aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErwin Lansing <erwin@FreeBSD.org>2013-07-24 07:12:55 +0000
committerErwin Lansing <erwin@FreeBSD.org>2013-07-24 07:12:55 +0000
commit6f34f6a389ca8199c4b20c17f62d7d924baef7fb (patch)
treee392027bf54f7a1fd2a6f3a16ecb4487844b44e9
parent650b026006ec14e630f658a0f877099ec38b660b (diff)
downloadsrc-6f34f6a389ca8199c4b20c17f62d7d924baef7fb.tar.gz
src-6f34f6a389ca8199c4b20c17f62d7d924baef7fb.zip
Vendor import of Bind 9.8.5-P1vendor/bind9/9.8.5-P1
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
Notes
Notes: svn path=/vendor/bind9/dist/; revision=253592 svn path=/vendor/bind9/9.8.5-P1/; revision=253593; tag=vendor/bind9/9.8.5-P1
-rw-r--r--CHANGES428
-rw-r--r--COPYRIGHT2
-rw-r--r--FAQ4
-rw-r--r--FAQ.xml5
-rw-r--r--Makefile.in20
-rw-r--r--README5
-rw-r--r--aclocal.m47
-rw-r--r--bin/Makefile.in4
-rw-r--r--bin/check/check-tool.c11
-rw-r--r--bin/check/named-checkconf.c15
-rw-r--r--bin/check/named-checkzone.816
-rw-r--r--bin/check/named-checkzone.c21
-rw-r--r--bin/check/named-checkzone.docbook17
-rw-r--r--bin/check/named-checkzone.html23
-rw-r--r--bin/confgen/keygen.c12
-rw-r--r--bin/confgen/rndc-confgen.c4
-rw-r--r--bin/dig/dig.121
-rw-r--r--bin/dig/dig.c27
-rw-r--r--bin/dig/dig.docbook41
-rw-r--r--bin/dig/dig.html64
-rw-r--r--bin/dig/dighost.c82
-rw-r--r--bin/dig/host.c18
-rw-r--r--bin/dig/include/dig/dig.h4
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.c2
-rw-r--r--bin/dnssec/dnssec-keygen.c12
-rw-r--r--bin/dnssec/dnssec-revoke.c3
-rw-r--r--bin/dnssec/dnssec-settime.c35
-rw-r--r--bin/dnssec/dnssec-signzone.c61
-rw-r--r--bin/named/Makefile.in15
-rw-r--r--bin/named/client.c10
-rw-r--r--bin/named/config.c21
-rw-r--r--bin/named/control.c4
-rw-r--r--bin/named/controlconf.c7
-rw-r--r--bin/named/include/named/client.h17
-rw-r--r--bin/named/include/named/globals.h7
-rw-r--r--bin/named/include/named/server.h6
-rw-r--r--bin/named/interfacemgr.c10
-rw-r--r--bin/named/log.c4
-rw-r--r--bin/named/logconf.c14
-rw-r--r--bin/named/lwresd.c4
-rw-r--r--bin/named/main.c24
-rw-r--r--bin/named/named.conf.56
-rw-r--r--bin/named/named.conf.docbook5
-rw-r--r--bin/named/named.conf.html34
-rw-r--r--bin/named/query.c182
-rw-r--r--bin/named/server.c409
-rw-r--r--bin/named/statschannel.c10
-rw-r--r--bin/named/tkeyconf.c8
-rw-r--r--bin/named/tsigconf.c4
-rw-r--r--bin/named/unix/dlz_dlopen_driver.c16
-rw-r--r--bin/named/update.c5
-rw-r--r--bin/named/xfrout.c18
-rw-r--r--bin/named/zoneconf.c30
-rw-r--r--bin/nsupdate/nsupdate.c4
-rw-r--r--bin/rndc/rndc.c3
-rw-r--r--bin/tools/genrandom.c3
-rw-r--r--bin/tools/isc-hmac-fixup.86
-rw-r--r--bin/tools/isc-hmac-fixup.docbook5
-rw-r--r--bin/tools/isc-hmac-fixup.html10
-rw-r--r--config.h.in10
-rw-r--r--config.threads.in2
-rw-r--r--configure.in261
-rw-r--r--doc/arm/Bv9ARM-book.xml294
-rw-r--r--doc/arm/Bv9ARM.ch01.html50
-rw-r--r--doc/arm/Bv9ARM.ch02.html22
-rw-r--r--doc/arm/Bv9ARM.ch03.html28
-rw-r--r--doc/arm/Bv9ARM.ch04.html168
-rw-r--r--doc/arm/Bv9ARM.ch05.html6
-rw-r--r--doc/arm/Bv9ARM.ch06.html424
-rw-r--r--doc/arm/Bv9ARM.ch07.html21
-rw-r--r--doc/arm/Bv9ARM.ch08.html18
-rw-r--r--doc/arm/Bv9ARM.ch09.html220
-rw-r--r--doc/arm/Bv9ARM.ch10.html2
-rw-r--r--doc/arm/Bv9ARM.html204
-rw-r--r--doc/arm/Bv9ARM.pdf13146
-rw-r--r--doc/arm/man.arpaname.html8
-rw-r--r--doc/arm/man.ddns-confgen.html10
-rw-r--r--doc/arm/man.dig.html64
-rw-r--r--doc/arm/man.dnssec-dsfromkey.html16
-rw-r--r--doc/arm/man.dnssec-keyfromlabel.html14
-rw-r--r--doc/arm/man.dnssec-keygen.html16
-rw-r--r--doc/arm/man.dnssec-revoke.html10
-rw-r--r--doc/arm/man.dnssec-settime.html14
-rw-r--r--doc/arm/man.dnssec-signzone.html12
-rw-r--r--doc/arm/man.genrandom.html10
-rw-r--r--doc/arm/man.host.html10
-rw-r--r--doc/arm/man.isc-hmac-fixup.html10
-rw-r--r--doc/arm/man.named-checkconf.html12
-rw-r--r--doc/arm/man.named-checkzone.html23
-rw-r--r--doc/arm/man.named-journalprint.html8
-rw-r--r--doc/arm/man.named.html16
-rw-r--r--doc/arm/man.nsec3hash.html10
-rw-r--r--doc/arm/man.nsupdate.html14
-rw-r--r--doc/arm/man.rndc-confgen.html12
-rw-r--r--doc/arm/man.rndc.conf.html12
-rw-r--r--doc/arm/man.rndc.html12
-rw-r--r--doc/arm/pkcs11.xml2
-rw-r--r--doc/misc/options8
-rw-r--r--isc-config.sh.in18
-rw-r--r--lib/Makefile.in7
-rw-r--r--lib/bind9/Makefile.in3
-rw-r--r--lib/bind9/api5
-rw-r--r--lib/bind9/check.c32
-rw-r--r--lib/dns/Makefile.in8
-rw-r--r--lib/dns/acache.c49
-rw-r--r--lib/dns/adb.c24
-rw-r--r--lib/dns/api7
-rw-r--r--lib/dns/cache.c8
-rw-r--r--lib/dns/client.c32
-rw-r--r--lib/dns/db.c7
-rw-r--r--lib/dns/dispatch.c22
-rw-r--r--lib/dns/dlz.c22
-rw-r--r--lib/dns/dnssec.c15
-rw-r--r--lib/dns/dst_api.c37
-rw-r--r--lib/dns/dst_internal.h1
-rw-r--r--lib/dns/dst_openssl.h5
-rw-r--r--lib/dns/ecdb.c9
-rw-r--r--lib/dns/gen.c184
-rw-r--r--lib/dns/gssapictx.c10
-rw-r--r--lib/dns/include/dns/acache.h15
-rw-r--r--lib/dns/include/dns/db.h10
-rw-r--r--lib/dns/include/dns/message.h26
-rw-r--r--lib/dns/include/dns/name.h22
-rw-r--r--lib/dns/include/dns/ncache.h7
-rw-r--r--lib/dns/include/dns/nsec.h13
-rw-r--r--lib/dns/include/dns/nsec3.h8
-rw-r--r--lib/dns/include/dns/rdata.h1
-rw-r--r--lib/dns/include/dns/result.h6
-rw-r--r--lib/dns/include/dns/rpz.h20
-rw-r--r--lib/dns/include/dns/types.h6
-rw-r--r--lib/dns/include/dns/validator.h6
-rw-r--r--lib/dns/include/dns/view.h3
-rw-r--r--lib/dns/include/dns/zone.h13
-rw-r--r--lib/dns/include/dst/dst.h6
-rw-r--r--lib/dns/master.c23
-rw-r--r--lib/dns/message.c155
-rw-r--r--lib/dns/name.c24
-rw-r--r--lib/dns/ncache.c24
-rw-r--r--lib/dns/nsec.c161
-rw-r--r--lib/dns/nsec3.c289
-rw-r--r--lib/dns/openssl_link.c62
-rw-r--r--lib/dns/openssldsa_link.c19
-rw-r--r--lib/dns/opensslecdsa_link.c24
-rw-r--r--lib/dns/opensslgost_link.c3
-rw-r--r--lib/dns/opensslrsa_link.c31
-rw-r--r--lib/dns/peer.c4
-rw-r--r--lib/dns/rbt.c4
-rw-r--r--lib/dns/rbtdb.c77
-rw-r--r--lib/dns/rdata.c263
-rw-r--r--lib/dns/rdata/any_255/tsig_250.c11
-rw-r--r--lib/dns/rdata/generic/dlv_32769.c4
-rw-r--r--lib/dns/rdata/generic/eui48_108.c215
-rw-r--r--lib/dns/rdata/generic/eui48_108.h26
-rw-r--r--lib/dns/rdata/generic/eui64_109.c220
-rw-r--r--lib/dns/rdata/generic/eui64_109.h26
-rw-r--r--lib/dns/rdata/generic/l32_105.c233
-rw-r--r--lib/dns/rdata/generic/l32_105.h27
-rw-r--r--lib/dns/rdata/generic/l64_106.c228
-rw-r--r--lib/dns/rdata/generic/l64_106.h27
-rw-r--r--lib/dns/rdata/generic/lp_107.c275
-rw-r--r--lib/dns/rdata/generic/lp_107.h28
-rw-r--r--lib/dns/rdata/generic/mx_15.c3
-rw-r--r--lib/dns/rdata/generic/nid_104.c228
-rw-r--r--lib/dns/rdata/generic/nid_104.h27
-rw-r--r--lib/dns/rdata/generic/sshfp_44.c3
-rw-r--r--lib/dns/rdata/generic/txt_16.c9
-rw-r--r--lib/dns/rdata/generic/uri_256.c331
-rw-r--r--lib/dns/rdata/generic/uri_256.h31
-rw-r--r--lib/dns/rdata/in_1/naptr_35.c39
-rw-r--r--lib/dns/rdata/in_1/nsap_22.c3
-rw-r--r--lib/dns/request.c8
-rw-r--r--lib/dns/resolver.c460
-rw-r--r--lib/dns/result.c7
-rw-r--r--lib/dns/rootns.c5
-rw-r--r--lib/dns/rpz.c40
-rw-r--r--lib/dns/sdb.c4
-rw-r--r--lib/dns/sdlz.c4
-rw-r--r--lib/dns/spnego.c34
-rw-r--r--lib/dns/spnego_asn1.c52
-rw-r--r--lib/dns/ssu.c7
-rw-r--r--lib/dns/ssu_external.c2
-rw-r--r--lib/dns/tkey.c11
-rw-r--r--lib/dns/tsig.c44
-rw-r--r--lib/dns/validator.c544
-rw-r--r--lib/dns/view.c48
-rw-r--r--lib/dns/xfrin.c10
-rw-r--r--lib/dns/zone.c468
-rw-r--r--lib/export/dns/Makefile.in8
-rw-r--r--lib/export/irs/Makefile.in5
-rw-r--r--lib/export/isc/Makefile.in15
-rw-r--r--lib/export/isc/include/isc/Makefile.in4
-rw-r--r--lib/export/isc/nls/Makefile.in2
-rw-r--r--lib/export/isc/nothreads/Makefile.in2
-rw-r--r--lib/export/isc/pthreads/Makefile.in2
-rw-r--r--lib/export/isc/unix/Makefile.in2
-rw-r--r--lib/export/isccfg/Makefile.in4
-rw-r--r--lib/export/samples/Makefile.in5
-rw-r--r--lib/export/samples/nsprobe.c28
-rw-r--r--lib/export/samples/sample-async.c4
-rw-r--r--lib/export/samples/sample-gai.c6
-rw-r--r--lib/export/samples/sample-request.c12
-rw-r--r--lib/export/samples/sample-update.c6
-rw-r--r--lib/export/samples/sample.c24
-rw-r--r--lib/irs/api5
-rw-r--r--lib/irs/dnsconf.c6
-rw-r--r--lib/irs/getaddrinfo.c28
-rw-r--r--lib/irs/getnameinfo.c5
-rw-r--r--lib/irs/resconf.c2
-rw-r--r--lib/isc/Makefile.in7
-rw-r--r--lib/isc/api9
-rw-r--r--lib/isc/buffer.c4
-rw-r--r--lib/isc/include/isc/Makefile.in4
-rw-r--r--lib/isc/include/isc/buffer.h18
-rw-r--r--lib/isc/include/isc/file.h20
-rw-r--r--lib/isc/include/isc/list.h4
-rw-r--r--lib/isc/include/isc/mem.h19
-rw-r--r--lib/isc/include/isc/namespace.h1
-rw-r--r--lib/isc/include/isc/regex.h39
-rw-r--r--lib/isc/include/isc/region.h11
-rw-r--r--lib/isc/include/isc/sockaddr.h3
-rw-r--r--lib/isc/include/isc/socket.h2
-rw-r--r--lib/isc/include/isc/task.h2
-rw-r--r--lib/isc/include/isc/timer.h17
-rw-r--r--lib/isc/inet_aton.c4
-rw-r--r--lib/isc/mem.c199
-rw-r--r--lib/isc/nothreads/Makefile.in6
-rw-r--r--lib/isc/parseint.c13
-rw-r--r--lib/isc/pthreads/thread.c4
-rw-r--r--lib/isc/ratelimiter.c17
-rw-r--r--lib/isc/regex.c370
-rw-r--r--lib/isc/sockaddr.c7
-rw-r--r--lib/isc/sparc64/include/isc/atomic.h21
-rw-r--r--lib/isc/symtab.c10
-rw-r--r--lib/isc/task.c98
-rw-r--r--lib/isc/taskpool.c10
-rw-r--r--lib/isc/timer.c10
-rw-r--r--lib/isc/timer_api.c6
-rw-r--r--lib/isc/unix/entropy.c5
-rw-r--r--lib/isc/unix/file.c21
-rw-r--r--lib/isc/unix/include/isc/time.h6
-rw-r--r--lib/isc/unix/net.c3
-rw-r--r--lib/isc/unix/socket.c206
-rw-r--r--lib/isc/unix/time.c8
-rw-r--r--lib/isccc/api5
-rw-r--r--lib/isccc/cc.c47
-rw-r--r--lib/isccfg/Makefile.in3
-rw-r--r--lib/isccfg/aclconf.c2
-rw-r--r--lib/isccfg/api5
-rw-r--r--lib/isccfg/include/isccfg/cfg.h6
-rw-r--r--lib/isccfg/namedconf.c17
-rw-r--r--lib/isccfg/parser.c19
-rw-r--r--lib/lwres/api5
-rw-r--r--lib/lwres/context.c3
-rw-r--r--lib/lwres/getaddrinfo.c16
-rw-r--r--lib/lwres/getipnode.c14
-rw-r--r--lib/lwres/getnameinfo.c4
-rw-r--r--lib/lwres/getrrset.c54
-rw-r--r--lib/lwres/lwinetaton.c6
-rw-r--r--lib/lwres/print.c4
-rw-r--r--libtool.m46656
-rw-r--r--libtool.m4/libtool.m47982
-rw-r--r--libtool.m4/ltoptions.m4384
-rw-r--r--libtool.m4/ltsugar.m4123
-rw-r--r--libtool.m4/ltversion.m423
-rw-r--r--libtool.m4/lt~obsolete.m498
-rw-r--r--ltmain.sh10028
-rw-r--r--make/rules.in10
-rw-r--r--version6
268 files changed, 29559 insertions, 19956 deletions
diff --git a/CHANGES b/CHANGES
index bd064e5ff980..2cfcb7b292f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,20 +1,386 @@
- --- 9.8.4-P2 released ---
+ --- 9.8.5-P1 released ---
-3516. [security] Removed the check for regex.h in configure in order
- to disable regex syntax checking, as it exposes
- BIND to a critical flaw in libregex on some
- platforms. [RT #32688]
+3584. [security] Caching data from an incompletely signed zone could
+ trigger an assertion failure in resolver.c [RT #33690]
- --- 9.8.4-P1 released ---
+ --- 9.8.5 released ---
-3407. [security] Named could die on specific queries with dns64 enabled.
- [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
+3568. [cleanup] Add a product description line to the version file,
+ to be reported by named -v/-V. [RT #33366]
- --- 9.8.4 released ---
+3567. [bug] Silence clang static analyzer warnings. [RT #33365]
+
+3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
+
+3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
+ or NOTIMP. Adjust usage message. [RT #33363]
+
+ --- 9.8.5rc1 released ---
+
+3560. [bug] isc-config.sh did not honor includedir and libdir
+ when set via configure. [RT #33345]
+
+3559. [func] Check that both forms of Sender Policy Framework
+ records exist or do not exist. [RT #33355]
+
+3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
+
+3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
+
+3555. [bug] Address theoretical race conditions in acache.c
+ (change #3553 was incomplete). [RT #33252]
+
+3553. [bug] Address suspected double free in acache. [RT #33252]
+
+3552. [bug] Wrong getopt option string for 'nsupdate -r'.
+ [RT #33280]
+
+3549. [doc] Documentation for "request-nsid" was missing.
+ [RT #33153]
+
+3548. [bug] The NSID request code in resolver.c was broken
+ resulting in invalid EDNS options being sent.
+ [RT #33153]
+
+3547. [bug] Some malformed unknown rdata records were not properly
+ detected and rejected. [RT #33129]
+
+3056. [func] Added support for URI resource record. [RT #23386]
+
+ --- 9.8.5rc1 released ---
+
+3546. [func] Add EUI48 and EUI64 types. [RT #33082]
+
+3544. [contrib] check5011.pl: Script to report the status of
+ managed keys as recorded in managed-keys.bind.
+ Contributed by Tony Finch <dot@dotat.at>
+
+3543. [bug] Update socket structure before attaching to socket
+ manager after accept. [RT #33084]
+
+3542. [bug] masterformat system test was broken. [RT #33086]
+
+3541. [bug] Parts of libdns were not properly initialized when
+ built in libexport mode. [RT #33028]
+
+3540. [test] libt_api: t_info and t_assert were not thread safe.
+
+3539. [port] win32: timestamp format didn't match other platforms.
+
+3538. [test] Running "make test" now requires loopback interfaces
+ to be set up. [RT #32452]
+
+3537. [tuning] Slave zones, when updated, now send NOTIFY messages
+ to peers before being dumped to disk rather than
+ after. [RT #27242]
+
+3535. [bug] Minor win32 cleanups. [RT #32962]
+
+3534. [bug] Extra text after an embedded NULL was ignored when
+ parsing zone files. [RT #32699]
+
+3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
+
+3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
+
+3531. [bug] win32: A uninitialized value could be returned on out
+ of memory. [RT #32960]
+
+3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
+
+3526. [cleanup] Set up dependencies for unit tests correctly during
+ build. [RT #32803]
+
+3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
+
+3520. [bug] 'mctx' was not being referenced counted in some places
+ where it should have been. [RT #32794]
+
+ --- 9.8.5b2 released ---
+
+3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
+
+3515. [port] '%T' is not portable in strftime(). [RT #32763]
+
+3514. [bug] The ranges for valid key sizes in ddns-confgen and
+ rndc-confgen were too constrained. Keys up to 512
+ bits are now allowed for most algorithms, and up
+ to 1024 bits for hmac-sha384 and hmac-sha512.
+ [RT #32753]
+
+3509. [cleanup] Added a product line to version file to allow for
+ easy naming of different products (BIND
+ vs BIND ESV, for example). [RT #32755]
+
+3508. [contrib] queryperf was incorrectly rejecting the -T option.
+ [RT #32338]
+
+3503. [doc] Clarify size_spec syntax. [RT #32449]
+
+3500. [security] Support NAPTR regular expression validation on
+ all platforms without using libregex, which
+ can be vulnerable to memory exhaustion attack
+ (CVE-2013-2266). [RT #32688]
+
+3499. [doc] Corrected ARM documentation of built-in zones.
+ [RT #32694]
+
+3498. [bug] zone statistics for zones which matched a potential
+ empty zone could have their zone-statistics setting
+ overridden.
+
+3496. [func] Improvements to RPZ performance. The "response-policy"
+ syntax now includes a "min-ns-dots" clause, with
+ default 1, to exclude top-level domains from
+ NSIP and NSDNAME checking. --enable-rpz-nsip and
+ --enable-rpz-nsdname are now the default. [RT #32251]
+
+3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
+ When cloning a rdataset do not copy the link contents.
+ [RT #32651]
+
+3488. [bug] Use after free error with DH generated keys. [RT #32649]
+
+3487. [bug] Change 3444 was not complete. There was a additional
+ place where the NOQNAME proof needed to be saved.
+ [RT #32629]
+
+3486. [bug] named could crash when using TKEY-negotiated keys
+ that had been deleted and then recreated. [RT #32506]
+
+3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
+
+3481. [cleanup] Removed use of const const in atf.
+
+3479. [bug] Address potential memory leaks in gssapi support
+ code. [RT #32405]
+
+3478. [port] Fix a build failure in strict C99 environments
+ [RT #32475]
+
+3474. [bug] nsupdate could assert when the local and remote
+ address families didn't match. [RT #22897]
+
+3470. [bug] Slave zones could fail to dump when successfully
+ refreshing after an initial failure. [RT #31276]
+
+ --- 9.8.5b1 released ---
+
+3468. [security] RPZ rules to generate A records (but not AAAA records)
+ could trigger an assertion failure when used in
+ conjunction with DNS64 (CVE-2012-5689). [RT #32141]
+
+3467. [bug] Added checks in dnssec-keygen and dnssec-settime
+ to check for delete date < inactive date. [RT #31719]
+
+3465. [bug] Handle isolated reserved ports. [RT #31778]
+
+3464. [maint] Updates to PKCS#11 openssl patches, supporting
+ versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
+
+3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
+
+3462. [doc] Clarify server selection behavior of dig when using
+ -4 or -6 options. [RT #32181]
+
+3461. [bug] Negative responses could incorrectly have AD=1
+ set. [RT #32237]
+
+3458. [bug] Return FORMERR when presented with a overly long
+ domain named in a request. [RT #29682]
+
+3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
+
+3456. [port] g++47: ATF failed to compile. [RT #32012]
+
+3455. [contrib] queryperf: fix getopt option list. [RT #32338]
+
+3454. [port] sparc64: improve atomic support. [RT #25182]
+
+3452. [bug] Accept duplicate singleton records. [RT #32329]
+
+3451. [port] Increase per thread stack size from 64K to 1M.
+ [RT #32230]
+
+3450. [bug] Stop logfileconfig system test spam system logs.
+ [RT #32315]
+
+3449. [bug] gen.c: use the pre-processor to construct format
+ strings so that compiler can perform sanity checks;
+ check the snprintf results. [RT #17576]
+
+3448. [bug] The allow-query-on ACL was not processed correctly.
+ [RT #29486]
+
+3447. [port] Add support for libxml2-2.9.x [RT #32231]
+
+3446. [port] win32: Add source ID (see change #3400) to build.
+ [RT #31683]
+
+3445. [bug] Warn about zone files with blank owner names
+ immediately after $ORIGIN directives. [RT #31848]
+
+3444. [bug] The NOQNAME proof was not being returned from cached
+ insecure responses. [RT #21409]
+
+3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
+ rejected when generating keys. [RT #31927]
+
+3442. [port] Net::DNS 0.69 introduced a non backwards compatible
+ change. [RT #32216]
+
+3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
+
+3440. [bug] Reorder get_key_struct to not trigger a assertion when
+ cleaning up due to out of memory error. [RT #32131]
+
+3439. [bug] contrib/dlz error checking fixes. [RT #32102]
+
+3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
+
+3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
+ buffers with constant data. [RT #32064]
+
+3436. [bug] Check malloc/calloc return values. [RT #32088]
+
+3435. [bug] Cross compilation support in configure was broken.
+ [RT #32078]
+
+3431. [bug] ddns-confgen: Some valid key algorithms were
+ not accepted. [RT #31927]
+
+3430. [bug] win32: isc_time_formatISO8601 was missing the
+ 'T' between the date and time. [RT #32044]
+
+3429. [bug] dns_zone_getserial2 could a return success without
+ returning a valid serial. [RT #32007]
+
+3428. [cleanup] dig: Add timezone to date output. [RT #2269]
+
+3427. [bug] dig +trace incorrectly displayed name server
+ addresses instead of names. [RT #31641]
+
+3425. [bug] "acacheentry" reference counting was broken resulting
+ in use after free. [RT #31908]
+
+3422. [bug] Added a clear error message for when the SOA does not
+ match the referral. [RT #31281]
+
+3421. [bug] Named loops when re-signing if all keys are offline.
+ [RT #31916]
+
+3420. [bug] Address VPATH compilation issues. [RT #31879]
+
+3419. [bug] Memory leak on validation cancel. [RT #31869]
+
+3415. [bug] named could die with a REQUIRE failure if a validation
+ was canceled. [RT #31804]
+
+3412. [bug] Copy timeval structure from control message data.
+ [RT #31548]
+
+3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
+ to UDP. [RT #31690]
+
+3410. [bug] Addressed Coverity warnings. [RT #31626]
+
+3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
+ from X.509 certificates, for use with DANE
+ (DNS-based Authentication of Named Entities).
+ [RT #30513]
+
+3406. [bug] mem.c: Fix compilation errors when building with
+ ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
+ Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
+
+3405. [bug] Handle time going backwards in acache. [RT #31253]
+
+3404. [bug] dnssec-signzone: When re-signing a zone, remove
+ RRSIG and NSEC records from nodes that used to be
+ in-zone but are now below a zone cut. [RT #31556]
+
+3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
+
+3402. [test] The IPv6 interface numbers used for system
+ tests were incorrect on some platforms. [RT #25085]
+
+3401. [bug] Addressed Coverity warnings. [RT #31484]
+
+3400. [cleanup] "named -V" can now report a source ID string, defined
+ in the "srcid" file in the build tree and normally set
+ to the most recent git hash. [RT #31494]
+
+3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
+
+3396. [bug] OPT records were incorrectly removed from signed,
+ truncated responses. [RT #31439]
+
+3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
+ list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
+ [RT #31336]
+
+3394. [bug] Adjust 'successfully validated after lower casing
+ signer' log level and category. [RT #31414]
+
+3393. [bug] 'host -C' could core dump if REFUSED was received.
+ [RT #31381]
+
+3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
+ [RT #31262]
+
+3390. [bug] Silence clang compiler warnings. [RT #30417]
+
+3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
+
+3388. [bug] Fixed several Coverity warnings.
+ Note: This change includes a fix for a bug that
+ was subsequently determined to be an exploitable
+ security vulnerability, CVE-2012-5688: named could
+ die on specific queries with dns64 enabled.
+ [RT #30996]
+
+3386. [bug] Address locking violation when generating new NSEC /
+ NSEC3 chains. [RT #31224]
+
+3384. [bug] Improved logging of crypto errors. [RT #30963]
3383. [security] A certain combination of records in the RBT could
- cause named to hang while populating the additional
- section of a response. [RT #31090]
+ cause named to hang while populating the additional
+ section of a response. [RT #31090]
+
+3382. [bug] SOA query from slave used use-v6-udp-ports range,
+ if set, regardless of the address family in use.
+ [RT #24173]
+
+3381. [contrib] Update queryperf to support more RR types.
+ [RT #30762]
+
+3380. [bug] named could die if a nonexistent master list was
+ referenced in a also-notify. [RT #31004]
+
+3379. [bug] isc_interval_zero and isc_time_epoch should be
+ "const (type)* const". [RT #31069]
+
+3378. [bug] Handle missing 'managed-keys-directory' better.
+ [RT #30625]
+
+3376. [bug] Lack of EDNS support was being recorded without a
+ successful response. [RT #30811]
+
+3375. [func] Check that 'rndc dumpdb' works on a empty cache.
+ [RT #30808]
+
+3374. [bug] isc_parse_uint32 failed to return a range error on
+ systems with 64 bit longs. [RT #30232]
+
+3372. [bug] Silence spurious "deleted from unreachable cache"
+ messages. [RT #30501]
+
+3371. [bug] AD=1 should behave like DO=1 when deciding whether to
+ add NS RRsets to the additional section or not.
+ [RT #30479]
+
+ --- 9.8.4 released ---
3373. [bug] win32: open raw files in binary mode. [RT #30944]
@@ -135,11 +501,11 @@
--- 9.8.3 released ---
3318. [tuning] Reduce the amount of work performed while holding a
- bucket lock when finshed with a fetch context.
+ bucket lock when finished with a fetch context.
[RT #29239]
-3314. [bug] The masters list could be updated while refesh_callback
- and stub_callback were using it. [RT #26732]
+3314. [bug] The masters list could be updated while stub_callback
+ or refresh_callback were using it. [RT #26732]
3313. [protocol] Add TLSA record type. [RT #28989]
@@ -151,7 +517,7 @@
3310. [test] Increase table size for mutex profiling. [RT #28809]
-3309. [bug] resolver.c:fctx_finddone() was not threadsafe.
+3309. [bug] resolver.c:fctx_finddone() was not thread safe.
[RT #27995]
3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
@@ -328,7 +694,7 @@
3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
-3231. [bug] named could fail to send a uncompressable zone.
+3231. [bug] named could fail to send a incompressible zone.
[RT #26796]
3230. [bug] 'dig axfr' failed to properly handle a multi-message
@@ -345,7 +711,7 @@
3226. [bug] Address minor resource leakages. [RT #26624]
-3221. [bug] Fixed a potential coredump on shutdown due to
+3221. [bug] Fixed a potential core dump on shutdown due to
referencing fetch context after it's been freed.
[RT #26720]
@@ -369,7 +735,7 @@
3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
-3208. [bug] 'dig -y' handle unknown tsig alorithm better.
+3208. [bug] 'dig -y' handle unknown tsig algorithm better.
[RT #25522]
3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
@@ -672,7 +1038,7 @@
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
dns_zone_attach(), use zone->irefs instead. [RT #23303]
-3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
+3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
timestamp when determining which keys are active.
[RT #23642]
@@ -686,7 +1052,7 @@
3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
[RT #20256]
-3071. [bug] has_nsec could be used unintialised in
+3071. [bug] has_nsec could be used uninitialized in
update.c:next_active. [RT #20256]
3070. [bug] dnssec-signzone potential NULL pointer dereference.
@@ -732,7 +1098,7 @@
3052. [test] Fixed last autosign test report. [RT #23256]
-3051. [bug] NS records obsure DNAME records at the bottom of the
+3051. [bug] NS records obscure DNAME records at the bottom of the
zone if both are present. [RT #23035]
3050. [bug] The autosign system test was timing dependent.
@@ -742,7 +1108,7 @@
3049. [bug] Save and restore the gid when creating creating
named.pid at startup. [RT #23290]
-3048. [bug] Fully separate view key mangement. [RT #23419]
+3048. [bug] Fully separate view key management. [RT #23419]
3047. [bug] DNSKEY NODATA responses not cached fixed in
validator.c. Tests added to dnssec system test.
@@ -1079,7 +1445,7 @@
no data response. [RT #21744]
2952. [port] win32: named-checkzone and named-checkconf failed
- to initialise winsock. [RT #21932]
+ to initialize winsock. [RT #21932]
2951. [bug] named failed to generate a correct signed response
in a optout, delegation only zone with no secure
@@ -1125,7 +1491,7 @@
in use. [RT# 21868]
2938. [bug] When generating signed responses, from a signed zone
- that uses NSEC3, named would use a uninitialised
+ that uses NSEC3, named would use a uninitialized
pointer if it needed to skip a NSEC3 record because
it didn't match the selected NSEC3PARAM record for
zone. [RT# 21868]
@@ -1179,7 +1545,7 @@
revisit the issue and complete the fix later.
[RT #21710]
-2930. [experimental] New "rndc addzone" and "rndc delzone" commads
+2930. [experimental] New "rndc addzone" and "rndc delzone" commands
allow dynamic addition and deletion of zones.
To enable this feature, specify a "new-zone-file"
option at the view or options level in named.conf.
@@ -1355,7 +1721,7 @@
successfully responds to the query using plain DNS.
[RT #20930]
-2873. [bug] Cancelling a dynamic update via the dns/client module
+2873. [bug] Canceling a dynamic update via the dns/client module
could trigger an assertion failure. [RT #21133]
2872. [bug] Modify dns/client.c:dns_client_createx() to only
@@ -1397,7 +1763,7 @@
2860. [bug] named-checkconf's usage was out of date. [RT #21039]
-2859. [bug] When cancelling validation it was possible to leak
+2859. [bug] When canceling validation it was possible to leak
memory. [RT #20800]
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
@@ -1950,7 +2316,7 @@
2695. [func] DHCP/DDNS - update fdwatch code for use by
DHCP. Modify the api to isc_sockfdwatch_t (the
- callback functon for isc_socket_fdwatchcreate)
+ callback function for isc_socket_fdwatchcreate)
to include information about the direction (read
or write) and add isc_socket_fdwatchpoke.
[RT #20253]
@@ -2015,7 +2381,7 @@
sets the time when a key is no longer used for
signing but is still published.
- The "unpublished" date (-U) is deprecated in
- favour of "deleted" (-D).
+ favor of "deleted" (-D).
[RT #20247]
2676. [bug] --with-export-installdir should have been
@@ -2461,7 +2827,7 @@
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
-2552. [bug] zero-no-soa-ttl-cache was not being honoured.
+2552. [bug] zero-no-soa-ttl-cache was not being honored.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
@@ -2514,7 +2880,7 @@
2534. [func] Check NAPTR records regular expressions and
replacement strings to ensure they are syntactically
- valid and consistant. [RT #18168]
+ valid and consistent. [RT #18168]
2533. [doc] ARM: document @ (at-sign). [RT #17144]
diff --git a/COPYRIGHT b/COPYRIGHT
index 6f2c8e5aa226..cc19db471b69 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
diff --git a/FAQ b/FAQ
index 9e3469ce4ae2..5e86a082f5cb 100644
--- a/FAQ
+++ b/FAQ
@@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
-Copyright 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
Copyright 2000-2003 Internet Software Consortium.
@@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
key "rndc-key" {
- algorithm hmac-md5;
+ algorithm hmac-sha256;
secret "uvceheVuqf17ZwIcTydddw==";
};
diff --git a/FAQ.xml b/FAQ.xml
index 7b21689ce905..d0f903be782e 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -30,6 +30,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -1564,7 +1565,7 @@ rand_irqs="3 14 15"</programlisting>
<informalexample>
<programlisting>
key "rndc-key" {
- algorithm hmac-md5;
+ algorithm hmac-sha256;
secret "uvceheVuqf17ZwIcTydddw==";
};</programlisting>
</informalexample>
diff --git a/Makefile.in b/Makefile.in
index 05d9c43174f0..4e41fe509743 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -61,9 +61,21 @@ tags:
rm -f TAGS
find lib bin -name "*.[ch]" -print | @ETAGS@ -
-check: test
-
-test:
+test check:
+ @if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
+ echo I: NOTE: The tests were not run because they require that; \
+ echo I: the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
+ echo I: as alias addresses on the loopback interface. Please run; \
+ echo I: \'bin/tests/system/ifconfig.sh up\' as root to configure; \
+ echo I: them, then rerun the tests. Run make force-test to run the; \
+ echo I: tests anyway.; \
+ exit 1; \
+ fi
+ ${MAKE} test-force
+
+force-test: test-force
+
+test-force:
status=0; \
(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
diff --git a/README b/README
index f79763978754..9d839b49fce8 100644
--- a/README
+++ b/README
@@ -51,6 +51,11 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.8.5
+
+ BIND 9.8.5 includes several bug fixes and patches security
+ flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
+
BIND 9.8.4
BIND 9.8.4 includes several bug fixes and patches security
diff --git a/aclocal.m4 b/aclocal.m4
index c1a594c1e35d..3f017c999647 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,2 +1,5 @@
-sinclude(./libtool.m4)dnl
-
+sinclude(libtool.m4/libtool.m4)dnl
+sinclude(libtool.m4/ltoptions.m4)dnl
+sinclude(libtool.m4/ltsugar.m4)dnl
+sinclude(libtool.m4/ltversion.m4)dnl
+sinclude(libtool.m4/lt~obsolete.m4)dnl
diff --git a/bin/Makefile.in b/bin/Makefile.in
index 89b4673edd35..897c0f37ebb7 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-SUBDIRS = named rndc dig dnssec tests tools nsupdate \
+SUBDIRS = named rndc dig dnssec tools tests nsupdate \
check confgen @PKCS11_TOOLS@
TARGETS =
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
index 2bf16a686c55..46cf2bf48a53 100644
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
a->type == dns_rdatatype_a);
REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
aaaa->type == dns_rdatatype_aaaa);
+
+ if (a == NULL || aaaa == NULL)
+ return (answer);
+
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
hints.ai_family = PF_UNSPEC;
@@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
}
return (ISC_TRUE);
}
- if (a == NULL || aaaa == NULL)
- return (answer);
+
/*
* Check that all glue records really exist.
*/
@@ -597,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
dns_zone_settype(zone, dns_zone_master);
- isc_buffer_init(&buffer, zonename, strlen(zonename));
+ isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
origin = dns_fixedname_name(&fixorigin);
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index a342dd9fbd9a..ef754ff29af9 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -295,6 +295,18 @@ configure_zone(const char *vclass, const char *view,
}
obj = NULL;
+ if (get_maps(maps, "check-spf", &obj)) {
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ zone_options |= DNS_ZONEOPT_CHECKSPF;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ zone_options &= ~DNS_ZONEOPT_CHECKSPF;
+ } else
+ INSIST(0);
+ } else {
+ zone_options |= DNS_ZONEOPT_CHECKSPF;
+ }
+
+ obj = NULL;
if (get_checknames(maps, &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
@@ -471,6 +483,7 @@ main(int argc, char **argv) {
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
+ /* FALLTHROUGH */
case 'h':
usage();
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 92c8bdcffcf1..b7b8a4c54672 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
@@ -236,6 +236,14 @@ Chroot to
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.RE
.PP
+\-T \fImode\fR
+.RS 4
+Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
+\fB"warn"\fR
+(default),
+\fB"ignore"\fR.
+.RE
+.PP
\-w \fIdirectory\fR
.RS 4
chdir to
@@ -281,7 +289,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 11491b580862..fdc3ddc2caab 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -145,19 +145,21 @@ main(int argc, char **argv) {
if (progmode == progmode_compile) {
zone_options |= (DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_FATALNS |
+ DNS_ZONEOPT_CHECKSPF |
DNS_ZONEOPT_CHECKDUPRR |
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKNAMESFAIL |
DNS_ZONEOPT_CHECKWILDCARD);
} else
- zone_options |= DNS_ZONEOPT_CHECKDUPRR;
+ zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
+ DNS_ZONEOPT_CHECKSPF);
#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
isc_commandline_errprint = ISC_FALSE;
while ((c = isc_commandline_parse(argc, argv,
- "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+ "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
!= EOF) {
switch (c) {
case 'c':
@@ -363,6 +365,18 @@ main(int argc, char **argv) {
}
break;
+ case 'T':
+ if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_CHECKSPF;
+ } else if (ARGCMP("ignore")) {
+ zone_options &= ~DNS_ZONEOPT_CHECKSPF;
+ } else {
+ fprintf(stderr, "invalid argument to -T: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
case 'W':
if (ARGCMP("warn"))
zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
@@ -374,6 +388,7 @@ main(int argc, char **argv) {
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
prog_name, isc_commandline_option);
+ /* FALLTHROUGH */
case 'h':
usage();
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 33dc15e47095..c25dd1eaf2e2 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -38,6 +38,7 @@
<year>2007</year>
<year>2009</year>
<year>2010</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -75,6 +76,7 @@
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@@ -98,6 +100,7 @@
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@@ -380,6 +383,18 @@
</varlistentry>
<varlistentry>
+ <term>-T <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Check if Sender Policy Framework records (TXT and SPF)
+ both exist or both don't exist. A warning is issued
+ if they don't match. Possible modes are
+ <command>"warn"</command> (default), <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-w <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 2be53a7b3498..ab9c8efc50da 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543696"></a><h2>DESCRIPTION</h2>
+<a name="id2543716"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543731"></a><h2>OPTIONS</h2>
+<a name="id2543751"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -214,6 +214,13 @@
directives in the configuration file are processed as if
run by a similarly chrooted named.
</p></dd>
+<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Check if Sender Policy Framework records (TXT and SPF)
+ both exist or both don't exist. A warning is issued
+ if they don't match. Possible modes are
+ <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
chdir to <code class="filename">directory</code> so that
@@ -247,14 +254,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544446"></a><h2>RETURN VALUES</h2>
+<a name="id2544422"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544458"></a><h2>SEE ALSO</h2>
+<a name="id2544434"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -262,7 +269,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544491"></a><h2>AUTHOR</h2>
+<a name="id2544603"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index a5db317700d8..d0cdafed364b 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -126,13 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
switch (alg) {
case DST_ALG_HMACMD5:
+ case DST_ALG_HMACSHA1:
+ case DST_ALG_HMACSHA224:
+ case DST_ALG_HMACSHA256:
if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize);
break;
- case DST_ALG_HMACSHA256:
- if (keysize < 1 || keysize > 256)
- fatal("keysize %d out of range (must be 1-256)\n",
+ case DST_ALG_HMACSHA384:
+ case DST_ALG_HMACSHA512:
+ if (keysize < 1 || keysize > 1024)
+ fatal("keysize %d out of range (must be 1-1024)\n",
keysize);
break;
default:
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c
index 1ad14a99aa15..49119ce7adf9 100644
--- a/bin/confgen/rndc-confgen.c
+++ b/bin/confgen/rndc-confgen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -140,8 +140,6 @@ main(int argc, char **argv) {
keysize = strtol(isc_commandline_argument, &p, 10);
if (*p != '\0' || keysize < 0)
fatal("-b requires a non-negative number");
- if (keysize < 1 || keysize > 512)
- fatal("-b must be in the range 1 through 512");
break;
case 'c':
keyfile = isc_commandline_argument;
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 6e3bfb6c0c6e..6d8688e95e2c 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -57,7 +57,9 @@ allows multiple lookups to be issued from the command line.
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
-\fI/etc/resolv.conf\fR.
+\fI/etc/resolv.conf\fR. If no usable server addreses are found,
+\fBdig\fR
+will send the query to the local host.
.PP
When no command line arguments or options are given,
\fBdig\fR
@@ -95,13 +97,20 @@ is the name or IP address of the name server to query. This can be an IPv4 addre
\fIserver\fR
argument is a hostname,
\fBdig\fR
-resolves that name before querying that name server. If no
+resolves that name before querying that name server.
+.sp
+If no
\fIserver\fR
argument is provided,
\fBdig\fR
consults
-\fI/etc/resolv.conf\fR
-and queries the name servers listed there. The reply from the name server that responds is displayed.
+\fI/etc/resolv.conf\fR; if an address is found there, it queries the name server at that address. If either of the
+\fB\-4\fR
+or
+\fB\-6\fR
+options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found,
+\fBdig\fR
+will send the query to the local host. The reply from the name server that responds is displayed.
