" {
+ type master;
+ file "internal/example.db";
+ allow-update { key mykey; };
+ notify-also { 10.0.1.1; };
+ };
+ };
+
+ view "external" {
+ match-clients { external; any; };
+ zone "example.com" {
+ type slave;
+ file "external/example.db";
+ masters { 10.0.1.1; };
+ transfer-source { 10.0.1.1; };
+ // allow-update-forwarding { any; };
+ // allow-notify { ... };
+ };
+ };
+
+Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
+file primaries/wireless.ietf56.ietf.org: no owner".
+
+A: This error is produced when a line in the master file contains leading
+white space (tab/space) but the is no current record owner name to inherit
+the name from. Usually this is the result of putting white space before
+a comment. Forgeting the "@" for the SOA record or indenting the master
+file.
+
+
+Q: Why are my logs in GMT (UTC).
+
+A: You are running chrooted (-t) and have not supplied local timzone
+information in the chroot area.
+
+ FreeBSD: /etc/localtime
+ Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
+ OSF: /etc/zoneinfo/localtime
+
+ See also tzset(3) and zic(8).
+
+
+Q: I get the error message "named: capset failed: Operation not permitted"
+when starting named.
+
+A: The capset module has not been loaded into the kernel. See insmod(8).
+
+
+Q: I get "rndc: connect failed: connection refused" when I try to run
+ rndc.
+
+A: This is usually a configuration error.
+
+ First ensure that named is running and no errors are being
+ reported at startup (/var/log/messages or equivalent). Running
+ "named -g <usual arguements>" from a terminal can help at this
+ point.
+
+ Secondly ensure that named is configured to use rndc either by
+ "rndc-confgen -a", rndc-confgen or manually. The Administators
+ Reference manual has details on how to do this.
+
+ Old versions of rndc-confgen used localhost rather than 127.0.0.1
+ in /etc/rndc.conf for the default server. Update /etc/rndc.conf
+ if necessary so that the default server listed in /etc/rndc.conf
+ matches the addresses used in named.conf. "localhost" has two
+ address (127.0.0.1 and ::1).
+
+ If you use "rndc-confgen -a" and named is running with -t or -u
+ ensure that /etc/rndc.conf has the correct ownership and that
+ a copy is in the chroot area. You can do this by re-running
+ "rndc-confgen -a" with appropriate -t and -u arguements.
+
+
+Q: I don't get RRSIG's returned when I use "dig +dnssec".
+
+A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
diff --git a/contrib/bind9/Makefile.in b/contrib/bind9/Makefile.in
new file mode 100644
index 000000000000..a2a06531b878
--- /dev/null
+++ b/contrib/bind9/Makefile.in
@@ -0,0 +1,59 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.41.2.2.2.2 2004/03/08 04:04:12 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+SUBDIRS = make lib bin doc @LIBBIND@
+TARGETS =
+
+@BIND9_MAKE_RULES@
+
+distclean::
+ @if [ "X@LIBBIND@" = "X" ] ; then \
+ i=lib/bind; \
+ echo "making $@ in `pwd`/$$i"; \
+ (cd $$i; ${MAKE} ${MAKEDEFS} $@) || exit 1; \
+ fi
+
+distclean::
+ rm -f config.cache config.h config.log config.status TAGS
+ rm -f libtool isc-config.sh configure.lineno
+ rm -f util/conf.sh docutil/docbook2man-wrapper.sh
+
+# XXX we should clean libtool stuff too. Only do this after we add rules
+# to make it.
+maintainer-clean::
+ rm -f configure
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+
+install:: isc-config.sh installdirs
+ ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
+
+tags:
+ rm -f TAGS
+ find lib bin -name "*.[ch]" -print | @ETAGS@ -
+
+check: test
+
+test:
+ (cd bin/tests && ${MAKE} ${MAKEDEFS} test)
diff --git a/contrib/bind9/README b/contrib/bind9/README
new file mode 100644
index 000000000000..73715ce09de4
--- /dev/null
+++ b/contrib/bind9/README
@@ -0,0 +1,344 @@
+BIND 9
+
+ BIND version 9 is a major rewrite of nearly all aspects of the
+ underlying BIND architecture. Some of the important features of
+ BIND 9 are:
+
+ - DNS Security
+ DNSSEC (signed zones)
+ TSIG (signed DNS requests)
+
+ - IP version 6
+ Answers DNS queries on IPv6 sockets
+ IPv6 resource records (AAAA)
+ Experimental IPv6 Resolver Library
+
+ - DNS Protocol Enhancements
+ IXFR, DDNS, Notify, EDNS0
+ Improved standards conformance
+
+ - Views
+ One server process can provide multiple "views" of
+ the DNS namespace, e.g. an "inside" view to certain
+ clients, and an "outside" view to others.
+
+ - Multiprocessor Support
+
+ - Improved Portability Architecture
+
+
+ BIND version 9 development has been underwritten by the following
+ organizations:
+
+ Sun Microsystems, Inc.
+ Hewlett Packard
+ Compaq Computer Corporation
+ IBM
+ Process Software Corporation
+ Silicon Graphics, Inc.
+ Network Associates, Inc.
+ U.S. Defense Information Systems Agency
+ USENIX Association
+ Stichting NLnet - NLnet Foundation
+ Nominum, Inc.
+
+
+BIND 9.3.0
+
+ BIND 9.3.0 has a number of new features over 9.2,
+ including:
+
+ DNSSEC is now DS based (RFC 3658).
+ See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
+
+ DNSSEC lookaside validation.
+
+ check-names is now implemented.
+ rrset-order in more complete.
+
+ IPv4/IPv6 transition support, dual-stack-servers.
+
+ IXFR deltas can now be generated when loading master files,
+ ixfr-from-differences.
+
+ It is now possible to specify the size of a journal, max-journal-size.
+
+ It is now possible to define a named set of master servers to be
+ used in masters clause, masters.
+
+ The advertised EDNS UDP size can now be set, edns-udp-size.
+
+ allow-v6-synthesis has been obsoleted.
+
+ NOTE:
+ * Zones containing MD and MF will now be rejected.
+ * dig, nslookup name. now report "Not Implemented" as
+ NOTIMP rather than NOTIMPL. This will have impact on scripts
+ that are looking for NOTIMPL.
+
+ libbind: corresponds to that from BIND 8.4.5.
+
+BIND 9.2.0
+
+ BIND 9.2.0 has a number of new features over 9.1,
+ including:
+
+ - The size of the cache can now be limited using the
+ "max-cache-size" option.
+
+ - The server can now automatically convert RFC1886-style
+ recursive lookup requests into RFC2874-style lookups,
+ when enabled using the new option "allow-v6-synthesis".
+ This allows stub resolvers that support AAAA records
+ but not A6 record chains or binary labels to perform
+ lookups in domains that make use of these IPv6 DNS
+ features.
+
+ - Performance has been improved.
+
+ - The man pages now use the more portable "man" macros
+ rather than the "mandoc" macros, and are installed
+ by "make install".
+
+ - The named.conf parser has been completely rewritten.
+ It now supports "include" directives in more
+ places such as inside "view" statements, and it no
+ longer has any reserved words.
+
+ - The "rndc status" command is now implemented.
+
+ - rndc can now be configured automatically.
+
+ - A BIND 8 compatible stub resolver library is now
+ included in lib/bind.
+
+ - OpenSSL has been removed from the distribution. This
+ means that to use DNSSEC, OpenSSL must be installed and
+ the --with-openssl option must be supplied to configure.
+ This does not apply to the use of TSIG, which does not
+ require OpenSSL.
+
+ - The source distribution now builds on Windows NT/2000.
+ See win32utils/readme1.txt and win32utils/win32-build.txt
+ for details.
+
+ This distribution also includes a new lightweight stub
+ resolver library and associated resolver daemon that fully
+ support forward and reverse lookups of both IPv4 and IPv6
+ addresses. This library is considered experimental and
+ is not a complete replacement for the BIND 8 resolver library.
+ Applications that use the BIND 8 res_* functions to perform
+ DNS lookups or dynamic updates still need to be linked against
+ the BIND 8 libraries. For DNS lookups, they can also use the
+ new "getrrsetbyname()" API.
+
+ BIND 9.2 is capable of acting as an authoritative server
+ for DNSSEC secured zones. This functionality is believed to
+ be stable and complete except for lacking support for
+ verifications involving wildcard records in secure zones.
+
+ When acting as a caching server, BIND 9.2 can be configured
+ to perform DNSSEC secure resolution on behalf of its clients.
+ This part of the DNSSEC implementation is still considered
+ experimental. For detailed information about the state of the
+ DNSSEC implementation, see the file doc/misc/dnssec.
+
+ There are a few known bugs:
+
+ On some systems, IPv6 and IPv4 sockets interact in
+ unexpected ways. For details, see doc/misc/ipv6.
+ To reduce the impact of these problems, the server
+ no longer listens for requests on IPv6 addresses
+ by default. If you need to accept DNS queries over
+ IPv6, you must specify "listen-on-v6 { any; };"
+ in the named.conf options statement.
+
+ FreeBSD prior to 4.2 (and 4.2 if running as non-root)
+ and OpenBSD prior to 2.8 log messages like
+ "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
+ This is due to a bug in "/dev/random" and impacts the
+ server's DNSSEC support.
+
+ OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
+ OS X 10.2 (Darwin 6.0) reports errors like
+ "fcntl(3, F_SETFL, 4): Operation not supported by device".
+ This is due to a bug in "/dev/random" and impacts the
+ server's DNSSEC support.
+
+ --with-libtool does not work on AIX.
+
+ A bug in the Windows 2000 DNS server can cause zone transfers
+ from a BIND 9 server to a W2K server to fail. For details,
+ see the "Zone Transfers" section in doc/misc/migration.
+
+ For a detailed list of user-visible changes from
+ previous releases, see the CHANGES file.
+
+
+Building
+
+ BIND 9 currently requires a UNIX system with an ANSI C compiler,
+ basic POSIX support, and a 64 bit integer type.
