aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2010-03-02 19:49:55 +0000
committerDoug Barton <dougb@FreeBSD.org>2010-03-02 19:49:55 +0000
commit841024d54f1f0a07feccf84d8938b00bc1f362b5 (patch)
treec470abc978aa6ca4f6b0033d7e09c8b7b09cd629
parent51917575cfd35d6a201b010726ea7404a0f9bb7e (diff)
downloadsrc-841024d54f1f0a07feccf84d8938b00bc1f362b5.tar.gz
src-841024d54f1f0a07feccf84d8938b00bc1f362b5.zip
Vendor import of BIND 9.6.2vendor/bind9/9.6.2
Notes
Notes: svn path=/vendor/bind9/dist/; revision=204599 svn path=/vendor/bind9/9.6.2/; revision=204600; tag=vendor/bind9/9.6.2
-rw-r--r--CHANGES418
-rw-r--r--COPYRIGHT4
-rw-r--r--FAQ18
-rw-r--r--FAQ.xml35
-rw-r--r--NSEC3-NOTES4
-rw-r--r--README23
-rw-r--r--bin/check/named-checkconf.84
-rw-r--r--bin/check/named-checkconf.html4
-rw-r--r--bin/check/named-checkzone.88
-rw-r--r--bin/check/named-checkzone.c8
-rw-r--r--bin/check/named-checkzone.docbook4
-rw-r--r--bin/check/named-checkzone.html18
-rw-r--r--bin/dig/dig.14
-rw-r--r--bin/dig/dig.html4
-rw-r--r--bin/dig/dighost.c16
-rw-r--r--bin/dig/host.14
-rw-r--r--bin/dig/host.c5
-rw-r--r--bin/dig/host.html4
-rw-r--r--bin/dig/nslookup.14
-rw-r--r--bin/dig/nslookup.c3
-rw-r--r--bin/dig/nslookup.html4
-rw-r--r--bin/dnssec/dnssec-dsfromkey.c18
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.820
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.c7
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.docbook21
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.html32
-rw-r--r--bin/dnssec/dnssec-keygen.820
-rw-r--r--bin/dnssec/dnssec-keygen.c22
-rw-r--r--bin/dnssec/dnssec-keygen.docbook31
-rw-r--r--bin/dnssec/dnssec-keygen.html43
-rw-r--r--bin/dnssec/dnssec-signzone.825
-rw-r--r--bin/dnssec/dnssec-signzone.c915
-rw-r--r--bin/dnssec/dnssec-signzone.docbook33
-rw-r--r--bin/dnssec/dnssec-signzone.html45
-rw-r--r--bin/dnssec/dnssectool.c4
-rw-r--r--bin/dnssec/dnssectool.h6
-rw-r--r--bin/named/control.c12
-rw-r--r--bin/named/include/named/server.h5
-rw-r--r--bin/named/lwresd.84
-rw-r--r--bin/named/lwresd.html4
-rw-r--r--bin/named/named.822
-rw-r--r--bin/named/named.conf.54
-rw-r--r--bin/named/named.conf.html4
-rw-r--r--bin/named/named.docbook17
-rw-r--r--bin/named/named.html28
-rw-r--r--bin/named/query.c53
-rw-r--r--bin/named/server.c50
-rw-r--r--bin/named/statschannel.c400
-rw-r--r--bin/named/update.c25
-rw-r--r--bin/nsupdate/nsupdate.14
-rw-r--r--bin/nsupdate/nsupdate.html4
-rw-r--r--bin/rndc/rndc-confgen.84
-rw-r--r--bin/rndc/rndc-confgen.html4
-rw-r--r--bin/rndc/rndc.84
-rw-r--r--bin/rndc/rndc.conf.54
-rw-r--r--bin/rndc/rndc.conf.html4
-rw-r--r--bin/rndc/rndc.html4
-rw-r--r--config.h.in28
-rw-r--r--configure.in134
-rw-r--r--doc/arm/Bv9ARM-book.xml137
-rw-r--r--doc/arm/Bv9ARM.ch01.html54
-rw-r--r--doc/arm/Bv9ARM.ch02.html26
-rw-r--r--doc/arm/Bv9ARM.ch03.html30
-rw-r--r--doc/arm/Bv9ARM.ch04.html152
-rw-r--r--doc/arm/Bv9ARM.ch05.html10
-rw-r--r--doc/arm/Bv9ARM.ch06.html212
-rw-r--r--doc/arm/Bv9ARM.ch07.html18
-rw-r--r--doc/arm/Bv9ARM.ch08.html22
-rw-r--r--doc/arm/Bv9ARM.ch09.html184
-rw-r--r--doc/arm/Bv9ARM.ch10.html6
-rw-r--r--doc/arm/Bv9ARM.html152
-rw-r--r--doc/arm/Bv9ARM.pdf13041
-rw-r--r--doc/arm/man.dig.html24
-rw-r--r--doc/arm/man.dnssec-dsfromkey.html20
-rw-r--r--doc/arm/man.dnssec-keyfromlabel.html32
-rw-r--r--doc/arm/man.dnssec-keygen.html43
-rw-r--r--doc/arm/man.dnssec-signzone.html47
-rw-r--r--doc/arm/man.host.html14
-rw-r--r--doc/arm/man.named-checkconf.html16
-rw-r--r--doc/arm/man.named-checkzone.html20
-rw-r--r--doc/arm/man.named.html28
-rw-r--r--doc/arm/man.nsupdate.html18
-rw-r--r--doc/arm/man.rndc-confgen.html16
-rw-r--r--doc/arm/man.rndc.conf.html16
-rw-r--r--doc/arm/man.rndc.html16
-rw-r--r--doc/misc/Makefile.in16
-rw-r--r--lib/dns/api4
-rw-r--r--lib/dns/db.c6
-rw-r--r--lib/dns/dispatch.c28
-rw-r--r--lib/dns/dnssec.c69
-rw-r--r--lib/dns/dst_api.c53
-rw-r--r--lib/dns/dst_internal.h12
-rw-r--r--lib/dns/dst_parse.c18
-rw-r--r--lib/dns/include/dns/db.h6
-rw-r--r--lib/dns/include/dns/dnssec.h8
-rw-r--r--lib/dns/include/dns/journal.h11
-rw-r--r--lib/dns/include/dns/keyvalues.h6
-rw-r--r--lib/dns/include/dns/name.h8
-rw-r--r--lib/dns/include/dns/ncache.h4
-rw-r--r--lib/dns/include/dns/nsec3.h4
-rw-r--r--lib/dns/include/dns/rbt.h6
-rw-r--r--lib/dns/include/dns/types.h2
-rw-r--r--lib/dns/include/dns/zone.h20
-rw-r--r--lib/dns/include/dst/dst.h6
-rw-r--r--lib/dns/journal.c99
-rw-r--r--lib/dns/masterdump.c2
-rw-r--r--lib/dns/message.c4
-rw-r--r--lib/dns/nsec3.c25
-rw-r--r--lib/dns/opensslrsa_link.c504
-rw-r--r--lib/dns/rbt.c35
-rw-r--r--lib/dns/rbtdb.c127
-rw-r--r--lib/dns/rcode.c6
-rw-r--r--lib/dns/rdata/generic/ipseckey_45.c3
-rw-r--r--lib/dns/resolver.c46
-rw-r--r--lib/dns/sdb.c6
-rw-r--r--lib/dns/sdlz.c6
-rw-r--r--lib/dns/spnego.c18
-rw-r--r--lib/dns/validator.c2
-rw-r--r--lib/dns/view.c5
-rw-r--r--lib/dns/zone.c211
-rw-r--r--lib/isc/api4
-rw-r--r--lib/isc/base32.c4
-rw-r--r--lib/isc/base64.c8
-rw-r--r--lib/isc/heap.c14
-rw-r--r--lib/isc/httpd.c45
-rw-r--r--lib/isc/ia64/include/isc/atomic.h8
-rw-r--r--lib/isc/include/isc/entropy.h14
-rw-r--r--lib/isc/include/isc/netscope.h6
-rw-r--r--lib/isc/include/isc/portset.h4
-rw-r--r--lib/isc/include/isc/sha2.h10
-rw-r--r--lib/isc/include/isc/util.h14
-rw-r--r--lib/isc/inet_ntop.c11
-rw-r--r--lib/isc/powerpc/include/isc/atomic.h53
-rw-r--r--lib/isc/random.c27
-rw-r--r--lib/isc/sha2.c27
-rw-r--r--lib/isc/unix/ifiter_getifaddrs.c6
-rw-r--r--lib/isc/unix/socket.c31
-rw-r--r--lib/isccc/api2
-rw-r--r--lib/isccfg/aclconf.c23
-rw-r--r--lib/isccfg/api2
-rw-r--r--lib/isccfg/include/isccfg/namedconf.h6
-rw-r--r--lib/lwres/api2
-rw-r--r--lib/lwres/context.c15
-rw-r--r--lib/lwres/getipnode.c100
-rw-r--r--lib/lwres/man/lwres.34
-rw-r--r--lib/lwres/man/lwres.html16
-rw-r--r--lib/lwres/man/lwres_buffer.34
-rw-r--r--lib/lwres/man/lwres_buffer.html8
-rw-r--r--lib/lwres/man/lwres_config.34
-rw-r--r--lib/lwres/man/lwres_config.html14
-rw-r--r--lib/lwres/man/lwres_context.34
-rw-r--r--lib/lwres/man/lwres_context.html12
-rw-r--r--lib/lwres/man/lwres_gabn.34
-rw-r--r--lib/lwres/man/lwres_gabn.html12
-rw-r--r--lib/lwres/man/lwres_gai_strerror.34
-rw-r--r--lib/lwres/man/lwres_gai_strerror.html10
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.34
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.html12
-rw-r--r--lib/lwres/man/lwres_gethostent.34
-rw-r--r--lib/lwres/man/lwres_gethostent.html14
-rw-r--r--lib/lwres/man/lwres_getipnode.34
-rw-r--r--lib/lwres/man/lwres_getipnode.html12
-rw-r--r--lib/lwres/man/lwres_getnameinfo.34
-rw-r--r--lib/lwres/man/lwres_getnameinfo.html14
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.34
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.html12
-rw-r--r--lib/lwres/man/lwres_gnba.34
-rw-r--r--lib/lwres/man/lwres_gnba.html12
-rw-r--r--lib/lwres/man/lwres_hstrerror.34
-rw-r--r--lib/lwres/man/lwres_hstrerror.html12
-rw-r--r--lib/lwres/man/lwres_inetntop.34
-rw-r--r--lib/lwres/man/lwres_inetntop.html12
-rw-r--r--lib/lwres/man/lwres_noop.34
-rw-r--r--lib/lwres/man/lwres_noop.html12
-rw-r--r--lib/lwres/man/lwres_packet.34
-rw-r--r--lib/lwres/man/lwres_packet.html10
-rw-r--r--lib/lwres/man/lwres_resutil.34
-rw-r--r--lib/lwres/man/lwres_resutil.html12
-rw-r--r--version8
179 files changed, 10790 insertions, 8328 deletions
diff --git a/CHANGES b/CHANGES
index 0e9c9a6b4986..d230421cad83 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,27 @@
- --- 9.6.1-P3 released ---
+
+ --- 9.6.2 released ---
+
+2850. [bug] If isc_heap_insert() failed due to memory shortage
+ the heap would have corrupted entries. [RT #20951]
+
+2849. [bug] Don't treat errors from the xml2 library as fatal.
+ [RT #20945]
+
+2846. [bug] EOF on unix domain sockets was not being handled
+ correctly. [RT #20731]
+
+2844. [doc] notify-delay default in ARM was wrong. It should have
+ been five (5) seconds.
+
+ --- 9.6.2rc1 released ---
+
+2838. [func] Backport support for SHA-2 DNSSEC algorithms,
+ RSASHA256 and RSASHA512, from BIND 9.7. (This
+ incorporates changes 2726 and 2738 from that
+ release branch.) [RT #20871]
+
+2837. [port] Prevent Linux spurious warnings about fwrite().
+ [RT #20812]
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
@@ -10,21 +33,286 @@
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
- --- 9.6.1-P2 released ---
+2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
+ was in the process of being created was not properly
+ recorded in the zone. [RT #20786]
+
+2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
+
+2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define
+ [RT #20771]
+
+2818. [cleanup] rndc could return an incorrect error code
+ when a zone was not found. [RT #20767]
+
+2815. [bug] Exclusively lock the task when freezing a zone.
+ [RT #19838]
+
+2814. [func] Provide a definitive error message when a master
+ zone is not loaded. [RT #20757]
+
+ --- 9.6.2b1 released ---
+
+2797. [bug] Don't decrement the dispatch manager's maxbuffers.
+ [RT #20613]
+
+2790. [bug] Handle DS queries to stub zones. [RT #20440]
+
+2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
+
+2786. [bug] Additional could be promoted to answer. [RT #20663]
+
+2784. [bug] TC was not always being set when required glue was
+ dropped. [RT #20655]
+
+2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
+ buffer size of 512 or less. [RT #20654]
+
+2782. [port] win32: use getaddrinfo() for hostname lookups.
+ [RT #20650]
+
+2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
- --- 9.6.1-P1 released ---
+2765. [bug] Skip masters for which the TSIG key cannot be found.
+ [RT #20595]
+
+2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
+
+2759. [doc] Add information about .jbk/.jnw files to
+ the ARM. [RT #20303]
+
+2758. [bug] win32: Added a workaround for a windows 2008 bug
+ that could cause the UDP client handler to shut
+ down. [RT #19176]
+
+2757. [bug] dig: assertion failure could occur in connect
+ timeout. [RT #20599]
+
+2755. [doc] Clarify documentation of keyset- files in
+ dnssec-signzone man page. [RT #19810]
+
+2754. [bug] Secure-to-insecure transitions failed when zone
+ was signed with NSEC3. [RT #20587]
+
+2750. [bug] dig: assertion failure could occur when a server
+ didn't have an address. [RT #20579]
+
+2749. [bug] ixfr-from-differences generated a non-minimal ixfr
+ for NSEC3 signed zones. [RT #20452]
+
+2747. [bug] Journal roll forwards failed to set the re-signing
+ time of RRSIGs correctly. [RT #20541]
+
+2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
+ for a insecure delegation.
+
+2729. [func] When constructing a CNAME from a DNAME use the DNAME
+ TTL. [RT #20451]
+
+2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
+ isc_base64_totext(), didn't always mark regions of
+ memory as fully consumed after conversion. [RT #20445]
+
+2722. [bug] Ensure that the memory associated with the name of
+ a node in a rbt tree is not altered during the life
+ of the node. [RT #20431]
+
+2721. [port] Have dst__entropy_status() prime the random number
+ generator. [RT #20369]
+
+2718. [bug] The space calculations in opensslrsa_todns() were
+ incorrect. [RT #20394]
+
+2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
+
+2715. [bug] Require OpenSSL support to be explicitly disabled.
+ [RT #20288]
+
+2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
+ flags.
+
+2713. [bug] powerpc: atomic operations missing asm("ics") /
+ __isync() calls.
+
+2706. [bug] Loading a zone with a very large NSEC3 salt could
+ trigger an assert. [RT #20368]
+
+2705. [bug] Reconcile the XML stats version number with a later
+ BIND9 release, by adding a "name" attribute to
+ "cache" elements and increasing the version number
+ to 2.2. (This is a minor version change, but may
+ affect XML parsers if they assume the cache element
+ doesn't take an attribute.)