.RE
.PP
\fBname\fR
@@ -567,7 +576,7 @@ RFC1035.
.PP
There are probably too many query options.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 5e5ec0fa48d4..ce9ccdeee302 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -186,7 +186,7 @@ help(void) {
" +domain=### (Set default domainname)\n"
" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
" +ndots=### (Set NDOTS value)\n"
-" +edns=### (Set EDNS version)\n"
+" +[no]edns[=###] (Set EDNS version) [0]\n"
" +[no]search (Set whether to use searchlist)\n"
" +[no]showsearch (Search with intermediate results)\n"
" +[no]defname (Ditto)\n"
@@ -240,6 +240,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
isc_uint64_t diff;
isc_time_t now;
time_t tnow;
+ struct tm tmnow;
+ char time_str[100];
char fromtext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(from, fromtext, sizeof(fromtext));
@@ -251,7 +253,10 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
printf(";; Query time: %ld msec\n", (long int)diff/1000);
printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
time(&tnow);
- printf(";; WHEN: %s", ctime(&tnow));
+ tmnow = *localtime(&tnow);
+ if (strftime(time_str, sizeof(time_str),
+ "%a %b %d %H:%M:%S %Z %Y", &tmnow) > 0U)
+ printf(";; WHEN: %s\n", time_str);
if (query->lookup->doing_xfr) {
printf(";; XFR size: %u records (messages %u, "
"bytes %" ISC_PRINT_QUADFORMAT "u)\n",
@@ -259,7 +264,6 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
query->byte_count);
} else {
printf(";; MSG SIZE rcvd: %u\n", bytes);
-
}
if (key != NULL) {
if (!validated)
@@ -276,7 +280,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
"from %s(%s) in %d ms\n\n",
query->lookup->doing_xfr ?
query->byte_count : (isc_uint64_t)bytes,
- fromtext, query->servname,
+ fromtext, query->userarg,
(int)diff/1000);
}
}
@@ -525,6 +529,13 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
printf(";; WARNING: recursion requested "
"but not available\n");
}
+ if (msg != query->lookup->sendmsg &&
+ query->lookup->edns != -1 && msg->opt == NULL &&
+ (msg->rcode == dns_rcode_formerr ||
+ msg->rcode == dns_rcode_notimp))
+ printf("\n;; WARNING: EDNS query returned status "
+ "%s - retry with '+noedns'\n",
+ rcode_totext(msg->rcode));
if (msg != query->lookup->sendmsg && extrabytes != 0U)
printf(";; WARNING: Messages has %u extra byte%s at "
"end\n", extrabytes, extrabytes != 0 ? "s" : "");
@@ -855,8 +866,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->edns = -1;
break;
}
- if (value == NULL)
- goto need_value;
+ if (value == NULL) {
+ lookup->edns = 0;
+ break;
+ }
result = parse_uint(&num, value, 255, "edns");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse edns");
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index d64d038b500d..1285c437dabf 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,6 +45,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -116,9 +117,10 @@
<para>
Unless it is told to query a specific name server,
- <command>dig</command> will try each of the servers listed
- in
- <filename>/etc/resolv.conf</filename>.
+ <command>dig</command> will try each of the servers listed in
+ <filename>/etc/resolv.conf</filename>. If no usable server addreses
+ are found, <command>dig</command> will send the query to the local
+ host.
</para>
<para>
@@ -157,20 +159,25 @@
<term><constant>server</constant></term>
<listitem>
<para>
- is the name or IP address of the name server to query. This can
- be an IPv4
- address in dotted-decimal notation or an IPv6
+ is the name or IP address of the name server to query. This
+ can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
- <parameter>server</parameter> argument is a
- hostname,
- <command>dig</command> resolves that name before
- querying that name
- server. If no <parameter>server</parameter>
- argument is provided,
- <command>dig</command> consults <filename>/etc/resolv.conf</filename>
- and queries the name servers listed there. The reply from the
- name
- server that responds is displayed.
+ <parameter>server</parameter> argument is a hostname,
+ <command>dig</command> resolves that name before querying
+ that name server.
+ </para>
+ <para>
+ If no <parameter>server</parameter> argument is
+ provided, <command>dig</command> consults
+ <filename>/etc/resolv.conf</filename>; if an
+ address is found there, it queries the name server at
+ that address. If either of the <option>-4</option> or
+ <option>-6</option> options are in use, then
+ only addresses for the corresponding transport
+ will be tried. If no usable addresses are found,
+ <command>dig</command> will send the query to the
+ local host. The reply from the name server that
+ responds is displayed.
</para>
</listitem>
</varlistentry>
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index ceef3fa8d988..a1cd5cf52daf 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543524"></a><h2>DESCRIPTION</h2>
+<a name="id2543527"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -57,9 +57,10 @@
</p>
<p>
Unless it is told to query a specific name server,
- <span><strong class="command">dig</strong></span> will try each of the servers listed
- in
- <code class="filename">/etc/resolv.conf</code>.
+ <span><strong class="command">dig</strong></span> will try each of the servers listed in
+ <code class="filename">/etc/resolv.conf</code>. If no usable server addreses
+ are found, <span><strong class="command">dig</strong></span> will send the query to the local
+ host.
</p>
<p>
When no command line arguments or options are given,
@@ -80,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543597"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543606"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -91,22 +92,29 @@
</p>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">server</code></span></dt>
-<dd><p>
- is the name or IP address of the name server to query. This can
- be an IPv4
- address in dotted-decimal notation or an IPv6
+<dd>
+<p>
+ is the name or IP address of the name server to query. This
+ can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
- <em class="parameter"><code>server</code></em> argument is a
- hostname,
- <span><strong class="command">dig</strong></span> resolves that name before
- querying that name
- server. If no <em class="parameter"><code>server</code></em>
- argument is provided,
- <span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
- and queries the name servers listed there. The reply from the
- name
- server that responds is displayed.
- </p></dd>
+ <em class="parameter"><code>server</code></em> argument is a hostname,
+ <span><strong class="command">dig</strong></span> resolves that name before querying
+ that name server.
+ </p>
+<p>
+ If no <em class="parameter"><code>server</code></em> argument is
+ provided, <span><strong class="command">dig</strong></span> consults
+ <code class="filename">/etc/resolv.conf</code>; if an
+ address is found there, it queries the name server at
+ that address. If either of the <code class="option">-4</code> or
+ <code class="option">-6</code> options are in use, then
+ only addresses for the corresponding transport
+ will be tried. If no usable addresses are found,
+ <span><strong class="command">dig</strong></span> will send the query to the
+ local host. The reply from the name server that
+ responds is displayed.
+ </p>
+</dd>
<dt><span class="term"><code class="constant">name</code></span></dt>
<dd><p>
is the name of the resource record that is to be looked up.
@@ -126,7 +134,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543688"></a><h2>OPTIONS</h2>
+<a name="id2543709"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@@ -230,7 +238,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544037"></a><h2>QUERY OPTIONS</h2>
+<a name="id2544058"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -561,7 +569,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545186"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -607,7 +615,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545248"></a><h2>IDN SUPPORT</h2>
+<a name="id2545337"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -621,14 +629,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545338"></a><h2>FILES</h2>
+<a name="id2545360"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545355"></a><h2>SEE ALSO</h2>
+<a name="id2545377"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -636,7 +644,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545393"></a><h2>BUGS</h2>
+<a name="id2545414"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 9695de0dbc4c..8ea7d8ec0366 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -794,6 +794,7 @@ make_empty_lookup(void) {
dns_fixedname_init(&looknew->fdomain);
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
+ ISC_LIST_INIT(looknew->connecting);
ISC_LIST_INIT(looknew->my_server_list);
return (looknew);
}
@@ -815,11 +816,11 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew = make_empty_lookup();
INSIST(looknew != NULL);
- strncpy(looknew->textname, lookold->textname, MXNAME);
+ strlcpy(looknew->textname, lookold->textname, MXNAME);
#if DIG_SIGCHASE_TD
- strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
+ strlcpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
#endif
- strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
+ strlcpy(looknew->cmdline, lookold->cmdline, MXNAME);
looknew->textname[MXNAME-1] = 0;
looknew->rdtype = lookold->rdtype;
looknew->qrdtype = lookold->qrdtype;
@@ -998,7 +999,7 @@ parse_hmac(const char *hmac) {
len = strlen(hmac);
if (len >= (int) sizeof(buf))
fatal("unknown key type '%.*s'", len, hmac);
- strncpy(buf, hmac, sizeof(buf));
+ strlcpy(buf, hmac, sizeof(buf));
digestbits = 0;
@@ -1080,8 +1081,8 @@ read_confkey(void) {
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
- strncpy(keynametext, keyname, sizeof(keynametext));
- strncpy(keysecret, secretstr, sizeof(keysecret));
+ strlcpy(keynametext, keyname, sizeof(keynametext));
+ strlcpy(keysecret, secretstr, sizeof(keysecret));
parse_hmac(algorithm);
setup_text_key();
@@ -1164,7 +1165,7 @@ make_searchlist_entry(char *domain) {
if (search == NULL)
fatal("memory allocation failure in %s:%d",
__FILE__, __LINE__);
- strncpy(search->origin, domain, MXNAME);
+ strlcpy(search->origin, domain, MXNAME);
search->origin[MXNAME-1] = 0;
ISC_LINK_INIT(search, link);
return (search);
@@ -1473,7 +1474,10 @@ clear_query(dig_query_t *query) {
if (lookup->current_query == query)
lookup->current_query = NULL;
- ISC_LIST_UNLINK(lookup->q, query, link);
+ if (ISC_LINK_LINKED(query, link))
+ ISC_LIST_UNLINK(lookup->q, query, link);
+ if (ISC_LINK_LINKED(query, clink))
+ ISC_LIST_UNLINK(lookup->connecting, query, clink);
if (ISC_LINK_LINKED(&query->recvbuf, link))
ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
link);
@@ -1481,6 +1485,7 @@ clear_query(dig_query_t *query) {
ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
link);
INSIST(query->recvspace != NULL);
+
if (query->sock != NULL) {
isc_socket_detach(&query->sock);
sockcount--;
@@ -1508,13 +1513,22 @@ try_clear_lookup(dig_lookup_t *lookup) {
debug("try_clear_lookup(%p)", lookup);
- if (ISC_LIST_HEAD(lookup->q) != NULL) {
+ if (ISC_LIST_HEAD(lookup->q) != NULL ||
+ ISC_LIST_HEAD(lookup->connecting) != NULL)
+ {
if (debugging) {
q = ISC_LIST_HEAD(lookup->q);
while (q != NULL) {
debug("query to %s still pending", q->servname);
q = ISC_LIST_NEXT(q, link);
}
+
+ q = ISC_LIST_HEAD(lookup->connecting);
+ while (q != NULL) {
+ debug("query to %s still connecting",
+ q->servname);
+ q = ISC_LIST_NEXT(q, clink);
+ }
}
return (ISC_FALSE);
}
@@ -1642,7 +1656,7 @@ start_lookup(void) {
= current_lookup->rdclassset;
current_lookup->rdclass = dns_rdataclass_in;
- strncpy(current_lookup->textnamesigchase,
+ strlcpy(current_lookup->textnamesigchase,
current_lookup->textname, MXNAME);
current_lookup->trace_root_sigchase = ISC_TRUE;
@@ -1654,7 +1668,7 @@ start_lookup(void) {
check_result(result, "dns_name_totext");
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
- strncpy(current_lookup->textname, (char*)r.base,
+ strlcpy(current_lookup->textname, (char*)r.base,
MXNAME);
isc_buffer_free(&b);
@@ -2290,7 +2304,6 @@ setup_lookup(dig_lookup_t *lookup) {
query->rr_count = 0;
query->msg_count = 0;
query->byte_count = 0;
- ISC_LINK_INIT(query, link);
ISC_LIST_INIT(query->recvlist);
ISC_LIST_INIT(query->lengthlist);
query->sock = NULL;
@@ -2303,6 +2316,7 @@ setup_lookup(dig_lookup_t *lookup) {
isc_buffer_init(&query->slbuf, query->slspace, 2);
query->sendbuf = lookup->renderbuf;
+ ISC_LINK_INIT(query, clink);
ISC_LINK_INIT(query, link);
ISC_LIST_ENQUEUE(lookup->q, query, link);
}
@@ -2424,6 +2438,7 @@ static void
force_timeout(dig_lookup_t *l, dig_query_t *query) {
isc_event_t *event;
+ debug("force_timeout ()");
event = isc_event_allocate(mctx, query, ISC_TIMEREVENT_IDLE,
connect_timeout, l,
sizeof(isc_event_t));
@@ -2491,6 +2506,7 @@ send_tcp_connect(dig_query_t *query) {
send_tcp_connect(next);
return;
}
+
INSIST(query->sock == NULL);
result = isc_socket_create(socketmgr,
isc_sockaddr_pf(&query->sockaddr),
@@ -2521,6 +2537,9 @@ send_tcp_connect(dig_query_t *query) {
if (l->ns_search_only && !l->trace_root) {
debug("sending next, since searching");
next = ISC_LIST_NEXT(query, link);
+ if (ISC_LINK_LINKED(query, link))
+ ISC_LIST_DEQUEUE(l->q, query, link);
+ ISC_LIST_ENQUEUE(l->connecting, query, clink);
if (next != NULL)
send_tcp_connect(next);
}
@@ -2601,7 +2620,7 @@ send_udp(dig_query_t *query) {
static void
connect_timeout(isc_task_t *task, isc_event_t *event) {
dig_lookup_t *l = NULL;
- dig_query_t *query = NULL, *cq;
+ dig_query_t *query = NULL, *next, *cq;
UNUSED(task);
REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
@@ -2625,7 +2644,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
if (query->sock != NULL)
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
- send_tcp_connect(ISC_LIST_NEXT(cq, link));
+ next = ISC_LIST_NEXT(cq, link);
+ if (next != NULL)
+ send_tcp_connect(next);
}
UNLOCK_LOOKUP;
return;
@@ -2868,9 +2889,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
if (next != NULL) {
bringup_timer(next, TCP_TIMEOUT);
send_tcp_connect(next);
- } else {
+ } else
check_next_lookup(l);
- }
UNLOCK_LOOKUP;
return;
}
@@ -3427,6 +3447,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (n == 0)
docancel = ISC_TRUE;
l->trace_root = ISC_FALSE;
+ usesearch = ISC_FALSE;
} else
#ifdef DIG_SIGCHASE
if (!do_sigchase)
@@ -3603,15 +3624,19 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
*/
void
do_lookup(dig_lookup_t *lookup) {
+ dig_query_t *query;
REQUIRE(lookup != NULL);
debug("do_lookup()");
lookup->pending = ISC_TRUE;
- if (lookup->tcp_mode)
- send_tcp_connect(ISC_LIST_HEAD(lookup->q));
- else
- send_udp(ISC_LIST_HEAD(lookup->q));
+ query = ISC_LIST_HEAD(lookup->q);
+ if (query != NULL) {
+ if (lookup->tcp_mode)
+ send_tcp_connect(query);
+ else
+ send_udp(query);
+ }
}
/*%
@@ -4083,7 +4108,7 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
check_result(result, "dns_name_totext");
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
- strcpy(lookup->textname, (char*)r.base);
+ strlcpy(lookup->textname, (char*)r.base, sizeof(lookup->textname));
isc_buffer_free(&b);
if (type == dns_rdatatype_rrsig)
@@ -4208,7 +4233,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
- strncpy(tempnamekey, tempname, tempnamelen);
+ strlcpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
@@ -4342,7 +4367,7 @@ prepare_lookup(dns_name_t *name)
lookup->new_search = ISC_TRUE;
lookup->trace_root_sigchase = ISC_FALSE;
- strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
+ strlcpy(lookup->textname, lookup->textnamesigchase, MXNAME);
lookup->rdtype = lookup->rdtype_sigchase;
lookup->rdtypeset = ISC_TRUE;
@@ -4401,7 +4426,7 @@ prepare_lookup(dns_name_t *name)
dns_rdata_totext(&aaaa, &ns.name, b);
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
- strncpy(namestr, (char*)r.base,
+ strlcpy(namestr, (char*)r.base,
DNS_NAME_FORMATSIZE);
isc_buffer_free(&b);
dns_rdata_reset(&aaaa);
@@ -4430,7 +4455,7 @@ prepare_lookup(dns_name_t *name)
dns_rdata_totext(&a, &ns.name, b);
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
- strncpy(namestr, (char*)r.base,
+ strlcpy(namestr, (char*)r.base,
DNS_NAME_FORMATSIZE);
isc_buffer_free(&b);
dns_rdata_reset(&a);
@@ -4609,7 +4634,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
- dst_key_t *trustedKey = NULL;
dst_key_t *dnsseckey = NULL;
int i;
@@ -4653,10 +4677,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
dst_key_free(&dnsseckey);
} while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
- if (trustedKey != NULL)
- dst_key_free(&trustedKey);
- trustedKey = NULL;
-
return (ISC_R_NOTFOUND);
}
diff --git a/bin/dig/host.c b/bin/dig/host.c
index 82eea056c0d1..6b37f5f76a1a 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -446,10 +446,18 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (msg->rcode != 0) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name, namestr, sizeof(namestr));
- printf("Host %s not found: %d(%s)\n",
- (msg->rcode != dns_rcode_nxdomain) ? namestr :
- query->lookup->textname, msg->rcode,
- rcode_totext(msg->rcode));
+
+ if (query->lookup->identify_previous_line)
+ printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
+ query->servname,
+ (msg->rcode != dns_rcode_nxdomain) ? namestr :
+ query->lookup->textname, msg->rcode,
+ rcode_totext(msg->rcode));
+ else
+ printf("Host %s not found: %d(%s)\n",
+ (msg->rcode != dns_rcode_nxdomain) ? namestr :
+ query->lookup->textname, msg->rcode,
+ rcode_totext(msg->rcode));
return (ISC_R_SUCCESS);
}
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index 6c186dec5e4b..e03974564530 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -168,6 +168,7 @@ isc_boolean_t sigchase;
dns_name_t *oname;
ISC_LINK(dig_lookup_t) link;
ISC_LIST(dig_query_t) q;
+ ISC_LIST(dig_query_t) connecting;
dig_query_t *current_query;
dig_serverlist_t my_server_list;
dig_searchlist_t *origin;
@@ -214,6 +215,7 @@ struct dig_query {
slspace[4];
isc_socket_t *sock;
ISC_LINK(dig_query_t) link;
+ ISC_LINK(dig_query_t) clink;
isc_sockaddr_t sockaddr;
isc_time_t time_sent;
isc_uint64_t byte_count;
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index e91e02dda5ae..6572d4c6ff36 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -356,6 +356,8 @@ main(int argc, char **argv) {
fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
"If you still wish to use RSA (RSAMD5) please "
"specify \"-a RSAMD5\"\n");
+ if (freeit != NULL)
+ free(freeit);
return (1);
} else {
r.base = algname;
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 8af100c7bdea..3d22f997cc2d 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -526,6 +526,7 @@ main(int argc, char **argv) {
"recommended.\nIf you still wish to "
"use RSA (RSAMD5) please specify "
"\"-a RSAMD5\"\n");
+ INSIST(freeit == NULL);
return (1);
} else if (strcasecmp(algname, "HMAC-MD5") == 0)
alg = DST_ALG_HMACMD5;
@@ -960,8 +961,15 @@ main(int argc, char **argv) {
dst_key_settime(key, DST_TIME_INACTIVE,
inactive);
- if (setdel)
+ if (setdel) {
+ if (setinact && delete < inactive)
+ fprintf(stderr, "%s: warning: Key is "
+ "scheduled to be deleted "
+ "before it is scheduled to be "
+ "made inactive.\n",
+ program);
dst_key_settime(key, DST_TIME_DELETE, delete);
+ }
} else {
if (setpub || setact || setrev || setinact ||
setdel || unsetpub || unsetact ||
diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
index 8346f1c91182..fb116e6efe2a 100644
--- a/bin/dnssec/dnssec-revoke.c
+++ b/bin/dnssec/dnssec-revoke.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -20,7 +20,6 @@
#include <config.h>
-#include <libgen.h>
#include <stdlib.h>
#include <unistd.h>
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index f7f4486eefe7..a7fbed3bcbdb 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -20,7 +20,6 @@
#include <config.h>
-#include <libgen.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
@@ -140,6 +139,7 @@ main(int argc, char **argv) {
int prepub = -1;
isc_stdtime_t now;
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
+ isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
@@ -344,7 +344,6 @@ main(int argc, char **argv) {
if (predecessor != NULL) {
char keystr[DST_KEY_FORMATSIZE];
- isc_stdtime_t when;
int major, minor;
if (prepub == -1)
@@ -376,19 +375,20 @@ main(int argc, char **argv) {
fatal("Predecessor has incompatible format "
"version %d.%d\n\t", major, minor);
- result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
+ result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no activation date. "
"You must set one before\n\t"
"generating a successor.");
- result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
+ result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
+ &previnact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no inactivation date. "
"You must set one before\n\t"
"generating a successor.");
- pub = act - prepub;
+ pub = prevact - prepub;
if (pub < now && prepub != 0)
fatal("Predecessor will become inactive before the\n\t"
"prepublication period ends. Either change "
@@ -396,13 +396,18 @@ main(int argc, char **argv) {
"or use the -i option to set a shorter "
"prepublication interval.");
- result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
+ result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
if (result != ISC_R_SUCCESS)
- fprintf(stderr, "%s: WARNING: Predecessor has no "
+ fprintf(stderr, "%s: warning: Predecessor has no "
"removal date;\n\t"
"it will remain in the zone "
"indefinitely after rollover.\n",
program);
+ else if (prevdel < previnact)
+ fprintf(stderr, "%s: warning: Predecessor is "
+ "scheduled to be deleted\n\t"
+ "before it is scheduled to be "
+ "inactive.\n", program);
changed = setpub = setact = ISC_TRUE;
dst_key_free(&prevkey);
@@ -464,6 +469,20 @@ main(int argc, char **argv) {
fatal("Key flags mismatch");
}
+ prevdel = previnact = 0;
+ if ((setdel && setinact && del < inact) ||
+ (dst_key_gettime(key, DST_TIME_INACTIVE,
+ &previnact) == ISC_R_SUCCESS &&
+ setdel && !setinact && del < previnact) ||
+ (dst_key_gettime(key, DST_TIME_DELETE,
+ &prevdel) == ISC_R_SUCCESS &&
+ setinact && !setdel && prevdel < inact) ||
+ (!setdel && !setinact && prevdel < previnact))
+ fprintf(stderr, "%s: warning: Key is scheduled to "
+ "be deleted before it is\n\t"
+ "scheduled to be inactive.\n",
+ program);
+
if (force)
set_keyversion(key);
else
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 237624948a26..86c3aee7095e 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -646,6 +646,8 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
if (l->entries == l->size) {
l->size = l->size * 2 + 100;
l->hashbuf = realloc(l->hashbuf, l->size * l->length);
+ if (l->hashbuf == NULL)
+ fatal("unable to grow hashlist: out of memory");
}
memset(l->hashbuf + l->entries * l->length, 0, l->length);
memcpy(l->hashbuf + l->entries * l->length, hash, len);
@@ -2027,7 +2029,9 @@ add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
* Remove records of the given type and their signatures.
*/
static void
-remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
+remove_records(dns_dbnode_t *node, dns_rdatatype_t which,
+ isc_boolean_t checknsec)
+{
isc_result_t result;
dns_rdatatype_t type, covers;
dns_rdatasetiter_t *rdsiter = NULL;
@@ -2048,10 +2052,12 @@ remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
if (type == which || covers == which) {
- if (which == dns_rdatatype_nsec && !update_chain)
+ if (which == dns_rdatatype_nsec &&
+ checknsec && !update_chain)
fatal("Zone contains NSEC records. Use -u "
"to update to NSEC3.");
- if (which == dns_rdatatype_nsec3param && !update_chain)
+ if (which == dns_rdatatype_nsec3param &&
+ checknsec && !update_chain)
fatal("Zone contains NSEC3 chains. Use -u "
"to update to NSEC.");
result = dns_db_deleterdataset(gdb, node, gversion,
@@ -2063,6 +2069,39 @@ remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
dns_rdatasetiter_destroy(&rdsiter);
}
+/*
+ * Remove signatures covering the given type (0 == all signatures).
+ */
+static void
+remove_sigs(dns_dbnode_t *node, dns_rdatatype_t which) {
+ isc_result_t result;
+ dns_rdatatype_t type, covers;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdataset_t rdataset;
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+
+ if (type == dns_rdatatype_rrsig &&
+ (covers == which || which == 0))
+ {
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result, "dns_db_deleterdataset()");
+ continue;
+ }
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+}
+
/*%
* Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
*/
@@ -2139,14 +2178,17 @@ nsecify(void) {
}
if (dns_name_equal(name, gorigin))
- remove_records(node, dns_rdatatype_nsec3param);
+ remove_records(node, dns_rdatatype_nsec3param,
+ ISC_TRUE);
if (delegation(name, node, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(name, zonecut, NULL);
+ remove_sigs(node, 0);
if (generateds)
add_ds(name, node, nsttl);
}
+
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
while (result == ISC_R_SUCCESS) {
@@ -2164,6 +2206,9 @@ nsecify(void) {
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut)))
{
+ remove_sigs(nextnode, 0);
+ remove_records(nextnode, dns_rdatatype_nsec,
+ ISC_FALSE);
dns_db_detachnode(gdb, &nextnode);
result = dns_dbiterator_next(dbiter);
continue;
@@ -2555,7 +2600,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
}
if (dns_name_equal(name, gorigin))
- remove_records(node, dns_rdatatype_nsec);
+ remove_records(node, dns_rdatatype_nsec, ISC_TRUE);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
@@ -2572,6 +2617,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
if (!dns_name_issubdomain(nextname, gorigin) ||
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut))) {
+ remove_sigs(nextnode, 0);
dns_db_detachnode(gdb, &nextnode);
result = dns_dbiterator_next(dbiter);
continue;
@@ -2579,6 +2625,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
if (delegation(nextname, nextnode, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(nextname, zonecut, NULL);
+ remove_sigs(nextnode, 0);
if (generateds)
add_ds(nextname, nextnode, nsttl);
if (OPTOUT(nsec3flags) &&
@@ -3011,7 +3058,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
dns_rdata_nsec3_t nsec3;
dns_fixedname_t fname;
dns_name_t *hashname;
- unsigned char orig_salt[256];
+ unsigned char orig_salt[255];
size_t orig_saltlen;
dns_hash_t orig_hash;
isc_uint16_t orig_iter;
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index ea919ae5e2da..e3ce3bd1547b 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -21,6 +21,12 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
+@BIND9_PRODUCT@
+
+@BIND9_DESCRIPTION@
+
+@BIND9_SRCID@
+
@BIND9_CONFIGARGS@
@BIND9_MAKE_INCLUDES@
@@ -114,6 +120,9 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
main.@O@: main.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
+ -DPRODUCT=\"${PRODUCT}\" \
+ -DDESCRIPTION=\"${DESCRIPTION}\" \
+ -DSRCID=\"${SRCID}\" \
-DCONFIGARGS="\"${CONFIGARGS}\"" \
-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
@@ -124,6 +133,7 @@ bind.keys.h: ${top_srcdir}/bind.keys ${srcdir}/bindkeys.pl
config.@O@: config.c bind.keys.h
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
+ -DSRCID=\"${SRCID}\" \
-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
-DNS_SYSCONFDIR=\"${sysconfdir}\" \
-c ${srcdir}/config.c
@@ -167,3 +177,6 @@ install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
@DLZ_DRIVER_RULES@
+
+named-symtbl.@O@: named-symtbl.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c named-symtbl.c
diff --git a/bin/named/client.c b/bin/named/client.c
index 606cc2d4dad4..ff4ab691c184 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1394,10 +1394,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
INSIST(client->recursionquota == NULL);
- INSIST(client->state ==
- TCP_CLIENT(client) ?
- NS_CLIENTSTATE_READING :
- NS_CLIENTSTATE_READY);
+ INSIST(client->state == (TCP_CLIENT(client) ?
+ NS_CLIENTSTATE_READING :
+ NS_CLIENTSTATE_READY));
ns_client_requests++;
@@ -2408,6 +2407,9 @@ ns_client_replace(ns_client_t *client) {
CTRACE("replace");
+ REQUIRE(client != NULL);
+ REQUIRE(client->manager != NULL);
+
result = ns_clientmgr_createclients(client->manager,
1, client->interface,
(TCP_CLIENT(client) ?
diff --git a/bin/named/config.c b/bin/named/config.c
index 9e453ade3bc6..25ebac4db0c1 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -150,6 +150,7 @@ options {\n\
check-names response ignore;\n\
check-dup-records warn;\n\
check-mx warn;\n\
+ check-spf warn;\n\
acache-enable no;\n\
acache-cleaning-interval 60;\n\
max-acache-size 16M;\n\
@@ -639,17 +640,16 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
if (isc_sockaddr_getport(&addrs[i]) == 0)
isc_sockaddr_setport(&addrs[i], port);
keys[i] = NULL;
- if (!cfg_obj_isstring(key)) {
- i++;
+ i++; /* Increment here so that cleanup on error works. */
+ if (!cfg_obj_isstring(key))
continue;
- }
- keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
- if (keys[i] == NULL)
+ keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
+ if (keys[i - 1] == NULL)
goto cleanup;
- dns_name_init(keys[i], NULL);
+ dns_name_init(keys[i - 1], NULL);
keystr = cfg_obj_asstring(key);
- isc_buffer_init(&b, keystr, strlen(keystr));
+ isc_buffer_constinit(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
dns_fixedname_init(&fname);
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
@@ -657,10 +657,9 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_name_dup(dns_fixedname_name(&fname), mctx,
- keys[i]);
+ keys[i - 1]);
if (result != ISC_R_SUCCESS)
goto cleanup;
- i++;
}
if (pushed != 0) {
pushed--;
@@ -716,7 +715,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
if (addrs != NULL)
isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
if (keys != NULL) {
- for (j = 0; j <= i; j++) {
+ for (j = 0; j < i; j++) {
if (keys[j] == NULL)
continue;
if (dns_name_dynamic(keys[j]))
diff --git a/bin/named/control.c b/bin/named/control.c
index ff084fc7d5a9..2a1a5a8e734e 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -61,7 +61,7 @@ command_compare(const char *text, const char *command) {
isc_result_t
ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
isccc_sexpr_t *data;
- char *command;
+ char *command = NULL;
isc_result_t result;
int log_level;
#ifdef HAVE_LIBSCF
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index daf00d04ed65..73c0f37e9737 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -149,7 +149,7 @@ free_listener(controllistener_t *listener) {
if (listener->acl != NULL)
dns_acl_detach(&listener->acl);
- isc_mem_put(listener->mctx, listener, sizeof(*listener));
+ isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
}
static void
@@ -1066,8 +1066,9 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
result = ISC_R_NOMEMORY;
if (result == ISC_R_SUCCESS) {
+ listener->mctx = NULL;
+ isc_mem_attach(mctx, &listener->mctx);
listener->controls = cp;
- listener->mctx = mctx;
listener->task = cp->server->task;
listener->address = *addr;
listener->sock = NULL;
diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
index 109d160b456b..e6414d2f7a7a 100644
--- a/bin/named/include/named/client.h
+++ b/bin/named/include/named/client.h
@@ -165,16 +165,17 @@ struct ns_client {
#define NS_CLIENT_MAGIC ISC_MAGIC('N','S','C','c')
#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
-#define NS_CLIENTATTR_TCP 0x01
-#define NS_CLIENTATTR_RA 0x02 /*%< Client gets recursive service */
-#define NS_CLIENTATTR_PKTINFO 0x04 /*%< pktinfo is valid */
-#define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */
-#define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */
-#define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */
+#define NS_CLIENTATTR_TCP 0x001
+#define NS_CLIENTATTR_RA 0x002 /*%< Client gets recursive service */
+#define NS_CLIENTATTR_PKTINFO 0x004 /*%< pktinfo is valid */
+#define NS_CLIENTATTR_MULTICAST 0x008 /*%< recv'd from multicast */
+#define NS_CLIENTATTR_WANTDNSSEC 0x010 /*%< include dnssec records */
+#define NS_CLIENTATTR_WANTNSID 0x020 /*%< include nameserver ID */
#ifdef ALLOW_FILTER_AAAA_ON_V4
-#define NS_CLIENTATTR_FILTER_AAAA 0x40 /*%< suppress AAAAs */
-#define NS_CLIENTATTR_FILTER_AAAA_RC 0x80 /*%< recursing for A against AAAA */
+#define NS_CLIENTATTR_FILTER_AAAA 0x040 /*%< suppress AAAAs */
+#define NS_CLIENTATTR_FILTER_AAAA_RC 0x080 /*%< recursing for A against AAAA */
#endif
+#define NS_CLIENTATTR_WANTAD 0x100 /*%< want AD in response if possible */
extern unsigned int ns_client_requests;
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index 842931677b55..39307f36996b 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -66,6 +66,9 @@ EXTERN isc_timermgr_t * ns_g_timermgr INIT(NULL);
EXTERN isc_socketmgr_t * ns_g_socketmgr INIT(NULL);
EXTERN cfg_parser_t * ns_g_parser INIT(NULL);
EXTERN const char * ns_g_version INIT(VERSION);
+EXTERN const char * ns_g_product INIT(PRODUCT);
+EXTERN const char * ns_g_description INIT(DESCRIPTION);
+EXTERN const char * ns_g_srcid INIT(SRCID);
EXTERN const char * ns_g_configargs INIT(CONFIGARGS);
EXTERN in_port_t ns_g_port INIT(0);
EXTERN in_port_t lwresd_g_listenport INIT(0);
@@ -120,6 +123,7 @@ EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE);
EXTERN const char * ns_g_chrootdir INIT(NULL);
EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
+EXTERN isc_boolean_t ns_g_nosyslog INIT(ISC_FALSE);
EXTERN const char * ns_g_defaultsessionkeyfile
INIT(NS_LOCALSTATEDIR "/run/named/"
@@ -153,6 +157,7 @@ EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_nosoa INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_noaa INIT(ISC_FALSE);
+EXTERN isc_boolean_t ns_g_nonearest INIT(ISC_FALSE);
#undef EXTERN
#undef INIT
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 25aa641ad37e..9982e88e09e4 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -165,7 +165,9 @@ enum {
dns_nsstatscounter_updatefail = 34,
dns_nsstatscounter_updatebadprereq = 35,
- dns_nsstatscounter_max = 36
+ dns_nsstatscounter_rpz_rewrites = 36,
+
+ dns_nsstatscounter_max = 37
};
void
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index d194d2b877cf..15ffe00aa51a 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -79,11 +79,13 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
if (mgr == NULL)
return (ISC_R_NOMEMORY);
+ mgr->mctx = NULL;
+ isc_mem_attach(mctx, &mgr->mctx);
+
result = isc_mutex_init(&mgr->lock);
if (result != ISC_R_SUCCESS)
goto cleanup_mem;
- mgr->mctx = mctx;
mgr->taskmgr = taskmgr;
mgr->socketmgr = socketmgr;
mgr->dispatchmgr = dispatchmgr;
@@ -115,7 +117,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
ns_listenlist_detach(&mgr->listenon4);
ns_listenlist_detach(&mgr->listenon6);
cleanup_mem:
- isc_mem_put(mctx, mgr, sizeof(*mgr));
+ isc_mem_putanddetach(&mgr->mctx, mgr, sizeof(*mgr));
return (result);
}
@@ -128,7 +130,7 @@ ns_interfacemgr_destroy(ns_interfacemgr_t *mgr) {
clearlistenon(mgr);
DESTROYLOCK(&mgr->lock);
mgr->magic = 0;
- isc_mem_put(mgr->mctx, mgr, sizeof(*mgr));
+ isc_mem_putanddetach(&mgr->mctx, mgr, sizeof(*mgr));
}
dns_aclenv_t *
diff --git a/bin/named/log.c b/bin/named/log.c
index 5d19dcb205c6..a34dea47ecb7 100644
--- a/bin/named/log.c
+++ b/bin/named/log.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -201,7 +201,7 @@ isc_result_t
ns_log_setdefaultcategory(isc_logconfig_t *lcfg) {
isc_result_t result;
- if (! ns_g_logstderr) {
+ if (! ns_g_logstderr && ! ns_g_nosyslog) {
result = isc_log_usechannel(lcfg, "default_syslog",
ISC_LOGCATEGORY_DEFAULT, NULL);
if (result != ISC_R_SUCCESS)
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 5d17ab0e6016..f02b97fcddee 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -246,14 +246,16 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_result_totext(result));
} else
(void)isc_stdio_close(fp);
- } else {
- syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
- dest.file.name, isc_result_totext(result));
- fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
- dest.file.name, isc_result_totext(result));
+ goto done;
}
+ if (!ns_g_nosyslog)
+ syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
}
+ done:
return (result);
}
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index 11198a4324f2..7ee2196364e9 100644
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -368,7 +368,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
- isc_buffer_init(&namebuf, searchstr,
+ isc_buffer_constinit(&namebuf, searchstr,
strlen(searchstr));
isc_buffer_add(&namebuf, strlen(searchstr));
result = dns_name_fromtext(name, &namebuf,
diff --git a/bin/named/main.c b/bin/named/main.c
index 30c6ef9cac56..f6c929e5b967 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -523,6 +523,10 @@ parse_command_line(int argc, char *argv[]) {
maxudp = 512;
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
maxudp = 1460;
+ else if (!strcmp(isc_commandline_argument, "nosyslog"))
+ ns_g_nosyslog = ISC_TRUE;
+ else if (!strcmp(isc_commandline_argument, "nonearest"))
+ ns_g_nonearest = ISC_TRUE;
else
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);
@@ -531,10 +535,16 @@ parse_command_line(int argc, char *argv[]) {
ns_g_username = isc_commandline_argument;
break;
case 'v':
- printf("BIND %s\n", ns_g_version);
+ printf("%s %s", ns_g_product, ns_g_version);
+ if (*ns_g_description != 0)
+ printf(" %s", ns_g_description);
+ printf("\n");
exit(0);
case 'V':
- printf("BIND %s built with %s\n", ns_g_version,
+ printf("%s %s", ns_g_product, ns_g_version);
+ if (*ns_g_description != 0)
+ printf(" %s", ns_g_description);
+ printf(" <id:%s> built with %s\n", ns_g_srcid,
ns_g_configargs);
#ifdef OPENSSL
printf("using OpenSSL version: %s\n",
@@ -787,8 +797,8 @@ setup(void) {
isc_result_totext(result));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
- ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version,
- saved_command_line);
+ ISC_LOG_NOTICE, "starting %s %s%s", ns_g_product,
+ ns_g_version, saved_command_line);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "built with %s", ns_g_configargs);
@@ -1029,9 +1039,9 @@ main(int argc, char *argv[]) {
*/
strlcat(version,
#if defined(NO_VERSION_DATE) || !defined(__DATE__)
- "named version: BIND " VERSION,
+ "named version: BIND " VERSION " <" SRCID ">",
#else
- "named version: BIND " VERSION " (" __DATE__ ")",
+ "named version: BIND " VERSION " <" SRCID "> (" __DATE__ ")",
#endif
sizeof(version));
result = isc_file_progname(*argv, program_name, sizeof(program_name));
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 4356c192e6b6..09b147ee7de2 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -187,7 +187,7 @@ options {
random\-device \fIquoted_string\fR;
recursive\-clients \fIinteger\fR;
serial\-query\-rate \fIinteger\fR;
- server\-id ( \fIquoted_string\fR | none |;
+ server\-id ( \fIquoted_string\fR | none );
stacksize \fIsize\fR;
statistics\-file \fIquoted_string\fR;
statistics\-interval \fIinteger\fR; // not yet implemented
@@ -592,5 +592,5 @@ zone \fIstring\fR \fIoptional_class\fR {
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index c6ee1db1ca49..2527ac3ae7e8 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -44,6 +44,7 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -218,7 +219,7 @@ options {
random-device <replaceable>quoted_string</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
- server-id ( <replaceable>quoted_string</replaceable> | none |;
+ server-id ( <replaceable>quoted_string</replaceable> | none );
stacksize <replaceable>size</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 71bd94669503..a8b35edc8602 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543353"></a><h2>DESCRIPTION</h2>
+<a name="id2543356"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543381"></a><h2>ACL</h2>
+<a name="id2543384"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543397"></a><h2>KEY</h2>
+<a name="id2543400"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key<em class="replaceable"><code>domain_name</code></em>{<br>
algorithm<em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@ key<em class="replaceable"><code>domain_name</code></em>{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543416"></a><h2>MASTERS</h2>
+<a name="id2543419"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters<em class="replaceable"><code>string</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
(<em class="replaceable"><code>masters</code></em>|<em class="replaceable"><code>ipv4_address</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]|<br>
@@ -75,7 +75,7 @@ masters<em class="replaceable"><code>string</code></em>[<span class="optional"
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543462"></a><h2>SERVER</h2>
+<a name="id2543465"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server(<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>|<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>){<br>
bogus<em class="replaceable"><code>boolean</code></em>;<br>
@@ -97,7 +97,7 @@ server(<em class="replaceable"><code>ipv4_address[<span class="optional">/pref
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543530"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2543533"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys{<br>
<em class="replaceable"><code>domain_name</code></em><em class="replaceable"><code>flags</code></em><em class="replaceable"><code>protocol</code></em><em class="replaceable"><code>algorithm</code></em><em class="replaceable"><code>key</code></em>;...<br>
@@ -105,7 +105,7 @@ trusted-keys{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543556"></a><h2>MANAGED-KEYS</h2>
+<a name="id2543559"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys{<br>
<em class="replaceable"><code>domain_name</code></em><code class="constant">initial-key</code><em class="replaceable"><code>flags</code></em><em class="replaceable"><code>protocol</code></em><em class="replaceable"><code>algorithm</code></em><em class="replaceable"><code>key</code></em>;...<br>
@@ -113,7 +113,7 @@ managed-keys{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543585"></a><h2>CONTROLS</h2>
+<a name="id2543588"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|*)<br>
@@ -125,7 +125,7 @@ controls{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543620"></a><h2>LOGGING</h2>
+<a name="id2543623"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging{<br>
channel<em class="replaceable"><code>string</code></em>{<br>
@@ -143,7 +143,7 @@ logging{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543658"></a><h2>LWRES</h2>
+<a name="id2543661"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres{<br>
listen-on[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
@@ -156,7 +156,7 @@ lwres{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543700"></a><h2>OPTIONS</h2>
+<a name="id2543703"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options{<br>
avoid-v4-udp-ports{<em class="replaceable"><code>port</code></em>;...};<br>
@@ -184,7 +184,7 @@ options{<br>
random-device<em class="replaceable"><code>quoted_string</code></em>;<br>
recursive-clients<em class="replaceable"><code>integer</code></em>;<br>
serial-query-rate<em class="replaceable"><code>integer</code></em>;<br>
- server-id(<em class="replaceable"><code>quoted_string</code></em>|none|;<br>
+ server-id(<em class="replaceable"><code>quoted_string</code></em>|none);<br>
stacksize<em class="replaceable"><code>size</code></em>;<br>
statistics-file<em class="replaceable"><code>quoted_string</code></em>;<br>
statistics-interval<em class="replaceable"><code>integer</code></em>;//notyetimplemented<br>
@@ -360,7 +360,7 @@ options{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544574"></a><h2>VIEW</h2>
+<a name="id2544578"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
@@ -523,7 +523,7 @@ view<em class="replaceable"><code>string</code></em><em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2545284"></a><h2>ZONE</h2>
+<a name="id2545287"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
type(master|slave|stub|hint|<br>
@@ -618,12 +618,12 @@ zone<em class="replaceable"><code>string</code></em><em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2545664"></a><h2>FILES</h2>
+<a name="id2545667"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545675"></a><h2>SEE ALSO</h2>
+<a name="id2545678"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
diff --git a/bin/named/query.c b/bin/named/query.c
index 9e67f2d2187f..8c589841396b 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -94,6 +94,10 @@
/*% Want DNSSEC? */
#define WANTDNSSEC(c) (((c)->attributes & \
NS_CLIENTATTR_WANTDNSSEC) != 0)
+/*% Want WANTAD? */
+#define WANTAD(c) (((c)->attributes & \
+ NS_CLIENTATTR_WANTAD) != 0)
+
/*% No authority? */
#define NOAUTHORITY(c) (((c)->query.attributes & \
NS_QUERYATTR_NOAUTHORITY) != 0)
@@ -651,7 +655,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
dns_dbversion_t **versionp)
{
isc_result_t result;
- dns_acl_t *queryacl;
+ dns_acl_t *queryacl, *queryonacl;
ns_dbversion_t *dbversion;
REQUIRE(zone != NULL);
@@ -763,6 +767,21 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
}
+ /* If and only if we've gotten this far, check allow-query-on too */
+ if (result == ISC_R_SUCCESS) {
+ queryonacl = dns_zone_getqueryonacl(zone);
+ if (queryonacl == NULL)
+ queryonacl = client->view->queryonacl;
+
+ result = ns_client_checkaclsilent(client, NULL,
+ queryonacl, ISC_TRUE);
+ if ((options & DNS_GETDB_NOLOG) == 0 &&
+ result != ISC_R_SUCCESS)
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY, ISC_LOG_INFO,
+ "query-on denied");
+ }
+
dbversion->acl_checked = ISC_TRUE;
if (result != ISC_R_SUCCESS) {
dbversion->queryok = ISC_FALSE;
@@ -831,12 +850,29 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
}
static void
-rpz_log_rewrite(ns_client_t *client, const char *disabled,
+rpz_log_rewrite(ns_client_t *client, isc_boolean_t disabled,
dns_rpz_policy_t policy, dns_rpz_type_t type,
- dns_name_t *rpz_qname) {
+ dns_zone_t *zone, dns_name_t *rpz_qname)
+{
+ isc_stats_t *zonestats;
char qname_buf[DNS_NAME_FORMATSIZE];
char rpz_qname_buf[DNS_NAME_FORMATSIZE];
+ /*
+ * Count enabled rewrites in the global counter.