+
+ We've had successful builds and tests on the following systems:
+
+ COMPAQ Tru64 UNIX 5.1B
+ FreeBSD 4.10, 5.2.1
+ HP-UX 11.11
+ NetBSD 1.5
+ Slackware Linux 8.1
+ Solaris 8, 9, 9 (x86)
+ Windows NT/2000/XP/2003
+
+ Additionally, we have unverified reports of success building
+ previous versions of BIND 9 from users of the following systems:
+
+ AIX 5L
+ SuSE Linux 7.0
+ Slackware Linux 7.x, 8.0
+ Red Hat Linux 7.1
+ Debian GNU/Linux 2.2 and 3.0
+ Mandrake 8.1
+ OpenBSD 2.6, 2.8, 2.9
+ UnixWare 7.1.1
+ HP-UX 10.20
+ BSD/OS 4.2
+ Mac OS X 10.1
+
+ To build, just
+
+ ./configure
+ make
+
+ Do not use a parallel "make".
+
+ Several environment variables that can be set before running
+ configure will affect compilation:
+
+ CC
+ The C compiler to use. configure tries to figure
+ out the right one for supported systems.
+
+ CFLAGS
+ C compiler flags. Defaults to include -g and/or -O2
+ as supported by the compiler.
+
+ STD_CINCLUDES
+ System header file directories. Can be used to specify
+ where add-on thread or IPv6 support is, for example.
+ Defaults to empty string.
+
+ STD_CDEFINES
+ Any additional preprocessor symbols you want defined.
+ Defaults to empty string.
+
+ Possible settings:
+ Change the default syslog facility of named/lwresd.
+ -DISC_FACILITY=LOG_LOCAL0
+ Enable DNSSEC signature chasing support in dig.
+ -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
+ -DDIG_SIGCHASE_BU=1)
+
+ LDFLAGS
+ Linker flags. Defaults to empty string.
+
+ To build shared libraries, specify "--with-libtool" on the
+ configure command line.
+
+ For the server to support DNSSEC, you need to build it
+ with crypto support. You must have OpenSSL 0.9.5a
+ or newer installed and specify "--with-openssl" on the
+ configure command line. If OpenSSL is installed under
+ a nonstandard prefix, you can tell configure where to
+ look for it using "--with-openssl=/prefix".
+
+ To build libbind (the BIND 8 resolver library), specify
+ "--enable-libbind" on the configure command line.
+
+ On some platforms, BIND 9 can be built with multithreading
+ support, allowing it to take advantage of multiple CPUs.
+ You can specify whether to build a multithreaded BIND 9
+ by specifying "--enable-threads" or "--disable-threads"
+ on the configure command line. The default is operating
+ system dependent.
+
+ If your operating system has integrated support for IPv6, it
+ will be used automatically. If you have installed KAME IPv6
+ separately, use "--with-kame[=PATH]" to specify its location.
+
+ "make install" will install "named" and the various BIND 9 libraries.
+ By default, installation is into /usr/local, but this can be changed
+ with the "--prefix" option when running "configure".
+
+ You may specify the option "--sysconfdir" to set the directory
+ where configuration files like "named.conf" go by default,
+ and "--localstatedir" to set the default parent directory
+ of "run/named.pid". For backwards compatibility with BIND 8,
+ --sysconfdir defaults to "/etc" and --localstatedir defaults to
+ "/var" if no --prefix option is given. If there is a --prefix
+ option, sysconfdir defaults to "$prefix/etc" and localstatedir
+ defaults to "$prefix/var".
+
+ To see additional configure options, run "configure --help".
+ Note that the help message does not reflect the BIND 8
+ compatibility defaults for sysconfdir and localstatedir.
+
+ If you're planning on making changes to the BIND 9 source, you
+ should also "make depend". If you're using Emacs, you might find
+ "make tags" helpful.
+
+ If you need to re-run configure please run "make distclean" first.
+ This will ensure that all the option changes take.
+
+ Building with gcc is not supported, unless gcc is the vendor's usual
+ compiler (e.g. the various BSD systems, Linux).
+
+ * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
+ * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
+
+ A limited test suite can be run with "make test". Many of
+ the tests require you to configure a set of virtual IP addresses
+ on your system, and some require Perl; see bin/tests/system/README
+ for details.
+
+
+Documentation
+
+ The BIND 9 Administrator Reference Manual is included with the
+ source distribution in DocBook XML and HTML format, in the
+ doc/arm directory.
+
+ Some of the programs in the BIND 9 distribution have man pages
+ in their directories. In particular, the command line
+ options of "named" are documented in /bin/named/named.8.
+ There is now also a set of man pages for the lwres library.
+
+ If you are upgrading from BIND 8, please read the migration
+ notes in doc/misc/migration. If you are upgrading from
+ BIND 4, read doc/misc/migration-4to9.
+
+ Frequently asked questions and their answers can be found in
+ FAQ.
+
+
+Bug Reports and Mailing Lists
+
+ Bugs reports should be sent to
+
+ bind9-bugs@isc.org
+
+ To join the BIND Users mailing list, send mail to
+
+ bind-users-request@isc.org
+
+ archives of which can be found via
+
+ http://www.isc.org/ops/lists/
+
+ If you're planning on making changes to the BIND 9 source
+ code, you might want to join the BIND Workers mailing list.
+ Send mail to
+
+ bind-workers-request@isc.org
+
+
diff --git a/contrib/bind9/acconfig.h b/contrib/bind9/acconfig.h
new file mode 100644
index 000000000000..0eacd065ad3e
--- /dev/null
+++ b/contrib/bind9/acconfig.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: acconfig.h,v 1.35.2.4.2.8 2004/05/21 08:24:04 marka Exp $ */
+
+/***
+ *** This file is not to be included by any public header files, because
+ *** it does not get installed.
+ ***/
+@TOP@
+
+/* define to `int' if <sys/types.h> doesn't define. */
+#undef ssize_t
+
+/* define on DEC OSF to enable 4.4BSD style sa_len support */
+#undef _SOCKADDR_LEN
+
+/* define if your system needs pthread_init() before using pthreads */
+#undef NEED_PTHREAD_INIT
+
+/* define if your system has sigwait() */
+#undef HAVE_SIGWAIT
+
+/* define if sigwait() is the UnixWare flavor */
+#undef HAVE_UNIXWARE_SIGWAIT
+
+/* define on Solaris to get sigwait() to work using pthreads semantics */
+#undef _POSIX_PTHREAD_SEMANTICS
+
+/* define if LinuxThreads is in use */
+#undef HAVE_LINUXTHREADS
+
+/* define if sysconf() is available */
+#undef HAVE_SYSCONF
+
+/* define if sysctlbyname() is available */
+#undef HAVE_SYSCTLBYNAME
+
+/* define if catgets() is available */
+#undef HAVE_CATGETS
+
+/* define if getifaddrs() exists */
+#undef HAVE_GETIFADDRS
+
+/* define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
+#undef HAVE_IFLIST_SYSCTL
+
+/* define if chroot() is available */
+#undef HAVE_CHROOT
+
+/* define if tzset() is available */
+#undef HAVE_TZSET
+
+/* define if struct addrinfo exists */
+#undef HAVE_ADDRINFO
+
+/* define if getaddrinfo() exists */
+#undef HAVE_GETADDRINFO
+
+/* define if gai_strerror() exists */
+#undef HAVE_GAISTRERROR
+
+/* define if arc4random() exists */
+#undef HAVE_ARC4RANDOM
+
+/* define if pthread_setconcurrency() should be called to tell the
+ * OS how many threads we might want to run.
+ */
+#undef CALL_PTHREAD_SETCONCURRENCY
+
+/* define if IPv6 is not disabled */
+#undef WANT_IPV6
+
+/* define if flockfile() is available */
+#undef HAVE_FLOCKFILE
+
+/* define if getc_unlocked() is available */
+#undef HAVE_GETCUNLOCKED
+
+/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
+#undef SHUTUP_SPUTAUX
+#ifdef SHUTUP_SPUTAUX
+struct __sFILE;
+extern __inline int __sputaux(int _c, struct __sFILE *_p);
+#endif
+
+/* Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
+#undef SHUTUP_SIGWAIT
+#ifdef SHUTUP_SIGWAIT
+int sigwait(const unsigned int *set, int *sig);
+#endif
+
+/* Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
+#undef SHUTUP_STDARG_CAST
+#if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__)
+#include <stdarg.h> /* Grr. Must be included *every time*. */
+/*
+ * The silly continuation line is to keep configure from
+ * commenting out the #undef.