+
+2704. [bug] Serial of dynamic and stub zones could be inconsistent
+ with their SOA serial. [RT #19387]
+
+2701. [doc] Correction to ARM: hmac-md5 is no longer the only
+ supported TSIG key algorithm. [RT #18046]
+
+2700. [doc] The match-mapped-addresses option is discouraged.
+ [RT #12252]
+
+2699. [bug] Missing lock in rbtdb.c. [RT #20037]
+
+2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
+ S_IFREG are defined after including <isc/stat.h>.
+ [RT #20309]
+
+2696. [bug] named failed to successfully process some valid
+ acl constructs. [RT #20308]
+
+2692. [port] win32: 32/64 bit cleanups. [RT #20335]
+
+2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
+ [RT #20315]
+
+2689. [bug] Correctly handle snprintf result. [RT #20306]
+
+2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
+ to decide to fetch the destination address. [RT #20305]
+
+2686. [bug] dnssec-signzone should clean the old NSEC chain when
+ signing with NSEC3 and vice versa. [RT #20301]
+
+2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
+ the NSEC3 parameters used to sign the zone change.
+ [RT #20246]
+
+2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
+ decoded. [RT #20269]
+
+2678. [func] Treat DS queries as if "minimal-response yes;"
+ was set. [RT #20258]
+
+2672. [bug] Don't enable searching in 'host' when doing reverse
+ lookups. [RT #20218]
+
+2670. [bug] Unexpected connect failures failed to log enough
+ information to be useful. [RT #20205]
+
+2663. [func] win32: allow named to run as a service using
+ "NT AUTHORITY\LocalService" as the account. [RT #19977]
+
+2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
+ returned a misleading error code when lwresd was
+ down. [RT #20028]
+
+2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
+ creating lwres context. [RT #20029]
+
+2659. [doc] Clarify dnssec-keygen doc: key name must match zone
+ name for DNSSEC keys. [RT #19938]
+
+2656. [func] win32: add a "tools only" check box to the installer
+ which causes it to only install dig, host, nslookup,
+ nsupdate and relevant DLLs. [RT #19998]
+
+2655. [doc] Document that key-directory does not affect
+ rndc.key. [RT #20155]
+
+2653. [bug] Treat ENGINE_load_private_key() failures as key
+ not found rather than out of memory. [RT #18033]
+
+2649. [bug] Set the domain for forward only zones. [RT #19944]
+
+2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
+
+2647. [bug] Remove unnecessary SOA updates when a new KSK is
+ added. [RT #19913]
+
+2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
+
+2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
+ which default to 64 bits. [RT #19927]
+
+2643. [bug] Stub zones interacted badly with NSEC3 support.
+ [RT #19777]
+
+2642. [bug] nsupdate could dump core on solaris when reading
+ improperly formatted key files. [RT #20015]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
+2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
+
+2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
+ [RT #19959]
+
+2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
+ [RT #19716]
+
+2633. [bug] Handle 15 bit rand() functions. [RT #19783]
+
+2632. [func] util/kit.sh: warn if documentation appears to be out of
+ date. [RT #19922]
+
+2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
+
+2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
+
+2621. [doc] Made copyright boilterplate consistent. [RT #19833]
+
+2920. [bug] Delay thawing the zone until the reload of it has
+ completed successfully. [RT #19750]
+
+2618. [bug] The sdb and sdlz db_interator_seek() methods could
+ loop infinitely. [RT #19847]
+
+2617. [bug] ifconfig.sh failed to emit an error message when
+ run from the wrong location. [RT #19375]
+
+2616. [bug] 'host' used the nameservers from resolv.conf even
+ when a explicit nameserver was specified. [RT #19852]
+
+2615. [bug] "__attribute__((unused))" was in the wrong place
+ for ia64 gcc builds. [RT #19854]
+
+2614. [port] win32: 'named -v' should automatically be executed
+ in the foreground. [RT #19844]
+
+2613. [bug] Option argument validation was missing for
+ dnssec-dsfromkey. [RT #19828]
+
+2610. [port] sunos: Change #2363 was not complete. [RT #19796]
+
+2608. [func] Perform post signing verification checks in
+ dnssec-signzone. These can be disabled with -P.
+
+ The post sign verification test ensures that for each
+ algorithm in use there is at least one non revoked
+ self signed KSK key. That all revoked KSK keys are
+ self signed. That all records in the zone are signed
+ by the algorithm. [RT #19653]
+
+2601. [doc] Mention file creation mode mask in the
+ named manual page.
+
+2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
+
+2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
+ [RT #19626]
+
+2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
+ Requires MySQL 5.0.19 or later. [RT #19084]
+
+2580. [bug] UpdateRej statistics counter could be incremented twice
+ for one rejection. [RT #19476]
+
+2533. [doc] ARM: document @ (at-sign). [RT #17144]
+
+2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
+ function. [RT #18582]
+
--- 9.6.1 released ---
2607. [bug] named could incorrectly delete NSEC3 records for
- empty nodes when processing a update request.
+ empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
@@ -78,7 +366,7 @@
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
- remove non-existant journal. [RT #19516]
+ remove non-existent journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
@@ -136,7 +424,7 @@
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
-
+
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
@@ -185,7 +473,7 @@
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
-2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
+2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
@@ -198,8 +486,8 @@
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
-2528. [cleanup] Silence spurious configure warning about
- --datarootdir [RT #19096]
+2528. [cleanup] Silence spurious configure warning about
+ --datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
@@ -222,7 +510,7 @@
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
- nameserver address of the excluded address.
+ nameserver address of the excluded address type.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
@@ -235,7 +523,7 @@
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
-2506. [port] solaris: Check at configure time if
+2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
@@ -258,7 +546,7 @@
2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
[RT #19063]
-2513 [bug] Fix windows cli build. [RT #19062]
+2513. [bug] Fix windows cli build. [RT #19062]
2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
[RT #19033]
@@ -343,7 +631,7 @@
2478. [bug] 'addresses' could be used uninitialized in
configure_forward(). [RT #18800]
-
+
2477. [bug] dig: the global option to print the command line is
+cmd not print_cmd. Update the output to reflect
this. [RT #17008]
@@ -359,7 +647,7 @@
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
- specified in named.conf doesn't seem to work with
+ specified in named.conf doesn't seem to work with
threads as expected. [RT #18784]
2472. [port] linux: check the number of available cpu's before
@@ -388,7 +676,7 @@
2464. [port] linux: check that a capability is present before
trying to set it. [RT #18135]
-2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
+2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
two halves (Basic and Advanced) of the IPv6 Socket API
@@ -418,7 +706,7 @@
2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
address, regardless of family. They now correctly
distinguish IPv4 from IPv6. [RT #18559]
-
+
2455. [bug] Stop metadata being transferred via axfr/ixfr.
[RT #18639]
@@ -458,7 +746,7 @@
2442. [bug] A lock could be destroyed twice. [RT# 18626]
-2441. [bug] isc_radix_insert() could copy radix tree nodes
+2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
2440. [bug] named-checkconf used an incorrect test to determine
@@ -515,7 +803,7 @@
implementation. Allow the use of kqueue,
epoll and /dev/poll to be selected at compile
time. [RT #18277]
-
+
2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
@@ -583,9 +871,9 @@
2406. [placeholder]
-2405. [cleanup] The default value for dnssec-validation was changed to
- "yes" in 9.5.0-P1 and all subsequent releases; this
- was inadvertently omitted from CHANGES at the time.
+2405. [cleanup] The default value for dnssec-validation was changed to
+ "yes" in 9.5.0-P1 and all subsequent releases; this
+ was inadvertently omitted from CHANGES at the time.
2404. [port] hpux: files unlimited support.
@@ -661,7 +949,7 @@
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
- the server was authoritative for. [RT #18112]
+ the server was authoritative for. [RT #18112]
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
@@ -709,7 +997,7 @@
2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]
-2362. [cleanup] Make "rrset-order fixed" a compile-time option.
+2362. [cleanup] Make "rrset-order fixed" a compile-time option.
settable by "./configure --enable-fixed-rrset".
Disabled by default. [RT #17977]
@@ -792,12 +1080,12 @@
interfaces if there are not listen-on-v6 clauses in
named.conf. [RT #17581]
-2335. [port] sunos: libbind and *printf() support for long long.
+2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
-
+
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
@@ -842,7 +1130,7 @@
2320. [func] Make statistics counters thread-safe for platforms
that support certain atomic operations. [RT #17466]
-2319. [bug] Silence Coverity warnings in
+2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
@@ -894,7 +1182,7 @@
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
-2300. [bug] Fixed failure to close open file in
+2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
@@ -1017,7 +1305,7 @@
2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
- value. [RT #17236]
+ value. [RT #17236]
2259. [placeholder]
@@ -1039,10 +1327,10 @@
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
-2253. [func] "max-cache-size" defaults to 32M.
+2253. [func] "max-cache-size" defaults to 32M.
"max-acache-size" defaults to 16M.
-2252. [bug] Fixed errors in sortlist code [RT #17216]
+2252. [bug] Fixed errors in sortlist code [RT #17216]
2251. [placeholder]
@@ -1050,11 +1338,11 @@
memory statistics file should be written or not.
Additionally named's -m option will cause the
statistics file to be written. [RT #17113]
-
-2249. [bug] Only set Authentic Data bit if client requested
- DNSSEC, per RFC 3655 [RT #17175]
-2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+2249. [bug] Only set Authentic Data bit if client requested
+ DNSSEC, per RFC 3655 [RT #17175]
+
+2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2247. [doc] Sort doc/misc/options. [RT #17067]
@@ -1095,11 +1383,11 @@
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
-2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
-
-2233. [func] Add support for O(1) ACL processing, based on
- radix tree code originally written by Kevin
- Brintnall. [RT #16288]
+2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+
+2233. [func] Add support for O(1) ACL processing, based on
+ radix tree code originally written by Kevin
+ Brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
@@ -1120,7 +1408,7 @@
2226. [placeholder]
2225. [bug] More support for systems with no IPv4 addresses.
- [RT #17111]
+ [RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
@@ -1128,7 +1416,7 @@
2223. [bug] Make a new journal when compacting. [RT #17119]
2222. [func] named-checkconf now checks server key references.
- [RT #17097]
+ [RT #17097]
2221. [bug] Set the event result code to reflect the actual
record turned to caller when a cache update is
@@ -1137,7 +1425,7 @@
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
-
+
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
@@ -1147,7 +1435,7 @@
2217. [func] Adjust update log levels. [RT #17092]
2216. [cleanup] Fix a number of errors reported by Coverity.
- [RT #17094]
+ [RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
@@ -1193,7 +1481,7 @@
localhost;) is used.
[RT #16987]
-
+
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2204. [bug] "rndc flushanme name unknown-view" caused named
@@ -1332,7 +1620,7 @@
allow-query-on, allow-recursion-on and
allow-query-cache-on. [RT #16291]
-2164. [bug] The code to determine how named-checkzone /
+2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
@@ -1539,14 +1827,14 @@
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
-
+
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
- listed. [RT #15877]
+ listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
@@ -1950,7 +2238,7 @@
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
-1963. [port] Tru64 4.0E doesn't support send() and recv().
+1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
@@ -1993,7 +2281,7 @@
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
-
+
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
@@ -2015,7 +2303,7 @@
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
-
+
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
@@ -2127,7 +2415,7 @@
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
- treated as read-only. The prototype for
+ treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
@@ -2259,10 +2547,10 @@
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
- named-checkzone has extended checking of NS, MX and
+ named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
- New zone options: check-mx and integrity-check.
+ New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
@@ -2305,9 +2593,9 @@
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
- dns_rbtdb_create()/dns_rbtdb64_create().
+ dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
-
+
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
@@ -2599,7 +2887,7 @@
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
-
+
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
@@ -2617,7 +2905,7 @@
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
-
+
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
@@ -2628,7 +2916,7 @@
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
-
+
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
@@ -2643,7 +2931,7 @@
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
-
+
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
@@ -2820,7 +3108,7 @@
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
-
+
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
@@ -2894,7 +3182,7 @@
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
- implemented).
+ implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
@@ -2924,7 +3212,7 @@
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
-
+
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
@@ -3018,21 +3306,21 @@
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
-1606. [bug] DLV insecurity proof was failing.
+1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
-
+
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
-1601. [bug] Silence spurious warning 'both "recursion no;" and
+1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]
diff --git a/COPYRIGHT b/COPYRIGHT
index 620ee985983c..d95930be8cd5 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.14.176.1 2009/01/05 23:47:22 tbox Exp $
+$Id: COPYRIGHT,v 1.14.176.2 2010/01/07 23:47:36 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
diff --git a/FAQ b/FAQ
index b256ed8b10a3..9e3469ce4ae2 100644
--- a/FAQ
+++ b/FAQ
@@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
-Copyright 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright 2000-2003 Internet Software Consortium.
@@ -784,6 +784,22 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
See these man-pages for more information : selinux(8), named_selinux
(8), chcon(1), setsebool(8)
+Q: I'm running BIND on Ubuntu -
+
+ Why can't named update slave zone database files?
+
+ Why can't named create DDNS journal files or update the master zones
+ from journals?
+
+ Why can't named create custom log files?
+
+A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
+ addition to normal file system permissions to protect the system.
+
+ Adjust the paths to use those specified in /etc/apparmor.d/
+ usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
+ to write at the location specified in named.conf.
+
Q: Listening on individual IPv6 interfaces does not work.
A: This is usually due to "/proc/net/if_inet6" not being available in the
diff --git a/FAQ.xml b/FAQ.xml
index 65e8efc53a27..1d87642f6692 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.46.56.4.12.1 2009/12/31 23:17:56 tbox Exp $ -->
+<!-- $Id: FAQ.xml,v 1.46.56.9 2010/01/20 23:47:43 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@@ -29,6 +29,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -1385,6 +1386,36 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
<qandaentry>
<question>
<para>
+ I'm running BIND on Ubuntu -
+ </para>
+ <para>
+ Why can't named update slave zone database files?
+ </para>
+ <para>
+ Why can't named create DDNS journal files or update
+ the master zones from journals?
+ </para>
+ <para>
+ Why can't named create custom log files?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Ubuntu uses AppArmor <ulink url="http://en.wikipedia.org/wiki/AppArmor">
+ &lt;http://en.wikipedia.org/wiki/AppArmor&gt;</ulink> in
+ addition to normal file system permissions to protect the system.
+ </para>
+ <para>
+ Adjust the paths to use those specified in /etc/apparmor.d/usr.sbin.named
+ or adjust /etc/apparmor.d/usr.sbin.named to allow named to write at the
+ location specified in named.conf.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
Listening on individual IPv6 interfaces does not work.
</para>
</question>
diff --git a/NSEC3-NOTES b/NSEC3-NOTES
index d23b20eefd22..3f8d8f905c00 100644
--- a/NSEC3-NOTES
+++ b/NSEC3-NOTES
@@ -35,7 +35,7 @@ will not be completely signed until named has had time to walk the
zone and generate the NSEC and RRSIG records. Initially the NSEC
record at the zone apex will have the OPT bit set. When the NSEC
chain is complete the OPT bit will be cleared. Additionally when
-the zone is fully signed the private type (default TYPE65535) records
+the zone is fully signed the private type (default TYPE65534) records
will have a non zero value for the final octet.