+ * Count both enabled and disabled rewrites for each zone.
+ */
+ if (!disabled && policy != DNS_RPZ_POLICY_PASSTHRU) {
+ isc_stats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_rpz_rewrites);
+ }
+ if (zone != NULL) {
+ zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL)
+ isc_stats_increment(zonestats,
+ dns_nsstatscounter_rpz_rewrites);
+ }
+
if (!isc_log_wouldlog(ns_g_lctx, DNS_RPZ_INFO_LEVEL))
return;
@@ -845,7 +881,7 @@ rpz_log_rewrite(ns_client_t *client, const char *disabled,
ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
DNS_RPZ_INFO_LEVEL, "%srpz %s %s rewrite %s via %s",
- disabled,
+ disabled ? "disabled " : "",
dns_rpz_type2str(type), dns_rpz_policy2str(policy),
qname_buf, rpz_qname_buf);
}
@@ -861,6 +897,9 @@ rpz_log_fail(ns_client_t *client, int level,
if (!isc_log_wouldlog(ns_g_lctx, level))
return;
+ /*
+ * bin/tests/system/rpz/tests.sh looks for "rpz.*failed".
+ */
dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1));
dns_name_format(name, namebuf2, sizeof(namebuf2));
ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS,
@@ -3075,6 +3114,14 @@ query_addbestns(ns_client_t *client) {
goto cleanup;
/*
+ * If the answer is secure only add NS records if they are secure * when the client may be looking for AD in the response.
+ */
+ if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
+ ((rdataset->trust != dns_trust_secure) ||
+ (sigrdataset != NULL && sigrdataset->trust != dns_trust_secure)))
+ goto cleanup;
+
+ /*
* If the client doesn't want DNSSEC we can discard the sigrdataset
* now.
*/
@@ -4028,6 +4075,8 @@ rpz_rewrite_rrset(ns_client_t *client, dns_rpz_type_t rpz_type,
rdatasetp, resuming);
switch (result) {
case ISC_R_SUCCESS:
+ case DNS_R_GLUE:
+ case DNS_R_ZONECUT:
result = rpz_rewrite_ip(client, *rdatasetp, rpz_type);
break;
case DNS_R_EMPTYNAME:
@@ -4121,6 +4170,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
dns_name_t *found;
isc_result_t result;
+ REQUIRE(nodep != NULL);
+
result = rpz_ready(client, zonep, dbp, nodep, rdatasetp);
if (result != ISC_R_SUCCESS) {
*policyp = DNS_RPZ_POLICY_ERROR;
@@ -4204,26 +4255,32 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
result = DNS_R_CNAME;
}
break;
+ case DNS_R_NXRRSET:
+ policy = DNS_RPZ_POLICY_NODATA;
+ break;
case DNS_R_DNAME:
/*
* DNAME policy RRs have very few if any uses that are not
* better served with simple wildcards. Making the work would
* require complications to get the number of labels matched
* in the name or the found name to the main DNS_R_DNAME case
- * in query_find(). So fall through to treat them as NODATA.
+ * in query_find().
+ */
+ dns_rdataset_disassociate(*rdatasetp);
+ dns_db_detachnode(*dbp, nodep);
+ /*
+ * Fall through to treat it as a miss.
*/
- case DNS_R_NXRRSET:
- policy = DNS_RPZ_POLICY_NODATA;
- break;
case DNS_R_NXDOMAIN:
case DNS_R_EMPTYNAME:
/*
* If we don't get a qname hit,
* see if it is worth looking for other types.
*/
- dns_db_rpz_enabled(*dbp, client->query.rpz_st);
+ (void)dns_db_rpz_enabled(*dbp, client->query.rpz_st);
dns_db_detach(dbp);
dns_zone_detach(zonep);
+ result = DNS_R_NXDOMAIN;
policy = DNS_RPZ_POLICY_MISS;
break;
default:
@@ -4231,9 +4288,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
dns_zone_detach(zonep);
rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef,
"", result);
- policy = DNS_RPZ_POLICY_ERROR;
- result = DNS_R_SERVFAIL;
- break;
+ return (DNS_R_SERVFAIL);
}
*policyp = policy;
@@ -4299,6 +4354,9 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
if (result == ISC_R_SUCCESS)
break;
INSIST(result == DNS_R_NAMETOOLONG);
+ /*
+ * Trim the name until it is not too long.
+ */
labels = dns_name_countlabels(prefix);
if (labels < 2) {
rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
@@ -4322,7 +4380,6 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
rdatasetp, &policy);
switch (result) {
case DNS_R_NXDOMAIN:
- case DNS_R_EMPTYNAME:
break;
case DNS_R_SERVFAIL:
rpz_clean(&zone, &db, &node, rdatasetp);
@@ -4345,13 +4402,45 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
(st->m.type == rpz_type &&
0 >= dns_name_compare(rpz_qname, st->qname))))
continue;
-
+#if 0
+ /*
+ * This code would block a customer reported information
+ * leak of rpz rules by rewriting requests in the
+ * rpz-ip, rpz-nsip, rpz-nsdname,and rpz-passthru TLDs.
+ * Without this code, a bad guy could request
+ * 24.0.3.2.10.rpz-ip. to find the policy rule for
+ * 10.2.3.0/14. It is an insignificant leak and this
+ * code is not worth its cost, because the bad guy
+ * could publish "evil.com A 10.2.3.4" and request
+ * evil.com to get the same information.
+ * Keep code with "#if 0" in case customer demand
+ * is irresistible.
+ *
+ * We have the less frequent case of a triggered
+ * policy. Check that we have not trigger on one
+ * of the pretend RPZ TLDs.
+ * This test would make it impossible to rewrite
+ * names in TLDs that start with "rpz-" should
+ * ICANN ever allow such TLDs.
+ */
+ labels = dns_name_countlabels(qname);
+ if (labels >= 2) {
+ dns_label_t label;
+
+ dns_name_getlabel(qname, labels-2, &label);
+ if (label.length >= sizeof(DNS_RPZ_PREFIX)-1 &&
+ strncasecmp((const char *)label.base+1,
+ DNS_RPZ_PREFIX,
+ sizeof(DNS_RPZ_PREFIX)-1) == 0)
+ continue;
+ }
+#endif
/*
* Merely log DNS_RPZ_POLICY_DISABLED hits.
*/
if (rpz->policy == DNS_RPZ_POLICY_DISABLED) {
- rpz_log_rewrite(client, "disabled ",
- policy, rpz_type, rpz_qname);
+ rpz_log_rewrite(client, ISC_TRUE, policy,
+ rpz_type, zone, rpz_qname);
continue;
}
@@ -4482,7 +4571,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
rdataset = NULL;
if ((st->state & DNS_RPZ_DONE_QNAME) == 0) {
/*
- * Check rules for the query name if this it the first time
+ * Check rules for the query name if this is the first time
* for the current qname, i.e. we've not been recursing.
* There is a first time for each name in a CNAME chain.
*/
@@ -4524,7 +4613,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
dns_fixedname_init(&nsnamef);
dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef));
- while (st->r.label > 1) {
+ while (st->r.label > client->view->rpz_min_ns_labels) {
/*
* Get NS rrset for each domain in the current qname.
*/
@@ -4655,8 +4744,8 @@ cleanup:
st->m.policy == DNS_RPZ_POLICY_ERROR) {
if (st->m.policy == DNS_RPZ_POLICY_PASSTHRU &&
result != DNS_R_DELEGATION)
- rpz_log_rewrite(client, "", st->m.policy, st->m.type,
- st->qname);
+ rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
+ st->m.type, st->m.zone, st->qname);
rpz_match_clear(st);
}
if (st->m.policy == DNS_RPZ_POLICY_ERROR) {
@@ -4671,7 +4760,7 @@ cleanup:
}
/*
- * See if response policy zone rewriting is allowed a lack of interest
+ * See if response policy zone rewriting is allowed by a lack of interest
* by the client in DNSSEC or a lack of signatures.
*/
static isc_boolean_t
@@ -4766,7 +4855,8 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
fname, dns_trust_authanswer, st->m.ttl);
if (result != ISC_R_SUCCESS)
return (result);
- rpz_log_rewrite(client, "", st->m.policy, st->m.type, st->qname);
+ rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
+ st->m.type, st->m.zone, st->qname);
ns_client_qnamereplace(client, fname);
/*
* Turn off DNSSEC because the results of a
@@ -5703,9 +5793,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
DNS_MESSAGEFLAG_AD);
query_putrdataset(client, &sigrdataset);
+ rpz_st->q.is_zone = is_zone;
is_zone = ISC_TRUE;
- rpz_log_rewrite(client, "", rpz_st->m.policy,
- rpz_st->m.type, rpz_st->qname);
+ rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
+ rpz_st->m.type, zone, rpz_st->qname);
}
}
@@ -6080,6 +6171,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
+ rpz_st = client->query.rpz_st;
+ if (rpz_st != NULL) {
+ /*
+ * Arrange for RPZ rewriting of any A records.
+ */
+ if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
+ is_zone = rpz_st->q.is_zone;
+ rpz_st_clear(client);
+ }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -6108,7 +6208,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* closest provable encloser.
*/
if (dns_rdataset_isassociated(rdataset) &&
- !dns_name_equal(qname, found)) {
+ !dns_name_equal(qname, found) &&
+ !(ns_g_nonearest &&
+ qtype != dns_rdatatype_ds))
+ {
unsigned int count;
unsigned int skip;
@@ -6338,6 +6441,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
sigrdataset = NULL;
fname = NULL;
type = qtype = dns_rdatatype_a;
+ rpz_st = client->query.rpz_st;
+ if (rpz_st != NULL) {
+ /*
+ * Arrange for RPZ rewriting of any A records.
+ */
+ if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
+ is_zone = rpz_st->q.is_zone;
+ rpz_st_clear(client);
+ }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -6838,6 +6950,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
+ rpz_st = client->query.rpz_st;
+ if (rpz_st != NULL) {
+ /*
+ * Arrange for RPZ rewriting of any A records.
+ */
+ if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
+ is_zone = rpz_st->q.is_zone;
+ rpz_st_clear(client);
+ }
dns64_exclude = dns64 = ISC_TRUE;
goto db_find;
}
@@ -7124,7 +7245,6 @@ ns_query_start(ns_client_t *client) {
dns_rdatatype_t qtype;
unsigned int saved_extflags = client->extflags;
unsigned int saved_flags = client->message->flags;
- isc_boolean_t want_ad;
CTRACE("ns_query_start");
@@ -7286,13 +7406,11 @@ ns_query_start(ns_client_t *client) {
client->query.attributes &= ~NS_QUERYATTR_SECURE;
/*
- * Set 'want_ad' if the client has set AD in the query.
+ * Set NS_CLIENTATTR_WANTDNSSEC if the client has set AD in the query.
* This allows AD to be returned on queries without DO set.
*/
if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
- want_ad = ISC_TRUE;
- else
- want_ad = ISC_FALSE;
+ client->attributes |= NS_CLIENTATTR_WANTAD;
/*
* This is an ordinary query.
@@ -7317,7 +7435,7 @@ ns_query_start(ns_client_t *client) {
* Set AD. We must clear it if we add non-validated data to a
* response.
*/
- if (WANTDNSSEC(client) || want_ad)
+ if (WANTDNSSEC(client) || WANTAD(client))
message->flags |= DNS_MESSAGEFLAG_AD;
qclient = NULL;
diff --git a/bin/named/server.c b/bin/named/server.c
index c3eb1ea0ae67..05c68b992ec4 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -159,7 +159,7 @@
* a cache. Only effective when a finite max-cache-size is specified.
* This is currently defined to be 8MB.
*/
-#define MAX_ADB_SIZE_FOR_CACHESHARE 8388608
+#define MAX_ADB_SIZE_FOR_CACHESHARE 8388608U
struct ns_dispatch {
isc_sockaddr_t addr;
@@ -242,6 +242,72 @@ static const struct {
{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
+ /* RFC 6598 */
+ { "64.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "65.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "66.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "67.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "68.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "69.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "70.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "71.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "72.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "73.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "74.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "75.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "76.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "77.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "78.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "79.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "80.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "81.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "82.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "83.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "84.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "85.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "86.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "87.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "88.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "89.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "90.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "91.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "92.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "93.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "94.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "95.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "96.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "97.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "98.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "99.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "100.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "101.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "102.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "103.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "104.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "105.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "106.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "107.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "108.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "109.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "110.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "111.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "112.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "113.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "114.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "115.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "116.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "117.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "118.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "119.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "120.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "121.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "122.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "123.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "124.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "125.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "126.100.IN-ADDR.ARPA", ISC_FALSE },
+ { "127.100.IN-ADDR.ARPA", ISC_FALSE },
+
/* RFC 5735 and RFC 5737 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
@@ -447,7 +513,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
element = cfg_list_next(element)) {
nameobj = cfg_listelt_value(element);
str = cfg_obj_asstring(nameobj);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
/*
@@ -564,7 +630,7 @@ dstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key,
keystruct.common.rdtype,
&keystruct, &rrdatabuf));
dns_fixedname_init(&fkeyname);
- isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
+ isc_buffer_constinit(&namebuf, keynamestr, strlen(keynamestr));
isc_buffer_add(&namebuf, strlen(keynamestr));
CHECK(dns_name_fromtext(keyname, &namebuf, dns_rootname, 0, NULL));
CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
@@ -798,7 +864,17 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
*/
obj = NULL;
(void)ns_config_get(maps, "managed-keys-directory", &obj);
- directory = obj != NULL ? cfg_obj_asstring(obj) : NULL;
+ directory = (obj != NULL ? cfg_obj_asstring(obj) : NULL);
+ if (directory != NULL)
+ result = isc_file_isdirectory(directory);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "invalid managed-keys-directory %s: %s",
+ directory, isc_result_totext(result));
+ goto cleanup;
+
+ }
CHECK(add_keydata_zone(view, directory, ns_g_mctx));
cleanup:
@@ -824,7 +900,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) {
{
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
@@ -977,7 +1053,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
else
str = "*";
addroot = ISC_TF(strcmp(str, "*") == 0);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
dns_fixedname_init(&fixed);
result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
@@ -1163,7 +1239,7 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
@@ -1215,7 +1291,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
{
value = cfg_listelt_value(element);
str = cfg_obj_asstring(value);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(name, &b, dns_rootname,
0, NULL);
@@ -1399,7 +1475,7 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
dns64_dbtype[3] = contact;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
- isc_buffer_init(&b, reverse, strlen(reverse));
+ isc_buffer_constinit(&b, reverse, strlen(reverse));
isc_buffer_add(&b, strlen(reverse));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
CHECK(dns_zone_create(&zone, mctx));
@@ -1430,39 +1506,57 @@ cleanup:
}
static isc_result_t
+configure_rpz_name(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
+ const char *str, const char *msg)
+{
+ isc_result_t result;
+
+ result = dns_name_fromstring(name, str, DNS_NAME_DOWNCASE, view->mctx);
+ if (result != ISC_R_SUCCESS)
+ cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
+ "invalid %s '%s'", msg, str);
+ return (result);
+}
+
+static isc_result_t
+configure_rpz_name2(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
+ const char *str, const dns_name_t *origin)
+{
+ isc_result_t result;
+
+ result = dns_name_fromstring2(name, str, origin, DNS_NAME_DOWNCASE,
+ view->mctx);
+ if (result != ISC_R_SUCCESS)
+ cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
+ "invalid zone '%s'", str);
+ return (result);
+}
+
+static isc_result_t
configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
isc_boolean_t recursive_only_def, dns_ttl_t ttl_def)
{
- const cfg_obj_t *rpz_obj, *policy_obj, *obj;
+ const cfg_obj_t *rpz_obj, *obj;
const char *str;
dns_rpz_zone_t *old, *new;
- dns_zone_t *zone = NULL;
isc_result_t result;
+ rpz_obj = cfg_listelt_value(element);
+
new = isc_mem_get(view->mctx, sizeof(*new));
if (new == NULL) {
- result = ISC_R_NOMEMORY;
- goto cleanup;
+ cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
+ "no memory for response policy zones");
+ return (ISC_R_NOMEMORY);
}
memset(new, 0, sizeof(*new));
dns_name_init(&new->origin, NULL);
dns_name_init(&new->nsdname, NULL);
- dns_name_init(&new->cname, NULL);
dns_name_init(&new->passthru, NULL);
+ dns_name_init(&new->cname, NULL);
ISC_LIST_INITANDAPPEND(view->rpz_zones, new, link);
- rpz_obj = cfg_listelt_value(element);
- policy_obj = cfg_tuple_get(rpz_obj, "policy");
- if (cfg_obj_isvoid(policy_obj)) {
- new->policy = DNS_RPZ_POLICY_GIVEN;
- } else {
- str = cfg_obj_asstring(cfg_tuple_get(policy_obj,
- "policy name"));
- new->policy = dns_rpz_str2policy(str);
- INSIST(new->policy != DNS_RPZ_POLICY_ERROR);
- }
-
obj = cfg_tuple_get(rpz_obj, "recursive-only");
if (cfg_obj_isvoid(obj)) {
new->recursive_only = recursive_only_def;
@@ -1480,47 +1574,14 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
}
str = cfg_obj_asstring(cfg_tuple_get(rpz_obj, "zone name"));
- result = dns_name_fromstring(&new->origin, str, DNS_NAME_DOWNCASE,
- view->mctx);
- if (result != ISC_R_SUCCESS) {
- cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "invalid zone '%s'", str);
- goto cleanup;
- }
-
- result = dns_name_fromstring2(&new->nsdname, DNS_RPZ_NSDNAME_ZONE,
- &new->origin, DNS_NAME_DOWNCASE,
- view->mctx);
- if (result != ISC_R_SUCCESS) {
- cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "invalid zone '%s'", str);
- goto cleanup;
- }
-
- result = dns_name_fromstring(&new->passthru, DNS_RPZ_PASSTHRU_ZONE,
- DNS_NAME_DOWNCASE, view->mctx);
- if (result != ISC_R_SUCCESS) {
- cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "invalid zone '%s'", str);
- goto cleanup;
- }
-
- result = dns_view_findzone(view, &new->origin, &zone);
- if (result != ISC_R_SUCCESS) {
- cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "unknown zone '%s'", str);
- goto cleanup;
- }
- if (dns_zone_gettype(zone) != dns_zone_master &&
- dns_zone_gettype(zone) != dns_zone_slave) {
+ result = configure_rpz_name(view, rpz_obj, &new->origin, str, "zone");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (dns_name_equal(&new->origin, dns_rootname)) {
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "zone '%s' is neither master nor slave", str);
- dns_zone_detach(&zone);
- result = DNS_R_NOTMASTER;
- goto cleanup;
+ "invalid zone name '%s'", str);
+ return (DNS_R_EMPTYLABEL);
}
- dns_zone_detach(&zone);
-
for (old = ISC_LIST_HEAD(view->rpz_zones);
old != new;
old = ISC_LIST_NEXT(old, link)) {
@@ -1529,26 +1590,37 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
"duplicate '%s'", str);
result = DNS_R_DUPLICATE;
- goto cleanup;
+ return (result);
}
}
- if (new->policy == DNS_RPZ_POLICY_CNAME) {
- str = cfg_obj_asstring(cfg_tuple_get(policy_obj, "cname"));
- result = dns_name_fromstring(&new->cname, str,
- DNS_NAME_DOWNCASE, view->mctx);
- if (result != ISC_R_SUCCESS) {
- cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
- "invalid cname '%s'", str);
- goto cleanup;
+ result = configure_rpz_name2(view, rpz_obj, &new->nsdname,
+ DNS_RPZ_NSDNAME_ZONE, &new->origin);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = configure_rpz_name(view, rpz_obj, &new->passthru,
+ DNS_RPZ_PASSTHRU_ZONE, "zone");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = cfg_tuple_get(rpz_obj, "policy");
+ if (cfg_obj_isvoid(obj)) {
+ new->policy = DNS_RPZ_POLICY_GIVEN;
+ } else {
+ str = cfg_obj_asstring(cfg_tuple_get(obj, "policy name"));
+ new->policy = dns_rpz_str2policy(str);
+ INSIST(new->policy != DNS_RPZ_POLICY_ERROR);
+ if (new->policy == DNS_RPZ_POLICY_CNAME) {
+ str = cfg_obj_asstring(cfg_tuple_get(obj, "cname"));
+ result = configure_rpz_name(view, rpz_obj, &new->cname,
+ str, "cname");
+ if (result != ISC_R_SUCCESS)
+ return (result);
}
}
return (ISC_R_SUCCESS);
-
- cleanup:
- dns_rpz_view_destroy(view);
- return (result);
}
/*
@@ -1617,6 +1689,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
unsigned int query_timeout;
struct cfg_context *nzctx;
+ dns_rpz_zone_t *rpz;
REQUIRE(DNS_VIEW_VALID(view));
@@ -1715,6 +1788,53 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
}
/*
+ * Make the list of response policy zone names for a view that
+ * is used for real lookups and so cares about hints.
+ */
+ obj = NULL;
+ if (view->rdclass == dns_rdataclass_in && need_hints &&
+ ns_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS) {
+ const cfg_obj_t *rpz_obj;
+ isc_boolean_t recursive_only_def;
+ dns_ttl_t ttl_def;
+
+ rpz_obj = cfg_tuple_get(obj, "recursive-only");
+ if (!cfg_obj_isvoid(rpz_obj) &&
+ !cfg_obj_asboolean(rpz_obj))
+ recursive_only_def = ISC_FALSE;
+ else
+ recursive_only_def = ISC_TRUE;
+
+ rpz_obj = cfg_tuple_get(obj, "break-dnssec");
+ if (!cfg_obj_isvoid(rpz_obj) &&
+ cfg_obj_asboolean(rpz_obj))
+ view->rpz_break_dnssec = ISC_TRUE;
+ else
+ view->rpz_break_dnssec = ISC_FALSE;
+
+ rpz_obj = cfg_tuple_get(obj, "max-policy-ttl");
+ if (cfg_obj_isuint32(rpz_obj))
+ ttl_def = cfg_obj_asuint32(rpz_obj);
+ else
+ ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
+
+ rpz_obj = cfg_tuple_get(obj, "min-ns-dots");
+ if (cfg_obj_isuint32(rpz_obj))
+ view->rpz_min_ns_labels = cfg_obj_asuint32(rpz_obj) + 1;
+ else
+ view->rpz_min_ns_labels = 2;
+
+ element = cfg_list_first(cfg_tuple_get(obj, "zone list"));
+ while (element != NULL) {
+ result = configure_rpz(view, element,
+ recursive_only_def, ttl_def);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ element = cfg_list_next(element);
+ }
+ }
+
+ /*
* Configure the zones.
*/
zonelist = NULL;
@@ -1735,6 +1855,22 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
actx, ISC_FALSE));
}
+ for (rpz = ISC_LIST_HEAD(view->rpz_zones);
+ rpz != NULL;
+ rpz = ISC_LIST_NEXT(rpz, link))
+ {
+ if (!rpz->defined) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(&rpz->origin, namebuf, sizeof(namebuf));
+ cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
+ "'%s' is not a master or slave zone",
+ namebuf);
+ result = ISC_R_NOTFOUND;
+ goto cleanup;
+ }
+ }
+
/*
* If we're allowing added zones, then load zone configuration
* from the newzone file for zones that were added during previous
@@ -2161,9 +2297,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
* MAX_ADB_SIZE_FOR_CACHESHARE when the cache is shared.
*/
max_adb_size = 0;
- if (max_cache_size != 0) {
+ if (max_cache_size != 0U) {
max_adb_size = max_cache_size / 8;
- if (max_adb_size == 0)
+ if (max_adb_size == 0U)
max_adb_size = 1; /* Force minimum. */
if (view != nsc->primaryview &&
max_adb_size > MAX_ADB_SIZE_FOR_CACHESHARE) {
@@ -2638,7 +2774,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_tuple_get(obj,
"trust-anchor"));
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
dlv = dns_fixedname_name(&view->dlv_fixed);
CHECK(dns_name_fromtext(dlv, &b, dns_rootname,
@@ -2691,7 +2827,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
0, NULL));
@@ -2745,7 +2881,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
result = ns_config_get(maps, "empty-server", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
- isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
@@ -2760,7 +2896,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
result = ns_config_get(maps, "empty-contact", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
- isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
@@ -2784,7 +2920,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
dns_forwarders_t *forwarders = NULL;
dns_view_t *pview = NULL;
- isc_buffer_init(&buffer, empty, strlen(empty));
+ isc_buffer_constinit(&buffer, empty, strlen(empty));
isc_buffer_add(&buffer, strlen(empty));
/*
* Look for zone on drop list.
@@ -2800,7 +2936,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
*/
(void)dns_view_findzone(view, name, &zone);
if (zone != NULL) {
- CHECK(setquerystats(zone, mctx, zonestats_on));
dns_zone_detach(&zone);
continue;
}
@@ -2886,49 +3021,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
}
}
- /*
- * Make the list of response policy zone names for views that
- * are used for real lookups and so care about hints.
- */
- obj = NULL;
- if (view->rdclass == dns_rdataclass_in && need_hints &&
- ns_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS) {
- const cfg_obj_t *recursive_only_obj;
- const cfg_obj_t *break_dnssec_obj, *ttl_obj;
- isc_boolean_t recursive_only_def;
- dns_ttl_t ttl_def;
-
- recursive_only_obj = cfg_tuple_get(obj, "recursive-only");
- if (!cfg_obj_isvoid(recursive_only_obj) &&
- !cfg_obj_asboolean(recursive_only_obj))
- recursive_only_def = ISC_FALSE;
- else
- recursive_only_def = ISC_TRUE;
-
- break_dnssec_obj = cfg_tuple_get(obj, "break-dnssec");
- if (!cfg_obj_isvoid(break_dnssec_obj) &&
- cfg_obj_asboolean(break_dnssec_obj))
- view->rpz_break_dnssec = ISC_TRUE;
- else
- view->rpz_break_dnssec = ISC_FALSE;
-
- ttl_obj = cfg_tuple_get(obj, "max-policy-ttl");
- if (cfg_obj_isuint32(ttl_obj))
- ttl_def = cfg_obj_asuint32(ttl_obj);
- else
- ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
-
- for (element = cfg_list_first(cfg_tuple_get(obj, "zone list"));
- element != NULL;
- element = cfg_list_next(element)) {
- result = configure_rpz(view, element,
- recursive_only_def, ttl_def);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- dns_rpz_set_need(ISC_TRUE);
- }
- }
-
result = ISC_R_SUCCESS;
cleanup:
@@ -3028,7 +3120,7 @@ configure_alternates(const cfg_obj_t *config, dns_view_t *view,
isc_buffer_t buffer;
in_port_t myport = port;
- isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
@@ -3280,6 +3372,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
const char *zname;
dns_rdataclass_t zclass;
const char *ztypestr;
+ isc_boolean_t is_rpz;
+ dns_rpz_zone_t *rpz;
options = NULL;
(void)cfg_map_get(config, "options", &options);
@@ -3290,7 +3384,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
* Get the zone origin as a dns_name_t.
*/
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
- isc_buffer_init(&buffer, zname, strlen(zname));
+ isc_buffer_constinit(&buffer, zname, strlen(zname));
isc_buffer_add(&buffer, strlen(zname));
dns_fixedname_init(&fixorigin);
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
@@ -3409,6 +3503,21 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
INSIST(dupzone == NULL);
/*
+ * Note whether this is a response policy zone.
+ */
+ is_rpz = ISC_FALSE;
+ for (rpz = ISC_LIST_HEAD(view->rpz_zones);
+ rpz != NULL;
+ rpz = ISC_LIST_NEXT(rpz, link))
+ {
+ if (dns_name_equal(&rpz->origin, origin)) {
+ is_rpz = ISC_TRUE;
+ rpz->defined = ISC_TRUE;
+ break;
+ }
+ }
+
+ /*
* See if we can reuse an existing zone. This is
* only possible if all of these are true:
* - The zone's view exists
@@ -3416,6 +3525,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
* - The zone is compatible with the config
* options (e.g., an existing master zone cannot
* be reused if the options specify a slave zone)
+ * - The zone was and is or was not and is not a policy zone
*/
result = dns_viewlist_find(&ns_g_server->viewlist,
view->name, view->rdclass,
@@ -3429,6 +3539,9 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
if (zone != NULL && !ns_zone_reusable(zone, zconfig))
dns_zone_detach(&zone);
+ if (zone != NULL && is_rpz != dns_zone_get_rpz(zone))
+ dns_zone_detach(&zone);
+
if (zone != NULL) {
/*
* We found a reusable zone. Make it use the
@@ -3451,6 +3564,19 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
dns_zone_setstats(zone, ns_g_server->zonestats);
}
+ if (is_rpz) {
+ result = dns_zone_rpz_enable(zone);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "zone '%s': incompatible"
+ " masterfile-format or database"
+ " for a response policy zone",
+ zname);
+ goto cleanup;
+ }
+ }
+
/*
* If the zone contains a 'forwarders' statement, configure
* selective forwarding.
@@ -4126,7 +4252,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
keynamestr = cfg_obj_asstring(obj);
dns_fixedname_init(&fname);
- isc_buffer_init(&buffer, keynamestr, strlen(keynamestr));
+ isc_buffer_constinit(&buffer, keynamestr, strlen(keynamestr));
isc_buffer_add(&buffer, strlen(keynamestr));
keyname = dns_fixedname_name(&fname);
result = dns_name_fromtext(keyname, &buffer, dns_rootname, 0, NULL);
@@ -5858,6 +5984,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
dns_rdataclass_t rdclass;
REQUIRE(zonep != NULL && *zonep == NULL);
+ REQUIRE(zonename == NULL || *zonename == NULL);
input = args;
@@ -5870,7 +5997,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
zonetxt = next_token(&input, " \t");
if (zonetxt == NULL)
return (ISC_R_SUCCESS);
- if (zonename)
+ if (zonename != NULL)
*zonename = zonetxt;
/* Look for the optional class name. */
@@ -5880,7 +6007,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
viewtxt = next_token(&input, " \t");
}
- isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
+ isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt));
isc_buffer_add(&buf, strlen(zonetxt));
dns_fixedname_init(&name);
result = dns_name_fromtext(dns_fixedname_name(&name),
@@ -6788,7 +6915,7 @@ ns_server_flushname(ns_server_t *server, char *args) {
if (target == NULL)
return (ISC_R_UNEXPECTEDEND);
- isc_buffer_init(&b, target, strlen(target));
+ isc_buffer_constinit(&b, target, strlen(target));
isc_buffer_add(&b, strlen(target));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
@@ -7342,7 +7469,7 @@ ns_server_add_zone(ns_server_t *server, char *args) {
CHECK(cfg_map_get(config, "addzone", &parms));
zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name"));
- isc_buffer_init(&buf, zonename, strlen(zonename));
+ isc_buffer_constinit(&buf, zonename, strlen(zonename));
isc_buffer_add(&buf, strlen(zonename));
dns_name_init(&dnsname, NULL);
isc_buffer_allocate(server->mctx, &nbuf, 256);
@@ -7406,7 +7533,8 @@ ns_server_add_zone(ns_server_t *server, char *args) {
CHECK(isc_stdio_open(view->new_zone_file, "a", &fp));
/* Mark view unfrozen so that zone can be added */
- isc_task_beginexclusive(server->task);
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_view_thaw(view);
result = configure_zone(cfg->config, parms, vconfig,
server->mctx, view, cfg->actx, ISC_FALSE);
@@ -7515,8 +7643,7 @@ ns_server_del_zone(ns_server_t *server, char *args) {
/* Parse parameters */
CHECK(zone_from_args(server, args, &zone, &zonename));
- if (result != ISC_R_SUCCESS)
- return (result);
+
if (zone == NULL) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
@@ -7531,8 +7658,8 @@ ns_server_del_zone(ns_server_t *server, char *args) {
goto cleanup;
}
- if (zonename != NULL)
- znamelen = strlen(zonename);
+ INSIST(zonename != NULL);
+ znamelen = strlen(zonename);
/* Dig out configuration for this zone */
view = dns_zone_getview(zone);
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 6ea0be505191..8d30b452f2bd 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -202,6 +202,8 @@ init_desc(void) {
SET_NSSTATDESC(updatebadprereq,
"updates rejected due to prerequisite failure",
"UpdateBadPrereq");
+ SET_NSSTATDESC(rpz_rewrites, "response policy zone rewrites",
+ "RPZRewrites");
INSIST(i == dns_nsstatscounter_max);
/* Initialize resolver statistics */
@@ -877,11 +879,11 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterEndElement(writer)); /* views */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr"));
- isc_socketmgr_renderxml(ns_g_socketmgr, writer);
+ TRY0(isc_socketmgr_renderxml(ns_g_socketmgr, writer));
TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr"));
- isc_taskmgr_renderxml(ns_g_taskmgr, writer);
+ TRY0(isc_taskmgr_renderxml(ns_g_taskmgr, writer));
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
@@ -944,7 +946,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterEndElement(writer)); /* server */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
- isc_mem_renderxml(writer);
+ TRY0(isc_mem_renderxml(writer));
TRY0(xmlTextWriterEndElement(writer)); /* memory */
TRY0(xmlTextWriterEndElement(writer)); /* statistics */
diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c
index 6d852a0871c0..e9520592dc5f 100644
--- a/bin/named/tkeyconf.c
+++ b/bin/named/tkeyconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -73,7 +73,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
- isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
@@ -87,7 +87,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
result = cfg_map_get(options, "tkey-domain", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
- isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
@@ -106,7 +106,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
- isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c
index 776b1b9f837d..eef87e930438 100644
--- a/bin/named/tsigconf.c
+++ b/bin/named/tsigconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -78,7 +78,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
* Create the key name.
*/
dns_name_init(&keyname, NULL);
- isc_buffer_init(&keynamesrc, keyid, strlen(keyid));
+ isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
isc_buffer_add(&keynamesrc, strlen(keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c
index edd394656d28..98dfc5a75ba1 100644
--- a/bin/named/unix/dlz_dlopen_driver.c
+++ b/bin/named/unix/dlz_dlopen_driver.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -225,7 +225,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
return (ISC_R_FAILURE);
}
- isc_mem_create(0, 0, &mctx);
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS)
+ return (result);
cd = isc_mem_get(mctx, sizeof(*cd));
if (cd == NULL) {
@@ -247,7 +249,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
}
/* Initialize the lock */
- isc_mutex_init(&cd->lock);
+ result = isc_mutex_init(&cd->lock);
+ if (result != ISC_R_SUCCESS)
+ goto failed;
/* Open the library */
dlopen_flags = RTLD_NOW|RTLD_GLOBAL;
@@ -351,11 +355,11 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
failed:
dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname);
- if (cd->dl_path)
+ if (cd->dl_path != NULL)
isc_mem_free(mctx, cd->dl_path);
- if (cd->dlzname)
+ if (cd->dlzname != NULL)
isc_mem_free(mctx, cd->dlzname);
- if (dlopen_flags)
+ if (dlopen_flags != 0)
(void) isc_mutex_destroy(&cd->lock);
#ifdef HAVE_DLCLOSE
if (cd->dl_handle)
diff --git a/bin/named/update.c b/bin/named/update.c
index 6fb6a8536721..abf5c08c6d30 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -3500,7 +3500,8 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
ISC_LIST_APPEND(diff->tuples, tuple, link);
- dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
if ((dnskey.flags &
(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
!= DNS_KEYOWNER_ZONE)
diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
index 6cda6589e1c9..036350009da6 100644
--- a/bin/named/xfrout.c
+++ b/bin/named/xfrout.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -833,14 +833,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
is_dlz = ISC_TRUE;
- /*
- * DLZ only support full zone transfer, not incremental
- */
- if (reqtype != dns_rdatatype_axfr) {
- mnemonic = "AXFR-style IXFR";
- reqtype = dns_rdatatype_axfr;
- }
-
} else {
/*
* not DLZ and not in normal zone table, we are
@@ -852,12 +844,14 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
} else {
/* zone table has a match */
switch(dns_zone_gettype(zone)) {
+ /* Master and slave zones are OK for transfer. */
case dns_zone_master:
case dns_zone_slave:
case dns_zone_dlz:
- break; /* Master and slave zones are OK for transfer. */
+ break;
default:
- FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class);
+ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
+ question_name, question_class);
}
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &ver);
@@ -992,7 +986,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
is_poll = ISC_TRUE;
goto have_stream;
}
- journalfile = dns_zone_getjournal(zone);
+ journalfile = is_dlz ? NULL : dns_zone_getjournal(zone);
if (journalfile != NULL)
result = ixfr_rrstream_create(mctx,
journalfile,
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 6eef28ae131f..404c238f02a4 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -56,6 +56,7 @@
typedef enum {
allow_notify,
allow_query,
+ allow_query_on,
allow_transfer,
allow_update,
allow_update_forwarding
@@ -104,6 +105,11 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
aclp = &view->queryacl;
aclname = "allow-query";
break;
+ case allow_query_on:
+ if (view != NULL)
+ aclp = &view->queryonacl;
+ aclname = "allow-query-on";
+ break;
case allow_transfer:
if (view != NULL)
aclp = &view->transferacl;
@@ -269,7 +275,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
dns_fixedname_init(&fident);
str = cfg_obj_asstring(identity);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
dns_rootname, 0, NULL);
@@ -292,7 +298,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
}
} else {
str = cfg_obj_asstring(dname);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(dns_fixedname_name(&fname),
&b, dns_rootname, 0, NULL);
@@ -525,7 +531,7 @@ configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone,
dns_fixedname_init(&fixed_name);
nsname = dns_fixedname_name(&fixed_name);
- isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
@@ -934,6 +940,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_zone_setqueryacl,
dns_zone_clearqueryacl));
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_query_on, ac, zone,
+ dns_zone_setqueryonacl,
+ dns_zone_clearqueryonacl));
+
obj = NULL;
result = ns_config_get(maps, "dialup", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
@@ -1112,6 +1123,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
cfg_obj_asboolean(obj));
obj = NULL;
+ result = ns_config_get(maps, "check-spf", &obj);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ check = ISC_TRUE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ check = ISC_FALSE;
+ } else
+ INSIST(0);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSPF, check);
+
+ obj = NULL;
result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 1f5e3e96c9ef..e11f080c01f6 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -930,7 +930,7 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
INSIST(count == 1);
}
-#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:rR::t:u:"
+#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:"
static void
pre_parse_args(int argc, char **argv) {
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 5811cfa141fa..e4ce5563cc3c 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -771,6 +771,7 @@ main(int argc, char **argv) {
program, isc_commandline_option);
usage(1);
}
+ /* FALLTHROUGH */
case 'h':
usage(0);
break;
diff --git a/bin/tools/genrandom.c b/bin/tools/genrandom.c
index 675e5043d601..0d7eb726d6de 100644
--- a/bin/tools/genrandom.c
+++ b/bin/tools/genrandom.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -93,6 +93,7 @@ main(int argc, char **argv) {
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
+ /* FALLTHROUGH */
case 'h':
usage();
diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8
index c02ed03f4fb0..6364e54d94b8 100644
--- a/bin/tools/isc-hmac-fixup.8
+++ b/bin/tools/isc-hmac-fixup.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -23,7 +23,7 @@
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9"
+.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -57,5 +57,5 @@ RFC 2104.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook
index c298a85861d7..cc72373352c4 100644
--- a/bin/tools/isc-hmac-fixup.docbook
+++ b/bin/tools/isc-hmac-fixup.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -25,7 +25,7 @@
<refmeta>
<refentrytitle><application>isc-hmac-fixup</application></refentrytitle>
- <manvolnum>1</manvolnum>
+ <manvolnum>8</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
@@ -37,6 +37,7 @@
<docinfo>
<copyright>
<year>2010</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
diff --git a/bin/tools/isc-hmac-fixup.html b/bin/tools/isc-hmac-fixup.html
index d39ebf0fa166..f5ab4b5a2054 100644
--- a/bin/tools/isc-hmac-fixup.html
+++ b/bin/tools/isc-hmac-fixup.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543352"></a><h2>DESCRIPTION</h2>
+<a name="id2543355"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543376"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2543379"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@@ -68,14 +68,14 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543389"></a><h2>SEE ALSO</h2>
+<a name="id2543393"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543406"></a><h2>AUTHOR</h2>
+<a name="id2543410"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/config.h.in b/config.h.in
index 42d7a21fa5f4..6cef67682b49 100644
--- a/config.h.in
+++ b/config.h.in
@@ -283,9 +283,15 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <net/if6.h> header file. */
#undef HAVE_NET_IF6_H
+/* Define if your OpenSSL version supports ECDSA. */
+#undef HAVE_OPENSSL_ECDSA
+
/* Define if your OpenSSL version supports GOST. */
#undef HAVE_OPENSSL_GOST
+/* Define to 1 if you have the <regex.h> header file. */
+#undef HAVE_REGEX_H
+
/* Define to 1 if you have the `setegid' function. */
#undef HAVE_SETEGID
@@ -367,6 +373,10 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to allow building of objects for dlopen(). */
#undef ISC_DLZ_DLOPEN
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
/* Defined if extern char *optarg is not declared. */
#undef NEED_OPTARG
diff --git a/config.threads.in b/config.threads.in
index a56ca37d4830..f41d68e1d565 100644
--- a/config.threads.in
+++ b/config.threads.in
@@ -60,7 +60,7 @@ case $host in
esac
AC_ARG_ENABLE(threads,
- [ --enable-threads enable multithreading])
+ [ --enable-threads enable multithreading])
case "$enable_threads" in
yes)
use_threads=true
diff --git a/configure.in b/configure.in
index 0567addc186e..8db8dde7664e 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -24,6 +24,7 @@ AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
AC_CONFIG_HEADER(config.h)
+AC_CONFIG_MACRO_DIR([libtool.m4])
AC_CANONICAL_HOST
@@ -62,14 +63,13 @@ It is available from http://www.isc.org as a separate download.])