+ */
+#undef \
+ va_start
+#define va_start(ap, last) \
+ do { \
+ union { const void *konst; long *var; } _u; \
+ _u.konst = &(last); \
+ ap = (va_list)(_u.var + __va_words(__typeof(last))); \
+ } while (0)
+#endif /* SHUTUP_STDARG_CAST && __GNUC__ */
+
+/* define if the system has a random number generating device */
+#undef PATH_RANDOMDEV
+
+/* define if pthread_attr_getstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
+
+/* define if pthread_attr_setstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
+
+/* define if you have strerror in the C library. */
+#undef HAVE_STRERROR
+
+/* Define if you are running under Compaq TruCluster.. */
+#undef HAVE_TRUCLUSTER
+
+/* Define if OpenSSL includes DSA support */
+#undef HAVE_OPENSSL_DSA
diff --git a/contrib/bind9/bin/Makefile.in b/contrib/bind9/bin/Makefile.in
new file mode 100644
index 000000000000..d8261d7b4c2a
--- /dev/null
+++ b/contrib/bind9/bin/Makefile.in
@@ -0,0 +1,25 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.22.208.1 2004/03/06 10:21:10 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+SUBDIRS = named rndc dig dnssec tests nsupdate check
+TARGETS =
+
+@BIND9_MAKE_RULES@
diff --git a/contrib/bind9/bin/check/Makefile.in b/contrib/bind9/bin/check/Makefile.in
new file mode 100644
index 000000000000..5fdf4637afe6
--- /dev/null
+++ b/contrib/bind9/bin/check/Makefile.in
@@ -0,0 +1,95 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.15.2.3.8.6 2004/07/20 07:01:48 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
+ ${ISC_INCLUDES}
+
+CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CWARNINGS =
+
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+
+LIBS = @LIBS@
+
+SUBDIRS =
+
+# Alphabetically
+TARGETS = named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
+
+# Alphabetically
+SRCS = named-checkconf.c named-checkzone.c check-tool.c
+
+MANPAGES = named-checkconf.8 named-checkzone.8
+
+HTMLPAGES = named-checkconf.html named-checkzone.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+named-checkconf.@O@: named-checkconf.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/named-checkconf.c
+
+named-checkzone.@O@: named-checkzone.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/named-checkzone.c
+
+named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+ ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ named-checkzone.@O@ check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
+ for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+
+clean distclean::
+ rm -f ${TARGETS} r1.htm
diff --git a/contrib/bind9/bin/check/check-tool.c b/contrib/bind9/bin/check/check-tool.c
new file mode 100644
index 000000000000..cefee82cfe27
--- /dev/null
+++ b/contrib/bind9/bin/check/check-tool.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: check-tool.c,v 1.4.12.5 2004/03/08 04:04:13 marka Exp $ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "check-tool.h"
+#include <isc/util.h>
+
+#include <isc/buffer.h>
+#include <isc/log.h>
+#include <isc/region.h>
+#include <isc/stdio.h>
+#include <isc/types.h>
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/types.h>
+#include <dns/zone.h>
+
+#define CHECK(r) \
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+static const char *dbtype[] = { "rbt" };
+
+int debug = 0;
+isc_boolean_t nomerge = ISC_TRUE;
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS|DNS_ZONEOPT_MANYERRORS;
+
+isc_result_t
+setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
+ isc_logdestination_t destination;
+ isc_logconfig_t *logconfig = NULL;
+ isc_log_t *log = NULL;
+
+ RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
+ isc_log_setcontext(log);
+
+ destination.file.stream = stdout;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL) == ISC_R_SUCCESS);
+
+ *logp = log;
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
+ const char *classname, dns_zone_t **zonep)
+{
+ isc_result_t result;
+ dns_rdataclass_t rdclass;
+ isc_textregion_t region;
+ isc_buffer_t buffer;
+ dns_fixedname_t fixorigin;
+ dns_name_t *origin;
+ dns_zone_t *zone = NULL;
+
+ REQUIRE(zonep == NULL || *zonep == NULL);
+
+ if (debug)
+ fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
+ zonename, filename, classname);
+
+ CHECK(dns_zone_create(&zone, mctx));
+
+ dns_zone_settype(zone, dns_zone_master);
+
+ isc_buffer_init(&buffer, zonename, strlen(zonename));
+ isc_buffer_add(&buffer, strlen(zonename));
+ dns_fixedname_init(&fixorigin);
+ origin = dns_fixedname_name(&fixorigin);
+ CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+ CHECK(dns_zone_setorigin(zone, origin));
+ CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
+ CHECK(dns_zone_setfile(zone, filename));
+
+ DE_CONST(classname, region.base);
+ region.length = strlen(classname);
+ CHECK(dns_rdataclass_fromtext(&rdclass, &region));
+
+ dns_zone_setclass(zone, rdclass);
+ dns_zone_setoption(zone, zone_options, ISC_TRUE);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
+
+ CHECK(dns_zone_load(zone));
+ if (zonep != NULL){
+ *zonep = zone;
+ zone = NULL;
+ }
+
+ cleanup:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ return (result);
+}
+
+isc_result_t
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename)
+{
+ isc_result_t result;
+ FILE *output = stdout;
+
+ if (debug) {
+ if (filename != NULL)
+ fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
+ zonename, filename);
+ else
+ fprintf(stderr, "dumping \"%s\"\n", zonename);
+ }
+
+ if (filename != NULL) {
+ result = isc_stdio_open(filename, "w+", &output);
+
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not open output "
+ "file \"%s\" for writing\n", filename);
+ return (ISC_R_FAILURE);
+ }
+ }
+
+ result = dns_zone_fulldumptostream(zone, output);
+
+ if (filename != NULL)
+ (void)isc_stdio_close(output);
+
+ return (result);
+}
diff --git a/contrib/bind9/bin/check/check-tool.h b/contrib/bind9/bin/check/check-tool.h
new file mode 100644
index 000000000000..105cd258ca3d
--- /dev/null
+++ b/contrib/bind9/bin/check/check-tool.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: check-tool.h,v 1.2.12.5 2004/03/08 04:04:13 marka Exp $ */
+
+#ifndef CHECK_TOOL_H
+#define CHECK_TOOL_H
+
+#include <isc/lang.h>
+
+#include <isc/types.h>
+#include <dns/types.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+setup_logging(isc_mem_t *mctx, isc_log_t **logp);
+
+isc_result_t
+load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
+ const char *classname, dns_zone_t **zonep);
+
+isc_result_t
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename);
+
+extern int debug;
+extern isc_boolean_t nomerge;
+extern unsigned int zone_options;
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/contrib/bind9/bin/check/named-checkconf.8 b/contrib/bind9/bin/check/named-checkconf.8
new file mode 100644
index 000000000000..25dbdd86ff15
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkconf.8
@@ -0,0 +1,59 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named-checkconf.8,v 1.11.12.4 2004/06/03 05:35:41 marka Exp $
+.\"
+.TH "NAMED-CHECKCONF" "8" "June 14, 2000" "BIND9" ""
+.SH NAME
+named-checkconf \- named configuration file syntax checking tool
+.SH SYNOPSIS
+.sp
+\fBnamed-checkconf\fR [ \fB-v\fR ] [ \fB-j\fR ] [ \fB-t \fIdirectory\fB\fR ] \fBfilename\fR [ \fB-z\fR ]
+.SH "DESCRIPTION"
+.PP
+\fBnamed-checkconf\fR checks the syntax, but not
+the semantics, of a named configuration file.
+.SH "OPTIONS"
+.TP
+\fB-t \fIdirectory\fB\fR
+chroot to \fIdirectory\fR so that include
+directives in the configuration file are processed as if
+run by a similarly chrooted named.
+.TP
+\fB-v\fR
+Print the version of the \fBnamed-checkconf\fR
+program and exit.
+.TP
+\fB-z\fR
+Perform a check load the master zonefiles found in
+\fInamed.conf\fR.
+.TP
+\fB-j\fR
+When loading a zonefile read the journal if it exists.
+.TP
+\fBfilename\fR
+The name of the configuration file to be checked. If not
+specified, it defaults to \fI/etc/named.conf\fR.
+.SH "RETURN VALUES"
+.PP
+\fBnamed-checkconf\fR returns an exit status of 1 if
+errors were detected and 0 otherwise.
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fIBIND 9 Administrator Reference Manual\fR.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
diff --git a/contrib/bind9/bin/check/named-checkconf.c b/contrib/bind9/bin/check/named-checkconf.c
new file mode 100644
index 000000000000..88a7299b0168
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkconf.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named-checkconf.c,v 1.12.12.7 2004/03/08 09:04:14 marka Exp $ */
+
+#include <config.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/commandline.h>
+#include <isc/dir.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <bind9/check.h>
+
+#include <dns/log.h>
+#include <dns/result.h>
+
+#include "check-tool.h"
+
+isc_log_t *logc = NULL;
+
+#define CHECK(r)\
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+static void
+usage(void) {
+ fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] "
+ "[named.conf]\n");
+ exit(1);
+}
+
+static isc_result_t
+directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
+ isc_result_t result;
+ char *directory;
+
+ REQUIRE(strcasecmp("directory", clausename) == 0);
+
+ UNUSED(arg);
+ UNUSED(clausename);
+
+ /*
+ * Change directory.