The private type record has 5 octets.
@@ -45,7 +45,7 @@ The private type record has 5 octets.
complete flag (octet 5)
If you wish to go straight to a secure zone using NSEC3 you should
-also add a NSECPARAM record to the update request with the flags
+also add a NSEC3PARAM record to the update request with the flags
field set to indicate whether the NSEC3 chain will have the OPTOUT
bit set or not.
diff --git a/README b/README
index d15198848024..902d9ed97d21 100644
--- a/README
+++ b/README
@@ -42,6 +42,29 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
+BIND 9.6.2
+
+ BIND 9.6.2 is a maintenance release, fixing bugs in 9.6.1.
+ It also introduces support for the SHA-2 DNSSEC algorithms,
+ RSASHA256 and RSASHA512.
+
+ Known issues in this release:
+
+ - A validating resolver that has been incorrectly configured with
+ an invalid trust anchor will be unable to resolve names covered
+ by that trust anchor. In all current versions of BIND 9, such a
+ resolver will also generate significant unnecessary DNS traffic
+ while trying to validate. The latter problem will be addressed
+ in future BIND 9 releases. In the meantime, to avoid these
+ problems, exercise caution when configuring "trusted-keys":
+ make sure all keys are correct and current when you add them,
+ and update your configuration in a timely manner when keys
+ roll over.
+
+BIND 9.6.1
+
+ BIND 9.6.1 is a maintenance release, fixing bugs in 9.6.0.
+
BIND 9.6.0
BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index 852b13364ec2..072d1cfd7041 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.30 2007/06/20 02:27:32 marka Exp $
+.\" $Id: named-checkconf.8,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 34bec808aaab..8fd1e6df36e5 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.html,v 1.30 2007/06/20 02:27:32 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 5520da348682..dfc409e5e43b 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.42.334.1 2009/01/23 01:53:33 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $
.\"
.hy 0
.ad l
@@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 83b3bbe9acfc..0b49b51afc58 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkzone.c,v 1.51.34.3 2009/05/29 02:17:43 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.51.34.4 2009/11/10 20:01:41 each Exp $ */
/*! \file */
@@ -73,14 +73,16 @@ static enum { progmode_check, progmode_compile } progmode;
static void
usage(void) {
fprintf(stderr,
- "usage: %s [-djqvD] [-c class] [-o output] "
+ "usage: %s [-djqvD] [-c class] "
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
"[-i (full|full-sibling|local|local-sibling|none)] "
"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
"[-W (ignore|warn)] "
- "zonename filename\n", prog_name);
+ "%s zonename filename\n",
+ prog_name,
+ progmode == progmode_check ? "[-o filename]" : "{-o filename}");
exit(1);
}
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index d8634473146e..4abb07fc831a 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.docbook,v 1.34.334.2 2009/01/22 23:47:04 tbox Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.34.334.3 2009/11/10 20:01:41 each Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
@@ -69,7 +69,6 @@
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -99,6 +98,7 @@
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg choice="req">zonename</arg>
<arg choice="req">filename</arg>
</cmdsynopsis>
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 71dc445eaa7e..68a6331ddf37 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.html,v 1.42.334.1 2009/01/23 01:53:33 tbox Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543672"></a><h2>DESCRIPTION</h2>
+<a name="id2543674"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543707"></a><h2>OPTIONS</h2>
+<a name="id2543709"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -239,14 +239,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544328"></a><h2>RETURN VALUES</h2>
+<a name="id2544330"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544340"></a><h2>SEE ALSO</h2>
+<a name="id2544342"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -254,7 +254,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544373"></a><h2>AUTHOR</h2>
+<a name="id2544375"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index f7f4370a59b1..c8704a1d3a27 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.50.44.2 2009/02/03 01:52:10 tbox Exp $
+.\" $Id: dig.1,v 1.50.44.3 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 11b55cc75929..3fd3e75cdbe1 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.45.44.2 2009/02/03 01:52:10 tbox Exp $ -->
+<!-- $Id: dig.html,v 1.45.44.3 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 470261cb2da7..d730c0ee5f34 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.311.70.8 2009/02/25 02:39:21 marka Exp $ */
+/* $Id: dighost.c,v 1.311.70.11 2009/11/10 17:27:13 each Exp $ */
/*! \file
* \note
@@ -1048,7 +1048,9 @@ setup_system(void) {
debug("ndots is %d.", ndots);
}
- copy_server_list(lwconf, &server_list);
+ /* If user doesn't specify server use nameservers from resolv.conf. */
+ if (ISC_LIST_EMPTY(server_list))
+ copy_server_list(lwconf, &server_list);
/* If we don't find a nameserver fall back to localhost */
if (ISC_LIST_EMPTY(server_list)) {
@@ -2397,11 +2399,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
if (!l->tcp_mode)
send_udp(ISC_LIST_NEXT(cq, link));
else {
- isc_socket_cancel(query->sock, NULL,
- ISC_SOCKCANCEL_ALL);
- isc_socket_detach(&query->sock);
- sockcount--;
- debug("sockcount=%d", sockcount);
+ if (query->sock != NULL)
+ isc_socket_cancel(query->sock, NULL,
+ ISC_SOCKCANCEL_ALL);
send_tcp_connect(ISC_LIST_NEXT(cq, link));
}
UNLOCK_LOOKUP;
@@ -2605,8 +2605,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
if (sevent->result == ISC_R_CANCELED) {
debug("in cancel handler");
isc_socket_detach(&query->sock);
+ INSIST(sockcount > 0);
sockcount--;
- INSIST(sockcount >= 0);
debug("sockcount=%d", sockcount);
query->waiting_connect = ISC_FALSE;
isc_event_free(&event);
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index eebdad8fe80f..c538ae3d6249 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.29.114.1 2009/01/23 01:53:33 tbox Exp $
+.\" $Id: host.1,v 1.29.114.2 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/dig/host.c b/bin/dig/host.c
index 9f302068adf3..8cd5b3db29a8 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.116.216.2 2009/05/06 23:47:18 tbox Exp $ */
+/* $Id: host.c,v 1.116.216.3 2009/09/08 23:28:20 marka Exp $ */
/*! \file */
@@ -839,11 +839,10 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
} else {
strncpy(lookup->textname, hostname, sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
+ usesearch = ISC_TRUE;
}
lookup->new_search = ISC_TRUE;
ISC_LIST_APPEND(lookup_list, lookup, link);
-
- usesearch = ISC_TRUE;
}
int
diff --git a/bin/dig/host.html b/bin/dig/host.html
index f21073174ba8..3928c93e7649 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.28.114.1 2009/01/23 01:53:33 tbox Exp $ -->
+<!-- $Id: host.html,v 1.28.114.2 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index 2d195345e6f2..68b419ae59b3 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,6 +1,6 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.14 2007/05/16 06:12:01 marka Exp $
+.\" $Id: nslookup.1,v 1.14.354.1 2009/07/11 01:55:20 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 56796268d90f..000f54e9b637 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.117.334.4 2009/05/06 11:41:57 fdupont Exp $ */
+/* $Id: nslookup.c,v 1.117.334.5 2009/10/20 01:11:22 marka Exp $ */
#include <config.h>
@@ -373,6 +373,7 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
printrdata(&rdata);
}
dns_rdata_reset(&rdata);
+ printf("\tttl = %u\n", rdataset->ttl);
loopresult = dns_rdataset_next(rdataset);
}
}
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index 0f3817653c01..3984a16b8a22 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,7 +1,7 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.html,v 1.21 2007/05/16 06:12:01 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.21.354.1 2009/07/11 01:55:20 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index 653aa3ea7a5a..8bd4aa566e35 100644
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-dsfromkey.c,v 1.2.14.3 2009/03/02 02:54:15 marka Exp $ */
+/* $Id: dnssec-dsfromkey.c,v 1.2.14.6 2010/01/11 23:47:22 tbox Exp $ */
/*! \file */
@@ -78,10 +78,18 @@ loadkeys(char *dirname, char *setname)
isc_buffer_init(&buf, filename, sizeof(filename));
if (dirname != NULL) {
+ if (isc_buffer_availablelength(&buf) < strlen(dirname))
+ fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, dirname);
- if (dirname[strlen(dirname) - 1] != '/')
+ if (dirname[strlen(dirname) - 1] != '/') {
+ if (isc_buffer_availablelength(&buf) < 1)
+ fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, "/");
+ }
}
+
+ if (isc_buffer_availablelength(&buf) < strlen("keyset-"))
+ fatal("directory name '%s' too long", dirname);
isc_buffer_putstr(&buf, "keyset-");
result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
check_result(result, "dns_name_tofilenametext()");
@@ -210,12 +218,12 @@ emitds(unsigned int dtype, dns_rdata_t *rdata)
putchar(' ');
isc_buffer_usedregion(&classb, &r);
- fwrite(r.base, 1, r.length, stdout);
+ isc_util_fwrite(r.base, 1, r.length, stdout);
printf(" DS ");
isc_buffer_usedregion(&textb, &r);
- fwrite(r.base, 1, r.length, stdout);
+ isc_util_fwrite(r.base, 1, r.length, stdout);
putchar('\n');
}
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
index 622205820db0..03f13e9d30ad 100644
--- a/bin/dnssec/dnssec-keyfromlabel.8
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -1,6 +1,6 @@
-.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.6 2008/11/08 01:11:47 tbox Exp $
+.\" $Id: dnssec-keyfromlabel.8,v 1.6.14.3 2010/01/16 01:55:32 tbox Exp $
.\"
.hy 0
.ad l
@@ -43,7 +43,13 @@ gets keys with the given label from a crypto hardware and builds key files for D
.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
-must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman). These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or DH (Diffie Hellman). These values are case insensitive.
+.sp
+If no algorithm is specified, then RSASHA1 will be used by default, unless the
+\fB\-3\fR
+option is specified, in which case NSEC3RSASHA1 will be used instead. (If
+\fB\-3\fR
+is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
.sp
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
.sp
@@ -138,12 +144,10 @@ file contains algorithm specific fields. For obvious security reasons, this file
\fBdnssec\-keygen\fR(8),
\fBdnssec\-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 2539,
-RFC 2845,
-RFC 4033.
+RFC 4034.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index e7587c39663d..78bfda315398 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keyfromlabel.c,v 1.4 2008/09/24 02:46:21 marka Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.4.50.2 2010/01/15 23:47:31 tbox Exp $ */
/*! \file */
@@ -48,7 +48,8 @@ const char *program = "dnssec-keyfromlabel";
int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
- " NSEC3DSA | NSEC3RSASHA1";
+ " NSEC3DSA | NSEC3RSASHA1 |"
+ " RSASHA256 | RSASHA512";
static void
usage(void) {
diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook
index 2bcf0a48da4a..f2ab15298331 100644
--- a/bin/dnssec/dnssec-keyfromlabel.docbook
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6.14.2 2010/01/15 23:47:31 tbox Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
@@ -37,6 +37,7 @@
<docinfo>
<copyright>
<year>2008</year>
+ <year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -75,11 +76,19 @@
<listitem>
<para>
Selects the cryptographic algorithm. The value of
- <option>algorithm</option> must be one of RSAMD5 (RSA)
- or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
+ <option>algorithm</option> must be one of RSAMD5,
+ RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
+ RSASHA512 or DH (Diffie Hellman).
These values are case insensitive.
</para>
<para>
+ If no algorithm is specified, then RSASHA1 will be used by
+ default, unless the <option>-3</option> option is specified,
+ in which case NSEC3RSASHA1 will be used instead. (If
+ <option>-3</option> is used and an algorithm is specified,
+ that algorithm will be checked for compatibility with NSEC3.)
+ </para>
+ <para>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
algorithm, and DSA is recommended.
</para>
@@ -246,9 +255,7 @@
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
- <citetitle>RFC 2539</citetitle>,
- <citetitle>RFC 2845</citetitle>,
- <citetitle>RFC 4033</citetitle>.
+ <citetitle>RFC 4034</citetitle>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
index cbea64b8d75f..1aafccd97c1a 100644
--- a/bin/dnssec/dnssec-keyfromlabel.html
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -1,7 +1,7 @@
<!--
- - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.5 2008/10/15 01:11:35 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010/01/16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543413"></a><h2>DESCRIPTION</h2>
+<a name="id2543416"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -39,17 +39,25 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543425"></a><h2>OPTIONS</h2>
+<a name="id2543428"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
- <code class="option">algorithm</code> must be one of RSAMD5 (RSA)
- or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
+ <code class="option">algorithm</code> must be one of RSAMD5,
+ RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
+ RSASHA512 or DH (Diffie Hellman).
These values are case insensitive.
</p>
<p>
+ If no algorithm is specified, then RSASHA1 will be used by
+ default, unless the <code class="option">-3</code> option is specified,
+ in which case NSEC3RSASHA1 will be used instead. (If
+ <code class="option">-3</code> is used and an algorithm is specified,
+ that algorithm will be checked for compatibility with NSEC3.)
+ </p>
+<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
algorithm, and DSA is recommended.
</p>
@@ -112,7 +120,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543619"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2543632"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -153,17 +161,15 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543691"></a><h2>SEE ALSO</h2>
+<a name="id2543704"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 2539</em>,
- <em class="citetitle">RFC 2845</em>,
- <em class="citetitle">RFC 4033</em>.
+ <em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543731"></a><h2>AUTHOR</h2>
+<a name="id2543737"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 13db3d9db149..485ea6ef2442 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.40 2008/10/15 01:11:35 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.40.44.4 2010/01/16 01:55:32 tbox Exp $
.\"
.hy 0
.ad l
@@ -38,13 +38,17 @@ dnssec\-keygen \- DNSSEC key generation tool
.PP
\fBdnssec\-keygen\fR
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
+.PP
+The
+\fBname\fR
+of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
-Selects the cryptographic algorithm. The value of
+Selects the cryptographic algorithm. For DNSSEC keys, the value of
\fBalgorithm\fR
-must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
.sp
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
.sp
@@ -53,7 +57,7 @@ Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
.PP
\-b \fIkeysize\fR
.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
.RE
.PP
\-n \fInametype\fR
@@ -189,12 +193,12 @@ and
BIND 9 Administrator Reference Manual,
RFC 2539,
RFC 2845,
-RFC 4033.