;;
esac
-AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
+AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
case "$enable_developer" in
yes)
+ STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
test "${with_atf+set}" = set || with_atf=yes
test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
- test "${enable_rpz_nsip+set}" = set || enable_rpz_nsip=yes
- test "${enable_rpz_nsdname+set}" = set || enable_rpz_nsdname=yes
test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes
case "$host" in
*-darwin*)
@@ -298,7 +298,7 @@ esac
AC_HEADER_STDC
-AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
[$ac_includes_default
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
@@ -322,17 +322,15 @@ AC_CHECK_FUNCS(setegid setresgid)
# is reported to not support "static inline" (RT #1212).
#
AC_MSG_CHECKING(for static inline breakage)
-AC_TRY_COMPILE(, [
- foo1();
- }
-
+AC_TRY_COMPILE([
static inline int foo1() {
return 0;
}
static inline int foo2() {
return foo1();
- ],
+ }
+ ], [foo1();],
[AC_MSG_RESULT(no)],
[AC_MSG_RESULT(yes)
AC_DEFINE(inline, ,[Define to empty if your compiler does not support "static inline".])])
@@ -445,6 +443,8 @@ int main() {
[AC_MSG_RESULT(yes)
ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
[AC_MSG_RESULT(no)
+ ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"],
+ [AC_MSG_RESULT(no)
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
;;
yes)
@@ -550,12 +550,16 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
USE_OPENSSL=""
+ OPENSSLGOSTLINKOBJS=""
+ OPENSSLGOSTLINKSRS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
;;
auto)
DST_OPENSSL_INC=""
USE_OPENSSL=""
+ OPENSSLGOSTLINKOBJS=""
+ OPENSSLGOSTLINKSRS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
@@ -691,20 +695,20 @@ no)
;;
esac
- AC_MSG_CHECKING(for OpenSSL DSA support)
- if test -f $use_openssl/include/openssl/dsa.h
- then
- AC_DEFINE(HAVE_OPENSSL_DSA)
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
- fi
+ AC_MSG_CHECKING(for OpenSSL DSA support)
+ if test -f $use_openssl/include/openssl/dsa.h
+ then
+ AC_DEFINE(HAVE_OPENSSL_DSA)
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ fi
- AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
+ AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
- AC_MSG_CHECKING(for OpenSSL ECDSA support)
- have_ecdsa=""
- AC_TRY_RUN([
+ AC_MSG_CHECKING(for OpenSSL ECDSA support)
+ have_ecdsa=""
+ AC_TRY_RUN([
#include <stdio.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
@@ -721,22 +725,42 @@ int main() {
return (0);
}
],
- [AC_MSG_RESULT(yes)
- have_ecdsa="yes"],
- [AC_MSG_RESULT(no)
- have_ecdsa="no"])
- case $have_ecdsa in
- yes)
- OPENSSL_ECDSA="yes"
- AC_DEFINE(HAVE_OPENSSL_ECDSA)
- ;;
- *)
- ;;
- esac
-
- AC_MSG_CHECKING(for OpenSSL GOST support)
- have_gost=""
- AC_TRY_RUN([
+ [AC_MSG_RESULT(yes)
+ have_ecdsa="yes"],
+ [AC_MSG_RESULT(no)
+ have_ecdsa="no"],
+ [AC_MSG_RESULT(using --with-ecdsa)])
+ AC_ARG_WITH(ecdsa, [ --with-ecdsa OpenSSL ECDSA],
+ with_ecdsa="$withval", with_ecdsa="auto")
+ case "$with_ecdsa" in
+ yes)
+ case "$have_ecdsa" in
+ no) AC_MSG_ERROR([ecdsa not supported]) ;;
+ *) have_ecdsa=yes ;;
+ esac
+ ;;
+ no)
+ have_ecdsa=no ;;
+ *)
+ case "$have_ecdsa" in
+ yes|no) ;;
+ *) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;;
+ esac
+ ;;
+ esac
+ case $have_ecdsa in
+ yes)
+ OPENSSL_ECDSA="yes"
+ AC_DEFINE(HAVE_OPENSSL_ECDSA, 1,
+ [Define if your OpenSSL version supports ECDSA.])
+ ;;
+ *)
+ ;;
+ esac
+
+ AC_MSG_CHECKING(for OpenSSL GOST support)
+ have_gost=""
+ AC_TRY_RUN([
#include <openssl/conf.h>
#include <openssl/engine.h>
int main() {
@@ -758,43 +782,46 @@ int main() {
#endif
}
],
- [AC_MSG_RESULT(yes)
- have_gost="yes"],
- [AC_MSG_RESULT(no)
- have_gost="no"],
- [AC_MSG_RESULT(using --with-gost)])
- AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto")
- case "$with_gost" in
- yes)
- case "$have_gost" in
- no) AC_MSG_ERROR([gost not supported]) ;;
- *) have_gost=yes ;;
- esac
- ;;
- no)
- have_gost=no ;;
- *)
- case "$have_gost" in
- yes|no) ;;
- *) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
- esac
- ;;
- esac
- case $have_gost in
- yes)
- OPENSSL_GOST="yes"
- AC_DEFINE(HAVE_OPENSSL_GOST, 1,
- [Define if your OpenSSL version supports GOST.])
- ;;
- *)
- ;;
- esac
- CFLAGS="$saved_cflags"
- LIBS="$saved_libs"
- OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
- OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
-
- ;;
+ [AC_MSG_RESULT(yes)
+ have_gost="yes"],
+ [AC_MSG_RESULT(no)
+ have_gost="no"],
+ [AC_MSG_RESULT(using --with-gost)])
+ AC_ARG_WITH(gost, [ --with-gost OpenSSL GOST],
+ with_gost="$withval", with_gost="auto")
+ case "$with_gost" in
+ yes)
+ case "$have_gost" in
+ no) AC_MSG_ERROR([gost not supported]) ;;
+ *) have_gost=yes ;;
+ esac
+ ;;
+ no)
+ have_gost=no ;;
+ *)
+ case "$have_gost" in
+ yes|no) ;;
+ *) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
+ esac
+ ;;
+ esac
+ case $have_gost in
+ yes)
+ OPENSSL_GOST="yes"
+ OPENSSLGOSTLINKOBJS='${OPENSSLGOSTLINKOBJS}'
+ OPENSSLGOSTLINKSRCS='${OPENSSLGOSTLINKSRCS}'
+ AC_DEFINE(HAVE_OPENSSL_GOST, 1,
+ [Define if your OpenSSL version supports GOST.])
+ ;;
+ *)
+ ;;
+ esac
+ CFLAGS="$saved_cflags"
+ LIBS="$saved_libs"
+ OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
+ OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
+
+ ;;
esac
#
@@ -804,6 +831,8 @@ esac
AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
+AC_SUBST(OPENSSLGOSTLINKOBJS)
+AC_SUBST(OPENSSLGOSTLINKSRCS)
AC_SUBST(OPENSSLLINKOBJS)
AC_SUBST(OPENSSLLINKSRCS)
AC_SUBST(OPENSSL_ECDSA)
@@ -1075,6 +1104,11 @@ AC_ARG_WITH(randomdev,
case "$use_randomdev" in
unspec)
+ case "$cross_compiling" in
+ yes)
+ AC_MSG_RESULT(unspecified)
+ AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no])
+ esac
case "$host" in
*-openbsd*)
devrandom=/dev/arandom
@@ -1087,6 +1121,7 @@ case "$use_randomdev" in
AC_CHECK_FILE($devrandom,
AC_DEFINE_UNQUOTED(PATH_RANDOMDEV,
"$devrandom"),)
+
;;
yes)
AC_MSG_ERROR([--with-randomdev must specify a path])
@@ -1258,7 +1293,7 @@ case "$use_libxml2" in
;;
auto|yes)
case X`(xml2-config --version) 2>/dev/null` in
- X2.[[678]].*)
+ X2.[[6789]].*)
libxml2_libs=`xml2-config --libs`
libxml2_cflags=`xml2-config --cflags`
;;
@@ -1595,8 +1630,8 @@ AC_SUBST(LIBTOOL_IN_MAIN)
# build exportable DNS library?
#
AC_ARG_ENABLE(exportlib,
- [ --enable-exportlib build exportable library (GNU make required)
- [[default=no]]])
+ [ --enable-exportlib build exportable library (GNU make required)
+ [[default=no]]])
case "$enable_exportlib" in
yes)
gmake=
@@ -1621,8 +1656,8 @@ AC_SUBST(BIND9_CO_RULE)
AC_ARG_WITH(export-libdir,
[ --with-export-libdir[=PATH]
- installation directory for the export library
- [[EPREFIX/lib/bind9]]],
+ installation directory for the export library
+ [[EPREFIX/lib/bind9]]],
export_libdir="$withval",)
if test -z "$export_libdir"; then
export_libdir="\${exec_prefix}/lib/bind9/"
@@ -1631,8 +1666,8 @@ AC_SUBST(export_libdir)
AC_ARG_WITH(export-includedir,
[ --with-export-includedir[=PATH]
- installation directory for the header files of the
- export library [[PREFIX/include/bind9]]],
+ installation directory for the header files of the
+ export library [[PREFIX/include/bind9]]],
export_includedir="$withval",)
if test -z "$export_includedir"; then
export_includedir="\${prefix}/include/bind9/"
@@ -2827,9 +2862,9 @@ esac
# Enable response policy rewriting using NS IP addresses
#
AC_ARG_ENABLE(rpz-nsip,
- [ --enable-rpz-nsip enable rpz-nsip rules [[default=no]]],
+ [ --disable-rpz-nsip disable rpz-nsip rules [[default=enabled]]],
enable_nsip="$enableval",
- enable_nsip="no")
+ enable_nsip="yes")
case "$enable_nsip" in
yes)
AC_DEFINE(ENABLE_RPZ_NSIP, 1,
@@ -2845,9 +2880,9 @@ esac
# Enable response policy rewriting using NS name
#
AC_ARG_ENABLE(rpz-nsdname,
- [ --enable-rpz-nsdname enable rpz-nsdname rules [[default=no]]],
+ [ --disable-rpz-nsdname disable rpz-nsdname rules [[default=enabled]]],
enable_nsdname="$enableval",
- enable_nsdname="no")
+ enable_nsdname="yes")
case "$enable_nsdname" in
yes)
AC_DEFINE(ENABLE_RPZ_NSDNAME, 1,
@@ -2995,7 +3030,7 @@ AC_ARG_WITH(docbook-xsl,
case "$docbook_path" in
auto)
AC_MSG_RESULT(auto)
- docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook"
+ docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl"
;;
*)
docbook_xsl_trees="$withval"
@@ -3131,14 +3166,22 @@ AC_SUBST(IDNLIBS)
# Check whether to build Automated Test Framework unit tests
#
AC_ARG_WITH(atf,
- [ --with-atf=ARG Automated Test Framework support],
+ [ --with-atf=ARG Automated Test Framework support],
atf="$withval", atf="no")
if test "$atf" = yes; then
atf=`pwd`/unit/atf
ATFBUILD=atf-src
AC_SUBST(ATFBUILD)
AC_CONFIG_COMMANDS([atf-config],
- [cd unit/atf-src; ${SHELL} ./configure MISSING=: --prefix $atfdir; cd ../..],
+ [(
+ mkdir -p unit/atf-src;
+ cd unit/atf-src;
+ case "$srcdir" in
+ /*) ;;
+ *) srcdir="../../$srcdir";;
+ esac
+ ${SHELL} ${srcdir}${srcdir:+/unit/atf-src/}./configure MISSING=: --prefix $atfdir;
+ ) ],
[atfdir=`pwd`/unit/atf])
AC_MSG_RESULT(building ATF from bind9/unit/atf-src)
fi
@@ -3149,6 +3192,9 @@ if test "$atf" != no; then
STD_CINCLUDES="$STD_CINCLUDES -I$atf/include"
ATFBIN="$atf/bin"
ATFLIBS="-L$atf/lib -latf-c"
+ if test "$want_openssl_hash" = yes; then
+ ATFLIBS="-L$atf/lib -latf-c $DNS_CRYPTO_LIBS"
+ fi
UNITTESTS=tests
fi
AC_SUBST(ATFBIN)
@@ -3193,9 +3239,20 @@ AC_SUBST_FILE(BIND9_MAKE_RULES)
BIND9_MAKE_RULES=$BIND9_TOP_BUILDDIR/make/rules
. $srcdir/version
+BIND9_PRODUCT="PRODUCT=\"${PRODUCT}\""
+AC_SUBST(BIND9_PRODUCT)
+BIND9_DESCRIPTION="DESCRIPTION=\"${DESCRIPTION}\""
+AC_SUBST(BIND9_DESCRIPTION)
BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}"
AC_SUBST(BIND9_VERSION)
+BIND9_SRCID="SRCID=unset"
+if test -f $srcdir/srcid; then
+ . $srcdir/srcid
+ BIND9_SRCID="SRCID=$SRCID"
+fi
+AC_SUBST(BIND9_SRCID)
+
if test -z "$ac_configure_args"; then
BIND9_CONFIGARGS="defaults"
else
@@ -3264,6 +3321,11 @@ AC_ARG_WITH(dlopen,
[ --with-dlopen=ARG Support dynamically loadable DLZ drivers],
dlopen="$withval", dlopen="yes")
+case $host in
+ *-sunos*) dlopen="no"
+ ;;
+esac
+
if test "$dlopen" = "yes"; then
AC_CHECK_LIB(dl, dlopen, have_dl=yes, have_dl=no)
if test "$have_dl" = "yes"; then
@@ -3278,7 +3340,11 @@ if test "$dlopen" = "yes"; then
SO_CFLAGS="-fPIC"
if test "$have_dl" = "yes"
then
- SO_LD="${CC} -shared"
+ if test "$use_libtool" = "yes"; then
+ SO_LD="${CC} -Xcompiler -shared"
+ else
+ SO_LD="${CC} -shared"
+ fi
else
SO_LD="ld -shared"
fi
@@ -3484,6 +3550,21 @@ AC_CONFIG_FILES([
bin/tests/atomic/Makefile
bin/tests/db/Makefile
bin/tests/dst/Makefile
+ bin/tests/dst/Kdh.+002+18602.key
+ bin/tests/dst/Kdh.+002+18602.private
+ bin/tests/dst/Kdh.+002+48957.key
+ bin/tests/dst/Kdh.+002+48957.private
+ bin/tests/dst/Ktest.+001+00002.key
+ bin/tests/dst/Ktest.+001+54622.key
+ bin/tests/dst/Ktest.+001+54622.private
+ bin/tests/dst/Ktest.+003+23616.key
+ bin/tests/dst/Ktest.+003+23616.private
+ bin/tests/dst/Ktest.+003+49667.key
+ bin/tests/dst/dst_2_data
+ bin/tests/dst/t2_data_1
+ bin/tests/dst/t2_data_2
+ bin/tests/dst/t2_dsasig
+ bin/tests/dst/t2_rsasig
bin/tests/hashes/Makefile
bin/tests/headerdep_test.sh
bin/tests/master/Makefile
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index f3f862af7523..cec0b2499a60 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -33,6 +33,7 @@
<year>2010</year>
<year>2011</year>
<year>2012</year>
+ <year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -1480,7 +1481,7 @@ zone "eng.example.com" {
<optional><replaceable>view</replaceable></optional></term>
<listitem>
<para>
- Delete a given TKEY-negotated key from the server.
+ Delete a given TKEY-negotiated key from the server.
(This does not apply to statically configured TSIG
keys.)
</para>
@@ -3274,31 +3275,45 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</entry>
<entry colname="2">
<para>
- A number, the word <userinput>unlimited</userinput>,
- or the word <userinput>default</userinput>.
+ A 64-bit unsigned integer, or the keywords
+ <userinput>unlimited</userinput> or
+ <userinput>default</userinput>.
</para>
- <para>
- An <varname>unlimited</varname> <varname>size_spec</varname> requests unlimited
- use, or the maximum available amount. A <varname>default size_spec</varname> uses
- the limit that was in force when the server was started.
+ <para>
+ Integers may take values
+ 0 &lt;= value &lt;= 18446744073709551615, though
+ certain parameters may use a more limited range
+ within these extremes. In most cases, setting a
+ value to 0 does not literally mean zero; it means
+ "undefined" or "as big as psosible", depending on
+ the context. See the expalantions of particular
+ parameters that use <varname>size_spec</varname>
+ for details on how they interpret its use.
</para>
<para>
- A <varname>number</varname> can optionally be
- followed by a scaling factor:
+ Numeric values can optionally be followed by a
+ scaling factor:
<userinput>K</userinput> or <userinput>k</userinput>
for kilobytes,
<userinput>M</userinput> or <userinput>m</userinput>
for megabytes, and
- <userinput>G</userinput> or <userinput>g</userinput> for gigabytes,
- which scale by 1024, 1024*1024, and 1024*1024*1024
- respectively.
+ <userinput>G</userinput> or <userinput>g</userinput>
+ for gigabytes, which scale by 1024, 1024*1024, and
+ 1024*1024*1024 respectively.
</para>
- <para>
- The value must be representable as a 64-bit unsigned integer
- (0 to 18446744073709551615, inclusive).
- Using <varname>unlimited</varname> is the best
- way
- to safely set a really large number.
+ <para>
+ <varname>unlimited</varname> generally means
+ "as big as possible", though in certain contexts,
+ (including <option>max-cache-size</option>), it may
+ mean the largest possible 32-bit unsigned integer
+ (0xffffffff); this distinction can be important when
+ dealing with larger quantities.
+ <varname>unlimited</varname> is usually the best way
+ to safely set a very large number.
+ </para>
+ <para>
+ <varname>default</varname>
+ uses the limit that was in force when the server was started.
</para>
</entry>
</row>
@@ -4031,7 +4046,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
[ <command>channel</command> <replaceable>channel_name</replaceable> {
( <command>file</command> <replaceable>path_name</replaceable>
[ <command>versions</command> ( <replaceable>number</replaceable> | <command>unlimited</command> ) ]
- [ <command>size</command> <replaceable>size spec</replaceable> ]
+ [ <command>size</command> <replaceable>size_spec</replaceable> ]
| <command>syslog</command> <replaceable>syslog_facility</replaceable>
| <command>stderr</command>
| <command>null</command> );
@@ -5057,6 +5072,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> multiple-cnames <replaceable>yes_or_no</replaceable>; </optional>
<optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable>; </optional>
<optional> recursion <replaceable>yes_or_no</replaceable>; </optional>
+ <optional> request-nsid <replaceable>yes_or_no</replaceable>; </optional>
<optional> rfc2308-type1 <replaceable>yes_or_no</replaceable>; </optional>
<optional> use-id-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable>; </optional>
@@ -5083,6 +5099,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
+ <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> allow-new-zones { <replaceable>yes_or_no</replaceable> }; </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
@@ -5216,7 +5233,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> policy given | disabled | passthru | nxdomain | nodata | cname <replaceable>domain</replaceable> </optional>
<optional> recursive-only <replaceable>yes_or_no</replaceable> </optional> <optional> max-policy-ttl <replaceable>number</replaceable> </optional> ;
} <optional> recursive-only <replaceable>yes_or_no</replaceable> </optional> <optional> max-policy-ttl <replaceable>number</replaceable> </optional>
- <optional> break-dnssec <replaceable>yes_or_no</replaceable> </optional> ; </optional>
+ <optional> break-dnssec <replaceable>yes_or_no</replaceable> </optional> <optional> min-ns-dots <replaceable>number</replaceable> </optional> ; </optional>
};
</programlisting>
@@ -5374,11 +5391,18 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<term><command>managed-keys-directory</command></term>
<listitem>
<para>
- The directory used to hold the files used to track managed keys.
- By default it is the working directory. It there are no
- views then the file <filename>managed-keys.bind</filename>
- otherwise a SHA256 hash of the view name is used with
- <filename>.mkeys</filename> extension added.
+ Specifies the directory in which to store the files that
+ track managed DNSSEC keys. By default, this is the working
+ directory.
+ </para>
+ <para>
+ If <command>named</command> is not configured to use views,
+ then managed keys for the server will be tracked in a single
+ file called <filename>managed-keys.bind</filename>.
+ Otherwise, managed keys will be tracked in separate files,
+ one file per view; each file name will be the SHA256 hash
+ of the view name, followed by the extension
+ <filename>.mkeys</filename>.
</para>
</listitem>
</varlistentry>
@@ -5760,7 +5784,8 @@ options {
installed along with <acronym>BIND</acronym> 9, and is
current as of the release date. If the DLV key expires, a
new copy of <filename>bind.keys</filename> can be downloaded
- from <ulink>https://www.isc.org/solutions/dlv</ulink>.
+ from <ulink url="https://www.isc.org/solutions/dlv/"
+ >https://www.isc.org/solutions/dlv/</ulink>.
</para>
<para>
(To prevent problems if <filename>bind.keys</filename> is
@@ -6349,6 +6374,22 @@ options {
</varlistentry>
<varlistentry>
+ <term><command>request-nsid</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then an empty EDNS(0)
+ NSID (Name Server Identifier) option is sent with all
+ queries to authoritative name servers during iterative
+ resolution. If the authoritative server returns an NSID
+ option in its response, then its contents are logged in
+ the <command>resolver</command> category at level
+ <command>info</command>.
+ The default is <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>rfc2308-type1</command></term>
<listitem>
<para>
@@ -6808,6 +6849,13 @@ options {
checks use <command>named-checkzone</command>).
The default is <command>yes</command>.
</para>
+ <para>
+ Check that the two forms of Sender Policy Framework
+ records (TXT records starting with "v=spf1" and SPF) either
+ both exist or both don't exist. Warnings are
+ emitted it they don't and be suppressed with
+ <command>check-spf</command>.
+ </para>
</listitem>
</varlistentry>
@@ -6844,6 +6892,19 @@ options {
</varlistentry>
<varlistentry>
+ <term><command>check-spf</command></term>
+ <listitem>
+ <para>
+ When performing integrity checks, check that the
+ two forms of Sender Policy Framwork records (TXT
+ records starting with "v=spf1" and SPF) both exist
+ or both don't exist and issue a warning if not
+ met. The default is <command>warn</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>zero-no-soa-ttl</command></term>
<listitem>
<para>
@@ -7106,6 +7167,12 @@ options {
necessarily knowing the internal network's addresses.
</para>
<para>
+ Note that <command>allow-query-on</command> is only
+ checked for queries that are permitted by
+ <command>allow-query</command>. A query must be
+ allowed by both ACLs, or it will be refused.
+ </para>
+ <para>
<command>allow-query-on</command> may
also be specified in the <command>zone</command>
statement, in which case it overrides the
@@ -8819,12 +8886,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
built-in view (see <xref linkend="view_statement_grammar"/>) of
class
<command>CHAOS</command> which is separate from the
- default view of
- class <command>IN</command>; therefore, any global
- server options
- such as <command>allow-query</command> do not apply
- the these zones.
- If you feel the need to disable these zones, use the options
+ default view of class <command>IN</command>. Most global
+ configuration options (<command>allow-query</command>,
+ etc) will apply to this view, but some are locally
+ overridden: <command>notify</command>,
+ <command>recursion</command> and
+ <command>allow-new-zones</command> are
+ always set to <userinput>no</userinput>.
+ </para>
+ <para>
+ If you need to disable these zones, use the options
below, or hide the built-in <command>CHAOS</command>
view by
defining an explicit view of class <command>CHAOS</command>
@@ -8897,7 +8968,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
servers. The official servers which cover these namespaces
return NXDOMAIN responses to these queries. In particular,
these cover the reverse namespaces for addresses from
- RFC 1918, RFC 4193, and RFC 5737. They also include the
+ RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
reverse namespace for IPv6 local address (locally assigned),
IPv6 link local addresses, the IPv6 loopback address and the
IPv6 unknown address.
@@ -8928,6 +8999,70 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem>30.172.IN-ADDR.ARPA</listitem>
<listitem>31.172.IN-ADDR.ARPA</listitem>
<listitem>168.192.IN-ADDR.ARPA</listitem>
+ <listitem>64.100.IN-ADDR.ARPA</listitem>
+ <listitem>65.100.IN-ADDR.ARPA</listitem>
+ <listitem>66.100.IN-ADDR.ARPA</listitem>
+ <listitem>67.100.IN-ADDR.ARPA</listitem>
+ <listitem>68.100.IN-ADDR.ARPA</listitem>
+ <listitem>69.100.IN-ADDR.ARPA</listitem>
+ <listitem>70.100.IN-ADDR.ARPA</listitem>
+ <listitem>71.100.IN-ADDR.ARPA</listitem>
+ <listitem>72.100.IN-ADDR.ARPA</listitem>
+ <listitem>73.100.IN-ADDR.ARPA</listitem>
+ <listitem>74.100.IN-ADDR.ARPA</listitem>
+ <listitem>75.100.IN-ADDR.ARPA</listitem>
+ <listitem>76.100.IN-ADDR.ARPA</listitem>
+ <listitem>77.100.IN-ADDR.ARPA</listitem>
+ <listitem>78.100.IN-ADDR.ARPA</listitem>
+ <listitem>79.100.IN-ADDR.ARPA</listitem>
+ <listitem>80.100.IN-ADDR.ARPA</listitem>
+ <listitem>81.100.IN-ADDR.ARPA</listitem>
+ <listitem>82.100.IN-ADDR.ARPA</listitem>
+ <listitem>83.100.IN-ADDR.ARPA</listitem>
+ <listitem>84.100.IN-ADDR.ARPA</listitem>
+ <listitem>85.100.IN-ADDR.ARPA</listitem>
+ <listitem>86.100.IN-ADDR.ARPA</listitem>
+ <listitem>87.100.IN-ADDR.ARPA</listitem>
+ <listitem>88.100.IN-ADDR.ARPA</listitem>
+ <listitem>89.100.IN-ADDR.ARPA</listitem>
+ <listitem>90.100.IN-ADDR.ARPA</listitem>
+ <listitem>91.100.IN-ADDR.ARPA</listitem>
+ <listitem>92.100.IN-ADDR.ARPA</listitem>
+ <listitem>93.100.IN-ADDR.ARPA</listitem>
+ <listitem>94.100.IN-ADDR.ARPA</listitem>
+ <listitem>95.100.IN-ADDR.ARPA</listitem>
+ <listitem>96.100.IN-ADDR.ARPA</listitem>
+ <listitem>97.100.IN-ADDR.ARPA</listitem>
+ <listitem>98.100.IN-ADDR.ARPA</listitem>
+ <listitem>99.100.IN-ADDR.ARPA</listitem>
+ <listitem>100.100.IN-ADDR.ARPA</listitem>
+ <listitem>101.100.IN-ADDR.ARPA</listitem>
+ <listitem>102.100.IN-ADDR.ARPA</listitem>
+ <listitem>103.100.IN-ADDR.ARPA</listitem>
+ <listitem>104.100.IN-ADDR.ARPA</listitem>
+ <listitem>105.100.IN-ADDR.ARPA</listitem>
+ <listitem>106.100.IN-ADDR.ARPA</listitem>
+ <listitem>107.100.IN-ADDR.ARPA</listitem>
+ <listitem>108.100.IN-ADDR.ARPA</listitem>
+ <listitem>109.100.IN-ADDR.ARPA</listitem>
+ <listitem>110.100.IN-ADDR.ARPA</listitem>
+ <listitem>111.100.IN-ADDR.ARPA</listitem>
+ <listitem>112.100.IN-ADDR.ARPA</listitem>
+ <listitem>113.100.IN-ADDR.ARPA</listitem>
+ <listitem>114.100.IN-ADDR.ARPA</listitem>
+ <listitem>115.100.IN-ADDR.ARPA</listitem>
+ <listitem>116.100.IN-ADDR.ARPA</listitem>
+ <listitem>117.100.IN-ADDR.ARPA</listitem>
+ <listitem>118.100.IN-ADDR.ARPA</listitem>
+ <listitem>119.100.IN-ADDR.ARPA</listitem>
+ <listitem>120.100.IN-ADDR.ARPA</listitem>
+ <listitem>121.100.IN-ADDR.ARPA</listitem>
+ <listitem>122.100.IN-ADDR.ARPA</listitem>
+ <listitem>123.100.IN-ADDR.ARPA</listitem>
+ <listitem>124.100.IN-ADDR.ARPA</listitem>
+ <listitem>125.100.IN-ADDR.ARPA</listitem>
+ <listitem>126.100.IN-ADDR.ARPA</listitem>
+ <listitem>127.100.IN-ADDR.ARPA</listitem>
<listitem>0.IN-ADDR.ARPA</listitem>
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
@@ -9188,7 +9323,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to get access to an internal node of your local network
that couldn't be externally accessed otherwise.
See the paper available at
- <ulink>
+ <ulink url="http://portal.acm.org/citation.cfm?id=1315245.1315298">
http://portal.acm.org/citation.cfm?id=1315245.1315298
</ulink>
for more details about the attacks.
@@ -9328,14 +9463,15 @@ deny-answer-aliases { "example.net"; };
They are encoded as subdomains of
<userinput>rpz-nsdomain</userinput> relativized
to the RPZ origin name.
- </para>
-
- <para>
NSIP triggers match IP addresses in A and
AAAA RRsets for domains that can be checked against NSDNAME
policy records.
NSIP triggers are encoded like IP triggers except as subdomains of
<userinput>rpz-nsip</userinput>.
+ NSDNAME and NSIP triggers are checked only for names with at
+ least <command>min-ns-dots</command> dots.
+ The default value of <command>min-ns-dots</command> is 1 to
+ exclude top level domains.
</para>
<para>
@@ -9375,17 +9511,6 @@ deny-answer-aliases { "example.net"; };
</para>
<para>
- Authority verification issues and variations in authority data
- can cause inconsistent results for NSIP and NSDNAME policy records.
- Glue NS records often differ from authoritative NS records.
- So they are available
- only when <acronym>BIND</acronym> is built with the
- <userinput>--enable-rpz-nsip</userinput> or
- <userinput>--enable-rpz-nsdname</userinput> options
- on the "configure" command line.
- </para>
-
- <para>
RPZ record sets are sets of any types of DNS record except
DNAME or DNSSEC that encode actions or responses to queries.
<itemizedlist>
@@ -9409,7 +9534,7 @@ deny-answer-aliases { "example.net"; };
walled garden's authority DNS server.
</listitem>
<listitem>The <command>PASSTHRU</command> policy is specified
- by a CNAME whose target is <command>rpz_passthru.</command>
+ by a CNAME whose target is <command>rpz-passthru.</command>
It causes the response to not be rewritten
and is most often used to "poke holes" in policies for
CIDR blocks.
@@ -9523,6 +9648,26 @@ bzone.domain.com CNAME garden.example.com.
ns.domain.com.rpz-nsdname CNAME .
48.zz.2.2001.rpz-nsip CNAME .
</programlisting>
+ <para>
+ RPZ can affect server performance.
+ Each configured response policy zone requires the server to
+ perform one to four additional database lookups before a
+ query can be answered.
+ For example, a DNS server with four policy zones, each with all
+ four kinds of response triggers, QNAME, IP, NSIP, and
+ NSDNAME, requires a total of 17 times as many database
+ lookups as a similar DNS server with no response policy zones.
+ A <acronym>BIND9</acronym> server with adequate memory and one
+ response policy zone with QNAME and IP triggers might achieve a
+ maximum queries-per-second rate about 20% lower.
+ A server with four response policy zones with QNAME and IP
+ triggers might have a maximum QPS rate about 50% lower.
+ </para>
+
+ <para>
+ Responses rewritten by RPZ are counted in the
+ <command>RPZRewrites</command> statistics.
+ </para>
</sect3>
</sect2>
@@ -9864,8 +10009,8 @@ ns.domain.com.rpz-nsdname CNAME .
<title><command>managed-keys</command> Statement Grammar</title>
<programlisting><command>managed-keys</command> {
- <replaceable>string</replaceable> initial-key <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
- <optional> <replaceable>string</replaceable> initial-key <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; <optional>...</optional></optional>
+ <replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ;
+ <optional> <replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ; <optional>...</optional></optional>
};
</programlisting>
@@ -9973,13 +10118,16 @@ ns.domain.com.rpz-nsdname CNAME .
<command>named</command>.)
</para>
<para>
- If the <command>dnssec-lookaside</command> option is
+ If the <command>dnssec-validation</command> option is
set to <userinput>auto</userinput>, <command>named</command>
will automatically initialize a managed key for the
- zone <literal>dlv.isc.org</literal>. The key that is
- used to initialize the key maintenance process is built
- into <command>named</command>, and can be overridden
- from <command>bindkeys-file</command>.
+ root zone. Similarly, if the <command>dnssec-lookaside</command>
+ option is set to <userinput>auto</userinput>,
+ <command>named</command> will automatically initialize
+ a managed key for the zone <literal>dlv.isc.org</literal>.
+ In both cases, the key that is used to initialize the key
+ maintenance process is built into <command>named</command>,
+ and can be overridden from <command>bindkeys-file</command>.
</para>
</sect2>
@@ -10141,6 +10289,7 @@ view "external" {
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
+ <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-integrity <replaceable>yes_or_no</replaceable> ; </optional>
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
<optional> file <replaceable>string</replaceable> ; </optional>
@@ -10707,6 +10856,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</varlistentry>
<varlistentry>
+ <term><command>check-spf</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-spf</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>check-wildcard</command></term>
<listitem>
<para>
@@ -14094,6 +14253,19 @@ HOST-127.EXAMPLE. MX 0 .
</para>
</entry>
</row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>RPZRewrites</command></para>
+ </entry>
+ <entry colname="2">
+ <para><command></command></para>
+ </entry>
+ <entry colname="3">
+ <para>
+ Response policy zone rewrites.
+ </para>
+ </entry>
+ </row>
</tbody>
</tgroup>
</informaltable>
@@ -14915,14 +15087,6 @@ zone "example.com" {
This allows recursive queries of the server from the outside
unless recursion has been previously disabled.
</para>
- <para>
- For more information on how to use ACLs to protect your server,
- see the <emphasis>AUSCERT</emphasis> advisory at:
- </para>
- <para>
- <ulink url="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos"
- >ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</ulink>
- </para>
</sect1>
<sect1>
<title><command>Chroot</command> and <command>Setuid</command></title>
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 420d7b355996..d12d57328e50 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564375">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564398">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564538">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564720">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564741">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564775">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567180">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567257">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567430">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567560">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564375"></a>Scope of Document</h2></div></div></div>
+<a name="id2564378"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564398"></a>Organization of This Document</h2></div></div></div>
+<a name="id2564402"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
@@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564538"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="id2564541"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564720"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="id2564723"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564741"></a>DNS Fundamentals</h3></div></div></div>
+<a name="id2564744"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -275,7 +275,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564775"></a>Domains and Domain Names</h3></div></div></div>
+<a name="id2564846"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -321,7 +321,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567180"></a>Zones</h3></div></div></div>
+<a name="id2567184"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@@ -374,7 +374,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567257"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="id2567260"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@@ -391,7 +391,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567281"></a>The Primary Master</h4></div></div></div>
+<a name="id2567284"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -411,7 +411,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567379"></a>Slave Servers</h4></div></div></div>
+<a name="id2567382"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@@ -427,7 +427,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567400"></a>Stealth Servers</h4></div></div></div>
+<a name="id2567403"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -462,7 +462,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567430"></a>Caching Name Servers</h3></div></div></div>
+<a name="id2567433"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@@ -489,7 +489,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567533"></a>Forwarding</h4></div></div></div>
+<a name="id2567537"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -516,7 +516,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567560"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="id2567563"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 296578197166..c62ec1c562d5 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567594">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567634">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567729">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567739">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567594"></a>Hardware requirements</h2></div></div></div>
+<a name="id2567597"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567621"></a>CPU Requirements</h2></div></div></div>
+<a name="id2567624"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567634"></a>Memory Requirements</h2></div></div></div>
+<a name="id2567637"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567729"></a>Name Server Intensive Environment Issues</h2></div></div></div>
+<a name="id2567732"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -124,7 +124,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567739"></a>Supported Operating Systems</h2></div></div></div>
+<a name="id2567742"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 32000b188659..2aee2472f92b 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567771">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567992">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568014">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568369">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568374">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570421">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567771"></a>A Caching-only Name Server</h3></div></div></div>
+<a name="id2567774"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -98,7 +98,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567992"></a>An Authoritative-only Name Server</h3></div></div></div>
+<a name="id2567995"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@@ -146,7 +146,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568014"></a>Load Balancing</h2></div></div></div>
+<a name="id2568018"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@@ -289,10 +289,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568369"></a>Name Server Operations</h2></div></div></div>
+<a name="id2568372"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568374"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<a name="id2568377"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@@ -681,7 +681,7 @@ zone "eng.example.com" {
<em class="replaceable"><code>keyname</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
<dd><p>
- Delete a given TKEY-negotated key from the server.
+ Delete a given TKEY-negotiated key from the server.
(This does not apply to statically configured TSIG
keys.)
</p></dd>
@@ -888,7 +888,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570421"></a>Signals</h3></div></div></div>
+<a name="id2570424"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 8e77a6b42b30..46cb589e4c57 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -49,59 +49,59 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570934">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570952">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564012">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571847">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571905">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571954">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571968">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572221">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572300">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572381">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571475">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571512">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563575">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563612">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563762">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563795">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563899">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563909">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563922">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571605">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571614">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607510">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571692">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610637">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608477">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608602">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634916">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635114">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635160">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572669">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572868">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572889">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -258,7 +258,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570934"></a>Split DNS</h2></div></div></div>
+<a name="id2570937"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -288,7 +288,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570952"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570955"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@@ -545,7 +545,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564012"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2564016"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -553,7 +553,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2564029"></a>Automatic Generation</h4></div></div></div>
+<a name="id2564033"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
@@ -577,7 +577,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2564068"></a>Manual Generation</h4></div></div></div>
+<a name="id2564071"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -592,7 +592,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564086"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2564089"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -600,7 +600,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571811"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2571814"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@@ -627,7 +627,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571847"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2571850"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@@ -659,7 +659,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571905"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2571908"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571954"></a>Errors</h3></div></div></div>
+<a name="id2571957"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -712,7 +712,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571968"></a>TKEY</h2></div></div></div>
+<a name="id2571971"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -748,7 +748,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572153"></a>SIG(0)</h2></div></div></div>
+<a name="id2572156"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -809,7 +809,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572221"></a>Generating Keys</h3></div></div></div>
+<a name="id2572225"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@@ -865,7 +865,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572300"></a>Signing the Zone</h3></div></div></div>
+<a name="id2572304"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@@ -907,7 +907,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572381"></a>Configuring Servers</h3></div></div></div>
+<a name="id2572385"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -1067,7 +1067,7 @@ options {
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571475"></a>Converting from insecure to secure</h3></div></div></div></div>
+<a name="id2608395"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1093,7 +1093,7 @@ options {
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571512"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563581"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1129,7 +1129,7 @@ options {
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563493"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563754"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@@ -1164,7 +1164,7 @@ options {
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563575"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563836"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1205,12 +1205,12 @@ options {
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563612"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2563874"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563762"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563886"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1232,7 +1232,7 @@ options {
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563795"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2563920"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@@ -1247,27 +1247,27 @@ options {
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563821"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2563946"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563899"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2563956"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563909"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2571406"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563922"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2571419"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1282,14 +1282,14 @@ options {
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571605"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2571457"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571614"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2571466"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@@ -1311,7 +1311,7 @@ options {
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607510"></a>Validating Resolver</h3></div></div></div>
+<a name="id2571658"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1322,7 +1322,7 @@ options {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571692"></a>Authoritative Server</h3></div></div></div>
+<a name="id2571681"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1396,7 +1396,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
Debian Linux, Solaris x86 and Windows Server 2003.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610637"></a>Prerequisites</h3></div></div></div>
+<a name="id2611650"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@@ -1410,7 +1410,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
This is a shared library object, providing a low-level PKCS #11
interface to the HSM hardware. It is dynamically loaded by
OpenSSL at runtime. The PKCS #11 provider comes from the HSM
- vendor, and and is specific to the HSM to be controlled.</p>
+ vendor, and is specific to the HSM to be controlled.</p>
<p>There are two "flavors" of PKCS #11 support provided by
the patched OpenSSL, one of which must be chosen at
configuration time. The correct choice depends on the HSM
@@ -1473,7 +1473,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8s \
when we configure BIND 9.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608071"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2608605"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -1505,7 +1505,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608140"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2608675"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -1527,7 +1527,7 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608189"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id2608724"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
@@ -1587,12 +1587,12 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608477"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
+<a name="id2608875"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608486"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id2608952"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
@@ -1608,7 +1608,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608518"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id2608984"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
@@ -1626,7 +1626,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608554"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id2609089"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
@@ -1643,7 +1643,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608602"></a>PKCS #11 Tools</h3></div></div></div>
+<a name="id2609137"></a>PKCS #11 Tools</h3></div></div></div>
<p>BIND 9 includes a minimal set of tools to operate the
HSM, including
<span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
@@ -1661,7 +1661,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2634916"></a>Using the HSM</h3></div></div></div>
+<a name="id2635518"></a>Using the HSM</h3></div></div></div>
<p>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</p>
<pre class="screen">
@@ -1749,7 +1749,7 @@ example.net.signed
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2635114"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2635785"></a>Specifying the engine on the command line</h3></div></div></div>
<p>The OpenSSL engine can be specified in
<span><strong class="command">named</strong></span> and all of the BIND
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
@@ -1770,7 +1770,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2635160"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2635831"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>If you want
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
@@ -1806,7 +1806,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572669"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2572604"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -1844,7 +1844,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572868"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2572871"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -1863,7 +1863,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572889"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2572892"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 0779c970ddce..cd35bbc940dd 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572922">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572922"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2572925"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index bda489d25f19..e26bf6a325ec 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -48,58 +48,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574332">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574986"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575176"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575467"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575484"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575576"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575600"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575758"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575884"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577910"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577984"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578116"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578160"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578174"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589742"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589858"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590352"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591902"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595170">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597537">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598084">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598211">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598552"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -409,31 +409,45 @@
</td>
<td>
<p>
- A number, the word <strong class="userinput"><code>unlimited</code></strong>,
- or the word <strong class="userinput"><code>default</code></strong>.
+ A 64-bit unsigned integer, or the keywords
+ <strong class="userinput"><code>unlimited</code></strong> or
+ <strong class="userinput"><code>default</code></strong>.
</p>
<p>
- An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
- use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
- the limit that was in force when the server was started.
+ Integers may take values
+ 0 &lt;= value &lt;= 18446744073709551615, though
+ certain parameters may use a more limited range
+ within these extremes. In most cases, setting a
+ value to 0 does not literally mean zero; it means
+ "undefined" or "as big as psosible", depending on
+ the context. See the expalantions of particular
+ parameters that use <code class="varname">size_spec</code>
+ for details on how they interpret its use.
</p>
<p>
- A <code class="varname">number</code> can optionally be
- followed by a scaling factor:
+ Numeric values can optionally be followed by a
+ scaling factor:
<strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
for kilobytes,
<strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
for megabytes, and
- <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
- which scale by 1024, 1024*1024, and 1024*1024*1024
- respectively.
+ <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong>
+ for gigabytes, which scale by 1024, 1024*1024, and
+ 1024*1024*1024 respectively.