+ */
+ directory = cfg_obj_asstring(obj);
+ result = isc_dir_chdir(directory);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(obj, logc, ISC_LOG_ERROR,
+ "change directory to '%s' failed: %s\n",
+ directory, isc_result_totext(result));
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
+ isc_mem_t *mctx)
+{
+ isc_result_t result;
+ const char *zclass;
+ const char *zname;
+ const char *zfile;
+ cfg_obj_t *zoptions = NULL;
+ cfg_obj_t *classobj = NULL;
+ cfg_obj_t *typeobj = NULL;
+ cfg_obj_t *fileobj = NULL;
+ cfg_obj_t *dbobj = NULL;
+
+ zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
+ classobj = cfg_tuple_get(zconfig, "class");
+ if (!cfg_obj_isstring(classobj))
+ zclass = vclass;
+ else
+ zclass = cfg_obj_asstring(classobj);
+ zoptions = cfg_tuple_get(zconfig, "options");
+ cfg_map_get(zoptions, "type", &typeobj);
+ if (typeobj == NULL)
+ return (ISC_R_FAILURE);
+ if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
+ return (ISC_R_SUCCESS);
+ cfg_map_get(zoptions, "database", &dbobj);
+ if (dbobj != NULL)
+ return (ISC_R_SUCCESS);
+ cfg_map_get(zoptions, "file", &fileobj);
+ if (fileobj == NULL)
+ return (ISC_R_FAILURE);
+ zfile = cfg_obj_asstring(fileobj);
+ result = load_zone(mctx, zname, zfile, zclass, NULL);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
+ dns_result_totext(result));
+ return(result);
+}
+
+static isc_result_t
+configure_view(const char *vclass, const char *view, cfg_obj_t *config,
+ cfg_obj_t *vconfig, isc_mem_t *mctx)
+{
+ cfg_listelt_t *element;
+ cfg_obj_t *voptions;
+ cfg_obj_t *zonelist;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t tresult;
+
+ voptions = NULL;
+ if (vconfig != NULL)
+ voptions = cfg_tuple_get(vconfig, "options");
+
+ zonelist = NULL;
+ if (voptions != NULL)
+ (void)cfg_map_get(voptions, "zone", &zonelist);
+ else
+ (void)cfg_map_get(config, "zone", &zonelist);
+
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ cfg_obj_t *zconfig = cfg_listelt_value(element);
+ tresult = configure_zone(vclass, view, zconfig, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+ return (result);
+}
+
+
+static isc_result_t
+load_zones_fromconfig(cfg_obj_t *config, isc_mem_t *mctx) {
+ cfg_listelt_t *element;
+ cfg_obj_t *classobj;
+ cfg_obj_t *views;
+ cfg_obj_t *vconfig;
+ const char *vclass;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t tresult;
+
+ views = NULL;
+
+ (void)cfg_map_get(config, "view", &views);
+ for (element = cfg_list_first(views);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const char *vname;
+
+ vclass = "IN";
+ vconfig = cfg_listelt_value(element);
+ if (vconfig != NULL) {
+ classobj = cfg_tuple_get(vconfig, "class");
+ if (cfg_obj_isstring(classobj))
+ vclass = cfg_obj_asstring(classobj);
+ }
+ vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
+ tresult = configure_view(vclass, vname, config, vconfig, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+
+ if (views == NULL) {
+ tresult = configure_view("IN", "_default", config, NULL, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+ return (result);
+}
+
+int
+main(int argc, char **argv) {
+ int c;
+ cfg_parser_t *parser = NULL;
+ cfg_obj_t *config = NULL;
+ const char *conffile = NULL;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ int exit_status = 0;
+ isc_boolean_t load_zones = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) {
+ switch (c) {
+ case 'd':
+ debug++;
+ break;
+
+ case 'j':
+ nomerge = ISC_FALSE;
+ break;
+
+ case 't':
+ result = isc_dir_chroot(isc_commandline_argument);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chroot: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ result = isc_dir_chdir("/");
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ break;
+
+ case 'v':
+ printf(VERSION "\n");
+ exit(0);
+
+ case 'z':
+ load_zones = ISC_TRUE;
+ break;
+
+ default:
+ usage();
+ }
+ }
+
+ if (argv[isc_commandline_index] != NULL)
+ conffile = argv[isc_commandline_index];
+ if (conffile == NULL || conffile[0] == '\0')
+ conffile = NAMED_CONFFILE;
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
+
+ cfg_parser_setcallback(parser, directory_callback, NULL);
+
+ if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
+ ISC_R_SUCCESS)
+ exit(1);
+
+ result = bind9_check_namedconf(config, logc, mctx);
+ if (result != ISC_R_SUCCESS)
+ exit_status = 1;
+
+ if (result == ISC_R_SUCCESS && load_zones) {
+ dns_log_init(logc);
+ dns_log_setcontext(logc);
+ result = load_zones_fromconfig(config, mctx);
+ if (result != ISC_R_SUCCESS)
+ exit_status = 1;
+ }
+
+ cfg_obj_destroy(parser, &config);
+
+ cfg_parser_destroy(&parser);
+
+ isc_log_destroy(&logc);
+
+ isc_mem_destroy(&mctx);
+
+ return (exit_status);
+}
diff --git a/contrib/bind9/bin/check/named-checkconf.docbook b/contrib/bind9/bin/check/named-checkconf.docbook
new file mode 100644
index 000000000000..d1336cfa537b
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkconf.docbook
@@ -0,0 +1,146 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.5 2004/06/03 02:24:59 marka Exp $ -->
+
+<refentry>
+ <refentryinfo>
+ <date>June 14, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>named-checkconf</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>named-checkconf</application></refname>
+ <refpurpose>named configuration file syntax checking tool</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named-checkconf</command>
+ <arg><option>-v</option></arg>
+ <arg><option>-j</option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="req">filename</arg>
+ <arg><option>-z</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ <command>named-checkconf</command> checks the syntax, but not
+ the semantics, of a named configuration file.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ chroot to <filename>directory</filename> so that include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Print the version of the <command>named-checkconf</command>
+ program and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-z</term>
+ <listitem>
+ <para>
+ Perform a check load the master zonefiles found in
+ <filename>named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-j</term>
+ <listitem>
+ <para>
+ When loading a zonefile read the journal if it exists.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>filename</term>
+ <listitem>
+ <para>
+ The name of the configuration file to be checked. If not
+ specified, it defaults to <filename>/etc/named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>RETURN VALUES</title>
+ <para>
+ <command>named-checkconf</command> returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>named</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ <corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
+
diff --git a/contrib/bind9/bin/check/named-checkconf.html b/contrib/bind9/bin/check/named-checkconf.html
new file mode 100644
index 000000000000..8d5f38e99c51
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkconf.html
@@ -0,0 +1,216 @@
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkconf.html,v 1.5.2.1.4.5 2004/08/22 23:38:57 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>named-checkconf</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="AEN1"
+></A
+><SPAN
+CLASS="APPLICATION"
+>named-checkconf</SPAN
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN9"
+></A
+><H2
+>Name</H2
+><SPAN
+CLASS="APPLICATION"
+>named-checkconf</SPAN
+>&nbsp;--&nbsp;named configuration file syntax checking tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN13"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>named-checkconf</B
+> [<VAR
+CLASS="OPTION"
+>-v</VAR
+>] [<VAR
+CLASS="OPTION"
+>-j</VAR
+>] [<VAR
+CLASS="OPTION"
+>-t <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></VAR
+>] {filename} [<VAR
+CLASS="OPTION"
+>-z</VAR
+>]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+> <B
+CLASS="COMMAND"
+>named-checkconf</B
+> checks the syntax, but not
+ the semantics, of a named configuration file.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN30"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-t <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></DT
+><DD
+><P
+> chroot to <TT
+CLASS="FILENAME"
+>directory</TT
+> so that include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+> Print the version of the <B
+CLASS="COMMAND"
+>named-checkconf</B
+>
+ program and exit.
+ </P
+></DD
+><DT
+>-z</DT
+><DD
+><P
+> Perform a check load the master zonefiles found in
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+>.
+ </P
+></DD
+><DT
+>-j</DT
+><DD
+><P
+> When loading a zonefile read the journal if it exists.
+ </P
+></DD
+><DT
+>filename</DT
+><DD
+><P
+> The name of the configuration file to be checked. If not
+ specified, it defaults to <TT
+CLASS="FILENAME"
+>/etc/named.conf</TT
+>.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN58"
+></A
+><H2
+>RETURN VALUES</H2
+><P
+> <B
+CLASS="COMMAND"
+>named-checkconf</B
+> returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN62"
+></A
+><H2
+>SEE ALSO</H2
+><P
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>named</SPAN
+>(8)</SPAN
+>,
+ <I
+CLASS="CITETITLE"
+>BIND 9 Administrator Reference Manual</I
+>.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN69"
+></A
+><H2
+>AUTHOR</H2
+><P
+> Internet Systems Consortium
+ </P
+></DIV
+></BODY
+></HTML
+>
diff --git a/contrib/bind9/bin/check/named-checkzone.8 b/contrib/bind9/bin/check/named-checkzone.8
new file mode 100644
index 000000000000..efa600c8e087
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkzone.8
@@ -0,0 +1,94 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named-checkzone.8,v 1.11.2.1.8.4 2004/06/03 05:35:42 marka Exp $
+.\"
+.TH "NAMED-CHECKZONE" "8" "June 13, 2000" "BIND9" ""
+.SH NAME
+named-checkzone \- zone file validity checking tool
+.SH SYNOPSIS
+.sp
+\fBnamed-checkzone\fR [ \fB-d\fR ] [ \fB-j\fR ] [ \fB-q\fR ] [ \fB-v\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-k \fImode\fB\fR ] [ \fB-n \fImode\fB\fR ] [ \fB-o \fIfilename\fB\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-w \fIdirectory\fB\fR ] [ \fB-D\fR ] \fBzonename\fR \fBfilename\fR
+.SH "DESCRIPTION"
+.PP
+\fBnamed-checkzone\fR checks the syntax and integrity of
+a zone file. It performs the same checks as \fBnamed\fR
+does when loading a zone. This makes
+\fBnamed-checkzone\fR useful for checking zone
+files before configuring them into a name server.
+.SH "OPTIONS"
+.TP
+\fB-d\fR
+Enable debugging.
+.TP
+\fB-q\fR
+Quiet mode - exit code only.
+.TP
+\fB-v\fR
+Print the version of the \fBnamed-checkzone\fR
+program and exit.
+.TP
+\fB-j\fR
+When loading the zone file read the journal if it exists.
+.TP
+\fB-c \fIclass\fB\fR
+Specify the class of the zone. If not specified "IN" is assumed.
+.TP
+\fB-k \fImode\fB\fR
+Perform \fB"check-name"\fR checks with the specified failure mode.
+Possible modes are \fB"fail"\fR,
+\fB"warn"\fR (default) and
+\fB"ignore"\fR.
+.TP
+\fB-n \fImode\fB\fR
+Specify whether NS records should be checked to see if they
+are addresses. Possible modes are \fB"fail"\fR,
+\fB"warn"\fR (default) and
+\fB"ignore"\fR.
+.TP
+\fB-o \fIfilename\fB\fR
+Write zone output to \fIdirectory\fR.
+.TP
+\fB-t \fIdirectory\fB\fR
+chroot to \fIdirectory\fR so that include
+directives in the configuration file are processed as if
+run by a similarly chrooted named.
+.TP
+\fB-w \fIdirectory\fB\fR
+chdir to \fIdirectory\fR so that relative
+filenames in master file $INCLUDE directives work. This
+is similar to the directory clause in
+\fInamed.conf\fR.
+.TP
+\fB-D\fR
+Dump zone file in canonical format.
+.TP
+\fBzonename\fR
+The domain name of the zone being checked.
+.TP
+\fBfilename\fR
+The name of the zone file.
+.SH "RETURN VALUES"
+.PP
+\fBnamed-checkzone\fR returns an exit status of 1 if
+errors were detected and 0 otherwise.