+RFC 4034.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 614d388eb7e2..2b9a863b7d46 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.81 2008/09/25 04:02:38 tbox Exp $ */
+/* $Id: dnssec-keygen.c,v 1.81.48.2 2010/01/15 23:47:31 tbox Exp $ */
/*! \file */
@@ -62,8 +62,8 @@
const char *program = "dnssec-keygen";
int verbose;
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | NSEC3DSA |"
- " NSEC3RSASHA1 | HMAC-MD5 |"
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | RSASHA256 |"
+ " RSASHA512 | NSEC3DSA | NSEC3RSASHA1 | HMAC-MD5 |"
" HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |"
" HMAC-SHA384 | HMAC-SHA512";
@@ -84,6 +84,8 @@ usage(void) {
fprintf(stderr, " RSAMD5:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA1:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " NSEC3RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n");
fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
fprintf(stderr, " NSEC3DSA:\t\t[512..1024] and divisible by 64\n");
@@ -307,9 +309,14 @@ main(int argc, char **argv) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1:
+ case DNS_KEYALG_RSASHA256:
if (size != 0 && (size < 512 || size > MAX_RSA))
fatal("RSA key size %d out of range", size);
break;
+ case DNS_KEYALG_RSASHA512:
+ if (size != 0 && (size < 1024 || size > MAX_RSA))
+ fatal("RSA key size %d out of range", size);
+ break;
case DNS_KEYALG_DH:
if (size != 0 && (size < 128 || size > 4096))
fatal("DH key size %d out of range", size);
@@ -376,7 +383,8 @@ main(int argc, char **argv) {
}
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
- alg == DNS_KEYALG_NSEC3RSASHA1) && rsa_exp != 0)
+ alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
+ alg == DNS_KEYALG_RSASHA512) && rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
if (alg != DNS_KEYALG_DH && generator != 0)
@@ -440,12 +448,16 @@ main(int argc, char **argv) {
switch(alg) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
+ case DNS_KEYALG_NSEC3RSASHA1:
+ case DNS_KEYALG_RSASHA256:
+ case DNS_KEYALG_RSASHA512:
param = rsa_exp;
break;
case DNS_KEYALG_DH:
param = generator;
break;
case DNS_KEYALG_DSA:
+ case DNS_KEYALG_NSEC3DSA:
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index c267a1b4c25f..92ef9b9afc57 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.22 2008/10/14 14:32:50 jreed Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.22.44.4 2010/01/15 23:47:33 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@@ -41,6 +41,8 @@
<year>2005</year>
<year>2007</year>
<year>2008</year>
+ <year>2009</year>
+ <year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -80,6 +82,11 @@
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</para>
+ <para>
+ The <option>name</option> of the key is specified on the command
+ line. For DNSSEC keys, this must match the name of the zone for
+ which the key is being generated.
+ </para>
</refsect1>
<refsect1>
@@ -90,10 +97,13 @@
<term>-a <replaceable class="parameter">algorithm</replaceable></term>
<listitem>
<para>
- Selects the cryptographic algorithm. The value of
- <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
- These values are case insensitive.
+ Selects the cryptographic algorithm. For DNSSEC keys, the value
+ of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+ For TSIG/TKEY, the value must
+ be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
+ HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
+ case insensitive.
</para>
<para>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
@@ -111,11 +121,10 @@
<listitem>
<para>
Specifies the number of bits in the key. The choice of key
- size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
- between
- 512 and 2048 bits. Diffie Hellman keys must be between
+ size depends on the algorithm used. RSA keys must be
+ between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
- bits and an exact multiple of 64. HMAC-MD5 keys must be
+ bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
</para>
</listitem>
@@ -343,7 +352,7 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2539</citetitle>,
<citetitle>RFC 2845</citetitle>,
- <citetitle>RFC 4033</citetitle>.
+ <citetitle>RFC 4034</citetitle>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 696ef88c3701..fccec6f684c8 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.32 2008/10/15 01:11:35 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.32.44.4 2010/01/16 01:55:32 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,23 +32,31 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543477"></a><h2>DESCRIPTION</h2>
+<a name="id2543483"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</p>
+<p>
+ The <code class="option">name</code> of the key is specified on the command
+ line. For DNSSEC keys, this must match the name of the zone for
+ which the key is being generated.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543489"></a><h2>OPTIONS</h2>
+<a name="id2543501"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
- Selects the cryptographic algorithm. The value of
- <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
- These values are case insensitive.
+ Selects the cryptographic algorithm. For DNSSEC keys, the value
+ of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+ For TSIG/TKEY, the value must
+ be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
+ HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
+ case insensitive.
</p>
<p>
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
@@ -62,11 +70,10 @@
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd><p>
Specifies the number of bits in the key. The choice of key
- size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
- between
- 512 and 2048 bits. Diffie Hellman keys must be between
+ size depends on the algorithm used. RSA keys must be
+ between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
- bits and an exact multiple of 64. HMAC-MD5 keys must be
+ bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
@@ -148,7 +155,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543824"></a><h2>GENERATED KEYS</h2>
+<a name="id2543836"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -194,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543906"></a><h2>EXAMPLE</h2>
+<a name="id2543918"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -215,16 +222,16 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543949"></a><h2>SEE ALSO</h2>
+<a name="id2544030"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
- <em class="citetitle">RFC 4033</em>.
+ <em class="citetitle">RFC 4034</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544049"></a><h2>AUTHOR</h2>
+<a name="id2544061"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index 1e779271c346..7b21fb64ce34 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.47.44.4.8.1 2009/12/31 23:17:46 tbox Exp $
+.\" $Id: dnssec-signzone.8,v 1.47.44.8 2009/11/07 01:56:11 tbox Exp $
.\"
.hy 0
.ad l
@@ -33,13 +33,15 @@
dnssec\-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
.HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
-signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
-\fIkeyset\fR
-file for each child zone.
+signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. It also generates a
+\fIkeyset\-\fR
+file containing the key\-signing keys for the zone, and if signing a zone which contains delegations, it can optionally generate DS records for the child zones from their
+\fIkeyset\-\fR
+files.
.SH "OPTIONS"
.PP
\-a
@@ -73,7 +75,9 @@ as the directory
.PP
\-g
.RS 4
-Generate DS records for child zones from keyset files. Existing DS records will be removed.
+If the zone contains any delegations, and there are
+\fIkeyset\-\fR
+files for any of the child zones, then DS records for the child zones will be generated from the keys in those files. Existing DS records will be removed.
.RE
.PP
\-s \fIstart\-time\fR
@@ -186,6 +190,13 @@ The format of the output file containing the signed zone. Possible formats are
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
.RE
.PP
+\-P
+.RS 4
+Disable post sign verification tests.
+.sp
+The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
+.RE
+.PP
\-r \fIrandomdev\fR
.RS 4
Specifies the source of randomness. If the operating system does not provide a
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 2ef2e104902e..eec6110ac58e 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.209.12.8 2009/06/08 22:23:06 each Exp $ */
+/* $Id: dnssec-signzone.c,v 1.209.12.18 2009/11/03 23:47:45 tbox Exp $ */
/*! \file */
@@ -51,6 +51,7 @@
#include <isc/os.h>
#include <isc/print.h>
#include <isc/random.h>
+#include <isc/rwlock.h>
#include <isc/serial.h>
#include <isc/stdio.h>
#include <isc/stdlib.h>
@@ -106,6 +107,8 @@ struct signer_key_struct {
isc_boolean_t issigningkey;
isc_boolean_t isdsk;
isc_boolean_t isksk;
+ isc_boolean_t wasused;
+ isc_boolean_t commandline;
unsigned int position;
ISC_LINK(signer_key_t) link;
};
@@ -127,6 +130,7 @@ struct signer_event {
static ISC_LIST(signer_key_t) keylist;
static unsigned int keycount = 0;
+isc_rwlock_t keylist_lock;
static isc_stdtime_t starttime = 0, endtime = 0, now;
static int cycle = -1;
static int jitter = 0;
@@ -164,6 +168,7 @@ static dns_master_style_t *dsstyle = NULL;
static unsigned int serialformat = SOA_SERIAL_KEEP;
static unsigned int hash_length = 0;
static isc_boolean_t unknownalg = ISC_FALSE;
+static isc_boolean_t disable_zone_check = ISC_FALSE;
#define INCSTAT(counter) \
if (printstats) { \
@@ -175,8 +180,9 @@ static isc_boolean_t unknownalg = ISC_FALSE;
static void
sign(isc_task_t *task, isc_event_t *event);
-static isc_boolean_t
-nsec3only(dns_dbnode_t *node);
+#define check_dns_dbiterator_current(result) \
+ check_result((result == DNS_R_NEWORIGIN) ? ISC_R_SUCCESS : result, \
+ "dns_dbiterator_current()")
static void
dumpnode(dns_name_t *name, dns_dbnode_t *node) {
@@ -206,21 +212,37 @@ newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) {
key->isksk = ISC_FALSE;
key->isdsk = ISC_TRUE;
}
+ key->wasused = ISC_FALSE;
+ key->commandline = ISC_FALSE;
key->position = keycount++;
ISC_LINK_INIT(key, link);
return (key);
}
+/*%
+ * Sign the given RRset with given key, and add the signature record to the
+ * given tuple.
+ */
+
static void
-signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
- dst_key_t *key, isc_buffer_t *b)
+signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key,
+ dns_ttl_t ttl, dns_diff_t *add, const char *logmsg)
{
isc_result_t result;
isc_stdtime_t jendtime;
+ char keystr[KEY_FORMATSIZE];
+ dns_rdata_t trdata = DNS_RDATA_INIT;
+ unsigned char array[BUFSIZE];
+ isc_buffer_t b;
+ dns_difftuple_t *tuple;
+
+ key_format(key, keystr, sizeof(keystr));
+ vbprintf(1, "\t%s %s\n", logmsg, keystr);
jendtime = (jitter != 0) ? isc_random_jitter(endtime, jitter) : endtime;
+ isc_buffer_init(&b, array, sizeof(array));
result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime,
- mctx, b, rdata);
+ mctx, &b, &trdata);
isc_entropy_stopcallbacksources(ectx);
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
@@ -232,7 +254,7 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
if (tryverify) {
result = dns_dnssec_verify(name, rdataset, key,
- ISC_TRUE, mctx, rdata);
+ ISC_TRUE, mctx, &trdata);
if (result == ISC_R_SUCCESS) {
vbprintf(3, "\tsignature verified\n");
INCSTAT(nverified);
@@ -241,6 +263,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
INCSTAT(nverifyfailed);
}
}
+
+ tuple = NULL;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, ttl, &trdata,
+ &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(add, &tuple);
}
static inline isc_boolean_t
@@ -255,13 +283,11 @@ iszonekey(signer_key_t *key) {
}
/*%
- * Finds the key that generated a RRSIG, if possible. First look at the keys
- * that we've loaded already, and then see if there's a key on disk.
+ * Find the key if it is in our list. If it is, return it, otherwise null.
+ * No locking is performed here, this must be done by the caller.
*/
static signer_key_t *
-keythatsigned(dns_rdata_rrsig_t *rrsig) {
- isc_result_t result;
- dst_key_t *pubkey = NULL, *privkey = NULL;
+keythatsigned_unlocked(dns_rdata_rrsig_t *rrsig) {
signer_key_t *key;
key = ISC_LIST_HEAD(keylist);
@@ -269,15 +295,50 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) {
if (rrsig->keyid == dst_key_id(key->key) &&
rrsig->algorithm == dst_key_alg(key->key) &&
dns_name_equal(&rrsig->signer, dst_key_name(key->key)))
- return key;
+ return (key);
key = ISC_LIST_NEXT(key, link);
}
+ return (NULL);
+}
+
+/*%
+ * Finds the key that generated a RRSIG, if possible. First look at the keys
+ * that we've loaded already, and then see if there's a key on disk.
+ */
+static signer_key_t *
+keythatsigned(dns_rdata_rrsig_t *rrsig) {
+ isc_result_t result;
+ dst_key_t *pubkey = NULL, *privkey = NULL;
+ signer_key_t *key;
+
+ isc_rwlock_lock(&keylist_lock, isc_rwlocktype_read);
+ key = keythatsigned_unlocked(rrsig);
+ isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_read);
+ if (key != NULL)
+ return (key);
+
+ /*
+ * We did not find the key in our list. Get a write lock now, since
+ * we may be modifying the bits. We could do the tryupgrade() dance,
+ * but instead just get a write lock and check once again to see if
+ * it is on our list. It's possible someone else may have added it
+ * after all.
+ */
+ isc_rwlock_lock(&keylist_lock, isc_rwlocktype_write);
+
+ key = keythatsigned_unlocked(rrsig);
+ if (key != NULL) {
+ isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
+ return (key);
+ }
result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
rrsig->algorithm, DST_TYPE_PUBLIC,
NULL, mctx, &pubkey);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
+ isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
return (NULL);
+ }
result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
rrsig->algorithm,
@@ -289,6 +350,8 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) {
} else
key = newkeystruct(pubkey, ISC_FALSE);
ISC_LIST_APPEND(keylist, key, link);
+
+ isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
return (key);
}
@@ -438,6 +501,7 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
keep = ISC_TRUE;
wassignedby[key->position] = ISC_TRUE;
nowsignedby[key->position] = ISC_TRUE;
+ key->wasused = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
sigstr,
@@ -453,6 +517,7 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
keep = ISC_TRUE;
wassignedby[key->position] = ISC_TRUE;
nowsignedby[key->position] = ISC_TRUE;
+ key->wasused = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
sigstr,
@@ -499,24 +564,12 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
}
if (resign) {
- isc_buffer_t b;
- dns_rdata_t trdata = DNS_RDATA_INIT;
- unsigned char array[BUFSIZE];
- char keystr[KEY_FORMATSIZE];
-
INSIST(!keep);
- key_format(key->key, keystr, sizeof(keystr));
- vbprintf(1, "\tresigning with dnskey %s\n", keystr);
- isc_buffer_init(&b, array, sizeof(array));
- signwithkey(name, set, &trdata, key->key, &b);
+ signwithkey(name, set, key->key, ttl, add,
+ "resigning with dnskey");
nowsignedby[key->position] = ISC_TRUE;
- tuple = NULL;
- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
- name, ttl, &trdata,
- &tuple);
- check_result(result, "dns_difftuple_create");
- dns_diff_append(add, &tuple);
+ key->wasused = ISC_TRUE;
}
dns_rdata_reset(&sigrdata);
@@ -534,11 +587,6 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
key != NULL;
key = ISC_LIST_NEXT(key, link))
{
- isc_buffer_t b;
- dns_rdata_t trdata;
- unsigned char array[BUFSIZE];
- char keystr[KEY_FORMATSIZE];
-
if (nowsignedby[key->position])
continue;
@@ -550,16 +598,9 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
dns_name_equal(name, gorigin))))
continue;
- key_format(key->key, keystr, sizeof(keystr));
- vbprintf(1, "\tsigning with dnskey %s\n", keystr);
- dns_rdata_init(&trdata);
- isc_buffer_init(&b, array, sizeof(array));
- signwithkey(name, set, &trdata, key->key, &b);
- tuple = NULL;
- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
- ttl, &trdata, &tuple);
- check_result(result, "dns_difftuple_create");
- dns_diff_append(add, &tuple);
+ signwithkey(name, set, key->key, ttl, add,
+ "signing with dnskey");
+ key->wasused = ISC_TRUE;
}
isc_mem_put(mctx, wassignedby, arraysize * sizeof(isc_boolean_t));
@@ -787,8 +828,8 @@ loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) {
return (DNS_R_BADDB);
}
dns_rdataset_init(&keyset);
- result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
- &keyset, NULL);
+ result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0,
+ 0, &keyset, NULL);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(db, &node);
dns_db_detach(&db);
@@ -1021,6 +1062,20 @@ active_node(dns_dbnode_t *node) {
type = rdataset.type;
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
+ /*
+ * Delete the NSEC chain if we are signing with
+ * NSEC3.
+ */
+ if (nsec_datatype == dns_rdatatype_nsec3 &&
+ (type == dns_rdatatype_nsec ||
+ covers == dns_rdatatype_nsec)) {
+ result = dns_db_deleterdataset(gdb, node,
+ gversion, type,
+ covers);
+ check_result(result,
+ "dns_db_deleterdataset(nsec/rrsig)");
+ continue;
+ }
if (type != dns_rdatatype_rrsig)
continue;
found = ISC_FALSE;
@@ -1050,32 +1105,6 @@ active_node(dns_dbnode_t *node) {
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
dns_rdatasetiter_destroy(&rdsiter2);
-
-#if 0
- /*
- * Delete all NSEC records and RRSIG(NSEC) if we are in
- * NSEC3 mode and vica versa.