</p>
<p>
- The value must be representable as a 64-bit unsigned integer
- (0 to 18446744073709551615, inclusive).
- Using <code class="varname">unlimited</code> is the best
- way
- to safely set a really large number.
+ <code class="varname">unlimited</code> generally means
+ "as big as possible", though in certain contexts,
+ (including <code class="option">max-cache-size</code>), it may
+ mean the largest possible 32-bit unsigned integer
+ (0xffffffff); this distinction can be important when
+ dealing with larger quantities.
+ <code class="varname">unlimited</code> is usually the best way
+ to safely set a very large number.
+ </p>
+ <p>
+ <code class="varname">default</code>
+ uses the limit that was in force when the server was started.
</p>
</td>
</tr>
@@ -477,7 +491,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574099"></a>Syntax</h4></div></div></div>
+<a name="id2574103"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -486,7 +500,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574126"></a>Definition and Usage</h4></div></div></div>
+<a name="id2574131"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -570,7 +584,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574332"></a>Comment Syntax</h3></div></div></div>
+<a name="id2574405"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -580,7 +594,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574347"></a>Syntax</h4></div></div></div>
+<a name="id2574420"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -596,7 +610,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574377"></a>Definition and Usage</h4></div></div></div>
+<a name="id2574450"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -848,7 +862,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574986"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574990"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -930,7 +944,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575176"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575180"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
@@ -1054,12 +1068,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575467"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575472"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575484"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2575489"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -1074,7 +1088,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575576"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575649"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@@ -1083,7 +1097,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575600"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2575672"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@@ -1130,12 +1144,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575758"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575763"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
[ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
- [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
+ [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size_spec</code></em> ]
| <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
| <span><strong class="command">stderr</strong></span>
| <span><strong class="command">null</strong></span> );
@@ -1154,7 +1168,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575884"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2575889"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1188,7 +1202,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2576005"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2576009"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1766,7 +1780,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577322"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="id2577326"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@@ -1994,7 +2008,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577910"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577914"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2010,7 +2024,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577984"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577988"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -2061,7 +2075,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578116"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2578120"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
@@ -2069,7 +2083,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578160"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2578164"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -2078,7 +2092,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578174"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2578179"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2122,6 +2136,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
[<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
+ [<span class="optional"> request-nsid <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
@@ -2148,6 +2163,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
+ [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> allow-new-zones { <em class="replaceable"><code>yes_or_no</code></em> }; </span>]
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@@ -2281,7 +2297,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> policy given | disabled | passthru | nxdomain | nodata | cname <em class="replaceable"><code>domain</code></em> </span>]
[<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>number</code></em> </span>] ;
} [<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>number</code></em> </span>]
- [<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em> </span>] ; </span>]
+ [<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> min-ns-dots <em class="replaceable"><code>number</code></em> </span>] ; </span>]
};
</pre>
</div>
@@ -2411,13 +2427,22 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<code class="filename">session.key</code>.)
</p></dd>
<dt><span class="term"><span><strong class="command">managed-keys-directory</strong></span></span></dt>
-<dd><p>
- The directory used to hold the files used to track managed keys.
- By default it is the working directory. It there are no
- views then the file <code class="filename">managed-keys.bind</code>
- otherwise a SHA256 hash of the view name is used with
- <code class="filename">.mkeys</code> extension added.
- </p></dd>
+<dd>
+<p>
+ Specifies the directory in which to store the files that
+ track managed DNSSEC keys. By default, this is the working
+ directory.
+ </p>
+<p>
+ If <span><strong class="command">named</strong></span> is not configured to use views,
+ then managed keys for the server will be tracked in a single
+ file called <code class="filename">managed-keys.bind</code>.
+ Otherwise, managed keys will be tracked in separate files,
+ one file per view; each file name will be the SHA256 hash
+ of the view name, followed by the extension
+ <code class="filename">.mkeys</code>.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete.</em></span> It
@@ -2691,7 +2716,7 @@ options {
installed along with <acronym class="acronym">BIND</acronym> 9, and is
current as of the release date. If the DLV key expires, a
new copy of <code class="filename">bind.keys</code> can be downloaded
- from <a href="" target="_top">https://www.isc.org/solutions/dlv</a>.
+ from <a href="https://www.isc.org/solutions/dlv/" target="_top">https://www.isc.org/solutions/dlv/</a>.
</p>
<p>
(To prevent problems if <code class="filename">bind.keys</code> is
@@ -3188,6 +3213,17 @@ options {
operation, such as NOTIFY address lookups.
See also <span><strong class="command">fetch-glue</strong></span> above.
</p></dd>
+<dt><span class="term"><span><strong class="command">request-nsid</strong></span></span></dt>
+<dd><p>
+ If <strong class="userinput"><code>yes</code></strong>, then an empty EDNS(0)
+ NSID (Name Server Identifier) option is sent with all
+ queries to authoritative name servers during iterative
+ resolution. If the authoritative server returns an NSID
+ option in its response, then its contents are logged in
+ the <span><strong class="command">resolver</strong></span> category at level
+ <span><strong class="command">info</strong></span>.
+ The default is <strong class="userinput"><code>no</code></strong>.
+ </p></dd>
<dt><span class="term"><span><strong class="command">rfc2308-type1</strong></span></span></dt>
<dd>
<p>
@@ -3546,7 +3582,8 @@ options {
for non-terminal wildcards and issue a warning.
</p></dd>
<dt><span class="term"><span><strong class="command">check-integrity</strong></span></span></dt>
-<dd><p>
+<dd>
+<p>
Perform post load zone integrity checks on master
zones. This checks that MX and SRV records refer
to address (A or AAAA) records and that glue
@@ -3558,7 +3595,15 @@ options {
checked (for out-of-zone names and glue consistency
checks use <span><strong class="command">named-checkzone</strong></span>).
The default is <span><strong class="command">yes</strong></span>.
- </p></dd>
+ </p>
+<p>
+ Check that the two forms of Sender Policy Framework
+ records (TXT records starting with "v=spf1" and SPF) either
+ both exist or both don't exist. Warnings are
+ emitted it they don't and be suppressed with
+ <span><strong class="command">check-spf</strong></span>.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">check-mx-cname</strong></span></span></dt>
<dd><p>
If <span><strong class="command">check-integrity</strong></span> is set then
@@ -3576,6 +3621,14 @@ options {
When performing integrity checks, also check that
sibling glue exists. The default is <span><strong class="command">yes</strong></span>.
</p></dd>
+<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
+<dd><p>
+ When performing integrity checks, check that the
+ two forms of Sender Policy Framwork records (TXT
+ records starting with "v=spf1" and SPF) both exist
+ or both don't exist and issue a warning if not
+ met. The default is <span><strong class="command">warn</strong></span>.
+ </p></dd>
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl</strong></span></span></dt>
<dd><p>
When returning authoritative negative responses to
@@ -3669,7 +3722,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583675"></a>Forwarding</h4></div></div></div>
+<a name="id2583834"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -3713,7 +3766,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583734"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2583893"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -3788,6 +3841,12 @@ options {
necessarily knowing the internal network's addresses.
</p>
<p>
+ Note that <span><strong class="command">allow-query-on</strong></span> is only
+ checked for queries that are permitted by
+ <span><strong class="command">allow-query</strong></span>. A query must be
+ allowed by both ACLs, or it will be refused.
+ </p>
+<p>
<span><strong class="command">allow-query-on</strong></span> may
also be specified in the <span><strong class="command">zone</strong></span>
statement, in which case it overrides the
@@ -3924,7 +3983,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584422"></a>Interfaces</h4></div></div></div>
+<a name="id2584590"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -4383,7 +4442,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585495"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2585664"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -4425,7 +4484,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585555"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2585723"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -4587,7 +4646,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586114"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2586350"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -5171,12 +5230,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called &#8220;<span><strong class="command">view</strong></span> Statement Grammar&#8221;</a>) of
class
<span><strong class="command">CHAOS</strong></span> which is separate from the
- default view of
- class <span><strong class="command">IN</strong></span>; therefore, any global
- server options
- such as <span><strong class="command">allow-query</strong></span> do not apply
- the these zones.
- If you feel the need to disable these zones, use the options
+ default view of class <span><strong class="command">IN</strong></span>. Most global
+ configuration options (<span><strong class="command">allow-query</strong></span>,
+ etc) will apply to this view, but some are locally
+ overridden: <span><strong class="command">notify</strong></span>,
+ <span><strong class="command">recursion</strong></span> and
+ <span><strong class="command">allow-new-zones</strong></span> are
+ always set to <strong class="userinput"><code>no</code></strong>.
+ </p>
+<p>
+ If you need to disable these zones, use the options
below, or hide the built-in <span><strong class="command">CHAOS</strong></span>
view by
defining an explicit view of class <span><strong class="command">CHAOS</strong></span>
@@ -5231,7 +5294,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
servers. The official servers which cover these namespaces
return NXDOMAIN responses to these queries. In particular,
these cover the reverse namespaces for addresses from
- RFC 1918, RFC 4193, and RFC 5737. They also include the
+ RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
reverse namespace for IPv6 local address (locally assigned),
IPv6 link local addresses, the IPv6 loopback address and the
IPv6 unknown address.
@@ -5263,6 +5326,70 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<li>30.172.IN-ADDR.ARPA</li>
<li>31.172.IN-ADDR.ARPA</li>
<li>168.192.IN-ADDR.ARPA</li>
+<li>64.100.IN-ADDR.ARPA</li>
+<li>65.100.IN-ADDR.ARPA</li>
+<li>66.100.IN-ADDR.ARPA</li>
+<li>67.100.IN-ADDR.ARPA</li>
+<li>68.100.IN-ADDR.ARPA</li>
+<li>69.100.IN-ADDR.ARPA</li>
+<li>70.100.IN-ADDR.ARPA</li>
+<li>71.100.IN-ADDR.ARPA</li>
+<li>72.100.IN-ADDR.ARPA</li>
+<li>73.100.IN-ADDR.ARPA</li>
+<li>74.100.IN-ADDR.ARPA</li>
+<li>75.100.IN-ADDR.ARPA</li>
+<li>76.100.IN-ADDR.ARPA</li>
+<li>77.100.IN-ADDR.ARPA</li>
+<li>78.100.IN-ADDR.ARPA</li>
+<li>79.100.IN-ADDR.ARPA</li>
+<li>80.100.IN-ADDR.ARPA</li>
+<li>81.100.IN-ADDR.ARPA</li>
+<li>82.100.IN-ADDR.ARPA</li>
+<li>83.100.IN-ADDR.ARPA</li>
+<li>84.100.IN-ADDR.ARPA</li>
+<li>85.100.IN-ADDR.ARPA</li>
+<li>86.100.IN-ADDR.ARPA</li>
+<li>87.100.IN-ADDR.ARPA</li>
+<li>88.100.IN-ADDR.ARPA</li>
+<li>89.100.IN-ADDR.ARPA</li>
+<li>90.100.IN-ADDR.ARPA</li>
+<li>91.100.IN-ADDR.ARPA</li>
+<li>92.100.IN-ADDR.ARPA</li>
+<li>93.100.IN-ADDR.ARPA</li>
+<li>94.100.IN-ADDR.ARPA</li>
+<li>95.100.IN-ADDR.ARPA</li>
+<li>96.100.IN-ADDR.ARPA</li>
+<li>97.100.IN-ADDR.ARPA</li>
+<li>98.100.IN-ADDR.ARPA</li>
+<li>99.100.IN-ADDR.ARPA</li>
+<li>100.100.IN-ADDR.ARPA</li>
+<li>101.100.IN-ADDR.ARPA</li>
+<li>102.100.IN-ADDR.ARPA</li>
+<li>103.100.IN-ADDR.ARPA</li>
+<li>104.100.IN-ADDR.ARPA</li>
+<li>105.100.IN-ADDR.ARPA</li>
+<li>106.100.IN-ADDR.ARPA</li>
+<li>107.100.IN-ADDR.ARPA</li>
+<li>108.100.IN-ADDR.ARPA</li>
+<li>109.100.IN-ADDR.ARPA</li>
+<li>110.100.IN-ADDR.ARPA</li>
+<li>111.100.IN-ADDR.ARPA</li>
+<li>112.100.IN-ADDR.ARPA</li>
+<li>113.100.IN-ADDR.ARPA</li>
+<li>114.100.IN-ADDR.ARPA</li>
+<li>115.100.IN-ADDR.ARPA</li>
+<li>116.100.IN-ADDR.ARPA</li>
+<li>117.100.IN-ADDR.ARPA</li>
+<li>118.100.IN-ADDR.ARPA</li>
+<li>119.100.IN-ADDR.ARPA</li>
+<li>120.100.IN-ADDR.ARPA</li>
+<li>121.100.IN-ADDR.ARPA</li>
+<li>122.100.IN-ADDR.ARPA</li>
+<li>123.100.IN-ADDR.ARPA</li>
+<li>124.100.IN-ADDR.ARPA</li>
+<li>125.100.IN-ADDR.ARPA</li>
+<li>126.100.IN-ADDR.ARPA</li>
+<li>127.100.IN-ADDR.ARPA</li>
<li>0.IN-ADDR.ARPA</li>
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
@@ -5427,7 +5554,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588152"></a>Content Filtering</h4></div></div></div>
+<a name="id2588612"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -5480,7 +5607,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to get access to an internal node of your local network
that couldn't be externally accessed otherwise.
See the paper available at
- <a href="" target="_top">
+ <a href="http://portal.acm.org/citation.cfm?id=1315245.1315298" target="_top">
http://portal.acm.org/citation.cfm?id=1315245.1315298
</a>
for more details about the attacks.
@@ -5550,7 +5677,7 @@ deny-answer-aliases { "example.net"; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588343"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2588738"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
@@ -5606,13 +5733,15 @@ deny-answer-aliases { "example.net"; };
They are encoded as subdomains of
<strong class="userinput"><code>rpz-nsdomain</code></strong> relativized
to the RPZ origin name.
- </p>
-<p>
NSIP triggers match IP addresses in A and
AAAA RRsets for domains that can be checked against NSDNAME
policy records.
NSIP triggers are encoded like IP triggers except as subdomains of
<strong class="userinput"><code>rpz-nsip</code></strong>.
+ NSDNAME and NSIP triggers are checked only for names with at
+ least <span><strong class="command">min-ns-dots</strong></span> dots.
+ The default value of <span><strong class="command">min-ns-dots</strong></span> is 1 to
+ exclude top level domains.
</p>
<p>
The query response is checked against all RPZs, so
@@ -5651,16 +5780,6 @@ deny-answer-aliases { "example.net"; };
and addresses.
</p>
<p>
- Authority verification issues and variations in authority data
- can cause inconsistent results for NSIP and NSDNAME policy records.
- Glue NS records often differ from authoritative NS records.
- So they are available
- only when <acronym class="acronym">BIND</acronym> is built with the
- <strong class="userinput"><code>--enable-rpz-nsip</code></strong> or
- <strong class="userinput"><code>--enable-rpz-nsdname</code></strong> options
- on the "configure" command line.
- </p>
-<p>
RPZ record sets are sets of any types of DNS record except
DNAME or DNSSEC that encode actions or responses to queries.
</p>
@@ -5685,7 +5804,7 @@ deny-answer-aliases { "example.net"; };
walled garden's authority DNS server.
</li>
<li>The <span><strong class="command">PASSTHRU</strong></span> policy is specified
- by a CNAME whose target is <span><strong class="command">rpz_passthru.</strong></span>
+ by a CNAME whose target is <span><strong class="command">rpz-passthru.</strong></span>
It causes the response to not be rewritten
and is most often used to "poke holes" in policies for
CIDR blocks.
@@ -5803,6 +5922,25 @@ bzone.domain.com CNAME garden.example.com.
ns.domain.com.rpz-nsdname CNAME .
48.zz.2.2001.rpz-nsip CNAME .
</pre>
+<p>
+ RPZ can affect server performance.
+ Each configured response policy zone requires the server to
+ perform one to four additional database lookups before a
+ query can be answered.
+ For example, a DNS server with four policy zones, each with all
+ four kinds of response triggers, QNAME, IP, NSIP, and
+ NSDNAME, requires a total of 17 times as many database
+ lookups as a similar DNS server with no response policy zones.
+ A <acronym class="acronym">BIND9</acronym> server with adequate memory and one
+ response policy zone with QNAME and IP triggers might achieve a
+ maximum queries-per-second rate about 20% lower.
+ A server with four response policy zones with QNAME and IP
+ triggers might have a maximum QPS rate about 50% lower.
+ </p>
+<p>
+ Responses rewritten by RPZ are counted in the
+ <span><strong class="command">RPZRewrites</strong></span> statistics.
+ </p>
</div>
</div>
<div class="sect2" lang="en">
@@ -6013,7 +6151,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589534"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2590070"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@@ -6073,7 +6211,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589742"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2590278"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -6113,10 +6251,10 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589858"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2590325"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
- <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
- [<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
+ <em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
+ [<span class="optional"> <em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
};
</pre>
</div>
@@ -6224,13 +6362,16 @@ ns.domain.com.rpz-nsdname CNAME .
<span><strong class="command">named</strong></span>.)
</p>
<p>
- If the <span><strong class="command">dnssec-lookaside</strong></span> option is
+ If the <span><strong class="command">dnssec-validation</strong></span> option is
set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
will automatically initialize a managed key for the
- zone <code class="literal">dlv.isc.org</code>. The key that is
- used to initialize the key maintenance process is built
- into <span><strong class="command">named</strong></span>, and can be overridden
- from <span><strong class="command">bindkeys-file</strong></span>.
+ root zone. Similarly, if the <span><strong class="command">dnssec-lookaside</strong></span>
+ option is set to <strong class="userinput"><code>auto</code></strong>,
+ <span><strong class="command">named</strong></span> will automatically initialize
+ a managed key for the zone <code class="literal">dlv.isc.org</code>.
+ In both cases, the key that is used to initialize the key
+ maintenance process is built into <span><strong class="command">named</strong></span>,
+ and can be overridden from <span><strong class="command">bindkeys-file</strong></span>.
</p>
</div>
<div class="sect2" lang="en">
@@ -6248,7 +6389,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590352"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2590766"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -6382,6 +6523,7 @@ view "external" {
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
+ [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em> ; </span>]
[<span class="optional"> file <em class="replaceable"><code>string</code></em> ; </span>]
@@ -6537,10 +6679,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591902"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2592398"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591910"></a>Zone Types</h4></div></div></div>
+<a name="id2592406"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -6800,7 +6942,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592455"></a>Class</h4></div></div></div>
+<a name="id2593019"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -6822,7 +6964,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592488"></a>Zone Options</h4></div></div></div>
+<a name="id2593052"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -6894,6 +7036,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
See the description of
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
+<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
+<dd><p>
+ See the description of
+ <span><strong class="command">check-spf</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ </p></dd>
<dt><span class="term"><span><strong class="command">check-wildcard</strong></span></span></dt>
<dd><p>
See the description of
@@ -7699,7 +7846,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2595170"></a>Zone File</h2></div></div></div>
+<a name="id2595755"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -7712,7 +7859,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2595188"></a>Resource Records</h4></div></div></div>
+<a name="id2595842"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -8449,7 +8596,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2596880"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2597465"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -8652,7 +8799,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2597537"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2597986"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -8908,7 +9055,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2598084"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2598601"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -8969,7 +9116,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2598211"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2598796"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -8984,7 +9131,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598233"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2598819"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -8995,7 +9142,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598249"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2598835"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -9024,7 +9171,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598446"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2598964"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -9060,7 +9207,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598516"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2599101"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -9079,7 +9226,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2598552"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2599138"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -9503,7 +9650,7 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2599437"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2600091"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10055,12 +10202,25 @@ HOST-127.EXAMPLE. MX 0 .
</p>
</td>
</tr>
+<tr>
+<td>
+ <p><span><strong class="command">RPZRewrites</strong></span></p>
+ </td>
+<td>
+ <p><span><strong class="command"></strong></span></p>
+ </td>
+<td>
+ <p>
+ Response policy zone rewrites.
+ </p>
+ </td>
+</tr>
</tbody>
</table></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2601047"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2601596"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10214,7 +10374,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2601498"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2601979"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10597,7 +10757,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2602588"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2603138"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@@ -10752,7 +10912,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2602962"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2603579"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 3e0dc2257a73..664b2e393dfe 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603136"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603285">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603345">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -111,17 +111,10 @@ zone "example.com" {
This allows recursive queries of the server from the outside
unless recursion has been previously disabled.
</p>
-<p>
- For more information on how to use ACLs to protect your server,
- see the <span class="emphasis"><em>AUSCERT</em></span> advisory at:
- </p>
-<p>
- <a href="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos" target="_top">ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</a>
- </p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603136"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2603806"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -147,7 +140,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603285"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2603888"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -175,7 +168,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603345"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2603947"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 7205d5bec045..c22a5af50d70 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603561">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603566">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603578">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603595">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603561"></a>Common Problems</h2></div></div></div>
+<a name="id2604027"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603566"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2604101"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603578"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2604113"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603595"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2604130"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 3a4245f30170..2d6768e33b54 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,31 +45,31 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603657">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603761">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607177">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608265">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608275">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608299">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608330">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608680">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608707">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609611">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603657"></a>Acknowledgments</h2></div></div></div>
+<a name="id2604192"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@@ -172,7 +172,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603761"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2604363"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@@ -260,17 +260,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2604017"></a>Bibliography</h4></div></div></div>
+<a name="id2604619"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2604027"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2604630"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604051"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2604653"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604074"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2604677"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -278,42 +278,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2604110"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2604713"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604137"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2604740"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604163"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604765"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604187"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604858"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604211"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2604882"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604266"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2604937"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604293"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2604964"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604320"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2604990"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604381"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605052"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604411"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605082"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604441"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2605112"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604468"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2605139"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -322,19 +322,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2604618"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2605221"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604645"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2605248"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604681"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2605284"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604746"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2605349"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604811"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2605414"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -342,146 +342,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2604885"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2605488"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604910"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2605513"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605047"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2605581"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605082"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2605617"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2605128"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2605662"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605186"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2605720"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605223"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2605757"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605258"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2605793"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605313"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2605847"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605351"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2605885"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605377"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605402"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605937"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605429"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606032"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605456"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606058"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605495"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606098"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605525"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605555"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2606157"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605597"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2606200"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605630"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2606233"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605657"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2606260"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605681"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2606283"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605738"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2606341"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2605770"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2606373"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605796"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2606398"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605818"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2606421"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605842"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2606444"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605888"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2606490"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2606514"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2605969"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2606571"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605992"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2606595"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606019"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2606621"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606045"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2606648"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606082"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2606684"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2606730"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606160"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2606762"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606205"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2606808"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606241"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2606843"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -497,47 +497,47 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2606354"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2606888"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606376"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2606910"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606402"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2606936"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606427"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2606962"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606451"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2606985"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606497"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2607031"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606520"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2607054"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606547"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2607081"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606572"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2607175"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2606616"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2607219"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606674"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2607276"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606700"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2607303"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -551,39 +551,39 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2606748"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2607351"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606788"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2607390"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606814"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2607417"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606844"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2607447"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606870"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2607473"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606897"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2607499"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606933"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2607536"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607037"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2607572"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607064"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2607598"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607091"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2607625"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607136"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2607670"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -604,14 +604,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607177"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2607712"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607187"></a>Bibliography</h4></div></div></div>
+<a name="id2607721"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2607189"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2607723"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
@@ -648,7 +648,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608265"></a>Prerequisite</h3></div></div></div>
+<a name="id2609824"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -657,7 +657,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608275"></a>Compilation</h3></div></div></div>
+<a name="id2609833"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -672,7 +672,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608299"></a>Installation</h3></div></div></div>
+<a name="id2609175"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -694,7 +694,7 @@ $ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608330"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2609206"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -734,7 +734,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608680"></a>The dns.conf File</h3></div></div></div>
+<a name="id2609283"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -752,14 +752,14 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608707"></a>Sample Applications</h3></div></div></div>
+<a name="id2609309"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608715"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2609318"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -823,7 +823,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608806"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2609409"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -864,7 +864,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608859"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2609462"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -905,7 +905,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608992"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2609526"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -922,7 +922,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609006"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2609541"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -1017,7 +1017,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609138"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2610218"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -1074,7 +1074,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609611"></a>Library References</h3></div></div></div>
+<a name="id2610282"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 1484ecf469be..f2fe6b8e44a4 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index b66cccce481d..69a2e55480c5 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -41,7 +41,7 @@
<div>
<div><h1 class="title">
<a name="id2563175"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="copyright">Copyright 2004-2012 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<div><p class="copyright">Copyright 2004-2013 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@@ -51,39 +51,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564375">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564398">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564538">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564720">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564741">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564775">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567180">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567257">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567430">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567560">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567594">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567634">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567729">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567739">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567771">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567992">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568014">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568369">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568374">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570421">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@@ -92,64 +92,64 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570934">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570952">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564012">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571847">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571905">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571954">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571968">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572221">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572300">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572381">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571475">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571512">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563575">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563612">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563762">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563795">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563899">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563909">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563922">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571605">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571614">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607510">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571692">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610637">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608477">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608602">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634916">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635114">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635160">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572669">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572868">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572889">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572922">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -157,58 +157,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574332">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574986"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575176"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575467"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575484"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575576"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575600"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575758"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575884"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577910"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577984"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578116"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578160"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578174"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589742"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589858"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590352"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591902"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595170">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597537">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598084">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598211">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598552"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -217,41 +217,41 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603136"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603285">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603345">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603561">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603566">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603578">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603595">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603657">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603761">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607177">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608265">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608275">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608299">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608330">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608680">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608707">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609611">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 98d816b499a6..ad261b5ce3bb 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
@@ -2476,15 +2476,15 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
957 0 obj <<
-/Length 1065
+/Length 1075
/Filter /FlateDecode
>>
stream
-xV]H}_㘌m@Cl\;Fq$#5oA7 j&cթSD#ThБm>k03;c]7LGxDݠ9EL@QVɌRM )גMd̵lyt)W?5CXX6dF OcL.Lm| J (rAci4M7yoiL{&w!,*죔8ũ??Z5i&8$DAUFIN=7' 4[=0nR^gioꜞFz̮uG.[ [okKz(YNyYAr
-9~g!jQlKzNyYJXseMOKӱ(9jqS4JeVg2
-vJ([E,mmUk)k+륐LEoN넏WcrDF M\rL@LgPrb"@Z-%/#AH}b97urV^;nLv0m?:ҘRmߗAjKҊܹM嶄ӚaqZPBEKS/_+ks$qFFh?{'ZH9|%Ǩ @uO^Zu߳}e¨+l8rc{ 7E
-ܹqs"rfF̄|u|R9#/ɐIx~[t+7Y}>UB GDHo<@^%DLKt>k^]&/ JY#W
-E\ujp99{!OoPvӧtjtHl_U?&\+rV\f ~endstream
+xڥV]H}_h1}`G1\3~D'n|tYuT0fpmjk#C۾?`DCLXF1Yڰ38
+ @E0=Kbo3-ftXTItR|.nu෹|$qF<'*qd9|$ P~xO^ZwQFUᓵN0n5=8nc}MPL7
+ ʡrKGDI%I?J,Jz%`)&ܤ
+Ruzp9[ͱQvקtτ{:$vor
+ڢ!:[HfKkendstream
endobj
956 0 obj <<
/Type /Page
@@ -2882,7 +2882,7 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1022 0 obj <<
-/Length 3273
+/Length 3272
/Filter /FlateDecode
>>
stream
@@ -2903,10 +2903,11 @@ t^n_o˲:bϿ,A BAXEYt"΅aJrS%/ bȅj<r6lN@s
ƿ:iy1_Qmo^fHEȐ9%w7_#%aBȚ"bMιˏe
쁃 q:kw෣5YIp(x^/oU$;=˿.FPNR}$A$dHIXDw`CPw acx>*[_(K
6$H %AʮԘ+gNSӌ;Cm{*7̱`z|W.Eٝ9x؀o7+Q<eNZ&dj^8-WrT+|@J,dHYX2D/iJ3 \W@4FˋPo*T9*lT!
-Ku/!KABzWф[Xָ|l9/ޟ(lP!
+KuZIABzWф[Xָ|l9/ޟ(lP!
%
-EpfpрlVxF5K#1K C^▊bu+"޷?hG Hg6*ȐBEB -3ƫ}]DPb*sA(R @8f9}]e
-$ n:k Gho+bܣ!҉2dHARD&wKm+b,Sf=q\<FR2R$!>gHR=|yd2֎b餺&\78ϤS2bD*wEJ? )% $aA A$W,ZC$=M ?OQN#IA6:V
+EpfpрlVxF5K#1K C@";ԕ3[𶮈xCJQC;5HT ٨ C
+,J"
+{.ZXuAlHa @8f9}]e
endobj
1021 0 obj <<
/Type /Page
@@ -3206,14 +3207,14 @@ endobj
1068 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 244.6405 511.2325 253.7462]
+/Rect [499.2773 244.7402 511.2325 253.7462]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.1.1) >>
>> endobj
1069 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 232.6088 511.2325 241.7146]
+/Rect [499.2773 232.7085 511.2325 241.7146]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.1.1.1) >>
>> endobj
@@ -3269,7 +3270,7 @@ endobj
1077 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 136.3554 511.2325 145.4611]
+/Rect [499.2773 136.4551 511.2325 145.4611]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.3) >>
>> endobj
@@ -3283,7 +3284,7 @@ endobj
1079 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 112.3917 511.2325 121.3978]
+/Rect [499.2773 112.292 511.2325 121.3978]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.5) >>
>> endobj
@@ -3323,23 +3324,19 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1086 0 obj <<
-/Length 3426
+/Length 3431
/Filter /FlateDecode
>>
stream
-xKSI|
-
-ZU )j0 Gw*SYUl@6P8Iej0ء3ovX{0\4W<ka8x/KlprG'G'~?q$)t̨ϝ_SJj@ s.vDI!o;w~owm JX,7O9$sb)GbQ4>\0b-G}t~v6t{hU]Tސ+_F)MVhvڼU{C.*JbwMh-ќ,͋cUBÛZ|:R߈#h#Δ$70:t@)Lh69h,Jޝ/FKς^YN -b@0x2q`<Bx|Cr6_|#):<Ͻ<!
-ybN! TJ~N2q`X1bo "'lXˢQHɼY..Fۙҁ]L0hz*OS&&{I;4?&~74mK涧y-"ttCŁP{OXC,Mh]S=}ө}o0|s3 ub(bf yWf.+\S 1LV'80PP-Պ'RFR旵YR ͌ei53!C !FP& {"Hy8u?}Wݢ1Q5!Ť
-cg 80*P 姟pm|~,W5H+b\@eLA+=q!%aJÂq o/h'ߖy}\-We\b.&52VǵP,/0 āɋzO
-US~ g5Lob!F
-g$F'%ºNdQT?Խt!I
-+t
- 4DȆ@N Ez= 5n]0Oxy'&`tGKrq`0L~<bvn Ql{zbdF /ex\@4JҜ 7Ƹv@e>$ꦰ^6B
-
-yD?>@0~P a<:շmG?./#M bnT$f`AUB!AOpEQ2BZHޮqrʤWtEH{bH! T@0HPi؄J ӗ_:JpA}Bk.'g攖R{Y/
-bPAUQ2`PTOz
-,!@0J2Q 3+ 9,aOrJ4azRRvԏm(Gby,qã0Su} |uUR? U4f'T͑?98:8~QNrMR!{*!&d
+xKs7< -٥T";\$5XHȧ_ g
+3*wsq|9;R 'ӝ;76}%,Q'|9#Zp(pjA \.Jl:?;
+Cvj.joݯ~&|d4;m^|XΪcf t&hNY eg1* Mn\oŁzgJciLR:t@)Lh69h,Jޝ/FKς^YN -b@0x2q`<Bx@r6_|#):<Ͻ<!
+ybN! TJ~N2q`Z1b "'lZˢQJ_ɼY..F/a3e)付&`TLMHv~"Mnhڼ.m\ZJ 4Dx/58jpk`-WUvj)WNA<A{Ԧd:cB+xnSJ/$!Ŕ
+. b0A9]vrq`0#LqbI}vz{Z
+ 4DȆ@⛛{jܦ`(kNLw1L o!ŁzO0s{',mb3k#0bf( :rU
+lx0ƵԾ]V뛐S=FHa1Jᑉ
+wC:X|X/Fk:W\ e9;!
+U& *}G PQ ,>43P "{ z 1^`(/@0^P
endobj
1085 0 obj <<
/Type /Page
@@ -3387,7 +3384,7 @@ endobj
1093 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 698.6222 539.579 707.728]
+/Rect [527.6238 698.6222 539.579 707.5785]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.12) >>
>> endobj
@@ -3478,7 +3475,7 @@ endobj
1106 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 543.1004 539.579 551.957]
+/Rect [527.6238 543.0007 539.579 551.957]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.9) >>
>> endobj
@@ -3492,14 +3489,14 @@ endobj
1108 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 519.0589 539.579 528.0152]
+/Rect [527.6238 519.1586 539.579 528.1647]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.11) >>
>> endobj
1109 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 507.1877 539.579 516.1938]
+/Rect [527.6238 507.0881 539.579 516.0443]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.12) >>
>> endobj
@@ -3541,7 +3538,7 @@ endobj
1115 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 435.2628 539.579 444.3685]
+/Rect [527.6238 435.2628 539.579 444.219]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.18) >>
>> endobj
@@ -3618,14 +3615,14 @@ endobj
1126 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 303.583 539.579 312.5393]
+/Rect [527.6238 303.583 539.579 312.6888]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.25) >>
>> endobj
1127 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 291.6121 539.579 300.5684]
+/Rect [527.6238 291.6121 539.579 300.7179]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.26) >>
>> endobj
@@ -3653,7 +3650,7 @@ endobj
1131 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 243.7286 539.579 252.8343]
+/Rect [527.6238 243.7286 539.579 252.6849]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.28.2) >>
>> endobj
@@ -3667,7 +3664,7 @@ endobj
1133 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 219.7868 539.579 228.7431]
+/Rect [522.6425 219.7868 539.579 228.8926]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.28.4) >>
>> endobj
@@ -3770,22 +3767,20 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1149 0 obj <<
-/Length 3427
+/Length 3424
/Filter /FlateDecode
>>
stream
x[s6)
- vvl馗k3-2'R<O@Gxj$ijc9:q#Fc#p3FEMGt4}}1cuvu#CLƳH*Eڜ,'4jozsuy7G_]Bό Mm
-~[9#JJo/]-COAA}&0ӨБ@0QA9:s}QY-뢞%suHPSv0A5#Q bZ[)l#jWu,s0Tfy/LcVbU
-z~lU
-IF JKweZWؙr%L~jbCX c0@0bQnvZy`dO7񷏜b\8&wU_@EYۮ󩎃X'c 1(V@0P+e8FmڪU04J4 5պt~H" vTŐ VSB)j/ŢLt7-VޭV١7'4`5C>6
-Rʎh3Xu3
-:a/lo+Hgx` ^6ڂ"B09oxvBmsR6ʧ9QCQAQx"`]fa|0׍^oom{ms߿Rg xt7k"!g$  1aQ#`C7ϔWu}ЩFmQvz~-ެbuJ >M
-A$ }„p ׿oKl4:?mR#B%;h?
- c2gvS[9?>+i5)c{a
-uK&M}P8Pd|V2P5Ƈ CuEd=2?n^M-Yc%ÂB| !P$H !pg'7,"ڴvCN,kii-9j}ݿr=~"v>2;DefLHƨ9#,π|GqѾ'Bkyםmn;٭J٬n_HqGHgkH88g:bW?1avIղbx26D*?axSf/~+҄rΊ 7+WxU4jVOQrUX4S+Wd!L\$L9V9)^Ԯr>ín
-o Z[|^p,'clO,0Ąbb@@0P['P U.^i(EՂCMn[KU\;.^/$2AI b:D11e,ލ68DkJm,lIT6YLfb@PV"`칏mf&'~ !/[xW̐_{'*&χbmlv 1Nge)a愂-"-oGoH m@*i=mM׽T$7`gbx!>1b7[ݶd<momi;"4}0F>C #($cX F4$7c$w0xu9 Mfb@c cuijͺ;۷!hN b4A=4EhB"Z'kmԶ4CwnUQ(d!FԔI #
-ubdxQmZUT֡@}:|“qNPP{)>DQ{wqf6TR@X|AHPJb` =H!2W#sͫOǛy~Qȧ8`djI(xP+4Ej:B>_̰/m!`_87Vo0u# f#c25-acnHGcg(?;_)5\qmTrr(^endstream
+ vvl馗k3-2'R<O@Gxj$ijc9:q#Fc#p3FEMGt4}}1cuvu#CLƳH*Eڜ,'4jozsuy7G_]Bό Mm
+`~;؁`g'2Ƈ|칍 # vΛŢ+]P,ἔMziNnTkTPFH D{eFg(t_u[ۺv/&u㿔z+ڟw}?lEg@>'ɂCLpsTH P53j'd]>t꺑j?kr[Գ_ 7u`<R0OS2
+ χ`m)I-4y?}]?iy9u[dJn:!m"gG<H :{'e5ʞ-ܪ]5K<|sj/ e}9E4$+`
+/"_uݫEy.agfa|3i/b sL0Ȁ0>#F׈r`wkiOCۖ)zj?YdH! $ >D㬺WlYݾ߂.٬lWԗbjx=37Kb\@eP."`\}`Jy,|(][{oXGyƒOY2J uyPmybm岸(0'Ag5`!Uc|x% !#r'.e@F_65(a(ƟG#*hB,ܽcI.'A>Ma]u,r}w,-3 h2/* u GΨG"5;L}
+"`=L)8 
+8+*'ܬ\uU}tYJ>{D],#VaylLJ_9ђr0ur@0P[$FxSʭ7w )5h n {}ٲXβ>IP
+fgBoJC2'Tݺ^{͢ux:T 5-'o/Urdxu޿Tu$Y'`X N{7*~첳U&]Suhgŧ3`BY>Qp.%n;8~o]1Ck׆~흨~
+<}uLI$L8m9V/cÓ
+z<hQ"`mZ6]Rn<n^d܀!ṇX n[ƈZ8܄+nuۖ{o <?D'c 1Lb`FҐ(9?/O`g7`crxi,}`Gh6f;n߆T';&`d2)F>=YlھkvkDD' 1L!]H Q@$wjժꦲ0p25<  up=8UK) },H> C $(%Sst@0P+ϑ9է<z(S
endobj
1148 0 obj <<
/Type /Page
@@ -3798,42 +3793,42 @@ endobj
1151 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 758.4766 511.2325 767.5824]
+/Rect [494.296 758.5763 511.2325 767.5824]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.7) >>
>> endobj
1152 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 746.3946 511.2325 755.5003]
+/Rect [494.296 746.4943 511.2325 755.5003]
/Subtype /Link
/A << /S /GoTo /D (section.6.4) >>
>> endobj
1153 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 734.3125 511.2325 743.4183]
+/Rect [494.296 734.4122 511.2325 743.4183]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.0.1) >>
>> endobj
1154 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 722.2305 511.2325 731.3362]
+/Rect [494.296 722.3302 511.2325 731.3362]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.4.1) >>
>> endobj
1155 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 710.1484 511.2325 719.2542]
+/Rect [494.296 710.2481 511.2325 719.2542]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.1) >>
>> endobj
1156 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 698.1661 511.2325 707.1721]
+/Rect [494.296 698.0664 511.2325 707.1721]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.2) >>
>> endobj
@@ -3847,7 +3842,7 @@ endobj
1158 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 674.002 511.2325 683.008]
+/Rect [494.296 673.9023 511.2325 683.008]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.4) >>
>> endobj
@@ -3861,14 +3856,14 @@ endobj
1163 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 639.2482 511.2325 648.1048]
+/Rect [494.296 639.3926 511.2325 648.1048]
/Subtype /Link
/A << /S /GoTo /D (chapter.7) >>
>> endobj
1164 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 627.186 511.2325 636.2917]
+/Rect [494.296 627.2856 511.2325 636.2917]
/Subtype /Link
/A << /S /GoTo /D (section.7.1) >>
>> endobj
@@ -3903,56 +3898,56 @@ endobj
1169 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 556.2857 511.2325 565.1423]
+/Rect [494.296 556.4302 511.2325 565.1423]
/Subtype /Link
/A << /S /GoTo /D (chapter.8) >>
>> endobj
1170 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 544.2235 511.2325 553.3293]
+/Rect [494.296 544.3232 511.2325 553.3293]
/Subtype /Link
/A << /S /GoTo /D (section.8.1) >>
>> endobj
1171 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 532.1415 511.2325 541.2472]
+/Rect [494.296 532.2411 511.2325 541.2472]
/Subtype /Link
/A << /S /GoTo /D (subsection.8.1.1) >>
>> endobj
1172 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 520.0594 511.2325 529.1652]
+/Rect [494.296 520.1591 511.2325 529.1652]
/Subtype /Link
/A << /S /GoTo /D (section.8.2) >>
>> endobj
1173 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 507.9774 511.2325 517.0831]
+/Rect [494.296 508.077 511.2325 517.0831]
/Subtype /Link
/A << /S /GoTo /D (section.8.3) >>
>> endobj
1174 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 485.5497 511.2325 494.2619]
+/Rect [494.296 485.4053 511.2325 494.2619]
/Subtype /Link
/A << /S /GoTo /D (appendix.A) >>
>> endobj
1175 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 473.4428 511.2325 482.4488]
+/Rect [494.296 473.3431 511.2325 482.4488]
/Subtype /Link
/A << /S /GoTo /D (section.A.1) >>
>> endobj
1176 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 461.3607 511.2325 470.3668]
+/Rect [494.296 461.2611 511.2325 470.3668]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.1.1) >>
>> endobj
@@ -4008,28 +4003,28 @@ endobj
1184 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 364.7043 511.2325 373.7104]
+/Rect [494.296 364.6047 511.2325 373.7104]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.4.1) >>
>> endobj
1185 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 352.6223 511.2325 361.6284]
+/Rect [494.296 352.5226 511.2325 361.6284]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.4.2) >>
>> endobj
1186 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 340.5402 511.2325 349.5463]
+/Rect [494.296 340.4406 511.2325 349.5463]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.4.3) >>
>> endobj
1187 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 328.4582 511.2325 337.4643]
+/Rect [494.296 328.3585 511.2325 337.4643]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.4.4) >>
>> endobj
@@ -4120,7 +4115,7 @@ endobj
1200 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 160.8217 511.2325 169.9275]
+/Rect [494.296 160.9214 511.2325 169.9275]
/Subtype /Link
/A << /S /GoTo /D (section.B.3) >>
>> endobj
@@ -4134,7 +4129,7 @@ endobj
1202 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 136.7573 511.2325 145.7634]
+/Rect [494.296 136.6576 511.2325 145.7634]
/Subtype /Link
/A << /S /GoTo /D (section.B.5) >>
>> endobj
@@ -4188,16 +4183,13 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1211 0 obj <<
-/Length 765
+/Length 764
/Filter /FlateDecode
>>
stream
-xO0
-<,y6G0W JB^\z^j;: b⎃`+C+e7٦?eXmvPKL]7լ
-vh};1Pa!>8 @yjw+ZlfRp9Fbⶂ`rF*QU]7*0~"^tD>h2X
-tղjo'S1?C1^qA_
-x/-*Xڎ;G^ۏ?5:
-,aE(D!,4}8[JF;Xi0wJٟ0:(EEED!(4}%\Flä[?V[ ZJ+</(K<w@/ v_kM1,\Nct%ijwAQhendstream
+xO0
+<,y6G0W JJB^\z^j;: b⎃`+C+e Mj)颹FUA;ގԡ`Q 0
+|<@ UVЬU ޣRH%<*ݡfCe5FS@Dӫ~OhMFK!8NSZV`j;'`h`^Q +n0+T!/4}%BKrUԋyF_G~0(ꇕ('RKhq=-մN)Y:_FQ|(($#K?MC~TuX~Ê1XqkA~XB`EuqGk 7˩q̕ι$\b.u;(/iendstream
endobj
1210 0 obj <<
/Type /Page
@@ -4238,7 +4230,7 @@ endobj
1220 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 710.656 539.579 719.7617]
+/Rect [522.6425 710.7556 539.579 719.7617]
/Subtype /Link
/A << /S /GoTo /D (section.B.16) >>
>> endobj
@@ -4266,14 +4258,14 @@ endobj
1224 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 662.935 539.579 671.941]
+/Rect [522.6425 662.8353 539.579 671.941]
/Subtype /Link
/A << /S /GoTo /D (section.B.20) >>
>> endobj
1225 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 650.8801 539.579 659.9859]
+/Rect [522.6425 650.9798 539.579 659.9859]
/Subtype /Link
/A << /S /GoTo /D (section.B.21) >>
>> endobj
@@ -4899,25 +4891,31 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1334 0 obj <<
-/Length 4158
+/Length 4157
/Filter /FlateDecode
>>
stream
-x[[sƕ~_rmU!w42Ocg<$;(v9k $!5$J*}ݸ)iw߶FA_;!~_iBWy2͸Z^-=2-Tܾ;_Yae3f-̮a?]/fO>^k~yu7tYۿݼ0|6b|R$~]m|2YX}
-}}WoRör{5lHuC.g\w)\My:jw+~OnSs֧EG60&'P]{N_jgFE^d\ v6l|'HU74cUwRWׅXd.JN-ZnݡAh~G/z gĩ3Ze6zMzcT۶~b6yPY.FFTOh[ڶU_Sbl&➩C~BFJeRJ~NN8Y$$-혈~B̈TܘE3ĉ(mj9cqT=4:d vWt i%&SlZ}P(Ӡe<i&יxZT5-R)m2gV} 6/P1yn<z_v]bhiMnf&*&bA( ^ԍeiGs! F n@$g㸼X<}ENaֵQKxmz/*͸RjEf}84fASM Ok:: aB@*w|ZZ~UsW- j\DLZ r(:S̘KZ0d\d kϮ?6duL; w;D2# gm0W፲N)=0rݓKߗjj5 ? 9`@<6r&a
-&ȋ!KOj;^oW~`p{(,>LZDEp%9Y(רZ,"I- ȑay&({lM>>XH+vUSCgCԳNrq<4%`ŏIƲX<+ N/#A~Eط&nMKOiloM\p7|Y 5ciyףvM;8/ڕ}j5+ *[;x ) ppgʠon
-ȴogKl> h7x
-!b}{
-L2afط/h `'@gfFI|cj:ЮDy&u~5.v [ I:uWXPf*[`L;"`rD(T1pl˔e<,1#lxs7L~!!v~*@F a:h +$T\M<C }~V2U g"2U2sY$#M
-|Ðg{uDw
-{^Bp!AWBQJ4b'YW;dCC
-y)NWA4v^Qhg͊փɛ F.9
-yY
-r҅
-m_ ۂ->TqX9S""ŋ{NŊM=-5p8䶅i,焂e eD3[-ky2b\*.ݗ$* ?c]X3<kAuNc3nuH-U<vq8()|AE.|)P:{*vGuOMU|䋲Uv5A ɥR}Kmxy_R!T*+,3+$0 [||(ߦ? \)/+8w.+?ƓY'u ɗ@?c  EwRS@2*BrmoRuKb%uL1R!UpB>
--;YDžхLJR¼L0,%|I)Oհrl2 ~ .Ef
-(s^ܚG@a͐\@D %qvM>6uMhx19 yPzZXwbj|.M+>pF8M쳅 ,*n Kc]Mx }-qVxPV?{o>,?['6pdm2Mjɇ>> Kuě[d]cjxTK r?v 7
-_7JzsPG,n?*ÿ V\#1 sqs2!oE: endstream
+x[[㶕~_ڪF4y;NL.vmQ[bDvDjڝTAݽo[ 8\sW γŕ)TW+vYW_'UȯnFsٌY˯n7?/d&k->wKӻZ/~_}|{mjmx~o\zWn)'L_W,W2^Jii%eٿ?ㄣQjs0^-,,$29h"˥ʎkyB_E*doq԰-cƓ-b6WpHSu"~WQ)UGŢ{j}=t<^s~Dk4ݩK̰Q>ڨ0EƵPp<!ngqbTuC3VzG/up]E"0Z ڭ;4ޞ
+c"u ![ι1!0 (G-8CwN=yR:~I0nwuGt,̩%ymnjٴ^}}?JoA`y~Ir3u񴪍.ZS?&fdV0?MyYk'tLg1'XˮKLZtAUꯉi@
+)MXj
+m欗 24#9gg9 n@$g㸼X<}ENaֵQKxmz7*͸RjFI p ? ȿjjx\pc~`vKw"PAl3-򫊞8,namPZ$ڠh
+M0uP:vw=iפѹh]yߧYnXpZ=a♐Y O&SV~sWpH=};[bSݕ}?As
+ %g,=7:~O=ɡ@^o]l}5z5۬zT{{nK(?}5cX?W<#C\֫TI|jJ)$\e li09 &#R`r@,
+%f:g4
+)?C#uqpa@6"D!R|;D q1HDTV/o wwntw!uTʩS:Xogge
+<r`΁տy*E ׮;A [I𤇲C~G SN[8M|!%3̌Lqf]++O aR5/E,'n0tgD2Q߀(mSK"R;%=vrHPqjM=K{_&ii|wܓ/RoaGrn&^izF=sOs| z03u|A4 0T3GI|cj:ЮD&:hU$4:uWXPTUV'<*= (LE#vDx䦉 xQb_ )a2/pyJEWKYbFnBSC>`T;t欘rPe$x
+8[LdBeTsDedlX$#M
+ق"?Ms8n-a\4! 5Aթv*y F"&] RrdgD>yEEнz!&& `+yuEGx{Y&\+#K^Q\3
+<s~W 7\] hAѮ~I8Đ)P|
+k WP6'LDj<;:?R7x8TeʡG?@kc c&
+Z݅{
+S/ .TUh<( MnCV2Ι,&.^0s*V,nzo!@Fή1'-Lc9'/cη(c9N$HjXc͓RgyЃ5J./ӮFp`}ݵx:1s'|ƍ)#jq.'%/Wş/PsJg@ESY{*2oݟ|Qvʮ1hCBX;Bʰx /U
+"JYerf%$&ax/ o^8r<e΅a'x;뤮Tc"!rUڟ迟g<`Zy
+TPo#mGmICLjTH98!F_
++'*9U}#5*M`DJs|#9hʜ}% $O%/ݡ\/̫fx7s %e'uol"KzG w>#,dEBsH˟7\AH6dy)BK
++ hJ 2 #ei.b̧jA9\qIT ?"DX0/
+`1p~ O&X̼.QƚYIB2ȭ_(l>d
+!@Yn|~6Y5yJz dG}ȟM}p>7cڻ46m#ŧ/&r}WoRpWal_ǕN+CS~a%o?}Gݼ绿oF8'$ofә?H$.,XTAPe𙇱1 sqs2!o0:|endstream
endobj
1333 0 obj <<
/Type /Page
@@ -5805,19 +5803,24 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1486 0 obj <<
-/Length 2645
+/Length 2644
/Filter /FlateDecode
>>
stream
xڥ]o8=PQKf޵&=Zm]eɕP[\ Ù|3,8Ynhoϼ~&fa6ի_dYdz+u4w'tpsn^~9A'/>̃\7ٻ|υ廫4< vv}?e.