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fIRFC 1035\fR,
+\fIBIND 9 Administrator Reference Manual\fR.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
diff --git a/contrib/bind9/bin/check/named-checkzone.c b/contrib/bind9/bin/check/named-checkzone.c
new file mode 100644
index 000000000000..d023bd685774
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkzone.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named-checkzone.c,v 1.13.2.3.8.9 2004/03/06 10:21:11 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/dir.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/zone.h>
+
+#include "check-tool.h"
+
+static int quiet = 0;
+static isc_mem_t *mctx = NULL;
+dns_zone_t *zone = NULL;
+dns_zonetype_t zonetype = dns_zone_master;
+static int dumpzone = 0;
+static const char *output_filename;
+
+#define ERRRET(result, function) \
+ do { \
+ if (result != ISC_R_SUCCESS) { \
+ if (!quiet) \
+ fprintf(stderr, "%s() returned %s\n", \
+ function, dns_result_totext(result)); \
+ return (result); \
+ } \
+ } while (0)
+
+static void
+usage(void) {
+ fprintf(stderr,
+ "usage: named-checkzone [-djqvD] [-c class] [-o output] "
+ "[-t directory] [-w directory] [-k option] zonename filename\n");
+ exit(1);
+}
+
+static void
+destroy(void) {
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+}
+
+int
+main(int argc, char **argv) {
+ int c;
+ char *origin = NULL;
+ char *filename = NULL;
+ isc_log_t *lctx = NULL;
+ isc_result_t result;
+ char classname_in[] = "IN";
+ char *classname = classname_in;
+ const char *workdir = NULL;
+
+ while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:D")) != EOF) {
+ switch (c) {
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+
+ case 'd':
+ debug++;
+ break;
+
+ case 'j':
+ nomerge = ISC_FALSE;
+ break;
+
+ case 'n':
+ if (!strcmp(isc_commandline_argument, "ignore"))
+ zone_options &= ~(DNS_ZONEOPT_CHECKNS|
+ DNS_ZONEOPT_FATALNS);
+ else if (!strcmp(isc_commandline_argument, "warn")) {
+ zone_options |= DNS_ZONEOPT_CHECKNS;
+ zone_options &= ~DNS_ZONEOPT_FATALNS;
+ } else if (!strcmp(isc_commandline_argument, "fail"))
+ zone_options |= DNS_ZONEOPT_CHECKNS|
+ DNS_ZONEOPT_FATALNS;
+ break;
+
+ case 'k':
+ if (!strcmp(isc_commandline_argument, "check-names")) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES;
+ } else if (!strcmp(isc_commandline_argument,
+ "check-names-fail")) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES |
+ DNS_ZONEOPT_CHECKNAMESFAIL;
+ }
+ break;
+
+ case 'q':
+ quiet++;
+ break;
+
+ case 't':
+ result = isc_dir_chroot(isc_commandline_argument);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chroot: %s: %s\n",
+ isc_commandline_argument,
+ isc_result_totext(result));
+ exit(1);
+ }
+ result = isc_dir_chdir("/");
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ break;
+
+ case 'o':
+ output_filename = isc_commandline_argument;
+ break;
+
+ case 'v':
+ printf(VERSION "\n");
+ exit(0);
+
+ case 'w':
+ workdir = isc_commandline_argument;
+ break;
+
+ case 'D':
+ dumpzone++;
+ break;
+
+ default:
+ usage();
+ }
+ }
+
+ if (workdir != NULL) {
+ result = isc_dir_chdir(workdir);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s: %s\n",
+ workdir, isc_result_totext(result));
+ exit(1);
+ }
+ }
+
+ if (isc_commandline_index + 2 > argc)
+ usage();
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ if (!quiet) {
+ RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+ }
+
+ dns_result_register();
+
+ origin = argv[isc_commandline_index++];
+ filename = argv[isc_commandline_index++];
+ result = load_zone(mctx, origin, filename, classname, &zone);
+
+ if (result == ISC_R_SUCCESS && dumpzone) {
+ result = dump_zone(origin, zone, output_filename);
+ }
+
+ if (!quiet && result == ISC_R_SUCCESS)
+ fprintf(stdout, "OK\n");
+ destroy();
+ if (lctx != NULL)
+ isc_log_destroy(&lctx);
+ isc_mem_destroy(&mctx);
+ return ((result == ISC_R_SUCCESS) ? 0 : 1);
+}
diff --git a/contrib/bind9/bin/check/named-checkzone.docbook b/contrib/bind9/bin/check/named-checkzone.docbook
new file mode 100644
index 000000000000..68b0baeeba44
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkzone.docbook
@@ -0,0 +1,236 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.7 2004/06/03 02:25:00 marka Exp $ -->
+
+<refentry>
+ <refentryinfo>
+ <date>June 13, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>named-checkzone</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>named-checkzone</application></refname>
+ <refpurpose>zone file validity checking tool</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named-checkzone</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-j</option></arg>
+ <arg><option>-q</option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-D</option></arg>
+ <arg choice="req">zonename</arg>
+ <arg choice="req">filename</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ <command>named-checkzone</command> checks the syntax and integrity of
+ a zone file. It performs the same checks as <command>named</command>
+ does when loading a zone. This makes
+ <command>named-checkzone</command> useful for checking zone
+ files before configuring them into a name server.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-d</term>
+ <listitem>
+ <para>
+ Enable debugging.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-q</term>
+ <listitem>
+ <para>
+ Quiet mode - exit code only.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Print the version of the <command>named-checkzone</command>
+ program and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-j</term>
+ <listitem>
+ <para>
+ When loading the zone file read the journal if it exists.
+ </para>
+ </listitem>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Specify the class of the zone. If not specified "IN" is assumed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Perform <command>"check-name"</command> checks with the specified failure mode.
+ Possible modes are <command>"fail"</command>,
+ <command>"warn"</command> (default) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Specify whether NS records should be checked to see if they
+ are addresses. Possible modes are <command>"fail"</command>,
+ <command>"warn"</command> (default) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-o <replaceable class="parameter">filename</replaceable></term>
+ <listitem>
+ <para>
+ Write zone output to <filename>directory</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ chroot to <filename>directory</filename> so that include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-w <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ chdir to <filename>directory</filename> so that relative
+ filenames in master file $INCLUDE directives work. This
+ is similar to the directory clause in
+ <filename>named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D</term>
+ <listitem>
+ <para>
+ Dump zone file in canonical format.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>zonename</term>
+ <listitem>
+ <para>
+ The domain name of the zone being checked.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>filename</term>
+ <listitem>
+ <para>
+ The name of the zone file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>RETURN VALUES</title>
+ <para>
+ <command>named-checkzone</command> returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>named</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>RFC 1035</citetitle>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ <corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
+
diff --git a/contrib/bind9/bin/check/named-checkzone.html b/contrib/bind9/bin/check/named-checkzone.html
new file mode 100644
index 000000000000..dd14c1f8fd73
--- /dev/null
+++ b/contrib/bind9/bin/check/named-checkzone.html
@@ -0,0 +1,367 @@
+<!--
+ - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkzone.html,v 1.5.2.2.4.5 2004/08/22 23:38:57 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>named-checkzone</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="AEN1"
+></A
+><SPAN
+CLASS="APPLICATION"
+>named-checkzone</SPAN
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN9"
+></A
+><H2
+>Name</H2
+><SPAN
+CLASS="APPLICATION"
+>named-checkzone</SPAN
+>&nbsp;--&nbsp;zone file validity checking tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN13"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>named-checkzone</B
+> [<VAR
+CLASS="OPTION"
+>-d</VAR
+>] [<VAR
+CLASS="OPTION"
+>-j</VAR
+>] [<VAR
+CLASS="OPTION"
+>-q</VAR
+>] [<VAR
+CLASS="OPTION"
+>-v</VAR
+>] [<VAR
+CLASS="OPTION"
+>-c <VAR
+CLASS="REPLACEABLE"
+>class</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-k <VAR
+CLASS="REPLACEABLE"
+>mode</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-n <VAR
+CLASS="REPLACEABLE"
+>mode</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-o <VAR
+CLASS="REPLACEABLE"
+>filename</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-t <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-w <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-D</VAR
+>] {zonename} {filename}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN46"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+> <B
+CLASS="COMMAND"
+>named-checkzone</B
+> checks the syntax and integrity of
+ a zone file. It performs the same checks as <B
+CLASS="COMMAND"
+>named</B
+>
+ does when loading a zone. This makes
+ <B
+CLASS="COMMAND"
+>named-checkzone</B
+> useful for checking zone
+ files before configuring them into a name server.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN52"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-d</DT
+><DD
+><P
+> Enable debugging.
+ </P
+></DD
+><DT
+>-q</DT
+><DD
+><P
+> Quiet mode - exit code only.
+ </P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+> Print the version of the <B
+CLASS="COMMAND"
+>named-checkzone</B
+>
+ program and exit.
+ </P
+></DD
+><DT
+>-j</DT
+><DD
+><P
+> When loading the zone file read the journal if it exists.
+ </P
+></DD
+><DT
+>-c <VAR
+CLASS="REPLACEABLE"
+>class</VAR
+></DT
+><DD
+><P
+> Specify the class of the zone. If not specified "IN" is assumed.
+ </P
+></DD
+><DT
+>-k <VAR
+CLASS="REPLACEABLE"
+>mode</VAR
+></DT
+><DD
+><P
+> Perform <B
+CLASS="COMMAND"
+>"check-name"</B
+> checks with the specified failure mode.
+ Possible modes are <B
+CLASS="COMMAND"
+>"fail"</B
+>,
+ <B
+CLASS="COMMAND"
+>"warn"</B
+> (default) and
+ <B
+CLASS="COMMAND"
+>"ignore"</B
+>.
+ </P
+></DD
+><DT
+>-n <VAR
+CLASS="REPLACEABLE"
+>mode</VAR
+></DT
+><DD
+><P
+> Specify whether NS records should be checked to see if they
+ are addresses. Possible modes are <B
+CLASS="COMMAND"
+>"fail"</B
+>,
+ <B
+CLASS="COMMAND"
+>"warn"</B
+> (default) and
+ <B
+CLASS="COMMAND"
+>"ignore"</B
+>.