- */
- for (result = dns_rdatasetiter_first(rdsiter2);
- result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter2)) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- type = rdataset.type;
- covers = rdataset.covers;
- if (type == dns_rdatatype_rrsig)
- type = covers;
- dns_rdataset_disassociate(&rdataset);
- if (type == nsec_datatype ||
- (type != dns_rdatatype_nsec &&
- type != dns_rdatatype_nsec3))
- continue;
- if (covers != 0)
- type = dns_rdatatype_rrsig;
- result = dns_db_deleterdataset(gdb, node, gversion,
- type, covers);
- check_result(result, "dns_db_deleterdataset()");
- }
-#endif
}
dns_rdatasetiter_destroy(&rdsiter);
@@ -1198,7 +1227,7 @@ cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
dns_rdataset_t set;
isc_result_t result, dresult;
- if (outputformat != dns_masterformat_text)
+ if (outputformat != dns_masterformat_text || !disable_zone_check)
return;
dns_rdataset_init(&set);
@@ -1248,6 +1277,424 @@ postsign(void) {
dns_dbiterator_destroy(&gdbiter);
}
+static isc_boolean_t
+goodsig(dns_rdata_t *sigrdata, dns_name_t *name, dns_rdataset_t *keyrdataset,
+ dns_rdataset_t *rdataset)
+{
+ dns_rdata_dnskey_t key;
+ dns_rdata_rrsig_t sig;
+ dst_key_t *dstkey = NULL;
+ isc_result_t result;
+
+ dns_rdata_tostruct(sigrdata, &sig, NULL);
+
+ for (result = dns_rdataset_first(keyrdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(keyrdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_current(keyrdataset, &rdata);
+ dns_rdata_tostruct(&rdata, &key, NULL);
+ result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,
+ &dstkey);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_FALSE);
+ if (sig.algorithm != key.algorithm ||
+ sig.keyid != dst_key_id(dstkey) ||
+ !dns_name_equal(&sig.signer, gorigin)) {
+ dst_key_free(&dstkey);
+ continue;
+ }
+ result = dns_dnssec_verify(name, rdataset, dstkey, ISC_FALSE,
+ mctx, sigrdata);
+ dst_key_free(&dstkey);
+ if (result == ISC_R_SUCCESS)
+ return(ISC_TRUE);
+ }
+ return (ISC_FALSE);
+}
+
+static void
+verifyset(dns_rdataset_t *rdataset, dns_name_t *name, dns_dbnode_t *node,
+ dns_rdataset_t *keyrdataset, unsigned char *ksk_algorithms,
+ unsigned char *bad_algorithms)
+{
+ unsigned char set_algorithms[256];
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char algbuf[80];
+ char typebuf[80];
+ dns_rdataset_t sigrdataset;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ isc_result_t result;
+ int i;
+
+ dns_rdataset_init(&sigrdataset);
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &sigrdataset);
+ if (sigrdataset.type == dns_rdatatype_rrsig &&
+ sigrdataset.covers == rdataset->type)
+ break;
+ dns_rdataset_disassociate(&sigrdataset);
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ type_format(rdataset->type, typebuf, sizeof(typebuf));
+ fprintf(stderr, "no signatures for %s/%s\n", namebuf, typebuf);
+ for (i = 0; i < 256; i++)
+ if (ksk_algorithms[i] != 0)
+ bad_algorithms[i] = 1;
+ return;
+ }
+
+ memset(set_algorithms, 0, sizeof(set_algorithms));
+ for (result = dns_rdataset_first(&sigrdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&sigrdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_rrsig_t sig;
+
+ dns_rdataset_current(&sigrdataset, &rdata);
+ dns_rdata_tostruct(&rdata, &sig, NULL);
+ if ((set_algorithms[sig.algorithm] != 0) ||
+ (ksk_algorithms[sig.algorithm] == 0))
+ continue;
+ if (goodsig(&rdata, name, keyrdataset, rdataset))
+ set_algorithms[sig.algorithm] = 1;
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ if (memcmp(set_algorithms, ksk_algorithms, sizeof(set_algorithms))) {
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ type_format(rdataset->type, typebuf, sizeof(typebuf));
+ for (i = 0; i < 256; i++)
+ if ((ksk_algorithms[i] != 0) &&
+ (set_algorithms[i] == 0)) {
+ alg_format(i, algbuf, sizeof(algbuf));
+ fprintf(stderr, "Missing %s signature for "
+ "%s %s\n", algbuf, namebuf, typebuf);
+ bad_algorithms[i] = 1;
+ }
+ }
+ dns_rdataset_disassociate(&sigrdataset);
+}
+
+static void
+verifynode(dns_name_t *name, dns_dbnode_t *node, isc_boolean_t delegation,
+ dns_rdataset_t *keyrdataset, unsigned char *ksk_algorithms,
+ unsigned char *bad_algorithms)
+{
+ dns_rdataset_t rdataset;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ isc_result_t result;
+
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ result = dns_rdatasetiter_first(rdsiter);
+ dns_rdataset_init(&rdataset);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ if (rdataset.type != dns_rdatatype_rrsig &&
+ rdataset.type != dns_rdatatype_dnskey &&
+ (!delegation || rdataset.type == dns_rdatatype_ds ||
+ rdataset.type == dns_rdatatype_nsec)) {
+ verifyset(&rdataset, name, node, keyrdataset,
+ ksk_algorithms, bad_algorithms);
+ }
+ dns_rdataset_disassociate(&rdataset);
+ result = dns_rdatasetiter_next(rdsiter);
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ dns_rdatasetiter_destroy(&rdsiter);
+}
+
+/*%
+ * Verify that certain things are sane:
+ *
+ * The apex has a DNSKEY record with at least one KSK and at least
+ * one ZSK.
+ *
+ * The DNSKEY record was signed with at least one of the KSKs in this
+ * set.
+ *
+ * The rest of the zone was signed with at least one of the ZSKs
+ * present in the DNSKEY RRSET.
+ */
+static void
+verifyzone(void) {
+ char algbuf[80];
+ dns_dbiterator_t *dbiter = NULL;
+ dns_dbnode_t *node = NULL, *nextnode = NULL;
+ dns_fixedname_t fname, fnextname, fzonecut;
+ dns_name_t *name, *nextname, *zonecut;
+ dns_rdata_dnskey_t dnskey;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_t rdataset;
+ dns_rdataset_t sigrdataset;
+ int i;
+ isc_boolean_t done = ISC_FALSE;
+ isc_boolean_t first = ISC_TRUE;
+ isc_boolean_t goodksk = ISC_FALSE;
+ isc_boolean_t goodzsk = ISC_FALSE;
+ isc_result_t result;
+ unsigned char revoked[256];
+ unsigned char standby[256];
+ unsigned char ksk_algorithms[256];
+ unsigned char zsk_algorithms[256];
+ unsigned char bad_algorithms[256];
+#ifdef ALLOW_KSKLESS_ZONES
+ isc_boolean_t allzsksigned = ISC_TRUE;
+ unsigned char self_algorithms[256];
+#endif
+
+ if (disable_zone_check)
+ return;
+
+ result = dns_db_findnode(gdb, gorigin, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find the zone's origin: %s",
+ isc_result_totext(result));
+
+ dns_rdataset_init(&rdataset);
+ dns_rdataset_init(&sigrdataset);
+ result = dns_db_findrdataset(gdb, node, gversion,
+ dns_rdatatype_dnskey,
+ 0, 0, &rdataset, &sigrdataset);
+ dns_db_detachnode(gdb, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("cannot find DNSKEY rrset\n");
+
+ if (!dns_rdataset_isassociated(&sigrdataset))
+ fatal("cannot find DNSKEY RRSIGs\n");
+
+ memset(revoked, 0, sizeof(revoked));
+ memset(standby, 0, sizeof(revoked));
+ memset(ksk_algorithms, 0, sizeof(ksk_algorithms));
+ memset(zsk_algorithms, 0, sizeof(zsk_algorithms));
+ memset(bad_algorithms, 0, sizeof(bad_algorithms));
+#ifdef ALLOW_KSKLESS_ZONES
+ memset(self_algorithms, 0, sizeof(self_algorithms));
+#endif
+
+ /*
+ * Check that the DNSKEY RR has at least one self signing KSK and
+ * one ZSK per algorithm in it.
+ */
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdataset_current(&rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
+ if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0)
+ ;
+ else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
+ if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
+ !dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
+ &sigrdataset, ISC_FALSE,
+ mctx)) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char buffer[1024];
+ isc_buffer_t buf;
+
+ dns_name_format(gorigin, namebuf,
+ sizeof(namebuf));
+ isc_buffer_init(&buf, buffer, sizeof(buffer));
+ result = dns_rdata_totext(&rdata, NULL, &buf);
+ check_result(result, "dns_rdata_totext");
+ fatal("revoked KSK is not self signed:\n"
+ "%s DNSKEY %.*s", namebuf,
+ (int)isc_buffer_usedlength(&buf), buffer);
+ }
+ if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
+ revoked[dnskey.algorithm] != 255)
+ revoked[dnskey.algorithm]++;
+ } else if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0) {
+ if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
+ &sigrdataset, ISC_FALSE, mctx)) {
+ if (ksk_algorithms[dnskey.algorithm] != 255)
+ ksk_algorithms[dnskey.algorithm]++;
+ goodksk = ISC_TRUE;
+ } else {
+ if (standby[dnskey.algorithm] != 255)
+ standby[dnskey.algorithm]++;
+ }
+ } else if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
+ &sigrdataset, ISC_FALSE,
+ mctx)) {
+#ifdef ALLOW_KSKLESS_ZONES
+ if (self_algorithms[dnskey.algorithm] != 255)
+ self_algorithms[dnskey.algorithm]++;
+#endif
+ if (zsk_algorithms[dnskey.algorithm] != 255)
+ zsk_algorithms[dnskey.algorithm]++;
+ goodzsk = ISC_TRUE;
+ } else {
+ if (zsk_algorithms[dnskey.algorithm] != 255)
+ zsk_algorithms[dnskey.algorithm]++;
+#ifdef ALLOW_KSKLESS_ZONES
+ allzsksigned = ISC_FALSE;
+#endif
+ }
+ dns_rdata_freestruct(&dnskey);
+ dns_rdata_reset(&rdata);
+ }
+ dns_rdataset_disassociate(&sigrdataset);
+
+ if (!goodksk) {
+#ifdef ALLOW_KSKLESS_ZONES
+ if (!goodzsk)
+ fatal("no self signing keys found");
+ fprintf(stderr, "No self signing KSK found. Using self signed "
+ "ZSK's for active algorithm list.\n");
+ memcpy(ksk_algorithms, self_algorithms, sizeof(ksk_algorithms));
+ if (!allzsksigned)
+ fprintf(stderr, "warning: not all ZSK's are self "
+ "signed.\n");
+#else
+ fatal("no self signed KSK's found");
+#endif
+ }
+
+ fprintf(stderr, "Verifying the zone using the following algorithms:");
+ for (i = 0; i < 256; i++) {
+ if (ksk_algorithms[i] != 0) {
+ alg_format(i, algbuf, sizeof(algbuf));
+ fprintf(stderr, " %s", algbuf);
+ }
+ }
+ fprintf(stderr, ".\n");
+
+ for (i = 0; i < 256; i++) {
+ /*
+ * The counts should both be zero or both be non-zero.
+ * Mark the algorithm as bad if this is not met.
+ */
+ if ((ksk_algorithms[i] != 0) == (zsk_algorithms[i] != 0))
+ continue;
+ alg_format(i, algbuf, sizeof(algbuf));
+ fprintf(stderr, "Missing %s for algorithm %s\n",
+ (ksk_algorithms[i] != 0) ? "ZSK" : "self signing KSK",
+ algbuf);
+ bad_algorithms[i] = 1;
+ }
+
+ /*
+ * Check that all the other records were signed by keys that are
+ * present in the DNSKEY RRSET.
+ */
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_fixedname_init(&fnextname);
+ nextname = dns_fixedname_name(&fnextname);
+ dns_fixedname_init(&fzonecut);
+ zonecut = NULL;
+
+ result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ result = dns_dbiterator_first(dbiter);
+ check_result(result, "dns_dbiterator_first()");
+
+ while (!done) {
+ isc_boolean_t isdelegation = ISC_FALSE;
+
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ if (delegation(name, node, NULL)) {
+ zonecut = dns_fixedname_name(&fzonecut);
+ dns_name_copy(name, zonecut, NULL);
+ isdelegation = ISC_TRUE;
+ }
+ verifynode(name, node, isdelegation, &rdataset,
+ ksk_algorithms, bad_algorithms);
+ result = dns_dbiterator_next(dbiter);
+ nextnode = NULL;
+ while (result == ISC_R_SUCCESS) {
+ result = dns_dbiterator_current(dbiter, &nextnode,
+ nextname);
+ check_dns_dbiterator_current(result);
+ if (!dns_name_issubdomain(nextname, gorigin) ||
+ (zonecut != NULL &&
+ dns_name_issubdomain(nextname, zonecut)))
+ {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ dns_db_detachnode(gdb, &nextnode);
+ break;
+ }
+ if (result == ISC_R_NOMORE) {
+ done = ISC_TRUE;
+ } else if (result != ISC_R_SUCCESS)
+ fatal("iterating through the database failed: %s",
+ isc_result_totext(result));
+ dns_db_detachnode(gdb, &node);
+ }
+
+ dns_dbiterator_destroy(&dbiter);
+
+ result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ for (result = dns_dbiterator_first(dbiter);
+ result == ISC_R_SUCCESS;
+ result = dns_dbiterator_next(dbiter) ) {
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ verifynode(name, node, ISC_FALSE, &rdataset,
+ ksk_algorithms, bad_algorithms);
+ dns_db_detachnode(gdb, &node);
+ }
+ dns_dbiterator_destroy(&dbiter);
+
+ dns_rdataset_disassociate(&rdataset);
+
+ /*
+ * If we made it this far, we have what we consider a properly signed
+ * zone. Set the good flag.
+ */
+ for (i = 0; i < 256; i++) {
+ if (bad_algorithms[i] != 0) {
+ if (first)
+ fprintf(stderr, "The zone is not fully signed "
+ "for the following algorithms:");
+ alg_format(i, algbuf, sizeof(algbuf));
+ fprintf(stderr, " %s", algbuf);
+ first = ISC_FALSE;
+ }
+ }
+ if (!first) {
+ fprintf(stderr, ".\n");
+ fatal("DNSSEC completeness test failed.");
+ }
+
+ if (goodksk) {
+ /*
+ * Print the success summary.
+ */
+ fprintf(stderr, "Zone signing complete:\n");
+ for (i = 0; i < 256; i++) {
+ if ((zsk_algorithms[i] != 0) ||
+ (ksk_algorithms[i] != 0) ||
+ (revoked[i] != 0) || (standby[i] != 0)) {
+ alg_format(i, algbuf, sizeof(algbuf));
+ fprintf(stderr, "Algorithm: %s: ZSKs: %u, "
+ "KSKs: %u active, %u revoked, %u "
+ "stand-by\n", algbuf,
+ zsk_algorithms[i], ksk_algorithms[i],
+ revoked[i], standby[i]);
+ }
+ }
+ }
+}
+
/*%
* Sign the apex of the zone.