EWu&^o9;0nBh_8|?! )"QIBd6+m$Y۪\=K<g 8υ30 z9e
ܸЫ~
-U">8@B'$İxŁD}␜[Yq̥5YN8d̡ξ˭uJ*&L,քɛNPsi)(US5153Ke9V*sC,
-kÔ>*u.][n Lj7t* al l }MuŌSIaFOZ'
- tc3]I&I$ 9RSs
-~i &n l |`cöti[ط3$gUnwn%L'2;S+ǦaJ0Iۍb=o
-&rΫ}auooeft5x5ZD }Ӡ(g ix?GЧ0 FUG8Lynr#;\qcROWgcNN02ڱnQǕ|(u1= 7xI膾+蟛< Ru `-<)lɭ;|x7b ]1i>[4rBM `LAB 4/Z/͊SVcggš\ij ]_tUyg=mEFkE,0dž^?rg_f`0"`h h426gTlw.$Yf2zebp0##dެ A'SVB/vZ%̢e@[ϺjxXZ 3sz
-pI:gH=LznZp&XNo;]%kfSsQF?m6y)g燞z=4[U+I+K_ 6iM^^\Z*i]osuw{ٺoӿNػ\[i^\%ߑ2er}]JsѥL+tD>yv3}\Ŕ:$P<\̓@:߈fYEv/vNG~"nP1Մ?i}uPc=TZSLendstream
+U">8@B'$İxŁD}␜[Yq̥5YN8d̡ξ˭uJ*&L,քɛNPsi) 9t;əG/3TFSiU9#
+!
+solisA=t޴dܬ4eΓcH`DZ( 8N[6DhD@_[<<4~"!zIO
+7ʲtӏ҅sUa
+0auCV[kp+-6v?يZ&f`%;SM6q蟶Ҁ 5qtNw6[HH3 AͪW5|FYs4DE1vЙv,Z!ZRwzzUCdSL,bmKޱ8{<eA<2VxS:;
+,€&jݔJߨܦ@ @5?ܕlL#N15
+2[lTuqXÔfnJ 7#\7&*(d}q6FĪNdK #KH|\W@RgÕ/ztn軂93__!\֕#hJR*zwSp˵O6>H#7  K.p v̈́$
+[O]E< OWw֋VkPxn x?_c߹~l%*#A[zeV , " ֺ6Ј?{݀F3K)xasJvAXazih]+CW& s?ri;H&Zz2Ei%b\,Zu񬛭恇5
+"~:s(1PKvm3-4Rԗ<7BiT@W~ ׶I&ɴؕ ,zv Jf#U;W0@|kgf2(|1>;\7k^OwOJxT1_=WAJ,+p$L|Fnٳ% s~= KKôGqkBUdϞnq *UҼo65efcx
+k_ppUrv}56WZ6׾e ^B)[F '4]zNt<OGӑg7s?nhN0PLCO"< ĩhe]db9xtJ'[
+(` 2SMAәW7L :okOEIuQendstream
endobj
1485 0 obj <<
/Type /Page
@@ -6250,38 +6253,29 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1555 0 obj <<
-/Length 4062
+/Length 4323
/Filter /FlateDecode
>>
stream
-x[[s#~ׯ`BL,q>c[<8.5ȜjʏO7n!ARS1@hCM(D;&I(SN,Fa?^_y'\ hYBe0r >{߾{iw.g\\7W^}~Q_ۿ\_}H?)Ը8@wW_}?_\] ̨rOtr %Y5y0dy! J
-j?\5]K ͕̬&hux0acQ9b;δ%Qj -l%Fg
-֖Y2KgCs(;v߼|Жq(C`+;}|A#VM.XTlƝ^?ʓ qBجdͲ0 4|X_2;m7#ԗH{2cR#N)>5=6efZl.oEE;eP??6jx?HuׯyӁ%vu(aj`Oe} Wfu9TO* Զ=pTجUxݵ:4W@K(s:Vs_ch}[xzP+:ns(3t@,9) ~>.y.n=!Ϯ^~v]ne(?4?PɮIBVc_g$
-z^xmX)]g0X\8)`G<noK֌ \aaŢcY,@kY8-!/7Q%r$PUR(DۻPw](516e}c^_:
-J,@A[K<5|Veℓw[J.(fLq6$.Y@6ٱ5DSvtY=#
- hI_CQ䈣TY@
-5[sNQx q?Op"}K,Ҍ C,Hžq3V qKↃ&Q ]46 A
-"x`r0wO
-<Y}jO:G8U.T$۱<(nbVA xk%3.v& 5ObجLwaOZ_9t4آ <!,ȖĘQv5lH
-ҞRl*5xXF[4]*Cc_BYBMU+lPw
-BW|OF
-⼜dqP8ߜ9[SJRaG1B]V}7P65
->cMx۬އ'RDkBdb{,7
-Cj6k0PS6qao0oa顙GjҫР޽N6z!%x aسppV: )ϏQN#h
-M 1ڤmꀖcz1=( >yP;36Fln
-ӗ07<) ]9тR!5ŀ~ivY?;|,Q7hHB~x6
-ŗ ℚ|-DbPcxr>2D?|j ;jᖹ;
-:A|"$ZGh3ِJ0l>@B+S'ŀU(uNC-'!ɂ$cx՛+rTZ3Hq~ӣ @
-s*hm≵
-CFk륓 M*d|pqܠ" ŤDS;g9T`$@#nFbd
-Ԕ
-#  X{ܹw.&&Ab֎|mbT炈y2 Z2<Hܞ>'@
-o68&!ɂ0$@'OKsȹn+0~54sC%n Ea"nY<.;. (;.fX%%=NF0b.6 qvఐrڿ`(0CD͢$`̙d{[E/
-r"p#f={tR̓Ļ>uSպqpnqk@y9yYUZxwso} NyCl ]`8@6?ɒo.jE;ڮK A8tCT戥و;Gacho+a*
-ڌ8.p\bNN! PyKΨ CxMUUܯҨ0 Dx/DyHvkͬHI0ץbjJM 8A_5mSQ-1ͦ]KFm4P]H0u? yh)nJLcr FЀӟs)vgR<|?_0Bm!35L},h) '%
-} ((d^*2ԙuC{2
-Ӂ
-s짼h "I)%F*<z'j͔x҇Bv
+x;r8~[}뚩ٙnoD,-6tE\L$@$ך GA
+44fPd1bdƃ~?Wl~q2BiS7^YQ(&{^oPgTϚ_8`4r{+k!>/F)8A6zDj>/i3qV6P\ޯ5(H
+ jH
+LǤ0|v,Q?$H@
+i#ߞ6Z``.uDqg{:j?Rciyn =i˴]KgrOJjIoЎ5ydo
+R'Ur(ep9ϐF&uLIOq1OAwcUKɡ!R)#iWdum%P'Dhǜy=$!~ tn +h}:!#t0)zwtU?T]ySkhYuCLO
+I渗o q:YdLFUEA^? <]~ \,U 0 Խ^{g@[Kg6*I-apq\YAbV , g}@Hp3'r4@N"CAr
+rIцg>R/S "C<geaΆO2Ϡ|c&N?+lT'F;r[!ٺot~qc,Sz-Z{A*֩jDS 4v=yy9hC5{WCAKyګ5  320emط̨J12.6*
+i &:5w q|5JqEؚsKZ
+ae9Bwt1!`w1_cX:!u3?<Np}88WYln8,]e
+gI5H=՛$'eE R ܢnTGo}_RML4FC˺-/Vf .
+D"lQP2&bGE@dꡤ~ )-H8A\)+&_r
+v駱!j]2ۛvt;oKJh
+w f!
+X1z};gd)Jý&ݢt5k'b}DkombFA#c.R[U[ӳk/ѓΊ_M"eZ{|ݒjBNYlhzty#Ir_,s=y9bjx*8\f^}\?9U,so  N`
+;N Š^tw+=Cǯ#5D6
+tU._ Vtj]
+gڨlo(kthgliYApzR4EMEi@OEImJZ8lgƇ}hTꀗ3! i̲@ }r<NɠqPY &(O8>[4
+z_ <^VTP{Q:B#LtPsԃoFy?amךbhŪoS.uOo%O7OoSoxf"jE~~i̽oq|q V}˯S~p9a{DZ#xi|K/<+xendstream
endobj
1554 0 obj <<
/Type /Page
@@ -6293,129 +6287,131 @@ endobj
1556 0 obj <<
/D [1554 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-370 0 obj <<
-/D [1554 0 R /XYZ 56.6929 165.9801 null]
->> endobj
-1552 0 obj <<
-/D [1554 0 R /XYZ 56.6929 136.242 null]
->> endobj
-374 0 obj <<
-/D [1554 0 R /XYZ 56.6929 136.242 null]
->> endobj
-1557 0 obj <<
-/D [1554 0 R /XYZ 56.6929 106.2766 null]
->> endobj
1553 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R >>
+/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F11 1451 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1560 0 obj <<
-/Length 3065
+1559 0 obj <<
+/Length 3057
/Filter /FlateDecode
>>
stream
-xڥZs6_>En, ^Rii\=4`cTHʎwb(
-LxoNgIaSŧ2[-om|Ze|țcsk1a5K%@iSZ3q: ~"Qm^d\P&^&30sN~0N˩SiFLD_*≚.VT.lkU^Z?x>ϫuUMYm|ֶp z +õp8n-%aҢ9S%Ҏ\r7,Jc9xbiu{/L*& š6kʖ-7Ҷ :9G6mnڰxl{w]݌ 2[39<.uck=Q]۪(ǼסS(tam%8ioFd#w'U qO9<J zme݃C`Fj\G7ӱYfڝvLiwʹ&#a)\JY5U$3눩:6Tӎj8mFKww3wg޵G-([oC8z (C칧G
-1ݰsⱁ;g-~t{ӎZ|k.|ѽ=louGʝy屽B8blob&0zobpٛu7ӎpZJ 7-EՄ1!@i$xeJ>O
-.#EjpQ~*L[Sƺ߿zQ ϶L<Z.E/)âڐ=pcdhG)i -gŲjZ?P ?LyPڶ;8 ;WhA h.G :3cVSލcPoay{ܻIXJwvX'mv[ W/.)U;|! t ՚m>1jey`pF)$] f|4ovOyީ]u!+EF RmvjRcGDFuxXYFh`7`&=\xᙸ@A<"/slP.)-iQ7WεG?K5d(rXC :
-"1(q$1o*?. P˱`I 䀭P
->};mB >t+eJgIhHCh7yUP2kC͓(4b 
-"?GMVg0_lnJufcl
- ^Pp#r!/ ՅUQK(xK B xx!+s!
-_պnԧX;LjRaXB}Y~EqX|$\tcՃZN
-覷=v/P>Ql'^r) \3KU=Eque=q!CPS;bH4.(|:bkw_(BQAΟ\o. ҡ92L
+xڥZ_s6p*_- 4uZw$8sM'%"㹻~HJF]b-(yOTOL(b}Bߏ'yi>+f"f +Aӫ寳?xwulF,g(f_(=^}Ǐ_%zvu _xh/Y.__P/o>vŕ7fh Z߂%I TFeDGJDZ)G)O> ڡST*4L&<S)EEȅQ&b*BZeecږl%+j.ڮE[~My IUQȨ~^%:0lJ6=G ʹ7$ oV|G<0<x'>>QPl>νYin,!30qg'*_߇&Ět"(KK`>AX]QW!y65,6<ig2Q%jhfi ,'&ob7EH,\42<xuYYuI=5ͽzc-l!:TͮVJx}e[Sk{&g<pVTVfi
+{?Mnkݨ(aN4(ђyں SZ*u.l<K8g=
+Z)^mvx2nȫK t:]@CڸzF}Cn=7uYEuCy8"Fizrٴ)K4S5dW)Xtr\W;Z@[c77#GGi.kXc'ݤb\G丞v17vP6$LZ_{?oQ՝G]1SpqzUǴ\vUC9n98 ~N=ZK{(a#ݴs%uLJ\=QNz|֧/:޶^Xϔ;+PtckZٱ(]G& VpY:X]k3T˻2p/ZjQ֭2usqHتV䃆=TӸi@VNK8|]:g@m S|I AїR&ha|$2KiaGY/rU!+W*ӵBdt@& 엺gBos(@5 b[i݌knNi6JYvAU᷎u'd\D,-rb,e:_>IZ-aX_ؾzm`pN뢭"
+-Z,M14y[9je BhǐЊRx遑FCh=v#h[ac J'د,p3<(m.h]@%'nEE Ҳ^lqldOѿVq[ihv
+4܅ES0Ǣ^ox#.b]2ğR
+dǑĢy|)!KjLP
+Zk1#p(
+s\aMj붂Ef>Ox 0 w
+lM'Aqل{ZaߠP"GʖDi82:T>[n,T˖aeL-sه@*Z\k?h[ Hr
+۪S
+
+*YjÓqxzʕ jp '!ؓ
+c$id;q+rwQ iୌ+h=Cx `P8KB}|~Yh'cߛ[v /-K%W
+mn}ԆH * a48M65-m%sP۟ne(^7bgXt(}wNyn&W,mLoQќ_T$1_K?p1(psY&软:S+/yendstream
endobj
-1559 0 obj <<
+1558 0 obj <<
/Type /Page
-/Contents 1560 0 R
-/Resources 1558 0 R
+/Contents 1559 0 R
+/Resources 1557 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1530 0 R
>> endobj
+1560 0 obj <<
+/D [1558 0 R /XYZ 85.0394 794.5015 null]
+>> endobj
+370 0 obj <<
+/D [1558 0 R /XYZ 85.0394 769.5949 null]
+>> endobj
+1552 0 obj <<
+/D [1558 0 R /XYZ 85.0394 752.0459 null]
+>> endobj
+374 0 obj <<
+/D [1558 0 R /XYZ 85.0394 752.0459 null]
+>> endobj
1561 0 obj <<
-/D [1559 0 R /XYZ 85.0394 794.5015 null]
+/D [1558 0 R /XYZ 85.0394 723.5337 null]
>> endobj
378 0 obj <<
-/D [1559 0 R /XYZ 85.0394 730.0812 null]
+/D [1558 0 R /XYZ 85.0394 642.6584 null]
>> endobj
1562 0 obj <<
-/D [1559 0 R /XYZ 85.0394 700.9798 null]
+/D [1558 0 R /XYZ 85.0394 613.9312 null]
>> endobj
382 0 obj <<
-/D [1559 0 R /XYZ 85.0394 216.5924 null]
+/D [1558 0 R /XYZ 85.0394 133.1977 null]
>> endobj
1563 0 obj <<
-/D [1559 0 R /XYZ 85.0394 187.7778 null]
+/D [1558 0 R /XYZ 85.0394 104.7573 null]
>> endobj
-386 0 obj <<
-/D [1559 0 R /XYZ 85.0394 127.6814 null]
->> endobj
-1564 0 obj <<
-/D [1559 0 R /XYZ 85.0394 101.3894 null]
->> endobj
-1558 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F14 964 0 R /F39 1161 0 R >>
+1557 0 obj <<
+/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F14 964 0 R /F39 1161 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1567 0 obj <<
-/Length 2310
+1566 0 obj <<
+/Length 1991
/Filter /FlateDecode
>>
stream
-xڽko6{~~8{3|~f\۴8EBeɵM_3Rlf{1=c1'&aĢT8 XE8G|r{G܇z8:P$ei$Ⓡ+a<Idq1fOϾxs:\|zqs]ޜz3$ӳ8x{uVR<|⻣E+|ȯG?'KxwG4 '0LP0PʭG!vQ Τ10e0<|X 7Gy^몵7k;x}o5+] 2 ( 0YFoK;>pJ)&D'm Bg8Ux3Š&K|gf֡|_L$SM+*kit*Zl\?pѧW6_+fb*}(*F35ml}Ѯh]Y|mۆ6NO<M5cA"ǛZ1C VL<5z $Vx<qoܔե\XǗ4T7LD$Cgbڡϳں'u賩$+(xYTV+jx~Aa׻-6͞@R |QUsk!
-LHE({Cl֜dCD
-̽%1SA$f)Enm5.
-\n:>Z:$:(a!R
-[,6g۸qQj%ć*[ V~l$4t KYv)Hrk9AǦRVh4ەvSssqώ%( z9JwAQ<#2qhM5[^ZhVnaZXAfw-oL-RŇˣ2!*ՎvmQL1}\w^P DC!%@L
-s.cglt^ w "nˠݬDo 7h{ϮB:`[ *bIY}} Dgq‚!.dU JNH Q>endstream
+xXms_Pb
+Dűb+]hV٭oPrUleg- _mUhk>A\֨fe>
+RL N#2gYFdl* ZGt 90f b+8~4k|&/+By@|U{#S;wS2x,*LM2 vEIi-➚xӶRP;EiV'Ԏaΐva3HM\ >lBI+L6vK4hik&K]D<J_2bΈ)؃ZmOe>/=nm/BRlͧٵϣu!=è@;CsQS:jvGbm al6 J qwj}L p!\y[aˇڭ?NI2,CQsnm܇#CpaQgP'W?W/p8KE"-$s۰L48H?cjx9p-A\ ,G2IY,$U1p`9:81i9:H)xpKsk7B.-SH[؎um@(PCdft1J0娿τ݇P0E-֬eS5ݟ( ۄ3Cs7P@MxhyvXhKߧkqG*,ZD
+2]xBH&첾/v.`oF 7]AE3R?E*ə,
+eA|xzY`G bJd%tsL^7Ǟ.Ku=R]3yOBwr<~HblM`v|=M܋
endobj
-1566 0 obj <<
+1565 0 obj <<
/Type /Page
-/Contents 1567 0 R
-/Resources 1565 0 R
+/Contents 1566 0 R
+/Resources 1564 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1573 0 R
>> endobj
+1567 0 obj <<
+/D [1565 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+386 0 obj <<
+/D [1565 0 R /XYZ 56.6929 769.5949 null]
+>> endobj
1568 0 obj <<
-/D [1566 0 R /XYZ 56.6929 794.5015 null]
+/D [1565 0 R /XYZ 56.6929 749.9737 null]
>> endobj
390 0 obj <<
-/D [1566 0 R /XYZ 56.6929 730.9277 null]
+/D [1565 0 R /XYZ 56.6929 670.1208 null]
>> endobj
1569 0 obj <<
-/D [1566 0 R /XYZ 56.6929 704.9004 null]
+/D [1565 0 R /XYZ 56.6929 644.0935 null]
>> endobj
394 0 obj <<
-/D [1566 0 R /XYZ 56.6929 236.9993 null]
+/D [1565 0 R /XYZ 56.6929 176.1924 null]
>> endobj
1570 0 obj <<
-/D [1566 0 R /XYZ 56.6929 205.1553 null]
+/D [1565 0 R /XYZ 56.6929 144.3484 null]
>> endobj
1571 0 obj <<
-/D [1566 0 R /XYZ 56.6929 146.386 null]
+/D [1565 0 R /XYZ 56.6929 85.5791 null]
>> endobj
1572 0 obj <<
-/D [1566 0 R /XYZ 56.6929 134.4308 null]
+/D [1565 0 R /XYZ 56.6929 73.6239 null]
>> endobj
-1565 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F62 1361 0 R >>
+1564 0 obj <<
+/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F62 1361 0 R >>
/XObject << /Im3 1515 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1576 0 obj <<
-/Length 2383
+/Length 2519
/Filter /FlateDecode
>>
stream
-xZ_s67 }r'N)dhxHH.(F7X.v Y83+Gkf00D9vҤ?듿RvOd2r;'F׳?t" 'tb>%Q<}^|WgV/~$ጀ2rرśsj:{O'Y\Au?p3{p&6TK)Nޝc KbRz5δw8ңۛN0L&њq7&g!қ5%J`r?;&}pb}M8Y ZUv|Hj5 n\gيr.Qֺ0,S1tNqx yc$ {lS-sQ___%3"I;&0qyd@Cx2
-s`ӪDsפvEGH2 U%VIMu:QE- ֝6T/ы|h&~h
-RI2KIiB\!SXV%߸KÜ>2x
-F'VMP)}(N:;&}T4*aC7pqT=OLiYfœ6kĻԲ =Lg 54àܥRw?ݹXuoJI#; &FY!'&3 8w_PQhOop@]sH\ElP~F16mO{VRn2jhfp@MF
-LG %.ڼd%=i9Dއm>Da݊Ktc*&
-w26m
-o2(3 /ev7Ȇl기-Z@mwZ4VtݢaGt6X'Ynѥ%\Z&B ,
-α.߻VJ4N?/GL !ND!OmeLCJG㇡ <'( $%ݼ|4Ư`4`G'JµP~cԲuסVO|J=*Bie* g8P dq9Ɔ-|-AV9xur&K)ͤn۬mTLI&)B >>7n*N"!ݜxSw.!}C] _V'E l QCaɤ.uq)m̞>oCx:(@pZƀ ]zč񴕞$HP3@u?U?=#imE*vf^I"]4
- 6k jE_1 qjt7[غ˶P J E.z{Pet^_G+]Sc_ᣃsНrnJQ(<V_\eH|[moendstream
+xZMs6WrU7x<N8sJR)Z-n(+Ruo7(XA`h ?1rq(.h8;p$I;h߫d䙷Ҏo{Ή?N>_]Ocˎ'HNj~<9N _?<8=;g̗QÖ ?QɧO'ǿ^ptv}K{W!>W>gpęΌ3-QhZIqtuNa7LOKŤj4Q9 :^Z%zv]4ؤꉪ)оʰD
+W}(1I GA?;&tAee8tHrDl<nq"m󼼣"oZFe)iU6a~0 Z펪gKjfO s >"oCiMWlaॉndBUU/޴HY>$e&0<,wc3m]$ }4hE< !;m?<a#N6u^N,o80(<Eފ\{B蹬KB+
+p=ǬϦ9b`
+mlK 1n&kY{x}͇JkUpvU;8b!DR(/8̧wWWgF;-+܌H/eOxA bG4z4+@ zPkuO=4l2/ߟRp!h"tF&+A##5 @$jo )|ɳW;\/w}+:l;-K L>Ws(ֵ?W~[\xtb!(|fY^q˜jm=/gj-eMIm-bA٦~fu)%i6@yֶ~cEۚNW-wgC̎u+<-niɬ} R|7^ڀ[pY] 5tH#ŋͼmX4ABO zv6L-\$?L90Xcc<{>|Mb4`'_}+ n-w/
+GuEp4ҀU^4iB$IIL we{$ym8ջ= 5Ĕ6;aITf+i'ъx`U=X!qLkżC(fLx9 `[e0YYRSD>&14-_[mK"矿hQ
+EEȵՇ@C`)iج"aY5Ը'vK>3Ry  ty ^l:* Q?$)5F9ZqCkc%%ի@}$Ӵξ%A{M=n.qX]wnڵC3}ed
+ CWbf*uCmIюC> o;`3B@̍4XwK
+ss5>[xȭ`Tጺ˼!{]tlzfEqr=>6rendstream
endobj
1575 0 obj <<
/Type /Page
@@ -6428,61 +6424,50 @@ endobj
/D [1575 0 R /XYZ 85.0394 794.5015 null]
>> endobj
398 0 obj <<
-/D [1575 0 R /XYZ 85.0394 513.3136 null]
+/D [1575 0 R /XYZ 85.0394 433.214 null]
>> endobj
1578 0 obj <<
-/D [1575 0 R /XYZ 85.0394 488.974 null]
+/D [1575 0 R /XYZ 85.0394 408.8744 null]
>> endobj
402 0 obj <<
-/D [1575 0 R /XYZ 85.0394 420.2055 null]
+/D [1575 0 R /XYZ 85.0394 340.1059 null]
>> endobj
1579 0 obj <<
-/D [1575 0 R /XYZ 85.0394 390.0916 null]
+/D [1575 0 R /XYZ 85.0394 309.992 null]
>> endobj
1580 0 obj <<
-/D [1575 0 R /XYZ 85.0394 312.7536 null]
+/D [1575 0 R /XYZ 85.0394 232.654 null]
>> endobj
1581 0 obj <<
-/D [1575 0 R /XYZ 85.0394 300.7984 null]
->> endobj
-406 0 obj <<
-/D [1575 0 R /XYZ 85.0394 159.3 null]
->> endobj
-1582 0 obj <<
-/D [1575 0 R /XYZ 85.0394 131.3824 null]
+/D [1575 0 R /XYZ 85.0394 220.6988 null]
>> endobj
1574 0 obj <<
/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1585 0 obj <<
-/Length 4330
+1584 0 obj <<
+/Length 4374
/Filter /FlateDecode
>>
stream
-xڭ[_s۸[_H\rM&vn:D[H+Rs; )A;A$
-lﯿK7?|\򎞾}r oǛw+4t[jsw}|_oxw2^/g򯋟e, I[#[+f eeso}gHP
-Ӊ4-s13ӽlAJ/;-G)5u7P,8$P~L n/
-ꢥ.-Lv.0Žwj!3.vzSOD%B7~e݂xE
-I5j귊ZY|Ӹozw$WJ bA)͔5o(
-/n>! b .ƊwDD}×b^wXk&TMӘ7f@CP-k<cr0:phc
-Z
-"mbL^iek03rRB<c6h;$/o .O@ipS_O(m2f*rڝ
-.q]/tzkYY(pMiؒӓcLi
-&`G~apwu9I؝{}@σl;%QacY-Ɋ~{ALS3
-v`H9&EZziwȰl|:<:GL::K*P^
-epc .ѯsYGpr:q#"Or't-"JVr笨΀|bE i=k z+ ?lYSiP&r (.$3a` ޅh`oyC*ŷn$L<"b&at[/}{"P`xͦ}L  ` TaZ'mU8"@h;M%2Zx[ Sx ð!ނL$=yyx-
-³H=8*l;;o&*
-WAxFRCa.
- Ea Lf
-bb/ƺss û_2Uĝ4SX<Q<Hl6 ֶ_8c%׾7?,4uդR``GSqk,WH Fj?-hqFŰL(upV}S&7. ,3Yxcpu,~y>c79qdd-dR+ vܙ<{"-?[o Z0Sq<]WߺL`[*cg"}$/ ~S$͐B4R*4=U,Ġs=9\΀"HD>
-9ѽ1W.UQ^^ltsiz`XxQ;x!Wpǀ~1\M$ Kqx/L6I4d"޿N+8?aRXT~o?b@"JCw
-k%A\uWo*>OuHLՐxB8i5EA Lj:<G1nIendstream
+xڭ[s_:C|zKi/3NmqN"]~ )A;H
+nf FMϹ}j 0eZ
+Hw!QX}gow}=, ϋ)f>U,_d_e\wc Zg:7eY6,O7~eOnKO~{SyMx7y4*HpiS5HqUTp9ySuPK٬Ǯ\_0*a:Icp4y ׂ 톆,eTݷzSᆱVsH-c3P[ lٮ]Gt"$M˜d6tSZг˰54嶢5Ù8ʯ}IauEA]4|¥Ɏ7B d^»fLq}G"!?ج<W"̈́dfj'Q~WWUҴ~{=%AlROH4cָY4 I00~ι a|qCxT7|1ƒ^@] %TMј7b@Cw_-k4Ä́b
+,^!mFI|9Иt]D1WGj`fȡ 1 bYnr9y4|k8)
+GW{[w09x4tLr5WGo 8_r8DV!%<GAkXܼ`0 $3EHy:9u!CVwщ`v"N\qJPD0= -*BSכ+-'4Ysa}H |
+d/@q1&`!ÐMW963Lg9y¤+$Lfv6z]{_|w~7`9ivxVFυwNԥyBסBRBA7(uQ oXg\}1Y!-fvwF"B_Eq/aܲ3!`/&H c2H@c2P<Ǥ01 R"Bϑslp״
+q JLk*)5K6JfwL VK*z\R)|IESIEpwX۲nui} zR\p#4][\z$7[*`5b)BW ,hp;UE"l+d'qc2AG6W>" C0 C3P<𭎹IӠzt\tRMكSv$2sxT?