+ </P
+></DD
+><DT
+>-o <VAR
+CLASS="REPLACEABLE"
+>filename</VAR
+></DT
+><DD
+><P
+> Write zone output to <TT
+CLASS="FILENAME"
+>directory</TT
+>.
+ </P
+></DD
+><DT
+>-t <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></DT
+><DD
+><P
+> chroot to <TT
+CLASS="FILENAME"
+>directory</TT
+> so that include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </P
+></DD
+><DT
+>-w <VAR
+CLASS="REPLACEABLE"
+>directory</VAR
+></DT
+><DD
+><P
+> chdir to <TT
+CLASS="FILENAME"
+>directory</TT
+> so that relative
+ filenames in master file $INCLUDE directives work. This
+ is similar to the directory clause in
+ <TT
+CLASS="FILENAME"
+>named.conf</TT
+>.
+ </P
+></DD
+><DT
+>-D</DT
+><DD
+><P
+> Dump zone file in canonical format.
+ </P
+></DD
+><DT
+>zonename</DT
+><DD
+><P
+> The domain name of the zone being checked.
+ </P
+></DD
+><DT
+>filename</DT
+><DD
+><P
+> The name of the zone file.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN125"
+></A
+><H2
+>RETURN VALUES</H2
+><P
+> <B
+CLASS="COMMAND"
+>named-checkzone</B
+> returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN129"
+></A
+><H2
+>SEE ALSO</H2
+><P
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>named</SPAN
+>(8)</SPAN
+>,
+ <I
+CLASS="CITETITLE"
+>RFC 1035</I
+>,
+ <I
+CLASS="CITETITLE"
+>BIND 9 Administrator Reference Manual</I
+>.
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN137"
+></A
+><H2
+>AUTHOR</H2
+><P
+> Internet Systems Consortium
+ </P
+></DIV
+></BODY
+></HTML
+>
diff --git a/contrib/bind9/bin/dig/Makefile.in b/contrib/bind9/bin/dig/Makefile.in
new file mode 100644
index 000000000000..65c14ce88222
--- /dev/null
+++ b/contrib/bind9/bin/dig/Makefile.in
@@ -0,0 +1,101 @@
+# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.25.12.12 2004/08/18 23:25:57 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISC_INCLUDES} ${LWRES_INCLUDES}
+
+CDEFINES = -DVERSION=\"${VERSION}\"
+CWARNINGS =
+
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+LWRESLIBS = ../../lib/lwres/liblwres.@A@
+
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
+ ${LWRESDEPLIBS}
+
+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
+ ${ISCCFGLIBS} @LIBS@
+
+SUBDIRS =
+
+TARGETS = dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+
+OBJS = dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
+
+UOBJS =
+
+SRCS = dig.c dighost.c host.c nslookup.c
+
+MANPAGES = dig.1 host.1 nslookup.1
+
+HTMLPAGES = dig.html host.html nslookup.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
+ rm -f ${TARGETS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ dig@EXEEXT@ ${DESTDIR}${bindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ host@EXEEXT@ ${DESTDIR}${bindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ nslookup@EXEEXT@ ${DESTDIR}${bindir}
+ for m in ${MANPAGES}; do \
+ ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
+ done
diff --git a/contrib/bind9/bin/dig/dig.1 b/contrib/bind9/bin/dig/dig.1
new file mode 100644
index 000000000000..f14d9216873b
--- /dev/null
+++ b/contrib/bind9/bin/dig/dig.1
@@ -0,0 +1,401 @@
+.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dig.1,v 1.14.2.4.2.6 2004/06/23 09:11:01 marka Exp $
+.\"
+.TH "DIG" "1" "Jun 30, 2000" "BIND9" ""
+.SH NAME
+dig \- DNS lookup utility
+.SH SYNOPSIS
+.sp
+\fBdig\fR [ \fB@server\fR ] [ \fB-b \fIaddress\fB\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-f \fIfilename\fB\fR ] [ \fB-k \fIfilename\fB\fR ] [ \fB-p \fIport#\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-x \fIaddr\fB\fR ] [ \fB-y \fIname:key\fB\fR ] [ \fB-4\fR ] [ \fB-6\fR ] [ \fBname\fR ] [ \fBtype\fR ] [ \fBclass\fR ] [ \fBqueryopt\fR\fI...\fR ]
+.sp
+\fBdig\fR [ \fB-h\fR ]
+.sp
+\fBdig\fR [ \fBglobal-queryopt\fR\fI...\fR ] [ \fBquery\fR\fI...\fR ]
+.SH "DESCRIPTION"
+.PP
+\fBdig\fR (domain information groper) is a flexible tool
+for interrogating DNS name servers. It performs DNS lookups and
+displays the answers that are returned from the name server(s) that
+were queried. Most DNS administrators use \fBdig\fR to
+troubleshoot DNS problems because of its flexibility, ease of use and
+clarity of output. Other lookup tools tend to have less functionality
+than \fBdig\fR.
+.PP
+Although \fBdig\fR is normally used with command-line
+arguments, it also has a batch mode of operation for reading lookup
+requests from a file. A brief summary of its command-line arguments
+and options is printed when the \fB-h\fR option is given.
+Unlike earlier versions, the BIND9 implementation of
+\fBdig\fR allows multiple lookups to be issued from the
+command line.
+.PP
+Unless it is told to query a specific name server,
+\fBdig\fR will try each of the servers listed in
+\fI/etc/resolv.conf\fR.
+.PP
+When no command line arguments or options are given, will perform an
+NS query for "." (the root).
+.PP
+It is possible to set per-user defaults for \fBdig\fR via
+\fI${HOME}/.digrc\fR. This file is read and any options in it
+are applied before the command line arguments.
+.SH "SIMPLE USAGE"
+.PP
+A typical invocation of \fBdig\fR looks like:
+.sp
+.nf
+ dig @server name type
+.sp
+.fi
+where:
+.TP
+\fBserver\fR
+is the name or IP address of the name server to query. This can be an IPv4
+address in dotted-decimal notation or an IPv6
+address in colon-delimited notation. When the supplied
+\fIserver\fR argument is a hostname,
+\fBdig\fR resolves that name before querying that name
+server. If no \fIserver\fR argument is provided,
+\fBdig\fR consults \fI/etc/resolv.conf\fR
+and queries the name servers listed there. The reply from the name
+server that responds is displayed.
+.TP
+\fBname\fR
+is the name of the resource record that is to be looked up.
+.TP
+\fBtype\fR
+indicates what type of query is required \(em
+ANY, A, MX, SIG, etc.
+\fItype\fR can be any valid query type. If no
+\fItype\fR argument is supplied,
+\fBdig\fR will perform a lookup for an A record.
+.SH "OPTIONS"
+.PP
+The \fB-b\fR option sets the source IP address of the query
+to \fIaddress\fR. This must be a valid address on
+one of the host's network interfaces or "0.0.0.0" or "::". An optional port
+may be specified by appending "#<port>"
+.PP
+The default query class (IN for internet) is overridden by the
+\fB-c\fR option. \fIclass\fR is any valid
+class, such as HS for Hesiod records or CH for CHAOSNET records.
+.PP
+The \fB-f\fR option makes \fBdig \fR operate
+in batch mode by reading a list of lookup requests to process from the
+file \fIfilename\fR. The file contains a number of
+queries, one per line. Each entry in the file should be organised in
+the same way they would be presented as queries to
+\fBdig\fR using the command-line interface.
+.PP
+If a non-standard port number is to be queried, the
+\fB-p\fR option is used. \fIport#\fR is
+the port number that \fBdig\fR will send its queries
+instead of the standard DNS port number 53. This option would be used
+to test a name server that has been configured to listen for queries
+on a non-standard port number.
+.PP
+The \fB-4\fR option forces \fBdig\fR to only
+use IPv4 query transport. The \fB-6\fR option forces
+\fBdig\fR to only use IPv6 query transport.
+.PP
+The \fB-t\fR option sets the query type to
+\fItype\fR. It can be any valid query type which is
+supported in BIND9. The default query type "A", unless the
+\fB-x\fR option is supplied to indicate a reverse lookup.
+A zone transfer can be requested by specifying a type of AXFR. When
+an incremental zone transfer (IXFR) is required,
+\fItype\fR is set to ixfr=N.
+The incremental zone transfer will contain the changes made to the zone
+since the serial number in the zone's SOA record was
+\fIN\fR.
+.PP
+Reverse lookups - mapping addresses to names - are simplified by the
+\fB-x\fR option. \fIaddr\fR is an IPv4
+address in dotted-decimal notation, or a colon-delimited IPv6 address.
+When this option is used, there is no need to provide the
+\fIname\fR, \fIclass\fR and
+\fItype\fR arguments. \fBdig\fR
+automatically performs a lookup for a name like
+11.12.13.10.in-addr.arpa and sets the query type and
+class to PTR and IN respectively. By default, IPv6 addresses are
+looked up using nibble format under the IP6.ARPA domain.
+To use the older RFC1886 method using the IP6.INT domain
+specify the \fB-i\fR option. Bit string labels (RFC2874)
+are now experimental and are not attempted.
+.PP
+To sign the DNS queries sent by \fBdig\fR and their
+responses using transaction signatures (TSIG), specify a TSIG key file
+using the \fB-k\fR option. You can also specify the TSIG
+key itself on the command line using the \fB-y\fR option;
+\fIname\fR is the name of the TSIG key and
+\fIkey\fR is the actual key. The key is a base-64
+encoded string, typically generated by \fBdnssec-keygen\fR(8).
+Caution should be taken when using the \fB-y\fR option on
+multi-user systems as the key can be visible in the output from
+\fBps\fR(1) or in the shell's history file. When
+using TSIG authentication with \fBdig\fR, the name
+server that is queried needs to know the key and algorithm that is
+being used. In BIND, this is done by providing appropriate
+\fBkey\fR and \fBserver\fR statements in
+\fInamed.conf\fR.