* Note the origin may not be the first node if there are out of zone
@@ -1265,7 +1712,7 @@ signapex(void) {
result = dns_dbiterator_seek(gdbiter, gorigin);
check_result(result, "dns_dbiterator_seek()");
result = dns_dbiterator_current(gdbiter, &node, name);
- check_result(result, "dns_dbiterator_current()");
+ check_dns_dbiterator_current(result);
signname(node, name);
dumpnode(name, node);
cleannode(gdb, gversion, node);
@@ -1317,9 +1764,7 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
found = ISC_FALSE;
while (!found) {
result = dns_dbiterator_current(gdbiter, &node, name);
- if (result != ISC_R_SUCCESS)
- fatal("failure iterating database: %s",
- isc_result_totext(result));
+ check_dns_dbiterator_current(result);
/*
* The origin was handled by signapex().
*/
@@ -1487,7 +1932,7 @@ add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
}
/*%
- * Generate NSEC records for the zone.
+ * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
*/
static void
nsecify(void) {
@@ -1495,10 +1940,14 @@ nsecify(void) {
dns_dbnode_t *node = NULL, *nextnode = NULL;
dns_fixedname_t fname, fnextname, fzonecut;
dns_name_t *name, *nextname, *zonecut;
+ dns_rdataset_t rdataset;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdatatype_t type, covers;
isc_boolean_t done = ISC_FALSE;
isc_result_t result;
isc_uint32_t nsttl = 0;
+ dns_rdataset_init(&rdataset);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_fixedname_init(&fnextname);
@@ -1506,14 +1955,70 @@ nsecify(void) {
dns_fixedname_init(&fzonecut);
zonecut = NULL;
+ /*
+ * Remove any NSEC3 chains.
+ */
+ result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+ for (result = dns_dbiterator_first(dbiter);
+ result == ISC_R_SUCCESS;
+ result = dns_dbiterator_next(dbiter)) {
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result,
+ "dns_db_deleterdataset(nsec3param/rrsig)");
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ dns_db_detachnode(gdb, &node);
+ }
+ dns_dbiterator_destroy(&dbiter);
+
result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
check_result(result, "dns_db_createiterator()");
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first()");
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ /*
+ * Delete any NSEC3PARAM records at the apex.
+ */
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+ if (type == dns_rdatatype_nsec3param ||
+ covers == dns_rdatatype_nsec3param) {
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result,
+ "dns_db_deleterdataset(nsec3param/rrsig)");
+ continue;
+ }
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ dns_db_detachnode(gdb, &node);
+
while (!done) {
- dns_dbiterator_current(dbiter, &node, name);
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
if (delegation(name, node, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(name, zonecut, NULL);
@@ -1526,8 +2031,7 @@ nsecify(void) {
isc_boolean_t active = ISC_FALSE;
result = dns_dbiterator_current(dbiter, &nextnode,
nextname);
- if (result != ISC_R_SUCCESS)
- break;
+ check_dns_dbiterator_current(result);
active = active_node(nextnode);
if (!active) {
dns_db_detachnode(gdb, &nextnode);
@@ -1560,37 +2064,6 @@ nsecify(void) {
dns_dbiterator_destroy(&dbiter);
}
-/*%
- * Does this node only contain NSEC3 records or RRSIG records or is empty.
- */
-static isc_boolean_t
-nsec3only(dns_dbnode_t *node) {
- dns_rdatasetiter_t *rdsiter = NULL;
- isc_result_t result;
- dns_rdataset_t rdataset;
- isc_boolean_t answer = ISC_TRUE;
-
- dns_rdataset_init(&rdataset);
- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
- check_result(result, "dns_db_allrdatasets()");
- result = dns_rdatasetiter_first(rdsiter);
- while (result == ISC_R_SUCCESS) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- if (rdataset.type != dns_rdatatype_nsec3 &&
- rdataset.type != dns_rdatatype_rrsig) {
- answer = ISC_FALSE;
- result = ISC_R_NOMORE;
- } else
- result = dns_rdatasetiter_next(rdsiter);
- dns_rdataset_disassociate(&rdataset);
- }
- if (result != ISC_R_NOMORE)
- fatal("rdataset iteration failed: %s",
- isc_result_totext(result));
- dns_rdatasetiter_destroy(&rdsiter);
- return (answer);
-}
-
static void
addnsec3param(const unsigned char *salt, size_t salt_length,
unsigned int iterations)
@@ -1631,6 +2104,16 @@ addnsec3param(const unsigned char *salt, size_t salt_length,
result = dns_db_findnode(gdb, gorigin, ISC_TRUE, &node);
check_result(result, "dns_db_find(gorigin)");
+
+ /*
+ * Delete any current NSEC3PARAM records.
+ */
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ dns_rdatatype_nsec3param, 0);
+ if (result == DNS_R_UNCHANGED)
+ result = ISC_R_SUCCESS;
+ check_result(result, "dddnsec3param: dns_db_deleterdataset()");
+
result = dns_db_addrdataset(gdb, node, gversion, 0, &rdataset,
DNS_DBADD_MERGE, NULL);
if (result == DNS_R_UNCHANGED)
@@ -1719,6 +2202,7 @@ nsec3clean(dns_name_t *name, dns_dbnode_t *node,
isc_buffer_t target;
isc_result_t result;
unsigned char hash[NSEC3_MAX_HASH_LENGTH + 1];
+ isc_boolean_t exists;
/*
* Get the first label.
@@ -1740,8 +2224,7 @@ nsec3clean(dns_name_t *name, dns_dbnode_t *node,
hash[isc_buffer_usedlength(&target)] = 0;
- if (hashlist_exists(hashlist, hash))
- return;
+ exists = hashlist_exists(hashlist, hash);
/*
* Verify that the NSEC3 parameters match the current ones
@@ -1756,20 +2239,21 @@ nsec3clean(dns_name_t *name, dns_dbnode_t *node,
return;
/*
- * Delete any matching NSEC3 records which have parameters that
- * match the NSEC3 chain we are building.
+ * Delete any NSEC3 records which are not part of the current
+ * NSEC3 chain.
*/
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_init(&rdata);
dns_rdataset_current(&rdataset, &rdata);
- dns_rdata_tostruct(&rdata, &nsec3, NULL);
- if (nsec3.hash == hashalg &&
+ result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ if (exists && nsec3.hash == hashalg &&
nsec3.iterations == iterations &&
nsec3.salt_length == salt_length &&
!memcmp(nsec3.salt, salt, salt_length))
- break;
+ continue;
rdatalist.rdclass = rdata.rdclass;
rdatalist.type = rdata.type;
rdatalist.covers = 0;
@@ -1783,7 +2267,7 @@ nsec3clean(dns_name_t *name, dns_dbnode_t *node,
result = dns_db_subtractrdataset(gdb, node, gversion,
&delrdataset, 0, NULL);
dns_rdataset_disassociate(&delrdataset);
- if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED)
+ if (result != ISC_R_SUCCESS && result != DNS_R_NXRRSET)
check_result(result, "dns_db_subtractrdataset(NSEC3)");
delete_rrsigs = ISC_TRUE;
}
@@ -1814,13 +2298,17 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
dns_dbnode_t *node = NULL, *nextnode = NULL;
dns_fixedname_t fname, fnextname, fzonecut;
dns_name_t *name, *nextname, *zonecut;
+ dns_rdataset_t rdataset;
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdatatype_t type, covers;
+ int order;
+ isc_boolean_t active;
isc_boolean_t done = ISC_FALSE;
isc_result_t result;
- isc_boolean_t active;
isc_uint32_t nsttl = 0;
unsigned int count, nlabels;
- int order;
+ dns_rdataset_init(&rdataset);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_fixedname_init(&fnextname);
@@ -1837,15 +2325,41 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first()");
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ /*
+ * Delete any NSEC records at the apex.
+ */
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+ if (type == dns_rdatatype_nsec ||
+ covers == dns_rdatatype_nsec) {
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result,
+ "dns_db_deleterdataset(nsec3param/rrsig)");
+ continue;
+ }
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ dns_db_detachnode(gdb, &node);
+
while (!done) {
- dns_dbiterator_current(dbiter, &node, name);
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
while (result == ISC_R_SUCCESS) {
result = dns_dbiterator_current(dbiter, &nextnode,
nextname);
- if (result != ISC_R_SUCCESS)
- break;
+ check_dns_dbiterator_current(result);
active = active_node(nextnode);
if (!active) {
dns_db_detachnode(gdb, &nextnode);
@@ -1927,6 +2441,26 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
addnsec3param(salt, salt_length, iterations);
+ /*
+ * Clean out NSEC3 records which don't match this chain.
+ */
+ result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ for (result = dns_dbiterator_first(dbiter);
+ result == ISC_R_SUCCESS;
+ result = dns_dbiterator_next(dbiter)) {
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
+ nsec3clean(name, node, hashalg, iterations, salt, salt_length,
+ hashlist);
+ dns_db_detachnode(gdb, &node);
+ }
+ dns_dbiterator_destroy(&dbiter);
+
+ /*
+ * Generate / complete the new chain.
+ */
result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
check_result(result, "dns_db_createiterator()");
@@ -1934,25 +2468,16 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
check_result(result, "dns_dbiterator_first()");
while (!done) {
- dns_dbiterator_current(dbiter, &node, name);
+ result = dns_dbiterator_current(dbiter, &node, name);
+ check_dns_dbiterator_current(result);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
while (result == ISC_R_SUCCESS) {
result = dns_dbiterator_current(dbiter, &nextnode,
nextname);
- if (result != ISC_R_SUCCESS)
- break;
- /*
- * Cleanout NSEC3 RRsets which don't exist in the
- * hash table.
- */
- nsec3clean(nextname, nextnode, hashalg, iterations,
- salt, salt_length, hashlist);
- /*
- * Skip NSEC3 only nodes when looking for the next
- * node in the zone. Also skips now empty nodes.
- */
- if (nsec3only(nextnode)) {
+ check_dns_dbiterator_current(result);
+ active = active_node(nextnode);
+ if (!active) {
dns_db_detachnode(gdb, &nextnode);
result = dns_dbiterator_next(dbiter);
continue;
@@ -2098,7 +2623,8 @@ loadzonepubkeys(dns_db_t *db) {
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, currentversion,
- dns_rdatatype_dnskey, 0, 0, &rdataset, NULL);
+ dns_rdatatype_dnskey, 0, 0, &rdataset,
+ NULL);
if (result != ISC_R_SUCCESS)
fatal("failed to find keys at the zone apex: %s",
isc_result_totext(result));
@@ -2134,7 +2660,7 @@ warnifallksk(dns_db_t *db) {
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result;
- dns_rdata_key_t key;
+ dns_rdata_dnskey_t dnskey;
isc_boolean_t have_non_ksk = ISC_FALSE;
dns_db_currentversion(db, &currentversion);
@@ -2146,7 +2672,8 @@ warnifallksk(dns_db_t *db) {
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, currentversion,
- dns_rdatatype_dnskey, 0, 0, &rdataset, NULL);
+ dns_rdatatype_dnskey, 0, 0, &rdataset,
+ NULL);
if (result != ISC_R_SUCCESS)
fatal("failed to find keys at the zone apex: %s",
isc_result_totext(result));
@@ -2155,21 +2682,27 @@ warnifallksk(dns_db_t *db) {
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&rdataset, &rdata);
- result = dns_rdata_tostruct(&rdata, &key, NULL);
+ result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
check_result(result, "dns_rdata_tostruct");
- if ((key.flags & DNS_KEYFLAG_KSK) == 0) {
+ if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0) {
have_non_ksk = ISC_TRUE;
result = ISC_R_NOMORE;
} else
result = dns_rdataset_next(&rdataset);
+ dns_rdata_freestruct(&dnskey);
}
dns_rdataset_disassociate(&rdataset);
dns_db_detachnode(db, &node);
dns_db_closeversion(db, &currentversion, ISC_FALSE);
- if (!have_non_ksk && !ignoreksk)
- fprintf(stderr, "%s: warning: No non-KSK dnskey found. "
- "Supply non-KSK dnskey or use '-z'.\n",
- program);
+ if (!have_non_ksk && !ignoreksk) {
+ if (disable_zone_check)
+ fprintf(stderr, "%s: warning: No non-KSK dnskey found. "
+ "Supply non-KSK dnskey or use '-z'.\n",
+ program);
+ else
+ fatal("No non-KSK dnskey found. "
+ "Supply non-KSK dnskey or use '-z'.");
+ }
}
static void
@@ -2343,7 +2876,8 @@ usage(void) {
fprintf(stderr, "\t-g:\t");
fprintf(stderr, "generate DS records from keyset files\n");
fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
- fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n");
+ fprintf(stderr, "\t\tRRSIG start time - absolute|offset "
+ "(now - 1 hour)\n");
fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
fprintf(stderr, "\t\tRRSIG end time - absolute|from start|from now "
"(now + 30 days)\n");
@@ -2351,7 +2885,8 @@ usage(void) {
fprintf(stderr, "\t\tcycle interval - resign "
"if < interval from end ( (end-start)/4 )\n");
fprintf(stderr, "\t-j jitter:\n");
- fprintf(stderr, "\t\trandomize signature end time up to jitter seconds\n");
+ fprintf(stderr, "\t\trandomize signature end time up to jitter "
+ "seconds\n");
fprintf(stderr, "\t-v debuglevel (0)\n");
fprintf(stderr, "\t-o origin:\n");
fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
@@ -2370,6 +2905,8 @@ usage(void) {
fprintf(stderr, "verify generated signatures\n");
fprintf(stderr, "\t-p:\t");
fprintf(stderr, "use pseudorandom data (faster but less secure)\n");
+ fprintf(stderr, "\t-P:\t");
+ fprintf(stderr, "disable post-sign verification\n");
fprintf(stderr, "\t-t:\t");
fprintf(stderr, "print statistics\n");
fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
@@ -2448,7 +2985,7 @@ main(int argc, char *argv[]) {
unsigned char saltbuf[255];
hashlist_t hashlist;
-#define CMDLINE_FLAGS "3:aAc:d:e:f:ghH:i:I:j:k:l:m:n:N:o:O:pr:s:StUv:z"
+#define CMDLINE_FLAGS "3:aAc:d:e:f:FghH:i:I:j:k:l:m:n:N:o:O:pPr:s:StUv:z"
/*
* Process memory debugging argument first.
@@ -2535,19 +3072,19 @@ main(int argc, char *argv[]) {
generateds = ISC_TRUE;
break;
- case '?':
- if (isc_commandline_option != '?')