+0/vbL2 z-{62L :U
+VJ\3
+:ɈAػs5_54w []uI9,7]K$SIٌ<1a"BcL7Nr~roZʔs,({( /PrAg =1U4d {]@ʷ2\/C*+]v_n2p9#<K,t4q>Q+7k'MRHuU'=K1.bD/J(ToCbsLz4e=:?HNfz-tM~::%E<(ބo:.Ab!5Q<kAfk0(/P>w0(SXz8>8H5l j?GoV} DK=ӟxSBSWMξaW6][f,NOpdw̥?\Q˓`ӒOS2aq)?껺Iݸ0\6Ù lw8_}w@ O謐Gn7<ZW=ߖ-\wB-N߷]W߸2P[h:|wD 0IA@$P?v14V
+/AL/ ;zt~ $|ǫl_jpX.ezG\˴Y؃`k.S;^k7 # ć/CEEc!3o
+ "}9Djw>@zۇ gxߩ[>l^7&v^
+p".LzaIL%~딶f8 JrU6(;mvij@)d\#ÿ?tbendstream
endobj
-1584 0 obj <<
+1583 0 obj <<
/Type /Page
-/Contents 1585 0 R
-/Resources 1583 0 R
+/Contents 1584 0 R
+/Resources 1582 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1573 0 R
/Annots [ 1587 0 R 1588 0 R ]
@@ -6490,55 +6475,55 @@ endobj
1587 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 387.5149 256.3816 399.5745]
+/Rect [55.6967 314.0348 256.3816 326.0944]
/Subtype /Link
/A << /S /GoTo /D (rndc) >>
>> endobj
1588 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [268.5158 387.5149 332.4306 399.5745]
+/Rect [268.5158 314.0348 332.4306 326.0944]
/Subtype /Link
/A << /S /GoTo /D (admin_tools) >>
>> endobj
+1585 0 obj <<
+/D [1583 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+406 0 obj <<
+/D [1583 0 R /XYZ 56.6929 769.5949 null]
+>> endobj
1586 0 obj <<
-/D [1584 0 R /XYZ 56.6929 794.5015 null]
+/D [1583 0 R /XYZ 56.6929 752.2372 null]
>> endobj
410 0 obj <<
-/D [1584 0 R /XYZ 56.6929 692.9565 null]
+/D [1583 0 R /XYZ 56.6929 610.516 null]
>> endobj
1338 0 obj <<
-/D [1584 0 R /XYZ 56.6929 660.5438 null]
->> endobj
-414 0 obj <<
-/D [1584 0 R /XYZ 56.6929 112.3379 null]
+/D [1583 0 R /XYZ 56.6929 579.8656 null]
>> endobj
-1589 0 obj <<
-/D [1584 0 R /XYZ 56.6929 85.6994 null]
->> endobj
-1583 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F14 964 0 R >>
+1582 0 obj <<
+/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F48 1238 0 R /F14 964 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1593 0 obj <<
-/Length 2372
+1592 0 obj <<
+/Length 2364
/Filter /FlateDecode
>>
stream
-xڵr6Q
-<,&xdj&a>Wɿ)R,ﺶt`h4B-(BKBE.TI\]<8A ?JELG-Mlq}^~ۇ_ޝ\eDw7L?^\r\nqyd{
-G6\?g,CyV> kx%,< 2)>sBQ g H,%iP$\8 Z#P
-q_I.70rDD WzgM 8ٲxI۔o>y(UCQU
-gRLC)g~. Rz\DQQy($-ͮ2x{{ U?3:N)"BNi<D RG` qg
-nꢙ+4xdq H!>q;4$j*A4S 34F ZmH~).&aҲPnA|U%,=~A 8Ǣ')sxE ·8󯰠 I:eYz \-ywSk <j[UT& ~Qv͕0<raq%$}жWXT;,y4>1tɗ7-NkѳU:!c|}^sTD!iWBvK)=l&}hdl`3AǂSqF-ؗ? &ܛ թȩQ2eҦ+\@fal)rdB܎CgG]W>Wɳc* ]%i'К
-b-N8gE8/.KLY kF}YPd(.#]TVb6c
-qc!l4+׬oToF'|7bz EF ],mܖTm`aUr.~q\ , cWa ؽ!OdF1LC 4ѶbD6"GVy,3.B`` ryoCӐ%lK0fz0fQf+b%-Y٘: n7}?vr.mﷸmbm_JIc(āmf"֦X[CE-iahaLAjCa?#F0 b6 <$EǼ]}8. G{ZZl"/sw!e.{Mo3 wrS]_}oz7]mf69+C>ؼ ƖanӤ) Nj{I6Uo54ݔ=,yXea y|u9BPġǍ]Ǵ^ܝV)fJlJ;w8Eeޢ|c)Odæ
-|AXuLYIs_0endstream
+xڵ]sݿBLAsO}u8Oy$,qEm{X"Ev `]VlAZ*pH"-/b k. :`ݵP-Mlʾ,?/ˀKe #O}Tru-N]]_]~ sŎ뛿]!O?}j2QaW@/('P/ʋP
+"C!{UuNRh"5W3
+l# ʘD A+PJy̠ۤ5Z/.)dg%~w .r{"P| S%yF!TDۼp&2~mG,6bB9 y(ƔH^3`NH֘]Is˵hi/& ;rOdzip[;85o3mW?7#\TL/SaG&#5ÎVˇ$͋Yt+IVU޴[
+$hOb]4E.K3߷8Y-p讁*sܬGRn 8Eѣ~,"ÕYv?"~7Kl:^76eŢ<P;{_]Ulb ZWznY|Sq"- 0<Xpi1ޏuIw'tQsq"JD_Sp~{oO Tb&@@YfȘu$;Ll5e~ Jscˉig
+o
+,O94$K3@~00Jth 6 Oz c,g{_t gϤ=)_
+R؟Nlt
+k+N+Y]&EU޸F68`ͣsMiq]um,cyQ]Y/2>rq #DK ނq;Oz`_'L7ASS? eKˤM7>ͤ2ȑex 9V^op;~^uIT`X$p`/v@kSj[YE|7L(_tk[(+ѹp(}KHomO0RqH][*X5Yuh[ \ތY\@钷w<6#ک \-UDO (ڦLҠDҜ>XMIB'Q
+!%Q/'8gE8/.KLY kF}YPd,.#]T=+C!X]<+,Bh6W#Eߧp ތOf40퓻XQ/ڗ.‚1DՑ]-sq%5Xƾ); ط{CdF1LS 4ѶbD6"gVy,3.NB``=bui3)ErXI-1˪5f[5u_.oÜ]( PlqG*ѷھ 6Q<:D z7z"fSP ~A]0|rm@}[mv6PY4iujg_yK s7?fpS0+?94!s'vv T8~`l:Jm9M~zdW6Н^NMٳ}9Ѷ=!ϕoQ.G<8q l*
endobj
-1592 0 obj <<
+1591 0 obj <<
/Type /Page
-/Contents 1593 0 R
-/Resources 1591 0 R
+/Contents 1592 0 R
+/Resources 1590 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1573 0 R
/Annots [ 1598 0 R 1599 0 R 1600 0 R ]
@@ -6546,79 +6531,78 @@ endobj
1598 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [406.6264 524.1437 456.8481 536.2033]
+/Rect [406.6264 463.8552 456.8481 475.9148]
/Subtype /Link
/A << /S /GoTo /D (tsig) >>
>> endobj
1599 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [140.5805 512.856 196.7992 524.2481]
+/Rect [140.5805 452.5676 196.7992 463.9596]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
1600 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [103.6195 470.0794 159.8382 482.1391]
+/Rect [103.6195 409.8565 159.8382 421.9162]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
+1593 0 obj <<
+/D [1591 0 R /XYZ 85.0394 794.5015 null]
+>> endobj
+414 0 obj <<
+/D [1591 0 R /XYZ 85.0394 769.5949 null]
+>> endobj
1594 0 obj <<
-/D [1592 0 R /XYZ 85.0394 794.5015 null]
+/D [1591 0 R /XYZ 85.0394 752.3146 null]
>> endobj
418 0 obj <<
-/D [1592 0 R /XYZ 85.0394 769.5949 null]
+/D [1591 0 R /XYZ 85.0394 717.6455 null]
>> endobj
1595 0 obj <<
-/D [1592 0 R /XYZ 85.0394 749.3189 null]
+/D [1591 0 R /XYZ 85.0394 688.3332 null]
>> endobj
422 0 obj <<
-/D [1592 0 R /XYZ 85.0394 679.8163 null]
+/D [1591 0 R /XYZ 85.0394 619.0499 null]
>> endobj
1596 0 obj <<
-/D [1592 0 R /XYZ 85.0394 652.1211 null]
+/D [1591 0 R /XYZ 85.0394 591.4512 null]
>> endobj
426 0 obj <<
-/D [1592 0 R /XYZ 85.0394 573.4726 null]
+/D [1591 0 R /XYZ 85.0394 513.0222 null]
>> endobj
1597 0 obj <<
-/D [1592 0 R /XYZ 85.0394 542.9681 null]
+/D [1591 0 R /XYZ 85.0394 482.614 null]
>> endobj
430 0 obj <<
-/D [1592 0 R /XYZ 85.0394 335.1831 null]
+/D [1591 0 R /XYZ 85.0394 275.2452 null]
>> endobj
1601 0 obj <<
-/D [1592 0 R /XYZ 85.0394 307.4879 null]
+/D [1591 0 R /XYZ 85.0394 247.6465 null]
>> endobj
-1591 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
+1590 0 obj <<
+/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F53 1313 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1604 0 obj <<
-/Length 3489
+/Length 3170
/Filter /FlateDecode
>>
stream
-xڭZ_ O'YJ=]t^6$l˻Y֒oow/@"A
-@L'.Ml!ˬЉI\7}{!xOZNg}u{k]IaNxIv&2޼緯2Rtj)r#_Տoi2n|C'~}W~wq}t+R E"7IQF%F+).NFݫQ4ʈ")3 "J`AU4]캻#-ʡjv7կi*z(e}yW-`E9ٲ$&d*30x 3S9hY׏)-]W"_T=REIr_Wu-
-J;Sg1W4-fW'h*/۶E[j%&2lp/{XR*ww/ax8 4T}_`OM#A#| }h
-)
-09 @&tVս .v`+ݭodO/yUfZ{&H3af.rLE=ȣsi@fwN %$z/3r[*U$~%
-0jJғl*M]ot7u8\}Q&YR D bRE_ԑP! ZvES#aJ4CQ{0GnN
-} ˫{"8
-b#ω
-Hnꁈ$'DPN78h+~\A2_=-0PMMFN<))DŚ<EbMj ro$SF]?%߰-<'c!7a\&vӤ( !j+<
-]F$F]P^"<1vDt d6q(/@y y
-T&ya~&[a7ht,[vQcF*4]GNqwUסyBPcA*lY4(| H,@QXMakUmPBf+I"`m+ @PA<K@J,Isf (Ԝ.~~^q4 8HBPN3-7̤\{!bv
-0si.A9}k e5=LoG\d-RoĤGo=
-/pD ;&9^UHՇuUmvSY!{Y-t4g
-
-̉ƹ|A*EN ( #с0Ai(*~x!Jq|ІX
-ISkK q:֩JF#%n#w|+vXU WҕhGjJ8w`aةs
-vk^)Da%KVYH13 mG+4tM9\k
-l75'}"Hcdڼ~?j=U}#͛ sQqw2E<\{l$a@Z)ĉ+&9bk$0L#p2
-kc0C8_P;v!(3S|@x"B_ IJ,xc$֕' н.' &
+xڭ]sܶ]&OՓȩ2:t:qûXIȳv߻]g{=p
+ƫERXew<y.wߗ6Q%P߼~uoo_^f+e_n˟~JF._nҔeݾ0}}{o..e|_)4^!O"En0,
+/Rj0_/ fYI(mՌ
+8dW=׾]횞?wB꫶!Ll+F₣IREEJ$Bgsb:usZgu wå̗Cl,i8>O4h*^#~ 큀~h-Q;|t4jL-onv,E 1l 3׻JA&TCJ]WprcOsw{K7-2vP8hKK 4OF]\M@9VL͕ t3'"FQEӌR<4Jɶޭnw#`i:%vZ2cK% {[V$`]En٣,t6sWKURXyhϭIWYjH/ 9#laOVhqDX6=^J|y%$(pX9!Zm6ܴ3:T~@laNbhP Z?AI EV c>_RIu;Fk 7n[}5ƽ: z=EnpOCcޡh '$Xk"[:B2(C@ dH4X;rվ<xH[:K1{^+b3{(7a#24f.sV˪GO&&̲k=#|DShXu|EvJ$7811Hp0C>3I*rr9@@/Zb:8"SESӗv?xKЗ3Q*F|v35$8:`"sM& IXyT:+UPA_Ws |OzŤsMޞs̉A}&``Pʼn.p ?!<P_
+i
+vٶs&OrY`#|AB顩 @-p#-|%㠜ݤI4$5l6s,6H8OO
+ b&Bc
+>o+f3Yl$xrkN-
+C3Wh UF/K򀂯Iy-3v4) \TSlY`*.dǮa~01`*Z8(O0@~14B'j#Q -%9zߓ(~U=*WGݵM|H
+MK'Mٗm@f&rTPe_WE
+,y
+W>՞ފ7B4}H)Q_ϵ鯨cuO>+M?? 2O%:Ub<Is L]RO0Y/.endstream
endobj
1603 0 obj <<
/Type /Page
@@ -6631,35 +6615,46 @@ endobj
/D [1603 0 R /XYZ 56.6929 794.5015 null]
>> endobj
434 0 obj <<
-/D [1603 0 R /XYZ 56.6929 769.5949 null]
+/D [1603 0 R /XYZ 56.6929 696.3453 null]
>> endobj
1606 0 obj <<
-/D [1603 0 R /XYZ 56.6929 749.2381 null]
+/D [1603 0 R /XYZ 56.6929 666.0554 null]
>> endobj
438 0 obj <<
-/D [1603 0 R /XYZ 56.6929 540.3599 null]
+/D [1603 0 R /XYZ 56.6929 459.1977 null]
>> endobj
1607 0 obj <<
-/D [1603 0 R /XYZ 56.6929 517.4049 null]
+/D [1603 0 R /XYZ 56.6929 436.7104 null]
>> endobj
1602 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F39 1161 0 R >>
+/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1610 0 obj <<
-/Length 3318
+/Length 3640
/Filter /FlateDecode
>>
stream
-xڥZYoF~22094 6]-QTHʊv}ym{a/vUUSj&Ol,ɢYE"*-WroYEo5,YzZ5_<݇]/t,牸^ĉh$?~_wh~4|ws{swBXwxOַw~_U #\ﯤ0g'HLWQlDGvW?]p4^ /6VVj`hXpyQc/]ٕE͵:pXQ&/y}(+ /?]oAԈ,"0+z%+Sj틶7򶨘lqT4SJdqݮl%GU.1=m`GX46vIJ@V)x
-e =U9 G+֠ջ0xc|,$4
-b؞bW, ALU{O߯'zH^=:;_xSWATFV^p9^n
-ґ'̃KD_fLZxf# M&S|SrDiY됟(aMoa@
-$mR_
-8\Ry3C@6 5c/z)pL Yr p,#]f
-S&t&b_G)MJHBe^0CX ld0Aڢ#h-Jʯ4^0FB*YC gױP/H=SIJ(!> Y:]K`&gnWl8~a0a֐hp7jd
-"{'BEcLEi3Y=&D6u;iX֎p5w/g:sNjYR0I|ˢ9\y B^|ء敜/PP,5Wgh yI@F՜RjFdp Ci"= 7wol8ǫ6]jw]bE_
-auz(S:[)endstream
+xڭZ[۶~_kg,WtN6NlL+Q'm
+k(
+yF1
+=۫WS32ce`#
+nY:7˔Tnu3gU5z.+ s!Xat x+hu~=Wi&$@ifa2mN
+euSu
+Ac>dj}MO#DE;^_uaH$<9"lѣjO0>5:-
+
+lDR bMWu&iRGsT=|h};3 g[VCƟ
+[f8[}#pЀx(ebq=7Y1{U-wm'Di4 'N~00qSOv}_ &ʖ4r!SSFwn2?0urj;BC0BiD#E19;]s>&~ˤbF*4eafA>@q9M@3o27)ͪMVEb5UJ4Ci$Γ$ U6gv*w`
+} A|<V'fȦZ+x:1՞@[pЦU!4*90^
+yFCxm{W6;/h1^S6[{-HyUan
+L<s^^0\B I
+NB֪Z (:t)I $wDtk\rkspa&!ژKTUݶGWj} )>'`VÛ#+L$Y.<teҷj2ЈQ2/Yx+JK(Yc#斄:FA@8<5_<tM!9=>
+pLkޱ@Q)sru50$+O^ISñcf- oVPz
+B g@CYom0&'EY9Cd^sTQ2'=?K=L#{A^ͫ 5y[यVmSӲMg!}mвjFEӐן ʏt4{ :F=esOUp}|{l&G!ͬ
+}u.Bc1 wx ~e̜eDL'cK/p_-)oxd*"q?_uaF12(JNE?xHM3E}Ӓ9 _r2F^
+d,/<SQO;3 Lvw>O~q3LK:] "r{,{u>Gn姺HJ-Q
+)(@TB3@@-QTY7$auq-wJUhnIHRd,%sX*l=6Vwspa^r)YWMՕ[%x=+rᩛbv;bRFfX+8tԽ^TFv)d?p-?/>rV1yb 
+t/h[_SӼ8>~}7`T-B݋g$pLqa'$=F0!W+
endobj
1609 0 obj <<
/Type /Page
@@ -6672,7 +6667,7 @@ endobj
1612 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [173.6261 273.4719 242.2981 282.8815]
+/Rect [173.6261 190.3209 242.2981 199.7305]
/Subtype /Link
/A << /S /GoTo /D (the_category_phrase) >>
>> endobj
@@ -6680,24 +6675,18 @@ endobj
/D [1609 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1608 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
+/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1616 0 obj <<
-/Length 2400
+/Length 2058
/Filter /FlateDecode
>>
stream
-xڭ]s6ݿBӗH3B ^ι$=pv2IRJRq՛﷋]C%b?`9 Ot,T$l {o/$,=r˫0"U< h#g_Pbﯮ|zDKz{ݻ74ZO73O~!zsyuys..o;Y DA`D=@4UEC0vI@0V
-@&q
-N5q)$x v-c9qAʘ1/c~s']U}ZH)炴$8WRitWG
-k"YSͷ <&=b*M*PTJ`y[P!GrU.G& ^_LƮoq4˓~h,:miYB%&J(ey^PHLM m
-]):a?Lkyi Ҋt {- Ń" [[ښpy1@"2i?3M-;HH1N޴9\ 8UDVv֪BIn:oVZQ_ohTiQZ8m*;G26ѣ:[/Ԭ zccr(?+v7BTܺ~$>7b9:pt3K 1@gT[?|v (\q
-0KBG7m8Y)!Գ"J?@s Uڊ#N1 %_s\*_Cz%S4hIms&RmF:w!q
-* $mlk缜2e&U
-*ċp>Pe4t
- .k} sg'<_^G4Ξ+8y5! 򽚪.;O =4­zfKe b<5LzD/H~B) '2ğ[/< S] A4rb=E4r5ȊAv0B,/.pm(,
-;zmc?Â@6OB3"?H;^juй
+xڥX_6OK䙘!isIz{MhmT|(KM@
+V5qTaR(c7qژ9Xxd\栀mǮ9͕R 2Q&>S'Y:@.Ml"y[W9._&PL)8I!bqU߻*eQ9M1dQWԬޅ];bgфIy3>m+Hgl.96B+}QMG4haC`ol t:m<L}jD4"_Kx0=mxw1Ok"2Y_m7' v_"uƥ $o6sXUU$WRNֺƝ!ihWZC!Q64w4e=ΛݑM$)zȳ8MC=($d$,_ (#'>$\)t#
+vK(tAf|V `\%iƒ*F3H_o'KrE GEQ-N\ }qǢ2%oJ*#Ժ}tQ}'@QUYuQu=uBOl*{E1,]\d뉄vi#l؏&oڡHd|?fP&ػ" QmMn/ZDG?s-U Z"ëUl
+.!v\f}?M_&*^WE _O-1ѝL{fN-ECFL$Ci/Ͳݫ&D Hr1#^Ub<kNtP6W3G*e~, ~j4ȢKK:[|8L3ŹKo'O뾾|.Gȟw;&&7)2e_`ho=}Ge7ADV4LfDb>a\ ][87Oe?3l7Y4,z1(/!$\FUQF?FHeTBŔQ 64\vWez3 }`/蘃Ҫk./*1unk|EYzGqZڶGfЀlfH08D*/<.b-"ef(F\Sﵲ%9 緦RPA鑹z50%+endstream
endobj
1615 0 obj <<
/Type /Page
@@ -6710,35 +6699,40 @@ endobj
/D [1615 0 R /XYZ 56.6929 794.5015 null]
>> endobj
442 0 obj <<
-/D [1615 0 R /XYZ 56.6929 520.4669 null]
+/D [1615 0 R /XYZ 56.6929 436.7807 null]
>> endobj
1613 0 obj <<
-/D [1615 0 R /XYZ 56.6929 495.6849 null]
+/D [1615 0 R /XYZ 56.6929 411.9988 null]
>> endobj
1618 0 obj <<
-/D [1615 0 R /XYZ 56.6929 178.7136 null]
+/D [1615 0 R /XYZ 56.6929 95.0274 null]
>> endobj
1619 0 obj <<
-/D [1615 0 R /XYZ 56.6929 166.7584 null]
+/D [1615 0 R /XYZ 56.6929 83.0722 null]
>> endobj
1614 0 obj <<
/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1623 0 obj <<
-/Length 3175
+/Length 2752
/Filter /FlateDecode
>>
stream
-xZKs6Wj+ssu*cڪMrEf E*"e HLOUxя#|44j4?$tt{4=BQZ3W$i'7XG˫3I8|cWT}s~q~s~uz~<0^ 在7'>>|>KI<GF9#4Qg`OS1JF*2ԔGGZOiuC3qh"(V*ٿ,-`YOrJ:LD;wc%RQiRfucDg
-&9L3<N}'@֚:J6}Ș1.@5<[ЇPfeSÃCJbӮpɚ{UI$WgYkjXsNp;fmNP{JF5 Թ CQBޗvXJVhPXxw zC
-<,#U=d;*ujm-1J%:↑%l\/? ڍ+ߏl0`f]?c,ڽZ XbF,1ߘ_*I xr_*Piפ h1܉s[2 _x3^<"yCr[v"+8
-U!0)~SwNJ@O}&H:|=;3qL'`AVLc zXH܋#:ElmH;_}6ϼɞqFtn\Z,_J7L? yYX@^ > };'
-n݇[ m
-SXf~O^S{بVFtqt:P5( =`B3o-S;5o9fzFΊUc L~zPoLcz6r{~Js^}E<$<"~nlpXq >=;}ON3hPs;{JCo]rI'a]㗦-ۅmm؈؈4샺?
-wU/Шͳn]] Kz]G*"
-P2a k*ɱ8nH7! YG"ӹo*4,f"!a
---탻I]Iu 7 DB<KPPٓ%ʅT1\Č2rK[ !t(}S{~uP^3j{d(*&IJ3q,E NgNk״;\"/RڹP"Q"M 3i$qİQs5c:SA P[‡k1=^Y_; zts m*($JRTTS`-:tX>/7D
+xr6PBW"$1Ԍ=kkv7Ɂh5 RLvٮ} @1/f\E |Ѓ0H9zҰ=*D,2 F-\!a(o?OoRsϰ6z"^_]\~q{+989:=?P /|s_GY\A<>=LE<D׊i_';=W5jAsj0T> xƲY=rq\YCl
+0__X`LWXZ0iIr
+ ek>8~
+E
+gX^^PwH)>v`EeQ,.W#K>
+6_76Hp( BE,q4ɓe=OD#oƳae28_H5~.4˨* Ҳ-POWE|%N~" lkׅa#V ֢mUo@$&=Ԫ_oJk( u;G w@dK4r8s*x[u]Ɏq
+t-
+=e xh0LƫeZ{}XXrqCIugqO_"muTx_j 53R*Kڧt 'su[DwV$~#%C \/eR}Ϯn!I%@?axxj<a8%M;h>hH>$4բN<q̪z~[SYU&nic?1w {f DeE @
+)׽#{ٯq^dل
+
+c
+8Bnpwdt]Pb>>bXVnx}6O&P';V#r nw~lvZ[Jf8bL7EػY/ zGWwPaԷs2
+ɐ?u%Eq1',W=?jx{޵ҟ>Ѣ͓jߢCZw]+컆I2̗Zn1,XӵLBRa67[Jmˉ,$[V֥>NU߭ipBBB+LKȧv#rՂM
+,"OmcєT=/&,);f;:k|ou1Zv6>%5}I#&|c9|%V<ct{iev "#f"L
endobj
1622 0 obj <<
/Type /Page
@@ -6755,23 +6749,26 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1627 0 obj <<
-/Length 2903
+/Length 2959
/Filter /FlateDecode
>>
stream
-xZKsFWjKUya
-Xdhׅ1?L@u2b !p13J*+_S`*HjU6I[<iΓ婘znw*yk_Yfny&m]YW;̛3<A +6*#hT &-}uNuqΛqg17d/OOjT_ҝt![h|MN$/{"%pͶm1u2-b@ #@faׄ<<D !X7 #
-Eb%#;㢥M[TbloΈ';_nvRZgxm`r~GeX견
-O"xhdX:qw-Xp@!@e- h;N_`rX6ٵE/Z= :uk47/B54ݷ1D3_&}͝P9VPFw
-
-NAl4IG
-jB4NKk-Q5I`JNݑtwva}v%X \)P},в?V9+fBK؞lhPKAA[o :_\k0iP%q#Ĺ9bw8UOS+>f&)5_MHsy'mٗC>p }&?gpƔIL,ɖ4m#4&%>=F],X#k.<:Har`SҺZQC"!1T;*H1aÕ{[ i MjzRLGX%rTvl(M/S%%QQ҅U~aJӬa4 schM<,' cR
-"co{P0:{oͼ@AW)͔(Q!M~ #cgJT+b5nt<[ѫ
-NqUR6杤Ɇ"~ȻmR(G6 *BZّUZB<m]~ƍ:m F ;g0te$RNFQ,/Ko^'\[[vd0wr,HϢ.eFj;4<Ww ;a[(yf:P?qcDY`q?g ZRcu t!(o!LN
-]zDj#v4' [RUp hΖ+r軮%k:'=&lt_A8,any v=]G6}r~œhQx3h|l!с 6i38R-
-Z?|
-f#%P'<v9
-r aYNXXg>}1]p<Quu7h}lhK(B+2UyZ687]p`R!OGz/i2PP;0imnjWN՛x#J_<ظL+W]I5<`J9 ZtGF7w?XW3 led%)쒞ICԦR7Q:H/Gt]|CVGQ"q􌤔d16 0,KP_=^NgZ!!gSR. ¼Ypl$5]n5ШOV^8?xb?Czr|MA`vh["AJ_`z2h#vڊXo=Ŀn+5'G,;Y&vs%ǽx=Q __NS? CfyOSփ6i _jw!萩(go/ ZIe58EQendstream
+xڥr8P
+7 z|)t$WbOI W~>~2$^ه"k|2i.vg*~tzYZ:'?_\,C%`ڳkPD
+G@8I ԏ >wP6km0neLЦ> =SL5t_f=yg0R?6Jؙk)#a[4<_՛"\xks]ZT VPI߼b
+ =5 mw,ػywnV5?k]QfFҥ
+UWX;>]ux&^Ğb*$ b|ޭ8f[E+nb韾V ɺOʗ 1vUu2EaE F]G"%#vPGHNx¥?A2zӭVqy/}.`u x-FJL|N`c40+0Z Hd# V`meHH='ƯˬiӬ?fQ!엯Xk`RQ+'7b9lJ֡G2_bܗ,rυ zsWX6l
+gVR)K}7@;`)ij9k*1ʡ`f_g+-@<cq<-eJR [
+@$F>r`[<n8%? borRǁ#*͕P@&-W/<u56zSAۆl{I|{ADb"&e7GhPTB!S_3
+j#TIoNUYM͐"=-AWYOZXf=@(TR_L k3F6{.Fy1e;RDL
+4 !J踵
+'N5@Y p<}5{qOKu0'x UA0:lΧ=pq1 XSA[.@ |-6ug<
+efK=q[zJZIa0$VHUiuLm_ѐB;],-4Xwev(m5j\&ZκOiIf3جk5lrdT@ci7Uo tcubPZFu ݢ$Z#6 G5uٵ$!zS#jߌ3N(R;
+¦wZe90_,_1B)zG
+m!ɺ.k
+pCRIάS;ڥ..z [q+rqo6$UhHaS $rl8EC=ČR }z
+;tꛭ4߷aNJ!xv[od9g@@Bm{dyPXv2p[46ϤqȅmNjpF|VJG*l<SKrSs7T0^Yk ̣|q !_cBPLkpk({Ηs
+\[A表8 t gі 5awYbœ|U IHnz2yeUh? }AG9q4bo IKPoZȩ&YMewWQ E<Z7ݣ C[=衯v*TT ï* X搌|l.?qO5:<{aEendstream
endobj
1626 0 obj <<
/Type /Page
@@ -6784,33 +6781,32 @@ endobj
/D [1626 0 R /XYZ 56.6929 794.5015 null]
>> endobj
446 0 obj <<
-/D [1626 0 R /XYZ 56.6929 689.473 null]
+/D [1626 0 R /XYZ 56.6929 474.28 null]
>> endobj
1629 0 obj <<
-/D [1626 0 R /XYZ 56.6929 661.8816 null]
+/D [1626 0 R /XYZ 56.6929 446.6886 null]
>> endobj
1630 0 obj <<
-/D [1626 0 R /XYZ 56.6929 297.0896 null]
+/D [1626 0 R /XYZ 56.6929 81.8965 null]
>> endobj
1631 0 obj <<
-/D [1626 0 R /XYZ 56.6929 285.1344 null]
+/D [1626 0 R /XYZ 56.6929 69.9414 null]
>> endobj
1625 0 obj <<
/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1634 0 obj <<
-/Length 2618
+/Length 2586
/Filter /FlateDecode
>>
stream
-xko{~U<~nmk=H Ţm{g8,JkQ,WL8$d\z\O0D8'u^ߞxIHFEWxm~/ә y,x0) o_]\p}:up{WoΧ3K?ݻ۟No۳t+ƒvrOr8O'4 'HS9ٜPP+1듛 ;vi.Qm,dL0FIyPXT8O:)Mcv;/åġa $]Liͽ\-hD" TPaqf5)g( 9a(j_<GFAQXʼ(
-S#hؿ0fVҝ06p=0 WS2ޗ-ȚFQ:zJ<Ym*j-hw qߵٹa/*#ʼYdXEm1sS< )
-ӗ|(JS򝩷_DQN0:sk Z8~;mFm!<׭*Gz`lcF$H2,3-DT4)?;2<
-}+CLHF.LKu3C8S&Ut`W<mcR/X:Jyj_/bw:옆6R).P"vۇ$ܱ=RW <J$M:
-VFŕ]8={Ӵ.֦ Jnc ~ApY(JV
-(KmyK
--F
+x]s۸ݿBog"IN}sq3n&CK͉D*"e.Htb߀ĀO bøJ J43\x~0HxQ ^_tA+j3bp5oW#iв㑱|-aj|8;qW.}yzvzyzx$b#`vL8;w'ߟ\K{+ףO|0mręJb3xg"I`~bF+0GoFԾ\0!f|VE<Y 2f7/ǁÌ.P&BJ"kFZ+bRf٣4[.OgR&GFG$@4 b5ɖSlpy,TPi*gaaY~MÕۻH#U :\h, &㬪@ϔbcZzS{03/fY +<h; ;h.3/Y%=<.瞶?`m*A[ B<EI%͈w% O0խe}gmC xUwi ?pnheY-a6<pR,طM_卵yѳ-Yd* TS8q5
+?E z(`DHƴ Td)}]eG _U<Lˋ[רV';۳~4(* ?\RKEKQ>4H!=og+0
+@i;ɨOD(}6J|<R*H,v)"C՞lJ,s_FEP䦀d9y$ӛ}zvO޾p0JRaJ62Y'C &M/ N," K`P&-Ҳ1*|EX++BU#($ȱڌuQ1ӎq*j/b+-kA)%t j,Lcwg4q>gp 낪d i/@d:nЮ6@l@Mӛ'2h/巛`\qea =yVʩJoKm|)#u_=FA%۾I'P-!hCخυo;݊PJ*;Bf2*-.`v(E#x)pFHz.LKmHK· 3vk,Qr_棍d*֤c7}法 q$<\z?~:Hڊ j)=|$nyR'\5* D@xgho
+HM9]L*7N d p|ĆI\ݥ~0-=_巒u2?.];ꖺ<OTQĸ.4XE4/&SPokj2-舴{"(J mX:QBᴻDv4tSl] ڟ{]:>cϧd=:lle "ߣ"qLۋOΕ5)9_K98# h*T =jA)w:R["-;awGgWr*^l@0TCqC}(LaK3ٲ+O"+Q0|9,Bx<-Ez)~=b 0I|5.ۯg[h[MA@ã3d< [#%N=bE 'p>sNxkrIsPPOَO寞]@E3] sm{ R<uS#ue LiQ8JSexzy JnWFDZTd=~#5GT›xWQU?~xr~ s- NI8Vv•k/#_-_Wп=_2 BT([n 9|DHo(ګ koqDUc놘]fSr`.p WW+^<X+ D'n7W!a}:Mai_eIӬpJZ^n R
+ IF]q#_:fEĄb +(iq.g_bYĪm<NBi1kU# MpMb׹^˺c~v#"fzml\Ø|~<{XC`;sy*K[ۦ,3w]?=yBڡ=?9izAC{ufҨO"d/
+e T&Q ZTendstream
endobj
1633 0 obj <<
/Type /Page
@@ -6818,93 +6814,101 @@ endobj
/Resources 1632 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1620 0 R
-/Annots [ 1638 0 R 1639 0 R ]
->> endobj
-1638 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [519.8432 183.6871 539.579 195.7468]
-/Subtype /Link
-/A << /S /GoTo /D (lwresd) >>
->> endobj
-1639 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 171.732 117.8035 183.7916]
-/Subtype /Link
-/A << /S /GoTo /D (lwresd) >>
>> endobj
1635 0 obj <<
/D [1633 0 R /XYZ 85.0394 794.5015 null]
>> endobj
450 0 obj <<
-/D [1633 0 R /XYZ 85.0394 402.0723 null]
+/D [1633 0 R /XYZ 85.0394 189.8991 null]
>> endobj
1636 0 obj <<
-/D [1633 0 R /XYZ 85.0394 375.8082 null]
->> endobj
-454 0 obj <<
-/D [1633 0 R /XYZ 85.0394 235.594 null]
->> endobj
-1637 0 obj <<
-/D [1633 0 R /XYZ 85.0394 203.5557 null]
+/D [1633 0 R /XYZ 85.0394 163.5217 null]
>> endobj
1632 0 obj <<
/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1642 0 obj <<
-/Length 1423
+1639 0 obj <<
+/Length 1989
/Filter /FlateDecode
>>
stream
-xڥX[s(~
-)mn:t7uҌKb[ʥRDx;CCs?
-aw4f)R^GS ۖ6$jB}a]VTZemd <\ }gGB_W}y<
-lY+2_eaSg[lJrtOW)zgmjYci(6
-
+xڥXKs6WHW0
+G Τʙ*1 a/}}1|b)K@(_T, {scZM;Sewy]GW?zc%9 ɀDD DHa(COUIER5_
+/+moD%*]Z{iLkESӧM?EvÙ lP 8BIƘcD20"f$zT^|5$D+Ƥ+4ZŜNuD~1S!a"f/Kzw 3H
+w
+ۛu
+=]Q;Ca#D
+ [ivY@M
+66ۺ̻Κ:9yQ b簍ԸaOg!#0ai"'JB<5BS*kT u
+%s'Ѷ2ؘY377fl( ]a>ɜIN!ԟ|g ~4Iv?|@]oxݵ-1zxC-5㷷uLt^!ޮ!vu& WB8h'4s#[[X,~Ǐ 6mw9HACxz
+i[۷-IodS߂ :/3_a f5iS!^p 6|Hڇ/q,
+&q JSbpr}\Fendstream
endobj
-1641 0 obj <<
+1638 0 obj <<
/Type /Page
-/Contents 1642 0 R
-/Resources 1640 0 R
+/Contents 1639 0 R
+/Resources 1637 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1620 0 R
+/Annots [ 1642 0 R 1643 0 R ]
+>> endobj
+1642 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [491.4967 682.6714 511.2325 694.731]
+/Subtype /Link
+/A << /S /GoTo /D (lwresd) >>
>> endobj
1643 0 obj <<
-/D [1641 0 R /XYZ 56.6929 794.5015 null]
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [55.6967 670.7162 89.457 682.7759]
+/Subtype /Link
+/A << /S /GoTo /D (lwresd) >>
+>> endobj
+1640 0 obj <<
+/D [1638 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+454 0 obj <<
+/D [1638 0 R /XYZ 56.6929 731.9325 null]
+>> endobj
+1641 0 obj <<
+/D [1638 0 R /XYZ 56.6929 701.4683 null]
>> endobj
458 0 obj <<
-/D [1641 0 R /XYZ 56.6929 687.8224 null]
+/D [1638 0 R /XYZ 56.6929 475.6865 null]
>> endobj
1644 0 obj <<
-/D [1641 0 R /XYZ 56.6929 663.4753 null]
+/D [1638 0 R /XYZ 56.6929 450.9966 null]
>> endobj
462 0 obj <<
-/D [1641 0 R /XYZ 56.6929 594.6899 null]
+/D [1638 0 R /XYZ 56.6929 381.4304 null]
>> endobj
1645 0 obj <<
-/D [1641 0 R /XYZ 56.6929 564.5686 null]
+/D [1638 0 R /XYZ 56.6929 350.9662 null]
>> endobj
466 0 obj <<
-/D [1641 0 R /XYZ 56.6929 531.8042 null]
+/D [1638 0 R /XYZ 56.6929 317.4209 null]
>> endobj
1646 0 obj <<
-/D [1641 0 R /XYZ 56.6929 504.5879 null]
+/D [1638 0 R /XYZ 56.6929 289.8617 null]
>> endobj
-1640 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
+1637 0 obj <<
+/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1649 0 obj <<
-/Length 1194
+/Length 1111
/Filter /FlateDecode
>>
stream
-xڽX[s6~1Tn2M4;lOiC@Ě
-GNT%nplDCJ<1iUO4sG zڧ2Zj]ӵ2tcXz^)M8{eB?C0 4 <Ha'^|@B3nw/iD|u:cgD~#Z~8p~,uCu@M6|z1 H)Nܡ{$? /! 즆 aNjV/T#o A9Nw"xYjzyFQ(}8 p@UPг`Ig̞-MX3%rp^5>D%8̀i`m<YBKdʘ&UpK/JeSʲh<ViBX==E\GykGm}ہtU\e1
-BI4 +jz(WXG:tZ<{tC#Q<%cQ@) zqe ޯC/N%H)*oe>s~1"p( &SX תJ"`ΗeD|:7ajG0AuKXF=jdKxX8㎯Drp쵓3:~,S3>g- "O֋ "kǽ5Lyd(tY$[aNhz?FL[h)>&ȃ%Uj34T| 5^b4n})W;KWμeyp3h~leom$`m@E]1Ͳafm-ϫO "Jmnd#t.E=I ÆcH Mõzi')5Xq=֡f uKh&95XgEOߕ`qsonmMGoRuujtt׮H cy}/{H?=
-endstream
+xڽXs6~_c c):inzuҌGak"$N}+,s~] ن~{#cLϲ=#LRv(_>ܺ#036q 7-߷yxulϺCiI/7n]'-Motl߳S Pcfן>]φO鼊my _O?, |بeA`书7rRB
+=8#0
+ɮ{‘RE48k@RddPU1cjTg6` Er٫Ɯ% q8a9Z>azn"A Rv#*
+pIz\@#(9?jkm؄gP%vbہ4㤍w,;<H5+?}386{C.ⓗzzNz0 Q**bzI̼c.xLt`1e\V|G4K{.d>+KI[`kс=[$\-撅"X:ڊ&'5p+5ߩѐKVԩd͔4xEG
+~Qj9 ^uq<&w4$
+z=_h}*+ջwYk'D}eIHl
endobj
1648 0 obj <<
/Type /Page
@@ -6921,14 +6925,16 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1653 0 obj <<
-/Length 1155
+/Length 1184
/Filter /FlateDecode
>>
stream
-xڵXr6+:
-#d=ր"P_v>ƦV
-PLmh;A{6X^ΤCZ~0$>̩ʎ',$(ʁa#6nfWBmZ;'R F/li<ՄҴ#=aIwMD'f+Y5_c<-gJL
- d);:+QC0XDe7ۅuY=_ Vpeڅ>t|RtS%endstream
+xڽXr6}+*ɖeM)IͶ>ƱEp16kdn226%Y{t%] HAmhs -H7 Eup X_}v~5!m %,"ڐB@ݛw {??
+bΉ1XԄ2uMԺZF6%m6lno`1TOzQTwOrJ>P077b97LT.(pPXfq._$1"Wd Ro1VLڻE\FD@^L8\,
+2q8!G y6{6s5@b<4[17u[:hY7=
+7
+pbJ<n> 7=
+PwkR]Ӣ[Rͅ/! _uLS 9Ij0__R$<endstream
endobj
1652 0 obj <<
/Type /Page
@@ -6945,18 +6951,16 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1658 0 obj <<
-/Length 1536
+/Length 1094
/Filter /FlateDecode
>>
stream
-xڵ]s8ݿGgDLsMzv<2Ȇ)
-zv`C^oD ZfxxjiRHSVV4&"mWыkQ<ճu[-[\Us]̂N>̦WD^ƯnnH'w7o?Os<~zzzEkQ+ 0\5w鬱m/ 4WM w#M5<RvCSzdZjQcߍג᪖;=4iˁTsUű<6t+bkxHE'"ZsK6%R._bؖPzEdi.$es1A$4a1Y隰=/i>Oss|:, @F_ ɘ 3@:Ԃя yq]k&Y񀀑9/
-^6@e $M֔/z\9gH~AD Mv㨨
- ~l7X_gbH[KG /6z_U$J<Bg)IRR_Б_x:sʡ5݈r1ɞ:;#D9{/ƮRczE~5,M
-N4}G!z.ڽW0R$JӠXQ0tC4`uP! ;_ҮCEӮ9 9Ǒ NLGuu>k* z4u4$5ᮭ4񢐷鏂 @|ÿh9˘>lūmզgFg1
-3@aX]R0 BL8]i,!R\W 9B\B,* ׬"˫}$/KXM7l{pqp0oWI7-o|HB&Qw%#*hȍڮz}ڳs?@gA^qE$q
-z5_Ϭ 3J=V
-lYǚ7O򯿎endstream
+xڭXݓ8Q!
+5O3֭yO&/e !Kw&OWlKL jiAGScP1G}wx0:cW%,[l[WsїxCujYa28i0yw6 iuxz?!ݶt7r<LgOϣYo1531[y)c[whh8tZ},z?h,V-8k2u`fhZv J8x!.k,{aRcYF@H,"H1YGvÞlj
+Wa\ǶhŹ 1^AK{""n |VUۯK
+8 Hެ ;46Nt`G6rGeE? JppBqP%cw4. gL^dnO'b2d8R֜|ͥ  $"kHGV$ip
+@_R R=BTLr:ITRb8 8J)X5pG2ąwZWrN͗Q`@"|)HMڬt0\hϺjV륟?0{]N
+5Tn<Á1 T "K Ushk]Q{R.%eOD N8g}79E@]]n\tbH)qcbJ?9d\cHC=4 40'e!7MGĬ?yjWƼ _dK%-"'-ZY,/GPYiGio>G92,l8Fm8B\:prn8endstream
endobj
1657 0 obj <<
/Type /Page
@@ -6968,37 +6972,29 @@ endobj
1659 0 obj <<
/D [1657 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-470 0 obj <<
-/D [1657 0 R /XYZ 85.0394 179.8868 null]
->> endobj
-1326 0 obj <<
-/D [1657 0 R /XYZ 85.0394 148.102 null]
->> endobj
1656 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R >>
+/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1662 0 obj <<
-/Length 3141
+/Length 2714
/Filter /FlateDecode
>>
stream
-xڽZݏ6߿K@Ci7ݴ).ٻ{h l˱[r%y77!7
- j83?P ?)Ks/<a X/p!O)ŋW*[,OeLdƍQ$ <zͫ?eD߾ѫ?PwWr2FWyG]qDqF軛W7n޼a-
-p!\;_a?]pr™s_$Z1()NzРgR2`@)'4<׋L,URYhUU94MWR]UwFuۢ&r,ݥ jf%:qŝ}>C;G;IsҔ];US
-e7r75DZ!\ 75-qx
-]55*bP sIܑF|Ѡ
-LAo=/0:J.-Z)PD8nU݀#J0J0O9l%tyl ~[]Sv߱鎡@N
-D0~P^K7 ͫvO`)1d혓0rPH|
-1G(qM ζHmD H.;je7Oๆ`#Р1)vU$5;(0-9Rq
-7WP?vB?l^ J)5Ta=/|HN1']hD뿦q&wT7>ugu}[2-SWO5> 8?:r rЯ5:x-1
-iܰG
-UOF?C]j~.Z\SYM\7qTMҋYq94,§H"KGf80FaB|@ͱ8JpP((A: 2A-֧9|B9~I&]1oS0*n
-'[78汜q-I59~AZI.)==4q;1MWR!eM}c99c'in¦tb!ӾhH;פ| Os򨼳wGv9pW}ՖSFDz_'PKLE\; Gj?P|0Y ?*2V+*W!LRP]r%ݵ&:0W.XLt!.\S<;^$-xz2syf3{S,R5Ro?ct>JEK</
-{@ܰ KeU]b?
-|Q,*JV1m^1
-`h34lHuwuCDB{}2ߘu$Ɇ|eqFּUseLb2?^IRb}x*g6VD 9hW)
-V~bʊb.gcG%?S3< ` 48@YiU>Hr
+xڽks8{~gTTA=nn{}v:Eǚʒ+Iӻ$-Jk:A tႧAZD"+/VoOBC["Hu~}2EPQ^xpq]
+N^{{WgY]yԏ8.rA뫳_=:Üޫ?>?L../.޾8pŵp!q#O` ";xaAXb{8I[L}_Wt~! 8f ,Hxqk?SƼR6hԝ|QTJ*wzǭWuz_wv[yh@؅AyJu%
+Ͳ޵׶^AnC.7խljIJJn?B6_v+-E/F֊<վS6Q^mi򡑷1Qe]nDR'!ShԹ,;)>eU7/^=߁l?ɂ<bd&/.pk<0s-L!]1
+oV6=$`,j* hJ~WFY ,LHt
+<("b3!qb@8DS!n&-x[|&R
+#==1?^o*l"p+ O(Z}Qp|2(qzj;d]Z)/7kBp0$-D n4c4l ˧} LQnW QHh hxDT2 E1Rž6NwW5A00]
+ K.pԠxx`0\qDޯi
+[8 ͫ^1uȣPvtJ3܄J>&.ƂY
+fΦFBAdpa;a jc,8X˴L h5:eyobL9u%V%K9^+Ap r>)bP`\@nЗm#%E~PWfÉ'PI~(#Z~Wٓ2*-ew3
+E!9iu h(=QwݞKD}`~I-1>2@#p2+
+e$ҢCU??.FWyv!