+.SH "QUERY OPTIONS"
+.PP
+\fBdig\fR provides a number of query options which affect
+the way in which lookups are made and the results displayed. Some of
+these set or reset flag bits in the query header, some determine which
+sections of the answer get printed, and others determine the timeout
+and retry strategies.
+.PP
+Each query option is identified by a keyword preceded by a plus sign
+(+). Some keywords set or reset an option. These may be preceded
+by the string no to negate the meaning of that keyword. Other
+keywords assign values to options like the timeout interval. They
+have the form \fB+keyword=value\fR.
+The query options are:
+.TP
+\fB+[no]tcp\fR
+Use [do not use] TCP when querying name servers. The default
+behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+which case a TCP connection is used.
+.TP
+\fB+[no]vc\fR
+Use [do not use] TCP when querying name servers. This alternate
+syntax to \fI+[no]tcp\fR is provided for backwards
+compatibility. The "vc" stands for "virtual circuit".
+.TP
+\fB+[no]ignore\fR
+Ignore truncation in UDP responses instead of retrying with TCP. By
+default, TCP retries are performed.
+.TP
+\fB+domain=somename\fR
+Set the search list to contain the single domain
+\fIsomename\fR, as if specified in a
+\fBdomain\fR directive in
+\fI/etc/resolv.conf\fR, and enable search list
+processing as if the \fI+search\fR option were given.
+.TP
+\fB+[no]search\fR
+Use [do not use] the search list defined by the searchlist or domain
+directive in \fIresolv.conf\fR (if any).
+The search list is not used by default.
+.TP
+\fB+[no]defname\fR
+Deprecated, treated as a synonym for \fI+[no]search\fR
+.TP
+\fB+[no]aaonly\fR
+Sets the "aa" flag in the query.
+.TP
+\fB+[no]aaflag\fR
+A synonym for \fI+[no]aaonly\fR.
+.TP
+\fB+[no]adflag\fR
+Set [do not set] the AD (authentic data) bit in the query. The AD bit
+currently has a standard meaning only in responses, not in queries,
+but the ability to set the bit in the query is provided for
+completeness.
+.TP
+\fB+[no]cdflag\fR
+Set [do not set] the CD (checking disabled) bit in the query. This
+requests the server to not perform DNSSEC validation of responses.
+.TP
+\fB+[no]cl\fR
+Display [do not display] the CLASS when printing the record.
+.TP
+\fB+[no]ttlid\fR
+Display [do not display] the TTL when printing the record.
+.TP
+\fB+[no]recurse\fR
+Toggle the setting of the RD (recursion desired) bit in the query.
+This bit is set by default, which means \fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled
+when the \fI+nssearch\fR or
+\fI+trace\fR query options are used.
+.TP
+\fB+[no]nssearch\fR
+When this option is set, \fBdig\fR attempts to find the
+authoritative name servers for the zone containing the name being
+looked up and display the SOA record that each name server has for the
+zone.
+.TP
+\fB+[no]trace\fR
+Toggle tracing of the delegation path from the root name servers for
+the name being looked up. Tracing is disabled by default. When
+tracing is enabled, \fBdig\fR makes iterative queries to
+resolve the name being looked up. It will follow referrals from the
+root servers, showing the answer from each server that was used to
+resolve the lookup.
+.TP
+\fB+[no]cmd\fR
+toggles the printing of the initial comment in the output identifying
+the version of \fBdig\fR and the query options that have
+been applied. This comment is printed by default.
+.TP
+\fB+[no]short\fR
+Provide a terse answer. The default is to print the answer in a
+verbose form.
+.TP
+\fB+[no]identify\fR
+Show [or do not show] the IP address and port number that supplied the
+answer when the \fI+short\fR option is enabled. If
+short form answers are requested, the default is not to show the
+source address and port number of the server that provided the answer.
+.TP
+\fB+[no]comments\fR
+Toggle the display of comment lines in the output. The default is to
+print comments.
+.TP
+\fB+[no]stats\fR
+This query option toggles the printing of statistics: when the query
+was made, the size of the reply and so on. The default behaviour is
+to print the query statistics.
+.TP
+\fB+[no]qr\fR
+Print [do not print] the query as it is sent.
+By default, the query is not printed.
+.TP
+\fB+[no]question\fR
+Print [do not print] the question section of a query when an answer is
+returned. The default is to print the question section as a comment.
+.TP
+\fB+[no]answer\fR
+Display [do not display] the answer section of a reply. The default
+is to display it.
+.TP
+\fB+[no]authority\fR
+Display [do not display] the authority section of a reply. The
+default is to display it.
+.TP
+\fB+[no]additional\fR
+Display [do not display] the additional section of a reply.
+The default is to display it.
+.TP
+\fB+[no]all\fR
+Set or clear all display flags.
+.TP
+\fB+time=T\fR
+Sets the timeout for a query to
+\fIT\fR seconds. The default time out is 5 seconds.
+An attempt to set \fIT\fR to less than 1 will result
+in a query timeout of 1 second being applied.
+.TP
+\fB+tries=T\fR
+Sets the number of times to try UDP queries to server to
+\fIT\fR instead of the default, 3. If
+\fIT\fR is less than or equal to zero, the number of
+tries is silently rounded up to 1.
+.TP
+\fB+retry=T\fR
+Sets the number of times to retry UDP queries to server to
+\fIT\fR instead of the default, 2. Unlike
+\fI+tries\fR, this does not include the initial
+query.
+.TP
+\fB+ndots=D\fR
+Set the number of dots that have to appear in
+\fIname\fR to \fID\fR for it to be
+considered absolute. The default value is that defined using the
+ndots statement in \fI/etc/resolv.conf\fR, or 1 if no
+ndots statement is present. Names with fewer dots are interpreted as
+relative names and will be searched for in the domains listed in the
+\fBsearch\fR or \fBdomain\fR directive in
+\fI/etc/resolv.conf\fR.
+.TP
+\fB+bufsize=B\fR
+Set the UDP message buffer size advertised using EDNS0 to
+\fIB\fR bytes. The maximum and minimum sizes of this
+buffer are 65535 and 0 respectively. Values outside this range are
+rounded up or down appropriately.
+.TP
+\fB+[no]multiline\fR
+Print records like the SOA records in a verbose multi-line
+format with human-readable comments. The default is to print
+each record on a single line, to facilitate machine parsing
+of the \fBdig\fR output.
+.TP
+\fB+[no]fail\fR
+Do not try the next server if you receive a SERVFAIL. The default is
+to not try the next server which is the reverse of normal stub resolver
+behaviour.
+.TP
+\fB+[no]besteffort\fR
+Attempt to display the contents of messages which are malformed.
+The default is to not display malformed answers.
+.TP
+\fB+[no]dnssec\fR
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
+in the OPT record in the additional section of the query.
+.TP
+\fB+[no]sigchase\fR
+Chase DNSSEC signature chains. Requires dig be compiled with
+-DDIG_SIGCHASE.
+.TP
+\fB+trusted-key=####\fR
+Specify a trusted key to be used with \fB+sigchase\fR.
+Requires dig be compiled with -DDIG_SIGCHASE.
+.TP
+\fB+[no]topdown\fR
+When chasing DNSSEC signature chains perform a top down validation.
+Requires dig be compiled with -DDIG_SIGCHASE.
+.SH "MULTIPLE QUERIES"
+.PP
+The BIND 9 implementation of \fBdig \fR supports
+specifying multiple queries on the command line (in addition to
+supporting the \fB-f\fR batch file option). Each of those
+queries can be supplied with its own set of flags, options and query
+options.
+.PP
+In this case, each \fIquery\fR argument represent an
+individual query in the command-line syntax described above. Each
+consists of any of the standard options and flags, the name to be
+looked up, an optional query type and class and any query options that
+should be applied to that query.
+.PP
+A global set of query options, which should be applied to all queries,
+can also be supplied. These global query options must precede the
+first tuple of name, class, type, options, flags, and query options
+supplied on the command line. Any global query options (except
+the \fB+[no]cmd\fR option) can be
+overridden by a query-specific set of query options. For example:
+.sp
+.nf
+dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+.sp
+.fi
+shows how \fBdig\fR could be used from the command line
+to make three lookups: an ANY query for www.isc.org, a
+reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org.
+A global query option of \fI+qr\fR is applied, so
+that \fBdig\fR shows the initial query it made for each
+lookup. The final query has a local query option of
+\fI+noqr\fR which means that \fBdig\fR
+will not print the initial query when it looks up the NS records for
+isc.org.
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.PP
+\fI${HOME}/.digrc\fR
+.SH "SEE ALSO"
+.PP
+\fBhost\fR(1),
+\fBnamed\fR(8),
+\fBdnssec-keygen\fR(8),
+\fIRFC1035\fR.