- fprintf(stderr, "%s: invalid argument -%c\n",
- program, isc_commandline_option);
+ case 'H':
+ iterations = strtoul(isc_commandline_argument,
+ &endp, 0);
+ if (*endp != '\0')
+ fatal("iterations must be numeric");
+ if (iterations > 0xffffU)
+ fatal("iterations too big");
+ break;
+
case 'h':
usage();
break;
- default:
- fprintf(stderr, "%s: unhandled option -%c\n",
- program, isc_commandline_option);
- exit(1);
-
case 'i':
endp = NULL;
cycle = strtol(isc_commandline_argument, &endp, 0);
@@ -2567,8 +3104,13 @@ main(int argc, char *argv[]) {
fatal("jitter must be numeric and positive");
break;
+ case 'k':
+ if (ndskeys == MAXDSKEYS)
+ fatal("too many key-signing keys specified");
+ dskeyfile[ndskeys++] = isc_commandline_argument;
+ break;
+
case 'l':
- dns_fixedname_init(&dlv_fixed);
len = strlen(isc_commandline_argument);
isc_buffer_init(&b, isc_commandline_argument, len);
isc_buffer_add(&b, len);
@@ -2580,12 +3122,6 @@ main(int argc, char *argv[]) {
check_result(result, "dns_name_fromtext(dlv)");
break;
- case 'k':
- if (ndskeys == MAXDSKEYS)
- fatal("too many key-signing keys specified");
- dskeyfile[ndskeys++] = isc_commandline_argument;
- break;
-
case 'm':
break;
@@ -2600,15 +3136,6 @@ main(int argc, char *argv[]) {
serialformatstr = isc_commandline_argument;
break;
- case 'H':
- iterations = strtoul(isc_commandline_argument,
- &endp, 0);
- if (*endp != '\0')
- fatal("iterations must be numeric");
- if (iterations > 0xffffU)
- fatal("iterations too big");
- break;
-
case 'o':
origin = isc_commandline_argument;
break;
@@ -2621,6 +3148,10 @@ main(int argc, char *argv[]) {
pseudorandom = ISC_TRUE;
break;
+ case 'P':
+ disable_zone_check = ISC_TRUE;
+ break;
+
case 'r':
setup_entropy(mctx, isc_commandline_argument, &ectx);
break;
@@ -2653,6 +3184,21 @@ main(int argc, char *argv[]) {
case 'z':
ignoreksk = ISC_TRUE;
break;
+
+ case 'F':
+ /* Reserved for FIPS mode */
+ /* FALLTHROUGH */
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ usage();
+ break;
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
}
}
@@ -2743,7 +3289,8 @@ main(int argc, char *argv[]) {
else if (strcasecmp(serialformatstr, "unixtime") == 0)
serialformat = SOA_SERIAL_UNIXTIME;
else
- fatal("unknown soa serial format: %s\n", serialformatstr);
+ fatal("unknown soa serial format: %s\n",
+ serialformatstr);
}
result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
@@ -2769,7 +3316,12 @@ main(int argc, char *argv[]) {
"NSEC only DNSKEY");
}
+ /*
+ * We need to do this early on, as we start messing with the list
+ * of keys rather early.
+ */
ISC_LIST_INIT(keylist);
+ isc_rwlock_init(&keylist_lock, 0, 0);
if (argc == 0) {
loadzonekeys(gdb);
@@ -2806,6 +3358,7 @@ main(int argc, char *argv[]) {
}
if (key == NULL) {
key = newkeystruct(newkey, ISC_TRUE);
+ key->commandline = ISC_TRUE;
ISC_LIST_APPEND(keylist, key, link);
} else
dst_key_free(&newkey);
@@ -2856,8 +3409,11 @@ main(int argc, char *argv[]) {
}
if (ISC_LIST_EMPTY(keylist)) {
- fprintf(stderr, "%s: warning: No keys specified or found\n",
- program);
+ if (disable_zone_check)
+ fprintf(stderr, "%s: warning: No keys specified "
+ "or found\n", program);
+ else
+ fatal("No signing keys specified or found.");
nokeys = ISC_TRUE;
}
@@ -2972,6 +3528,7 @@ main(int argc, char *argv[]) {
isc_taskmgr_destroy(&taskmgr);
isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
postsign();
+ verifyzone();
if (outputformat != dns_masterformat_text) {
result = dns_master_dumptostream2(mctx, gdb, gversion,
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index 7ed320ad5754..f204fcd60d75 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.31.44.6 2009/06/09 01:47:19 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009/11/06 21:36:22 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 08, 2009</date>
@@ -73,6 +73,7 @@
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg><option>-p</option></arg>
+ <arg><option>-P</option></arg>
<arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
<arg><option>-t</option></arg>
@@ -91,10 +92,10 @@
<para><command>dnssec-signzone</command>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
- zone. The security status of delegations from the signed zone
- (that is, whether the child zones are secure or not) is
- determined by the presence or absence of a
- <filename>keyset</filename> file for each child zone.
+ zone. It also generates a <filename>keyset-</filename> file containing
+ the key-signing keys for the zone, and if signing a zone which
+ contains delegations, it can optionally generate DS records for
+ the child zones from their <filename>keyset-</filename> files.
</para>
</refsect1>
@@ -154,8 +155,10 @@
<term>-g</term>
<listitem>
<para>
- Generate DS records for child zones from keyset files.
- Existing DS records will be removed.
+ If the zone contains any delegations, and there are
+ <filename>keyset-</filename> files for any of the child zones,
+ then DS records for the child zones will be generated from the
+ keys in those files. Existing DS records will be removed.
</para>
</listitem>
</varlistentry>
@@ -360,6 +363,22 @@
</varlistentry>
<varlistentry>
+ <term>-P</term>
+ <listitem>
+ <para>
+ Disable post sign verification tests.
+ </para>
+ <para>
+ The post sign verification test ensures that for each algorithm
+ in use there is at least one non revoked self signed KSK key,
+ that all revoked KSK keys are self signed, and that all records
+ in the zone are signed by the algorithm.
+ This option skips these tests.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 652d5c4355f2..e7c534f9094b 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.33.44.4.8.1 2009/12/31 23:17:46 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.33.44.8 2009/11/07 01:56:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,21 +29,21 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543554"></a><h2>DESCRIPTION</h2>
+<a name="id2543558"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
- zone. The security status of delegations from the signed zone
- (that is, whether the child zones are secure or not) is
- determined by the presence or absence of a
- <code class="filename">keyset</code> file for each child zone.
+ zone. It also generates a <code class="filename">keyset-</code> file containing
+ the key-signing keys for the zone, and if signing a zone which
+ contains delegations, it can optionally generate DS records for
+ the child zones from their <code class="filename">keyset-</code> files.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543569"></a><h2>OPTIONS</h2>
+<a name="id2543576"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -70,8 +70,10 @@
</p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
- Generate DS records for child zones from keyset files.
- Existing DS records will be removed.
+ If the zone contains any delegations, and there are
+ <code class="filename">keyset-</code> files for any of the child zones,
+ then DS records for the child zones will be generated from the
+ keys in those files. Existing DS records will be removed.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
<dd><p>
@@ -202,6 +204,19 @@
may be useful when signing large zones or when the entropy
source is limited.
</p></dd>
+<dt><span class="term">-P</span></dt>
+<dd>
+<p>
+ Disable post sign verification tests.
+ </p>
+<p>
+ The post sign verification test ensures that for each algorithm
+ in use there is at least one non revoked self signed KSK key,
+ that all revoked KSK keys are self signed, and that all records
+ in the zone are signed by the algorithm.
+ This option skips these tests.
+ </p>
+</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd><p>
Specifies the source of randomness. If the operating
@@ -258,7 +273,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544407"></a><h2>EXAMPLE</h2>
+<a name="id2544503"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -287,7 +302,7 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2544458"></a><h2>KNOWN BUGS</h2>
+<a name="id2544554"></a><h2>KNOWN BUGS</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
sign a zone partially, using only a subset of the DNSSEC keys
@@ -312,14 +327,14 @@ db.example.com.signed
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544484"></a><h2>SEE ALSO</h2>
+<a name="id2544716"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544645"></a><h2>AUTHOR</h2>
+<a name="id2544741"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index b89d76945b89..3a6b7f024b65 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssectool.c,v 1.45.334.4 2009/06/08 23:47:00 tbox Exp $ */
+/* $Id: dnssectool.c,v 1.45.334.5 2009/06/22 05:05:00 marka Exp $ */
/*! \file */
@@ -65,7 +65,7 @@ void
fatal(const char *format, ...) {
va_list args;
- fprintf(stderr, "%s: ", program);
+ fprintf(stderr, "%s: fatal: ", program);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h
index ee476f4ea78b..43b7375b26ea 100644
--- a/bin/dnssec/dnssectool.h
+++ b/bin/dnssec/dnssectool.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssectool.h,v 1.22 2008/09/25 04:02:38 tbox Exp $ */
+/* $Id: dnssectool.h,v 1.22.48.2 2009/09/04 23:46:58 tbox Exp $ */
#ifndef DNSSECTOOL_H
#define DNSSECTOOL_H 1
@@ -45,7 +45,7 @@ type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
void
alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
-#define ALG_FORMATSIZE 10
+#define ALG_FORMATSIZE 20
void
sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
diff --git a/bin/named/control.c b/bin/named/control.c
index 8bd8f6ce361f..ac1ec4217dad 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.c,v 1.33 2007/09/13 04:45:18 each Exp $ */
+/* $Id: control.c,v 1.33.266.2 2009/07/11 23:47:17 tbox Exp $ */
/*! \file */
@@ -56,7 +56,7 @@ command_compare(const char *text, const char *command) {
/*%
* This function is called to process the incoming command
- * when a control channel message is received.
+ * when a control channel message is received.
*/
isc_result_t
ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
@@ -170,10 +170,12 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
result = ns_server_tsigdelete(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_FREEZE)) {
- result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
+ result = ns_server_freeze(ns_g_server, ISC_TRUE, command,
+ text);
} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
command_compare(command, NS_COMMAND_THAW)) {
- result = ns_server_freeze(ns_g_server, ISC_FALSE, command);
+ result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
+ text);
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
result = ns_server_dumprecursing(ns_g_server);
} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 43eccc4a63d4..1a3f746f3fb4 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.h,v 1.93.120.2 2009/01/29 23:47:44 tbox Exp $ */
+/* $Id: server.h,v 1.93.120.3 2009/07/11 04:23:53 marka Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
@@ -276,7 +276,8 @@ ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
* Enable or disable updates for a zone.
*/
isc_result_t
-ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args);
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
+ isc_buffer_t *text);
/*%
* Dump the current recursive queries.
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index c0862aae1f49..56d272b23ad1 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.29.14.1 2009/01/23 01:53:33 tbox Exp $
+.\" $Id: lwresd.8,v 1.29.14.2 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index 4c2b059fcfc6..728acc8a8164 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.25.14.1 2009/01/23 01:53:33 tbox Exp $ -->
+<!-- $Id: lwresd.html,v 1.25.14.2 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/named/named.8 b/bin/named/named.8
index 340840360fa6..287427274cbf 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,18 +13,18 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.38 2008/11/07 01:11:19 tbox Exp $
+.\" $Id: named.8,v 1.38.14.2 2009/12/03 05:06:38 tbox Exp $
.\"
.hy 0
.ad l
.\" Title: named
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 30, 2000
+.\" Date: May 21, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
+.TH "NAMED" "8" "May 21, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -224,6 +224,16 @@ The
\fBnamed\fR
configuration file is too complex to describe in detail here. A complete description is provided in the
BIND 9 Administrator Reference Manual.
+.PP
+\fBnamed\fR
+inherits the
+\fBumask\fR
+(file creation mode mask) from the parent process. If files created by
+\fBnamed\fR, such as journal files, need to have custom permissions, the
+\fBumask\fR
+should be set explicitly in the script used to start the
+\fBnamed\fR
+process.
.SH "FILES"
.PP
\fI/etc/named.conf\fR
@@ -250,7 +260,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 039c7954dfd8..3206f5d6bbcb 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,6 +1,6 @@
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.36 2008/09/25 04:45:04 tbox Exp $
+.\" $Id: named.conf.5,v 1.36.48.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 7bbbd0acbcbf..190f0c1b8886 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,7 +1,7 @@
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.45 2008/09/25 04:45:04 tbox Exp $ -->
+<!-- $Id: named.conf.html,v 1.45.48.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index f47eae1e6b4b..246c4f5d399e 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.docbook,v 1.23 2008/11/06 05:30:24 marka Exp $ -->
+<!-- $Id: named.docbook,v 1.23.14.2 2009/12/03 04:49:32 tbox Exp $ -->
<refentry id="man.named">
<refentryinfo>
- <date>June 30, 2000</date>
+ <date>May 21, 2009</date>
</refentryinfo>
<refmeta>
@@ -42,6 +42,7 @@
<year>2006</year>
<year>2007</year>
<year>2008</year>
+ <year>2009</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -374,6 +375,16 @@
in the
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
+
+ <para>
+ <command>named</command> inherits the <function>umask</function>
+ (file creation mode mask) from the parent process. If files
+ created by <command>named</command>, such as journal files,
+ need to have custom permissions, the <function>umask</function>
+ should be set explicitly in the script used to start the
+ <command>named</command> process.
+ </para>
+
</refsect1>
<refsect1>
diff --git a/bin/named/named.html b/bin/named/named.html
index 23c9a7c32bc5..35224759ee71 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.30 2008/11/07 01:11:19 tbox Exp $ -->
+<!-- $Id: named.html,v 1.30.14.2 2009/12/03 05:06:38 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543468"></a><h2>DESCRIPTION</h2>
+<a name="id2543472"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543493"></a><h2>OPTIONS</h2>
+<a name="id2543496"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -220,7 +220,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543928"></a><h2>SIGNALS</h2>
+<a name="id2543931"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -241,16 +241,24 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543976"></a><h2>CONFIGURATION</h2>
+<a name="id2543979"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
+<p>
+ <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
+ (file creation mode mask) from the parent process. If files
+ created by <span><strong class="command">named</strong></span>, such as journal files,
+ need to have custom permissions, the <code class="function">umask</code>
+ should be set explicitly in the script used to start the
+ <span><strong class="command">named</strong></span> process.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543993"></a><h2>FILES</h2>
+<a name="id2544016"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -263,7 +271,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544033"></a><h2>SEE ALSO</h2>
+<a name="id2544123"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -276,7 +284,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544171"></a><h2>AUTHOR</h2>
+<a name="id2544194"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/named/query.c b/bin/named/query.c
index a56d2e646f7f..cef6d7f7c3a8 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.313.20.7.12.4 2009/12/31 22:53:03 each Exp $ */
+/* $Id: query.c,v 1.313.20.16 2009/12/30 08:34:29 jinmei Exp $ */
/*! \file */
@@ -2244,7 +2244,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
static inline isc_result_t
query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
- dns_trust_t trust, dns_name_t **anamep, dns_rdatatype_t type)
+ dns_rdataset_t *dname, dns_name_t **anamep,
+ dns_rdatatype_t type)
{
dns_rdataset_t *rdataset;
dns_rdatalist_t *rdatalist;
@@ -2280,7 +2281,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
rdatalist->type = type;
rdatalist->covers = 0;
rdatalist->rdclass = client->message->rdclass;
- rdatalist->ttl = 0;
+ rdatalist->ttl = dname->ttl;
dns_name_toregion(tname, &r);
rdata->data = r.base;
@@ -2292,7 +2293,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
== ISC_R_SUCCESS);
- rdataset->trust = trust;
+ rdataset->trust = dname->trust;
query_addrrset(client, anamep, &rdataset, NULL, NULL,
DNS_SECTION_ANSWER);
@@ -2735,7 +2736,7 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
return;
addnsec3:
- if (dns_db_iscache(db))
+ if (!dns_db_iszone(db))
goto cleanup;
/*
* Add the NSEC3 which proves the DS does not exist.