+0w?`P5HދDBM%Bz@Œ+&&Pgэ?q`{susL=st+r/ct5|8j??=ܳ3]aWA̅ʐA`b0A.KDkzʓ#Mh
+]0s3S.4zqnE]7Z,k۟ƭ۶׭Ebcxڏ$&4jFL*l,Z2PQcV3G磙,+kzq;_v upwh$LCbfKi`,~!2Ps뎔.*B&e}g`{tW S
+ _%/Ǫ h~endstream
endobj
1661 0 obj <<
/Type /Page
@@ -7010,31 +7006,38 @@ endobj
1663 0 obj <<
/D [1661 0 R /XYZ 56.6929 794.5015 null]
>> endobj
+470 0 obj <<
+/D [1661 0 R /XYZ 56.6929 648.6893 null]
+>> endobj
+1326 0 obj <<
+/D [1661 0 R /XYZ 56.6929 618.5026 null]
+>> endobj
1660 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F53 1313 0 R /F41 1218 0 R /F39 1161 0 R >>
+/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F53 1313 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1666 0 obj <<
-/Length 3769
+/Length 3727
/Filter /FlateDecode
>>
stream
-xڽ[s6_ᷓ"$1&nlܴ}DD"Jv
-|_|>jq+A¼ߔ/}okx %Rj go]U.W{ˣAXcU~*o(XԽM_MxYww2V˥`<1Wk䤍g=9\0 v,ɸ옖12fυRCO}3T Cb`YHXnr@lqnyJ0勛{7w [n%=zhJǏMLD146u]ULCI 0_hJ P5d/ͰRl헪$y&H]ouXnMo̿Ԩo'ìaLrie4oil}2ahyNeXaI& <BXظao]{4z7[c{ؖ.l0Y
-vG-Zӡz k,K
-H'R}{=k!NAayqa6bueĢ%ljWÈDKgb:2Y$`m4Cv-%+H{ly[G4b^g*a>+﨣AW2=ڃ0 hqr3kN
- "egnFL0˭+i@v ki
-^-М 3Fm¦=n )#V+Rg,"K
-}6[[v7t (0DN2b{25ΈPjgM׉5eddZF'KUNK2r0fHNK2=v  %pZ֌`EBpE#<V_QXMh)h}VCiH(Šo){EȉRDq9J"4HJ IHJɿtDA pW]dq~ie a},GWz/S s ~D
-8|bf\SN}'l~]Mqv\!r382v
-6\UPOWfv^՗e{ڟ F|Ch8
-/8v J'c @ؑ#(j[~+f?!u:ZCx،.GvfD$le|h#ko76VOG6jRg hpNUNg /P/v5o؁$0ظ" E`yBPc*d1s&:F
- !cH}w)}D*D4g|hs
-\/q:!KNc3skS)ќ pMH0PʉsbF=+3pz?Jqi2Qʔ?3cK߷~dE$%^H4:6" RY >x|+6m~,:TDV^/`7b[%Ĭ
-qk'w0v6+$Sn1h*\=$nK_%"K ߡ|賝;mYg&)s9Z%+ Xixf
-ɢF9#*6+y
-S&gDzX?U0Oy>wB$Y^ l,ytT
-Oendstream
+xڥkspx=|7ͥSI2SJ-I#Rs}w
+p#]+vr\>g9yF1ŧv fs2#uz0 3n@hL J Y9!G,<><N+au9\t5C[h řtL|-J>|.;z
+U]-USmmuRVu x۲(˅ ; sƐ>jp6\T`/Ap[~Ӹc!ߕAFQ]Kv:r
+Siic{ pT /=|V*
+oNJPGg j v j1aMvǂ[$f7Lnn !-V- b]n XNS6ͮ
+V xa6hk TXy
+=HUDBy_$ON<OŅQ֛}q
+-=ES#kȔAq rdi'
+ 
++Q(Y!.)roL8ZH4+1D FW ֻ]~':k[T"2Vc3]fnzP.S`=A#Vgtާ^Se=I:%6jɸ/):9isIsLBiv%`5I9K
+$4
+VRZ[扗Ѩtg4{$bWkC'کr»~4H5!w̤Tc>jiz#uqSRǡq~ -׾Ee&8""-B9 22(#5[JZ;- 8^;0\_w庢M~(+* xƃe@ɿ._ބ<f/&^sݔ J._׮3׾l׿ˮ{ߵ"g~iB||h/?V~v KЃ$&i}QxcI=T\V'5Pn6ExP f
+`ÉEJhF^ȚQئ\W7XmLaM,5r -=dFɸ ZhnY Te&_kj\!LUGqMKhH&'ps ~g\
+f7?SRR33˘wH 4uq gQzW
+FBl4ؔwX͵4yRB`IȤΗ|Tjdgjh1-$a/A6w_hpۧO!Ptj@ 797=u@n9WR.ٕCm(' Gj8#cɜ˅O ݊3~_Xfr=x}'wV1Y1rc9%`]"]~&R0%?11;_e1TjW4ݎjTDXfe:L"rD{L?ou>azs݆+~~tD!-OyjL{Il;C_3//vtZHE
+&75:SAg֥ f \mVɓ4HhӲx G]r S˦VB. 5Oޢ_Ы -DlVTleT>\HO||7mBYsVjp=BtJRR+䈉eƧ7|'@Um!P $}aw~a: A݆On}TW0TF:7Tad
+73a _F;_cm=Q<40lʹ2Vf3uendstream
endobj
1665 0 obj <<
/Type /Page
@@ -7042,86 +7045,78 @@ endobj
/Resources 1664 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1655 0 R
-/Annots [ 1668 0 R ]
->> endobj
-1668 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [250.9056 159.9586 314.5963 169.3682]
-/Subtype /Link
-/A << /S /GoTo /D (statsfile) >>
>> endobj
1667 0 obj <<
/D [1665 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1664 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R /F48 1238 0 R >>
+/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F39 1161 0 R /F48 1238 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1672 0 obj <<
-/Length 3345
+1670 0 obj <<
+/Length 3701
/Filter /FlateDecode
>>
stream
-xڥZs6_g* ~LXɥW;=\%BPIʎ.(da?@Bn"J<[<؇ <K˴rxq>~x֊]/1 ]߽<ݧ?|WO+j}\X ߮~\Pk( =,zz_ݽ[]
-/߽EI/\$*p K)../85S'U*_ kYI0 {-bN˖ j~y~-|'"\32"±;} nW%-=;;v^u5^vfǜx|ZԁצƓtv:0Q`< }xc̘k P&J}[7C1L\?#G{giv+
-]P,!!h紹jՕQEmJ(r_<=UI\_%X
- '|>BdڧMoELYn>#)DQ[7s
-AqmZTC*-z!4\/,tQ:II؇rzRW0Pd2$Q-:47ξ2ptC8Tɦx
-$o sH0S
-,'85.q xq r*,(LE3YyxY&y_7tHa[;ZGseюcyw?SȩZ7D,ogKJ $?rfjԛ7Sդ[7[bidEsAp}ȗ؁@և4Ad2ͫiUb#sm=BК7D2>q%.s0|ɋ9Shq.CoLV 6
-2驨)/ ?mO
-o{-Q0elEx{kfiEhsښ 1U'4+P\3#=c$@b(t1>M^M^0:a zΫ1=V&
-M̍c 1EiU{"Y<Ɯ fP;SBL4Idj1Mg DЏ̂7T#
-GnY=d2x# d7/}f䕞GMR >s3 9(H`\>Z.cԛakzX\mb7'J\ IMyݩGhG~3Oؑ]xY?QJI!2Dx5 f c35cH))˲v]^dwwli.pR`/8:ݔygSf7(y6nF<&#}Acgp@7f2_r|I9 % @ 'o<G^
-eLhuΎIf@{ghl)%smk-AOw57kb]l'e2zi^\@?>?$imO}<arwM~^Xes/`17w$|j#.; yicVl…C ei[Ѡ˽YUUS:z$}Hd y5 3e9R
-Wg1>w}njj N.Eɤ/ȴ 4F,-PM}b瘛7 ?%cCT[lQ>42%,<v6+ 3x9`yοr2rcߋƋfR
-L{n}Cipr5 UOQQiƯ?ܥ-^0/LoP7N%\)E<D+v0}K$5i͘IBa[+R> pn
-wX+db?ra&v!\ӏ|ӡ_- DODY
-ɾs"gG;@K?
-e+cXBM``3Mendstream
+xڽ]s۸ݿo'D0$8}%NIc_{DDHʎ뻋 Crg:d%]G𗟫%,f*|=a8K ~?(eH4ů v+D_n?|E/o^,o~ѧoW?_}Xr__Įdsdo]߾{<x?~=:/?ELfZCxY$S9;_05/V)'Iɤ<9K94'Y,ryWߢHluƴ<\tCZ[4N*/R]?<E@M[̤ve\4~i;h{auYQJbqc7ޮ+V
+KY0y{K<tA3:`)uU$,`*<`lߕV4cy[?=ͽuoa Awco:?mIG#5Z- uU?s 'ā<Yj[™J/U6"%1FUsaxr:Rm6]!&y:<j_րE+^u= x43he!Fy&Jmz;gd:eP1SyqB$"*1[NA<AY[<#CG,A<к%ya/0(1lk-jc_s m[ߘ$e4:@=-q,q5C`NՐR''
+/,+rEqVhO=Auy%=[ #D>fC7c;qC"qog_*8ٌLjR$:Śb*<2bah{#ilg3@O5I4Sm1}@: Gg*Цӓ{)%qP0?'DV;c=v:;ehרAi`T߮!}7 P(06&ʄf$C,Ϛ<^<)4uSyD W = 4iB]&=!\,E}Ӿ^pݱP r lskMN*[*#}ms2P8MQi}<@u=2|au;8pԮ
+s3
+ϫMgql1wXL1wBqByߔkeDfFSӔNފ
+׌xX',aP]ۦ[Nfj doq[L<BI,
+|ձh
+r?^;cwzcJbHo0FAb F;ϡ/CMV~Rp5^.MaAt5$%"3j3Axh-?MDa΀Pw8Χ4jk6zN\ G":= iJɢ,r\r1 y j5|}+/ʼk Tu+C N8T5rƓ W!=Iǚ`vFI0In8>
+!Sq
+t8Oq GJ篣D!j m,J7! sX憤ib~zS437:_tQ+jǹ;H=:, RB 7*g;FϼZ^w߬ݫ\ѱo<q HłD<%p:
+y9@\a(} -s٧/Ȟj7*qX'ao,~S>;[6⍕MEL?Mǚ!c\$C:/0khk2 uEmam)71W`eCGxS>z9mgvO)|\?N"sSP;Fa>BdH2|*/(8_m^P y)33s~@섑eRӁșn ̧#{xm.b/EL4ȷ҅^xD fJ\ n?&#t;у#y{N$ņa(GHŎ}+lgYϟuGj}ĺAl,ְ%
+YԭH Bendstream
endobj
-1671 0 obj <<
+1669 0 obj <<
/Type /Page
-/Contents 1672 0 R
-/Resources 1670 0 R
+/Contents 1670 0 R
+/Resources 1668 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1655 0 R
-/Annots [ 1674 0 R ]
+/Annots [ 1672 0 R 1673 0 R ]
>> endobj
-1674 0 obj <<
+1672 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [80.6033 713.4536 149.9876 725.5132]
+/Rect [222.5592 595.4921 286.2499 604.9017]
/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
+/A << /S /GoTo /D (statsfile) >>
>> endobj
1673 0 obj <<
-/D [1671 0 R /XYZ 56.6929 794.5015 null]
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [80.6033 441.8126 149.9876 453.8723]
+/Subtype /Link
+/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1670 0 obj <<
+1671 0 obj <<
+/D [1669 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+1668 0 obj <<
/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1677 0 obj <<
-/Length 3944
+/Length 3642
/Filter /FlateDecode
>>
stream
-xڥZ[s~[噈 .$Ngs|Rt>ŭ"bŔ@\|</S $ӑҜg3}s&wZ{}}wJγ(= J#n/XF,lt4V,@57Hxu{ub)S#a|3+*}s{w]pR(g?Ga9Rs~,Ϸgڨh|MuoaA:?mڞ/Qz"L49.^uݶjY5Oy[鶥U0UùQz͐HX%vL?xE[t_ ʵ2$O8v .G:CAǼ*yXvTʙ}w\lY$M?
-%M~:<c7 XI'^p[ue)t Ly9hIkWMs+{~  xf&dDb+9??NOĂyѱ[  ut=#oHC95A]
-ZPpoۑ:ގ^c"Wzܗ:ۙY,
-c*|onYӳc'uw#.*UDZ]TyuHȑZ%Bzz8 xYtHd:>p F<_ t&ArI6b%Cpq@D!#>bmK]ʹsЪP-j,Cӏ: nC^W*K>t'?>چ6]ITT|QD1졈vO[Xnt7 4$|ԐgۭCxsMѸ^&i>sa9!!}QāM}R:H O8?D#:ܛ﮾6XM[7ԕ RZ*}GQ |(pEN]ihu*au$7DbӴqP@I8Jw&qj"0a>h
-:P4 pi6@Ⱦ_8-x/'}N'}Bb{_,|?I8ykFb0:>mP dPܱnŖ*ꁊH-1[rg̟Fϵ;4&ɁHרylR8IǾԇ#
-jc/OŜKDO36 19c
-PWb,'=\:{%ـg 1X(0|=.3vN*NJ؅\xl,A!4*m#V͑ EKT{
-pG(*m~o˼X|Օi[(`||!AlŤ[L%//zͬ;@48!vx@=ȪkgsG2j^<
-aݵ(Z|Wfd4.b-Dg)؀GfZ\V (C7
-v g]^}6AZ"=}uOe%p
-eb^;4?;dYw7鋇GIlq9 %SXu} 1cl{ZS@>.I#՗W7Cl Di;eS T.z N,Q1jC )5]b*"3%VIhohް5Vbr/U)
--쳷g
-i/;ܳ oRC:ROG6Nh*U 5!@QjO>Hoo?]ӎp^a>~Xp$?ѩh`Cy =MO\)a0'
-9n)Idxendstream
+xڥ]sܶ]B'jGAI3KvIJ+m3I;JǚG^<J x3%X,MFGFBfɱΒPH/GE3sH3o>,[ 1_.OfAT*/Ni$7.ޞt9?Ip}ႆ/ޞ]]9;EFE>f
+=w'^tvݟ?o$$䷣K8G"Q (Qd)Hutu7kNOI* Ʊ'H
+&m
+3AQI݂ ELnZڇ*ygUx|
+ҏ:'k"%iI`hKZK-<$
+
+E
+׋4:fhE$!(|
+,2KvDxkd4s@5LeaCDZ=i]Yum&wa[[f@`P\Q[TC=:T Z ɍ+^ؓp|b3xfa%%ꬮשSSUY06]Ct$$b%
+^(iőK*5afWcXǦ0s'q$Enk}HŐ53XeQ=RR ХM18XAyo 瑜uuO *V(DN696Ec!8A6{gB@(LZL4%*Km<R_웉cyT^p4q斤66b.mGe%< l5Bc7664 O`_|զmrz
++ U/ҳ0RU)L`3!EqC&uIW<žiT luꛜd_7:hEz*gU;AL
+ݸcO{D/Fl&;%jYNHb6?=<Lhcǔs7g+XBqkN9|kPO_)ঙ)9|\endstream
endobj
1676 0 obj <<
/Type /Page
@@ -7134,303 +7129,291 @@ endobj
1679 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [278.4002 570.2936 280.3928 582.3532]
-/Subtype/Link/A<</Type/Action/S/URI/URI()>>
+/Rect [116.6985 307.3783 321.9289 317.5401]
+/Subtype/Link/A<</Type/Action/S/URI/URI(https://www.isc.org/solutions/dlv/)>>
>> endobj
1678 0 obj <<
/D [1676 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1675 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F41 1218 0 R /F11 1451 0 R >>
+/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F48 1238 0 R /F11 1451 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1682 0 obj <<
-/Length 3076
+/Length 3355
/Filter /FlateDecode
>>
stream
-xZs۸_><""
-1-Xm,V|YD&.tI&{)L8Rph P)e{?WWWٛW^f&3@'$B,M7[EmZ9!sj7/"jɯ^-?_d\fX\bIFM_^%`i+9)V0ozU
-\#>U@ v}V^YH}qeJ<QNLLR3 NgyEmA|>GyrK͹m.hC8Z覚Z=qF!y*Q`PF"rVfDxD,ȁȩ, B޼XՖnf,_. z("qc03{ &vT:/K1vjp!~\͘UO+[r$ Hm#$..:YnK7x@7Ŗ+w]͹pӢT4A傮bӮ*`ҺY7A* =;8z
- p
-ofH*)>Žre
-:\#J %Nf ,YMcq<2<
-TG,ȢoW!
-ϖW-0K-ءX5.|<ǔ!.򮪃[@4O^]`}q<h2<N!rұX7[Ͷ-β˷\#
-%t_VN]4Y>$ҦL)gBB!wuAr!,6m哹PKc8 mA׽ (ń5J~l懲xDLp
-y}+y1e-F?Ympc p]7D5*÷cs6CnTEl}4w|-eRbOC[ҼՋP ~R]Ԃ
-skSÍ\w$Cq,j8 V-FG'7GMiRnI;iu{qvh4ee*=͔Rv]̼lasXXƿ5EЍH[Y(GE ~YQ^= +qPT@~eD*zxs_&%#\*{ųh+sݤf4Vw. rUkdO9PB?@oǡ vDAԨ:(Bi=c<)5Ury:=~o-S+6IS+F`uZ==bkq 7kqpL= '$5үX1
-uVf$#xS뵔/FL6'R~(3B~gSS[/2)"lWEc_Aendstream
+xڥZs6_{<S!'AI;s|s7tEʎzv
+L'>uŒ pQ5F͛|op70G\Z j hC fuզY;bF܏
+Dj}Nm/mX|ʏҵ/Qߌ+#ǮreO\)D 2%Z ݟu7`GUtsWm2t%fXOTzM-ꪡJ? TW~,}r7g@S"zӦM6#*V`CPHUjMI2 ;M a2E^Td\Gʏ|QhW(g|.@M*`S+J<bO2Z5QO*oVDZ94EAdm{]/GzZ8W]2ݖW=ۯd _.dN*3DLY8ߢbɤK*̈>ӱbc٣:,&L_bJ ʊ
+O~Q'dX!flli
+Xw&3 5d`҈NllXt6IU>42\J'A6< ||LdR|+*j?_^Pm۷gP[pI_.EyiO9yNn Yu * 0hRRA'{Z;m܂|^i( D7OJ9\5dM=1J1j ]ktb柰 ,g5\r#;<u
+;%e8@aA {Y">X+\s3nyF9a99 XeE<bLʼn:C7j!L̀U@s7;dF^wPkfiZwMżclg_:J8|]ov4 ×4E18Ή)1k?3d\R?T¿
+#Y=]S}.Sr{7y= t]{'9 fU!z,D Mm)$Ɂcwwvx@Y>D8kL@z
+ppi[?xvH6v\Ox1w)c
+mQg@?S1@pEрs endstream
endobj
1681 0 obj <<
/Type /Page
/Contents 1682 0 R
/Resources 1680 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
+/Parent 1684 0 R
>> endobj
1683 0 obj <<
/D [1681 0 R /XYZ 56.6929 794.5015 null]
>> endobj
474 0 obj <<
-/D [1681 0 R /XYZ 56.6929 636.8504 null]
+/D [1681 0 R /XYZ 56.6929 378.3537 null]
>> endobj
1370 0 obj <<
-/D [1681 0 R /XYZ 56.6929 609.3387 null]
->> endobj
-1684 0 obj <<
-/D [1681 0 R /XYZ 56.6929 172.736 null]
->> endobj
-1685 0 obj <<
-/D [1681 0 R /XYZ 56.6929 160.7808 null]
+/D [1681 0 R /XYZ 56.6929 350.6124 null]
>> endobj
1680 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R >>
+/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F41 1218 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1689 0 obj <<
-/Length 3726
+1687 0 obj <<
+/Length 3312
/Filter /FlateDecode
>>
stream
-xڭZs_3' L.՝9I<eq":w @Dɴ%5?qm4&יMB_+~ cǫWٵe6raqeooxp3Rv3)}wXy݇d=u?ܾ}w{3F /
-g&-><o}gWp+Δ5z k*ъDS_}1.8uSO
-ˤ\%̤ƀZ!QpڲTIo[m $TInK:{j5vԾxgjo7ڢ캪y s|D˲<3bL4Kl E׻2--3Yf<;g\ddD2h>SpeWB&R##$ -ƻ5pF7̼_X髶Ѳɟjw0U]$*xW%QO][Ngj!Ew?7B *N+Z:k%Xדz906geee;:/Hd[j\Sr{GGU ox$lUH_<@$f2*28<|R85129E1UWnIozAt;J@73ʎux̜/)vŨhΪEhUOٯʆZEtvz
-ƭi%gv"B,B,. #S%w5m \VF ,|) .erro~Ӻ*N232irH5(AiYp2CttPz<_ ƻ]AQ~gpDv~% M<8%E`,
-hYۼ
-N7D?[w]9U8
-HlWФVV2I:D&L /ۀ*gsUSzYƩẁCėYT<o bwˉ˳3MBrtƠCngбm(FtWuD}xVXk6 A&GlH廹=R8 r0%",*Ŏab:d@+׼d峫8W
-] ԣM!]/1Pk!'.RG^ϼG=(C24W!yTDy'R_f RMp0:l2)3fKjxЦaCCuxI?:*Y7Їꉎ@~%c(A u"}ZQ(&*4Bf5 DXu>m kl+Jpl#uGtTq~5`/@-#i,,^fG )HY}ET9Pu7믐,Z]7RMl<6֌6M;O 
-]4}P.~>0!uϡ%LTٚ7չ@
-y
-Չ"XIMԑcs[0RI()& `PZLnǒb4\k "7w_W7<lC<N
-C
-GH1aWt(τop 6uUTIƌٟ2&#J't#R{MiR]3Q@TI6ȎMRb czz\hXoELȠ^#ɔTdgΨq1e8(D~]1Z80m\XB24JNR^,*wدbE, v N $$siJ31eJuow>2][/rzgl [p6~
-Uam/ͬ0}ŝ#C*y: D(JItHuvEv޵iA_ssyH5l@2b`z \:6|%o@XlZq0VAdnCW4;TDb"6\Ld~ބK,__'DAt,0pzy>.cpc4=~o6oim HٗTtOTJJ=*aJv:ǸPӳvjO}ON3Qӱ Kxt';lFExU-
-!m&4
+x]sݿog $xWgzq&y%b#Hb(Q5x<\K`w߀LO\'ʦMc}9]]$O`#E!ַܨ6<ĉ1a_*:dUdw4b^ _\_߽<ÑnnvM>뇞_(d䏋_~K.gIї/#rujT)?~tL~ZXP@"8.smLIx;ѓnQfjYcU]!Razo<{̗jf fp{3+a&۲ea\?ne\ Hj-S&:b
+<+|kmJmS쐑eȑ4' pqnFя{dnJ11ht`xo8x<ֱ1'$RPIpm[2-%G/֝XOH&Q2T|Vr0s_yB{.[1*ꙊDRX0O@iyM.pV%m>-iE&v.-ȱC7SA_P`q919k+!7{P{0W} QFT a.9'?ęQ+{J*ߥtvBƅeEZg=ie&ΥQ3FJfj\L+q&8b1k$CR uN`홨~D`BfPIYdl28b;iA_JnV#A6E 8i@ zj5%p}Qj aNR\:Uܿi˲RvOXgag6s9"iw "D2o8az[k܄]A/ģ\
+ɵ{[4li N^b3ǏaS3S0̂Ȍ0L=A#Y$TJc}3- X[oyЫ3X2պ MV^SF١N-.f`tڸ'vpU/ /7
+ھ ?\I1 s SX琷q
+_p[Ja>5pp24jHUw`<fgau`z,m6]ۨvfKO,SiOc2`6t▘\X(?U]KfےX9ݏ?!f^5<Ӭ0̅XN-З9T~MՕFK*T'd=g6,k(g\8M3N9:cu
+b9˪Bdl1!8I@5BY( C .zόKՕX:szYh !i T7GXusL,&^
+U|{w5F-zVr5 oD$ʥOF6gOŠ 7JA=b8ω M"'KbSt<L2j)v_b-ӬY՘E@p`-8ݝ:t3JЬ)1&,zYk
+[Y̎;Kb7{vQAv(S0# F(%lEC\E]*Oef+XLܝZϔK";S`wPL<JeHT݂/. 9IcAwzR5Ǣ=̑m&#adzZ `S*f$5ǰHI1{<䩽ԡ̢5B
+QwUQN1Џݦ[P=ˆ]HGI*@U] #
+w&?\e?bY^UWbm89PA4 = @Y9Maa]־N tl:X-Ձ״ cPpX9)b0]}Bߝ*wrR}ǔJQ _84 *-$D ծ"Tt3YOT_i0+]%{c'Uڇ/ޗޢM`?s\({PN@!^ '.:av˙PA$<t"VVX# ͲX IA?`6
+*~Ů C(N׭x ҃_=^ k2RTc'Q'jGNtx[ 9 )/`bR~MEe)y=voK>/f3Ǧ[ 1a(e7mf jj[c.;EϽ %2Ƚ@ 6D82qpendstream
endobj
-1688 0 obj <<
+1686 0 obj <<
/Type /Page
-/Contents 1689 0 R
-/Resources 1687 0 R
+/Contents 1687 0 R
+/Resources 1685 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
-/Annots [ 1691 0 R ]
+/Parent 1684 0 R
>> endobj
-1691 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [182.6146 300.8791 231.8861 312.9387]
-/Subtype /Link
-/A << /S /GoTo /D (notify) >>
+1688 0 obj <<
+/D [1686 0 R /XYZ 85.0394 794.5015 null]
+>> endobj
+1689 0 obj <<
+/D [1686 0 R /XYZ 85.0394 625.316 null]
>> endobj
1690 0 obj <<
-/D [1688 0 R /XYZ 85.0394 794.5015 null]
+/D [1686 0 R /XYZ 85.0394 613.3608 null]
>> endobj
-1687 0 obj <<
+1685 0 obj <<
/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F39 1161 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1694 0 obj <<
-/Length 3742
+1693 0 obj <<
+/Length 3723
/Filter /FlateDecode
>>
stream
-xڭ]sݿBogA|tԝi:Ih9GHYq}w
-o]"^Sϟ/Cnb|տiH9D=)'&x}?. # _ċ=4"T,*,VRQ,xĄbB h84^$qʴ20aI2%7;lYQ^E~<ؖE >fKY?:{JەUfݖz֕5 AR@[l_ 87MYwŶ*j5bueSv7r8v-[[nj]ppUB>`!ךF(@VE`V)nׂ͞M䅳sH8+sb (B9PvʅLؽm
-~E\{rO=&:+"2J`w̠Kt; WE [I lKA%!e[K=PI7\iV5}ٽ&N/W6
-aȅf\%XW͖$.Ax_z{|qbe;+JԋW'y{0[4yk0\]sb<U uę 9 V-a kb!1]݀Vr#bUeyE01lB)^,Ri* hPk=v|wO h1\8lǪ$B+BAE5( .EQ7U],]GMsfPK'[tʄIb?_6Bƒs$0$<9oD(yC!Gd24M5aIċS衦e:DP\5Y6U͹`IUɳpM7~r}+kĚ
-dIHwe
-/eB߹ X<P6dM
-I{I
-n68"n $7G)S2έXɼ0Ms$؛!ޡc:lL譶J 8$CӦ]kܜG쁦G6I>FLV&ilv`ND[
-5ԬC,J=4ngTl-ʶ4aktl&<G ʨ8)"Ǒc:;/unk<ձ:M/DЬbALnfyp?#dz`S#uGL$zljp6,V7ɼ(&'8@WzwhvRclPgq >A? N#
-oA$*˪3-&[ `ouNX#Cm7Iǻ۟oph[/YѽB(CPP빨d.;s#viP~@R* n!|j0+5G%N?O(_?S[ү;IؕA)d(:\.B2pGLJWesYǹ</6e7nMi[
-[::cK=[.K$)նYٮ{_rlj1DP3$O2|LOFdL¤eYRL d=1G+*Ql klhF(Ho+YwU֐
-\Ӈ<0oQj;{A76 .mOŜ`XVQ;$5.7j|> /<RHUhj7ξA{i`-/俠mn-]č>1M]vî`b&&Hz
-q#g
-^k³Ihwۖ>d){(iQŀeHp>k<mM4`bVqCf'&DKq,hxU^ B,Sփ~:RLtēg33'
-<U& pendstream
+xڭ]s۸ݿBo'Ϝx8}%Nimw{`$D)Rtd&bߐ?>&3g6Wf\ϖglv>
+^x'u}]g̢F-}"s/5pIN
+6I)
+zp޺,E8靴O.ipSr5f(lӔ#sb*N)cz9˥p |jsq^D6~<Q.R2KIeR 
+BΤxU{UÂ5.V/˦~>* sJ)QmHNArS
+]4rv;{ df- >G,K8#XAsDPbై$`6^YޖBmm-Ĉ`HY
+\'1'PvChhRJoA(U6dZ$z05~ۓhm,iQ
+G󶃞_Zt#66Ql>rˢ>]>M!;t"50M繞IAptw{, 34.Z
+\@ɨ%D4s@MK WP,@pi}cәC[rp+c2+[tPt(Hk*$WP0* Mz;~R k9L @\#X4TGyO9qb 柋Gs#_hS{9q8?+:WA3FØ+*u*̬&NCl(.ag)#@ i~g N'>jWV.",B_kO Vf<a].Ko.$]
+ [zy$
endobj
-1693 0 obj <<
+1692 0 obj <<
/Type /Page
-/Contents 1694 0 R
-/Resources 1692 0 R
+/Contents 1693 0 R
+/Resources 1691 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
-/Annots [ 1696 0 R 1697 0 R 1698 0 R 1699 0 R 1700 0 R ]
+/Parent 1684 0 R
+/Annots [ 1695 0 R 1696 0 R 1697 0 R 1698 0 R 1699 0 R 1700 0 R ]
+>> endobj
+1695 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [154.2681 743.8714 203.5396 755.9311]
+/Subtype /Link
+/A << /S /GoTo /D (notify) >>
>> endobj
1696 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [180.4479 508.2615 244.1386 517.691]
+/Rect [180.4479 170.0583 244.1386 179.4877]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
1697 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [265.4578 462.9269 326.6578 474.9865]
+/Rect [265.4578 124.1537 326.6578 136.2134]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
1698 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [367.5441 462.9269 416.2908 474.9865]
+/Rect [367.5441 124.1537 416.2908 136.2134]
/Subtype /Link
/A << /S /GoTo /D (incremental_zone_transfers) >>
>> endobj
1699 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [280.9692 432.1776 342.1692 444.2372]
+/Rect [280.9692 92.8345 342.1692 104.8941]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
1700 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [277.6219 401.4283 338.8219 413.4879]
+/Rect [277.6219 61.5153 338.8219 73.5749]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-1695 0 obj <<
-/D [1693 0 R /XYZ 56.6929 794.5015 null]
+1694 0 obj <<
+/D [1692 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1692 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F62 1361 0 R /F39 1161 0 R /F14 964 0 R /F41 1218 0 R >>
+1691 0 obj <<
+/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F62 1361 0 R /F39 1161 0 R >>
/XObject << /Im2 1350 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1704 0 obj <<
-/Length 3806
+/Length 3924
/Filter /FlateDecode
>>
stream
-xڥr6m媈K
-Bㅁ1R]}ϰd/4&:^a*AtmEe7[g? C14چ[罭y1ʌ=2ts/[*eza0myQBgesɵ[G*aYSe]lME PNs6Fޜwm[6%V2l3װU
-:P%@a R O`S2` 
-UCщ
-3#`{2KS';?"m Ǜ.ܟ!xfx vJ sȺ|=dǣ- 1'.aA}/Jm:BЋ)۱Lɔf/ @ [:KN%PbkH؍s D@HP|/-Dnza*ێosekwZnUJZC"#qԕ Ζ RH>gM<7'FgqoZ02<Sm+%cd~I9rQ|
- &fX8G)Q>pY.H(cXm+&5 gTmRX 80ffA
-QWM6!
-%3+/H`%h3 czd )`lI j: h4-̸S/H#gȷ[[n]ڲ4F{iߊK ӥ}ِBC^0x-=G88ddܠS5DHw +d'ỷqr$g)'; q :;oސKM)Z<73<H4_'Jp?2/l e<Y:vޚ {r`/A@G
-(W4HEl&paKI4*
-hϺΫbB xn_ne'Îil(d;S1B!Na+Kv&z,d*|4Z;wlq*q$kftLhT,25+"q\fOۢ˝i!Ë\T?eغ7~cg7d )D"ARV`_~&wmGvnZ/|79H]Jj `=vLSB`LQc/K=X{ @ 7&o*)QȎc8s
-Nޭ%!9toZ`}V-!5-'s4}mـ(525ІN[nॢ 3IEKYYdK_k5=HI
-mиx!ҁO`Te @!zt@;
-=+KR6Of+̖TNu㴿i_d'sL ȷ@EӐ  XIt`sŴ\u@_QC xVI'YI -$C, v2Ђ4.utOE}P[)]S- ]$fp#(iQ[U+%jzIMC+ ʥŐ1p)hUoWWj6ݽy,MNp%NK۹bGYԶNoFVz峻rT'H Z1 ٓ˚},~EˀtI,j_ψex$)͛VsJHfd|
-2s(KUL4G2`?P"!U( Ƒ L~B[aDoJ0.'W{*DTLqrX8)R3ю}.AxHI\ʀ*+ЖjgvQ."fsȚCĭ2W A*p $6eqwmyA
-_3
-\Ρ:GS͹n<n"Ĭ]drB$"Ac">[ʅo8V媃鉠m \g)dm2g4\r;+)!hpf?4m.\0N}ydžh9+e2)O?
-@Ѓ0!lO h" &hZW: >ܽxNgn Ek~ K5")&\̨*7dJ:2ӶHYWJD "f7{i˿,򰍒HhHᡬK8(pʽ%G%ao:pp<`BIW$]k=Sv*(T,'+yKt^ȝ^cÒ2\] eۘa3c%Hi,XʆayJ 4&NrJ$Wk7WЁU"%Al`ZTOU>Ki<y \xzj^Rn(J dfZ3IX 7:m؜ح$
-cwƸ,:6ivHJfTN5jQ(!`r;m4Ƌ$ysrY$^jP~`iY)B ^q ZxcztXtТG `ܯxb;2|ސү ,!14URJ}2g+v3*2| C:"eؽwŘ_<rCX;KS܄@|v3G lEh ȭ[5qO
-!D!YR><tendstream
+xڭZKs6W1љ$8ٱS$Z,)R!)+_HJ7[`_]gq<N(C_vW3}wd ZG}x^Aq3+ ,S׏_뇥E|XI3Sr~|w?FǻO*|e |-z7_?G~Uhp#\{xm* LGx zw&#czpK/ QrYy)AԖiNVsRvP}k~j?l,e/Vt*N,glQ3|*A$mDj},x[ᢔ.Qhe~+o:۾VW5-gC+oZG(oh aGk2xrZ0jld
+'Mdi芝eұx 
+~frO_<1i4>-3,T*X3lPWVDV/[m1t{c|>go϶-0A@.yO<?]ږ 0aNEOMp K@gyߜ ?j~-ėH*\s;A- mmEp[ŗ
+uVv'Q^I&`e hQ\7<:8Cp$ *yKǣ.c+Y*mvo']+3Y:sGͰ8> [ہw_/f`l*$3<mZEG~ش SW,[HR0MN@5G-7+xArϺ q2bTUs֭g'`X]G ̘7J Z`^īH@Z/etöec6kzqVKyk)UϞFˡ3B~cJ)=Yg֋'\:=qI#]
+Q8 y4PmWSe?S4!@
+$YT] Sڔ%H4ov>!gzܙrJ=@aOfC0b=?)o5`soNgY.TTboG*dDzg x-b *$`b'}!"v
+*b^:nm0S4q
+smRۦa6&H<4M Lf7Y$q1pN4ps^'4A@, n: Å
++ʳ^~ueI6
+mWTI;t#0ݕяpqMTjNi iI:7+ElQE<Q`h
+
+RcW
+:=Kw
+~=ɃFJؒaSs9QEJr?RB{!8>>ni\W'9d!oOx?Ew =B7Gy$D!G'F-!y۶EE;,nXȲ>RignF$4(v^|J;&6\M<T(]<ʞtE5# c, e9t*`yrD>Kb 2l3L&&Rg![$}x"/&L9 pSAC]P5@u鿟wK`&
+|tJ&yWxZIum˭ ~uiY&v簬~jp;
+YYWv8 hKVӞ O3CGXZN^}h[\8Wz pAE|Q3LDk&mf%j@n8@\C^w?FO$HHd8CKrigGh>!rW6&@;s(E .\_Rp|̇TL.(c*Zޭ+i_x8k;gSŶݖ<Zʌ/+E/r&L8 Vhxȏ~r]\? "W#$D Ns#F.8B.nL<5V׬^0Ujr>R9ΈnQ-xknOʄ^J>!NN!c+>7EYqМѾgAb^: 7nZp+j^]h7BaW/A(QJakT٨
+5:BDIgďdD@
+&*uthɅ3rAӾ.f:AqA'ǗK[jMr0:L 8WJl;𓧔#
+Om暮w;Ȉ߸G L⛃hT~nm?Y_DsW
+3I<YU%x=/ v78d2NfNֿ#}0w\..vD'(U/-IEa"Q U_\Nw =r<d9Fj,b(;ˆqhO~h02]`|0eLdADt6gGXJ]DKeee*k)CD(Uĕӵ_I WQ>1`I1I>qfc/3p2 F& 6n2Fq|
endobj
1703 0 obj <<
/Type /Page
/Contents 1704 0 R
/Resources 1702 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
+/Parent 1684 0 R
>> endobj
1705 0 obj <<
/D [1703 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1702 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R >>
+/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F14 964 0 R /F48 1238 0 R /F41 1218 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1708 0 obj <<
-/Length 3567
+/Length 3746
/Filter /FlateDecode
>>
stream
-xZs6_Gy&BMM;'gwiHD"o Cxz3τb],~ß87\Yœg~:gC~xV`.Ǹs~2.`>yO^^dzrb* ~b*tuK]6;80۫W|vu߭e^.ϳsXgܙgxL<_iJE_݄^?4e?m3R[bi# <,s72 H9rUӔiYWeb0$%JȗB挒cHT:9ywsww޴P`V'u9lC<As;ZM$AJ[pía* )\(MBWTRT1ǥ\kT,sϠUS%%LM`1
-B
-2sWBђ-r1VkQULr4ˇhbz~,+Znt H ĤղC^{U<AM\ʶ!JG@U?T,ȡt0shb[x̺ӕv:BvUPIf|Z/^m1D
--7/aWp1k\~\pdJ'j#wO !yaI*'=Юy9uش弛%UI ELS>\mei'eF 31W+l=rAYi `iH9$F%f
-L?>KK c$1t
-ǫ?5T84B8+~n4B(Ւygݓ
-NFpDYnvjf>I
-r&UKE@o>>ߕx+ФݽVqL2+L>dtk!>:;#z]Vm
-|*7`[*Nu1'쇭^KUo~>?Bw-D GXg8x\ g]aP%*1L|Jf:" x/I7b 829; UT[mI#d$(-0 -}:G=d.s?u0uU_(LÞyxv1 V =hE_oi$ҶIBK 0euU䉽ΰ~rU?aq(aC'TELG"_W
- {dh\w1q%}C`<P
+xڭ]sݿogN Rgj;mf<eGHbIAry,b߀8O4J&>_lGL0#͇Xޟ}QsT\Yg8_2K#] 7$o.Rdzw?py{1tuKC)X92ǫ۫Wvue_+g/aߟő>N k,*҉RRݝp0> OđT 0P3ik6JTMMXung&x^lEkW.][bӭ-Ab\lyX>Ժ4.]uQ̋,BZ8*%%?"ZKmm> D헲[SO),=(V]t/3uM]l
+НZ4! «͐d t5|b񙚫fA5$DO=R9A o
+?p䐁4L 0n_Q`Z7{VV=e@#"#DzJ G<!͇XDX4_m| :b[ԋR#b_$
+3tPB(:o>o>&
+<;MugRwټmG^E6S@ zoP,סz&rXTkod;lg>Bz1Z0 y /cDdBTԭ$$c
+Y[ fq5UV/HfFy JL5Ҝ
+6Yؚ(ՙ=G
+,<:XFitS
+g&ƺ#S\'S2 G
+JeEf"cDvZX%r:Q#u7P3ۛ0'0Ql1'mE#bo߶%\FZwu2Q]6j
+gj5Ve]QQ-YRQnڎG&@ˊ@d
+x KN:ۀw=K_!5ˤEyM,Ʈ ;o߽M43ª#'C/W
+8t}sv):[Phqy̎@!Ʌl &a0g܇=
endobj
1707 0 obj <<
/Type /Page
/Contents 1708 0 R
/Resources 1706 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
+/Parent 1684 0 R
>> endobj
1709 0 obj <<
/D [1707 0 R /XYZ 56.6929 794.5015 null]
>> endobj
1706 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R >>
+/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1712 0 obj <<
-/Length 3339
+/Length 3292
/Filter /FlateDecode
>>
stream
-xڭ]sݿBog"
-oOmuhbuBQl_j@heF! ~5\m\ٖ]ѕQOk-o?^⏝ݖ4[1#/xwa5!xDRPQ. VD;mlsE
-t<eLYӓ@]vezdpV!~ʮ]-274I$Q!bz,(OT4 ugJ4Jܼx}ӊ&o,p±Mg&9K1dOY(QD᎚o}M#207ģ '~t0<'k 5⽬TE"T<JEmLI_D
-w=.@OOOS  Ӛ82@W%v@pv7.5"7Di崞{`~O}̮=%= _n7emIe4cb9tZ~:=6=Zz݂a8CK!yvd8ؚ:;
- G:/39G7 -= ޷ -)q4yMV4ZT%>nh|ZAbDBڂi
-w 9w7) A7bI0u7^tٓD|@$e2IB%e`B[䜁!@{MrqMWeP
-\Mߧdl"Ku#wRpq.NC]#i,Ε8IazG@1G0~AW!%Ub"L_d=N^.-p/\A(Sv({f~201ig/$go8+S!O]om8ծS
-  :%­KPC>9xA|U\)߽
-)4=eH8'#e-P75T*j"GSie(W5OuZ#Ug`m](kǜXDY T-4񈗋ւ9J[9Ŧ\@Pݶےv57,x Pb)#عraS5`W%ߣbgFe#͚96\ڌz-&R%Qݠ}R\e_eqʱ W<b3 4d[EFX~*\,K_lR4@fHQU*f9G O'B,3-w{縘;Zy$TBr*!C<[^yO7|VdzZ15pȶrm z) چ0]ڶ-^tQ4y.7?Ҡr|ࣣJ",vGL#]qDxYYP_$L_oR)Ʈ: ^eT fL'kƗ% ]sgA;]7puo(Aa+S-neSa*SweDKEyQ LPܠ0[oqdػoSÖOgviO?!YD.
-*|֭J
-v"Fo&v{FZ+5ܚz
-rd;Ñ6ֻF\@}%!3
-iCLd'
+xZAw6W{c(4m'3dv{Pl9YX_
+H!VDn׌ťifn
+<B
+m!C)fǑ%.0=a8IOa_=\Tm}925'F4nb)$셁
+-X*ĸk-e-X ӊXjD@~P}/rm' 1;zoĠ6a(-@&y$ Ң GxX4:E] s-fGt@6j,f0,`b+[BsQح^ӫlm3,.hԂ[];070hd$p;/fvF;a00bi/r`*J(6-yY?IKb
+(;zFȅ3o*d:D]}P"!5
+ 6BtrĀi0oP썌PwG&Gޮ5=Q`n9]ל\4ӦpŻ{BƁF78cwGy<*al*zT P9)'QO+Ih0*3T P>bèS*`9T%ҡ
+U
+
+4B+v}}3A g}
+5-
+Laɞz%{HJm Jwm_sU^A%W] %.KOwD<<S>偯"x$*Y6?ql$Zջc]r1"5ޏU.Y߼嚞|nM7A~SbzOQmQ o
++.77˂^
+տM*
+ކ,(kӀp[iv>xNg ;h \ӆΕ
endobj
1711 0 obj <<
/Type /Page
/Contents 1712 0 R
/Resources 1710 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1686 0 R
+/Parent 1684 0 R
>> endobj
1713 0 obj <<
/D [1711 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-478 0 obj <<
-/D [1711 0 R /XYZ 85.0394 227.0652 null]
->> endobj
-1714 0 obj <<
-/D [1711 0 R /XYZ 85.0394 197.3345 null]
->> endobj
1710 0 obj <<
/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1717 0 obj <<
-/Length 2753
+1716 0 obj <<
+/Length 3468
/Filter /FlateDecode
>>
stream
-xZKs6WrC<Ɍ'ff=l%9m"Qk4@%;IR2Fht
-jDYLmX?T *^y6r&{*6kiynlߠ#n6l4&މ~þl֏jꢡV/b+7԰f=c+ gn5L|ʟ[F8oLg-Lywr}[r~"[NQBڥ :b>N9H$"A@B/xxSWoi?wmT k2GPbHXo?fύZl8Ե EDYF1̝7zAA?낾XJ&
-e(4=kjLbf2ETkB`(Z~8ժo'pjmx.y
-~ᴦ53o삅UN9(>O6=}ohnG",._7eURGb&*.N'(J/fϠ!܄}zY[Vօ Cii^>ihnWqة3!/fT ACȩM]6ɞ(q9Am|7S'vpỏv΄Ng41n( @R&I'͙HLT
--#=@SۜjPo
-pe8A qQ={yJQZ /OLղg-(hx3{HKMn*s^O_d:Uq%P C\Uglr+w!̌ { Ìهb6l7EQli6'|lγbáEeX!RJQW& Wf`H
- `P}r]aDt2|aOǰ/8G`V '(
-Iц8#ԫN I-4"K21:%3Kc"n|mg \Uu Bia`tv/3pp!| ~FVBL2 V:Vųj&(mN4ډT$f]5Rws$nт[&ѱ-_&ؔn
-a+$*gqy!)*kzBYPwiy>#5>G&zBڲL3Sz#ܪŇ+ZݢIz^D6VIGktdX>vpR@H·phY+oȥȤ#u8[C55,c3T.{Acm!_9~ ]km^)h'ktW\ H3@)x6C xxfլݥN&Ft]a`=0.tT~ BK/iG8SJ[@*$Cu'rltIB&f Q,k*]W|N^@7=7>(ξ
-,gis9a'u k>T+CAP)XUPb 6lᷡ'ɠ
+xڥZYs6~UBjϬs8S[$EY,S"RxvIQvRAFkrrF"JU:S#@|{adcZ{gH#=YDV#%H~tn~\0F~r!P?ME,㻛ۏDIлOw׷/x^h<ȟVp/$@4U ֎R]_ ڥS3a"BeBV"0V[Y)+;.n"_Sxjz]FF:f N\z2JE
+%/26m[tIC"LHD%1x-ډmd,RskXZ-~xHi*
+ q8=nRecx)06 ~ؗeG8nEU</8Ŋe4
+Rkm˜h0>ے B͖fAUGt3{˄ݢ!H|
+N=;I9#gjUXEp|")1ZpX)ʮ$O$@/dX}̰͚ЪLyt#`QmeA%CK'J0QEUA A#dA„wz$yt 40B1P!4K8z~sAcAθUuFO
+^k