+.SH "BUGS"
+.PP
+There are probably too many query options.
diff --git a/contrib/bind9/bin/dig/dig.c b/contrib/bind9/bin/dig/dig.c
new file mode 100644
index 000000000000..b2c46254d92e
--- /dev/null
+++ b/contrib/bind9/bin/dig/dig.c
@@ -0,0 +1,1671 @@
+/*
+ * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dig.c,v 1.157.2.13.2.20 2004/06/23 04:19:40 marka Exp $ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <time.h>
+#include <ctype.h>
+
+#include <isc/app.h>
+#include <isc/netaddr.h>
+#include <isc/parseint.h>
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+#include <isc/task.h>
+
+#include <dns/byaddr.h>
+#include <dns/fixedname.h>
+#include <dns/masterdump.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataset.h>
+#include <dns/rdatatype.h>
+#include <dns/rdataclass.h>
+#include <dns/result.h>
+
+#include <dig/dig.h>
+
+extern ISC_LIST(dig_lookup_t) lookup_list;
+extern dig_serverlist_t server_list;
+extern ISC_LIST(dig_searchlist_t) search_list;
+
+#define ADD_STRING(b, s) { \
+ if (strlen(s) >= isc_buffer_availablelength(b)) \
+ return (ISC_R_NOSPACE); \
+ else \
+ isc_buffer_putstr(b, s); \
+}
+
+
+extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
+ usesearch, qr;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern dns_messageid_t id;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
+#ifdef DIG_SIGCHASE
+extern char trustedkey[MXNAME];
+#endif
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern isc_boolean_t free_now;
+dig_lookup_t *default_lookup = NULL;
+
+extern isc_boolean_t debugging, memdebugging;
+static char *batchname = NULL;
+static FILE *batchfp = NULL;
+static char *argv0;
+
+static char domainopt[DNS_NAME_MAXTEXT];
+
+static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
+ ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
+ multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
+
+static const char *opcodetext[] = {
+ "QUERY",
+ "IQUERY",
+ "STATUS",
+ "RESERVED3",
+ "NOTIFY",
+ "UPDATE",
+ "RESERVED6",
+ "RESERVED7",
+ "RESERVED8",
+ "RESERVED9",
+ "RESERVED10",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15"
+};
+
+static const char *rcodetext[] = {
+ "NOERROR",
+ "FORMERR",
+ "SERVFAIL",
+ "NXDOMAIN",
+ "NOTIMP",
+ "REFUSED",
+ "YXDOMAIN",
+ "YXRRSET",
+ "NXRRSET",
+ "NOTAUTH",
+ "NOTZONE",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15",
+ "BADVERS"
+};
+
+extern char *progname;
+
+static void
+print_usage(FILE *fp) {
+ fputs(
+"Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}\n"
+" {global-d-opt} host [@local-server] {local-d-opt}\n"
+" [ host [@local-server] {local-d-opt} [...]]\n", fp);
+}
+
+static void
+usage(void) {
+ print_usage(stderr);
+ fputs("\nUse \"dig -h\" (or \"dig -h | more\") "
+ "for complete list of options\n", stderr);
+ exit(1);
+}
+
+static void
+version(void) {
+ fputs("DiG " VERSION "\n", stderr);
+}
+
+static void
+help(void) {
+ print_usage(stdout);
+ fputs(
+"Where: domain is in the Domain Name System\n"
+" q-class is one of (in,hs,ch,...) [default: in]\n"
+" q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
+" (Use ixfr=version for type ixfr)\n"
+" q-opt is one of:\n"
+" -x dot-notation (shortcut for in-addr lookups)\n"
+" -i (IP6.INT reverse IPv6 lookups)\n"
+" -f filename (batch mode)\n"
+" -b address[#port] (bind to source address/port)\n"
+" -p port (specify port number)\n"
+" -t type (specify query type)\n"
+" -c class (specify query class)\n"
+" -k keyfile (specify tsig key file)\n"
+" -y name:key (specify named base64 tsig key)\n"
+" -4 (use IPv4 query transport only)\n"
+" -6 (use IPv6 query transport only)\n"
+" d-opt is of the form +keyword[=value], where keyword is:\n"
+" +[no]vc (TCP mode)\n"
+" +[no]tcp (TCP mode, alternate syntax)\n"
+" +time=### (Set query timeout) [5]\n"
+" +tries=### (Set number of UDP attempts) [3]\n"
+" +retry=### (Set number of UDP retries) [2]\n"
+" +domain=### (Set default domainname)\n"
+" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
+" +ndots=### (Set NDOTS value)\n"
+" +[no]search (Set whether to use searchlist)\n"
+" +[no]defname (Ditto)\n"
+" +[no]recurse (Recursive mode)\n"
+" +[no]ignore (Don't revert to TCP for TC responses.)"
+"\n"
+" +[no]fail (Don't try next server on SERVFAIL)\n"
+" +[no]besteffort (Try to parse even illegal messages)\n"
+" +[no]aaonly (Set AA flag in query (+[no]aaflag))\n"
+" +[no]adflag (Set AD flag in query)\n"
+" +[no]cdflag (Set CD flag in query)\n"
+" +[no]cl (Control display of class in records)\n"
+" +[no]cmd (Control display of command line)\n"
+" +[no]comments (Control display of comment lines)\n"
+" +[no]question (Control display of question)\n"
+" +[no]answer (Control display of answer)\n"
+" +[no]authority (Control display of authority)\n"
+" +[no]additional (Control display of additional)\n"
+" +[no]stats (Control display of statistics)\n"
+" +[no]short (Disable everything except short\n"
+" form of answer)\n"
+" +[no]ttlid (Control display of ttls in records)\n"
+" +[no]all (Set or clear all display flags)\n"
+" +[no]qr (Print question before sending)\n"
+" +[no]nssearch (Search all authoritative nameservers)\n"
+" +[no]identify (ID responders in short answers)\n"
+" +[no]trace (Trace delegation down from root)\n"
+" +[no]dnssec (Request DNSSEC records)\n"
+#ifdef DIG_SIGCHASE
+" +[no]sigchase (Chase DNSSEC signatures)\n"
+" +trusted-key=#### (Trusted Key when chasing DNSSEC sigs)\n"
+#if DIG_SIGCHASE_TD
+" +[no]topdown (Do DNSSEC validation top down mode)\n"
+#endif
+#endif
+" +[no]multiline (Print records in an expanded format)\n"
+" global d-opts and servers (before host name) affect all queries.\n"
+" local d-opts and servers (after host name) affect only that lookup.\n"
+" -h (print help and exit)\n"
+" -v (print version and exit)\n",
+ stdout);
+}
+
+/*
+ * Callback from dighost.c to print the received message.
+ */
+void
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+ isc_uint64_t diff;
+ isc_time_t now;
+ time_t tnow;
+ char fromtext[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(from, fromtext, sizeof(fromtext));
+
+ TIME_NOW(&now);
+
+ if (query->lookup->stats && !short_form) {
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ printf(";; Query time: %ld msec\n", (long int)diff/1000);
+ printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
+ time(&tnow);
+ printf(";; WHEN: %s", ctime(&tnow));
+ if (query->lookup->doing_xfr) {
+ printf(";; XFR size: %u records (messages %u)\n",
+ query->rr_count, query->msg_count);
+ } else {
+ printf(";; MSG SIZE rcvd: %d\n", bytes);
+
+ }
+ if (key != NULL) {
+ if (!validated)
+ puts(";; WARNING -- Some TSIG could not "
+ "be validated");
+ }
+ if ((key == NULL) && (keysecret[0] != 0)) {
+ puts(";; WARNING -- TSIG key was not used.");
+ }
+ puts("");
+ } else if (query->lookup->identify && !short_form) {
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ printf(";; Received %u bytes from %s(%s) in %d ms\n\n",
+ bytes, fromtext, query->servname,
+ (int)diff/1000);
+ }
+}
+
+/*
+ * Callback from dighost.c to print that it is trying a server.
+ * Not used in dig.
+ * XXX print_trying
+ */
+void
+trying(char *frm, dig_lookup_t *lookup) {
+ UNUSED(frm);
+ UNUSED(lookup);
+}
+
+/*
+ * Internal print routine used to print short form replies.
+ */
+static isc_result_t
+say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
+ isc_result_t result;
+ isc_uint64_t diff;
+ isc_time_t now;
+ char store[sizeof("12345678901234567890")];
+
+ if (query->lookup->trace || query->lookup->ns_search_only) {
+ result = dns_rdatatype_totext(rdata->type, buf);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ ADD_STRING(buf, " ");
+ }
+ result = dns_rdata_totext(rdata, NULL, buf);
+ check_result(result, "dns_rdata_totext");
+ if (query->lookup->identify) {
+ TIME_NOW(&now);
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ ADD_STRING(buf, " from server ");
+ ADD_STRING(buf, query->servname);
+ snprintf(store, 19, " in %d ms.", (int)diff/1000);
+ ADD_STRING(buf, store);
+ }
+ ADD_STRING(buf, "\n");
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * short_form message print handler. Calls above say_message()
+ */
+static isc_result_t
+short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
+ isc_buffer_t *buf, dig_query_t *query)
+{
+ dns_name_t *name;
+ dns_rdataset_t *rdataset;
+ isc_buffer_t target;
+ isc_result_t result, loopresult;
+ dns_name_t empty_name;
+ char t[4096];
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+
+ UNUSED(flags);
+
+ dns_name_init(&empty_name, NULL);
+ result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ loopresult = dns_rdataset_first(rdataset);
+ while (loopresult == ISC_R_SUCCESS) {
+ dns_rdataset_current(rdataset, &rdata);
+ result = say_message(&rdata, query,
+ buf);
+ check_result(result, "say_message");
+ loopresult = dns_rdataset_next(rdataset);
+ dns_rdata_reset(&rdata);
+ }
+ }
+ result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+#ifdef DIG_SIGCHASE
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+ isc_buffer_t *target)
+{
+ isc_result_t result;
+ dns_master_style_t *style = NULL;
+ unsigned int styleflags = 0;
+
+ if (rdataset == NULL || owner_name == NULL || target == NULL)
+ return(ISC_FALSE);
+
+ styleflags |= DNS_STYLEFLAG_REL_OWNER;
+ if (nottl)
+ styleflags |= DNS_STYLEFLAG_NO_TTL;
+ if (noclass)
+ styleflags |= DNS_STYLEFLAG_NO_CLASS;
+ if (multiline) {
+ styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
+ styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
+ styleflags |= DNS_STYLEFLAG_REL_DATA;
+ styleflags |= DNS_STYLEFLAG_OMIT_TTL;
+ styleflags |= DNS_STYLEFLAG_TTL;
+ styleflags |= DNS_STYLEFLAG_MULTILINE;
+ styleflags |= DNS_STYLEFLAG_COMMENT;
+ }
+ if (multiline || (nottl && noclass))
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 24, 32, 80, 8, mctx);
+ else if (nottl || noclass)
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 32, 40, 80, 8, mctx);
+ else
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 32, 40, 48, 80, 8, mctx);
+ check_result(result, "dns_master_stylecreate");
+
+ result = dns_master_rdatasettotext(own