@@ -3317,6 +3318,14 @@ do { \
line = __LINE__; \
} while (0)
+#define RECURSE_ERROR(r) \
+do { \
+ if ((r) == DNS_R_DUPLICATE || (r) == DNS_R_DROP) \
+ QUERY_ERROR(r); \
+ else \
+ QUERY_ERROR(DNS_R_SERVFAIL); \
+} while (0)
+
/*
* Extract a network address from the RDATA of an A or AAAA
* record.
@@ -3604,7 +3613,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_name_t *found)
{
unsigned char salt[256];
- size_t salt_length = sizeof(salt);
+ size_t salt_length;
isc_uint16_t iterations;
isc_result_t result;
unsigned int dboptions;
@@ -3999,14 +4008,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
- else if (result == DNS_R_DUPLICATE ||
- result == DNS_R_DROP) {
- /* Duplicate query. */
- QUERY_ERROR(result);
- } else {
- /* Unable to recurse. */
- QUERY_ERROR(DNS_R_SERVFAIL);
- }
+ else
+ RECURSE_ERROR(result);
goto cleanup;
} else {
/* Unable to give root server referral. */
@@ -4185,11 +4188,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
- else if (result == DNS_R_DUPLICATE ||
- result == DNS_R_DROP)
- QUERY_ERROR(result);
else
- QUERY_ERROR(DNS_R_SERVFAIL);
+ RECURSE_ERROR(result);
} else {
dns_fixedname_t fixed;
@@ -4603,7 +4603,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
dns_name_init(tname, NULL);
(void)query_addcnamelike(client, client->query.qname, fname,
- trdataset->trust, &tname,
+ trdataset, &tname,
dns_rdatatype_cname);
if (tname != NULL)
dns_message_puttempname(client->message, &tname);
@@ -4729,7 +4729,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
else
- QUERY_ERROR(DNS_R_SERVFAIL); }
+ RECURSE_ERROR(result);
+ }
goto addauth;
}
/*
@@ -5123,9 +5124,17 @@ ns_query_start(ns_client_t *client) {
}
/*
- * Turn on minimal response for DNSKEY queries.
+ * Turn on minimal response for DNSKEY and DS queries.
+ */
+ if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds)
+ client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
+ NS_QUERYATTR_NOADDITIONAL);
+
+ /*
+ * Turn on minimal responses for EDNS/UDP bufsize 512 queries.
*/
- if (qtype == dns_rdatatype_dnskey)
+ if (client->opt != NULL && client->udpsize <= 512U &&
+ (client->attributes & NS_CLIENTATTR_TCP) == 0)
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
NS_QUERYATTR_NOADDITIONAL);
diff --git a/bin/named/server.c b/bin/named/server.c
index e685e18dc336..b9259c71a7c1 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.520.12.7 2009/01/30 03:53:38 marka Exp $ */
+/* $Id: server.c,v 1.520.12.11 2009/12/24 00:17:47 each Exp $ */
/*! \file */
@@ -2826,7 +2826,7 @@ set_limit(const cfg_obj_t **maps, const char *configname,
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
- "set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
+ "set maximum %s to %" ISC_PRINT_QUADFORMAT "u: %s",
description, value, isc_result_totext(result));
}
@@ -4337,6 +4337,8 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
/* Partial match? */
if (result != ISC_R_SUCCESS && *zonep != NULL)
dns_zone_detach(zonep);
+ if (result == DNS_R_PARTIALMATCH)
+ result = ISC_R_NOTFOUND;
fail1:
return (result);
}
@@ -5401,7 +5403,9 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
* Act on a "freeze" or "thaw" command from the command channel.
*/
isc_result_t
-ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
+ isc_buffer_t *text)
+{
isc_result_t result, tresult;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
@@ -5411,6 +5415,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
+ const char *msg = NULL;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
@@ -5441,27 +5446,52 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
return (ISC_R_NOTFOUND);
}
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
frozen = dns_zone_getupdatedisabled(zone);
if (freeze) {
- if (frozen)
+ if (frozen) {
+ msg = "WARNING: The zone was already frozen.\n"
+ "Someone else may be editing it or "
+ "it may still be re-loading.";
result = DNS_R_FROZEN;
- if (result == ISC_R_SUCCESS)
+ }
+ if (result == ISC_R_SUCCESS) {
result = dns_zone_flush(zone);
+ if (result != ISC_R_SUCCESS)
+ msg = "Flushing the zone updates to "
+ "disk failed.";
+ }
if (result == ISC_R_SUCCESS) {
journal = dns_zone_getjournal(zone);
if (journal != NULL)
(void)isc_file_remove(journal);
}
+ if (result == ISC_R_SUCCESS)
+ dns_zone_setupdatedisabled(zone, freeze);
} else {
if (frozen) {
- result = dns_zone_load(zone);
- if (result == DNS_R_CONTINUE ||
- result == DNS_R_UPTODATE)
+ result = dns_zone_loadandthaw(zone);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ case DNS_R_UPTODATE:
+ msg = "The zone reload and thaw was "
+ "successful.";
result = ISC_R_SUCCESS;
+ break;
+ case DNS_R_CONTINUE:
+ msg = "A zone reload and thaw was started.\n"
+ "Check the logs to see the result.";
+ result = ISC_R_SUCCESS;
+ break;
+ }
}
}
- if (result == ISC_R_SUCCESS)
- dns_zone_setupdatedisabled(zone, freeze);
+ isc_task_endexclusive(server->task);
+
+ if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
+ isc_buffer_putmem(text, (const unsigned char *)msg,
+ strlen(msg) + 1);
view = dns_zone_getview(zone);
if (strcmp(view->name, "_bind") == 0 ||
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 81f40bb2d15a..4773ec6dcad5 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: statschannel.c,v 1.14.64.6 2009/02/17 03:43:07 marka Exp $ */
+/* $Id: statschannel.c,v 1.14.64.11 2010/02/04 23:47:46 tbox Exp $ */
/*! \file */
@@ -70,6 +70,7 @@ stats_dumparg {
int ncounters; /* used for general statistics */
int *counterindices; /* used for general statistics */
isc_uint64_t *countervalues; /* used for general statistics */
+ isc_result_t result;
} stats_dumparg_t;
static isc_once_t once = ISC_ONCE_INIT;
@@ -95,6 +96,8 @@ static const char *sockstats_xmldesc[isc_sockstatscounter_max];
#define sockstats_xmldesc NULL
#endif /* HAVE_LIBXML2 */
+#define TRY0(a) do { xmlrc = (a); if (xmlrc < 0) goto error; } while(0)
+
/*%
* Mapping arrays to represent statistics counters in the order of our
* preference, regardless of the order of counter indices. For example,
@@ -129,11 +132,11 @@ init_desc(void) {
int i;
/* Initialize name server statistics */
- memset((void *)nsstats_desc, 0,
- dns_nsstatscounter_max * sizeof(nsstats_desc[0]));
+ for (i = 0; i < dns_nsstatscounter_max; i++)
+ nsstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
- memset((void *)nsstats_xmldesc, 0,
- dns_nsstatscounter_max * sizeof(nsstats_xmldesc[0]));
+ for (i = 0; i < dns_nsstatscounter_max; i++)
+ nsstats_xmldesc[i] = NULL;
#endif
#define SET_NSSTATDESC(counterid, desc, xmldesc) \
@@ -197,11 +200,11 @@ init_desc(void) {
INSIST(i == dns_nsstatscounter_max);
/* Initialize resolver statistics */
- memset((void *)resstats_desc, 0,
- dns_resstatscounter_max * sizeof(resstats_desc[0]));
+ for (i = 0; i < dns_resstatscounter_max; i++)
+ resstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
- memset((void *)resstats_xmldesc, 0,
- dns_resstatscounter_max * sizeof(resstats_xmldesc[0]));
+ for (i = 0; i < dns_resstatscounter_max; i++)
+ resstats_xmldesc[i] = NULL;
#endif
#define SET_RESSTATDESC(counterid, desc, xmldesc) \
@@ -267,11 +270,11 @@ init_desc(void) {
INSIST(i == dns_resstatscounter_max);
/* Initialize zone statistics */
- memset((void *)zonestats_desc, 0,
- dns_zonestatscounter_max * sizeof(zonestats_desc[0]));
+ for (i = 0; i < dns_zonestatscounter_max; i++)
+ zonestats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
- memset((void *)zonestats_xmldesc, 0,
- dns_zonestatscounter_max * sizeof(zonestats_xmldesc[0]));
+ for (i = 0; i < dns_zonestatscounter_max; i++)
+ zonestats_xmldesc[i] = NULL;
#endif
#define SET_ZONESTATDESC(counterid, desc, xmldesc) \
@@ -299,11 +302,11 @@ init_desc(void) {
INSIST(i == dns_zonestatscounter_max);
/* Initialize socket statistics */
- memset((void *)sockstats_desc, 0,
- isc_sockstatscounter_max * sizeof(sockstats_desc[0]));
+ for (i = 0; i < isc_sockstatscounter_max; i++)
+ sockstats_desc[i] = NULL;
#ifdef HAVE_LIBXML2
- memset((void *)sockstats_xmldesc, 0,
- isc_sockstatscounter_max * sizeof(sockstats_xmldesc[0]));
+ for (i = 0; i < isc_sockstatscounter_max; i++)
+ sockstats_xmldesc[i] = NULL;
#endif
#define SET_SOCKSTATDESC(counterid, desc, xmldesc) \
@@ -437,7 +440,7 @@ generalstat_dump(isc_statscounter_t counter, isc_uint64_t val, void *arg) {
dumparg->countervalues[counter] = val;
}
-static void
+static isc_result_t
dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
const char *category, const char **desc, int ncounters,
int *indices, isc_uint64_t *values, int options)
@@ -448,6 +451,7 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
+ int xmlrc;
#endif
#ifndef HAVE_LIBXML2
@@ -480,31 +484,41 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
writer = arg;
if (category != NULL) {
- xmlTextWriterStartElement(writer,
- ISC_XMLCHAR
- category);
- xmlTextWriterStartElement(writer,
- ISC_XMLCHAR "name");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR
- desc[index]);
- xmlTextWriterEndElement(writer); /* name */
-
- xmlTextWriterStartElement(writer, ISC_XMLCHAR
- "counter");
+ TRY0(xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR
+ category));
+ TRY0(xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR
+ "name"));
+ TRY0(xmlTextWriterWriteString(writer,
+ ISC_XMLCHAR
+ desc[index]));
+ TRY0(xmlTextWriterEndElement(writer)); /* name */
+
+ TRY0(xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR
+ "counter"));
} else {
- xmlTextWriterStartElement(writer, ISC_XMLCHAR
- desc[index]);
+ TRY0(xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR
+ desc[index]));
}
- xmlTextWriterWriteFormatString(writer,
- "%" ISC_PRINT_QUADFORMAT
- "u", value);
- xmlTextWriterEndElement(writer); /* counter */
+ TRY0(xmlTextWriterWriteFormatString(writer,
+ "%"
+ ISC_PRINT_QUADFORMAT
+ "u", value));
+ TRY0(xmlTextWriterEndElement(writer)); /* counter */
if (category != NULL)
- xmlTextWriterEndElement(writer); /* category */
+ TRY0(xmlTextWriterEndElement(writer)); /* category */
#endif
break;
}
}
+ return (ISC_R_SUCCESS);
+#ifdef HAVE_LIBXML2
+ error:
+ return (ISC_R_FAILURE);
+#endif
}
static void
@@ -515,6 +529,7 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
+ int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
@@ -534,22 +549,28 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype");
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype"));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr);
- xmlTextWriterEndElement(writer); /* name */
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr));
+ TRY0(xmlTextWriterEndElement(writer)); /* name */
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
- xmlTextWriterWriteFormatString(writer,
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
+ TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
- val);
- xmlTextWriterEndElement(writer); /* counter */
+ val));
+ TRY0(xmlTextWriterEndElement(writer)); /* counter */
- xmlTextWriterEndElement(writer); /* rdtype */
+ TRY0(xmlTextWriterEndElement(writer)); /* rdtype */
#endif
break;
}
+ return;
+#ifdef HAVE_LIBXML2
+ error:
+ dumparg->result = ISC_R_FAILURE;
+ return;
+#endif
}
static void
@@ -561,6 +582,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
isc_boolean_t nxrrset = ISC_FALSE;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
+ int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN)
@@ -589,22 +611,28 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset");
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
- xmlTextWriterWriteFormatString(writer, "%s%s",
- nxrrset ? "!" : "", typestr);
- xmlTextWriterEndElement(writer); /* name */
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset"));
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
+ TRY0(xmlTextWriterWriteFormatString(writer, "%s%s",
+ nxrrset ? "!" : "", typestr));
+ TRY0(xmlTextWriterEndElement(writer)); /* name */
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
- xmlTextWriterWriteFormatString(writer,
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
+ TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
- val);
- xmlTextWriterEndElement(writer); /* counter */
+ val));
+ TRY0(xmlTextWriterEndElement(writer)); /* counter */
- xmlTextWriterEndElement(writer); /* rrset */
+ TRY0(xmlTextWriterEndElement(writer)); /* rrset */
#endif
break;
}
+ return;
+#ifdef HAVE_LIBXML2
+ error:
+ dumparg->result = ISC_R_FAILURE;
+#endif
+
}
static void
@@ -615,6 +643,7 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
stats_dumparg_t *dumparg = arg;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
+ int xmlrc;
#endif
isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1);
@@ -630,30 +659,35 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode");
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode"));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf);
- xmlTextWriterEndElement(writer); /* name */
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf));
+ TRY0(xmlTextWriterEndElement(writer)); /* name */
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
- xmlTextWriterWriteFormatString(writer,
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
+ TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
- val);
- xmlTextWriterEndElement(writer); /* counter */
+ val));
+ TRY0(xmlTextWriterEndElement(writer)); /* counter */
- xmlTextWriterEndElement(writer); /* opcode */
+ TRY0(xmlTextWriterEndElement(writer)); /* opcode */
#endif
break;
}
+ return;
+
+#ifdef HAVE_LIBXML2
+ error:
+ dumparg->result = ISC_R_FAILURE;
+ return;
+#endif
}
#ifdef HAVE_LIBXML2
/* XXXMLG below here sucks. */
-#define TRY(a) do { result = (a); INSIST(result == ISC_R_SUCCESS); } while(0);
-#define TRY0(a) do { xmlrc = (a); INSIST(xmlrc >= 0); } while(0);
static isc_result_t
zone_xmlrender(dns_zone_t *zone, void *arg) {
@@ -663,47 +697,55 @@ zone_xmlrender(dns_zone_t *zone, void *arg) {
xmlTextWriterPtr writer = arg;
isc_stats_t *zonestats;
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
+ int xmlrc;
+ isc_result_t result;
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone");
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone"));
dns_zone_name(zone, buf, sizeof(buf));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR buf));
+ TRY0(xmlTextWriterEndElement(writer));
rdclass = dns_zone_getclass(zone);
dns_rdataclass_format(rdclass, buf, sizeof(buf));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR buf));
+ TRY0(xmlTextWriterEndElement(writer));
- serial = dns_zone_getserial(zone);
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial");
- xmlTextWriterWriteFormatString(writer, "%u", serial);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial"));
+ if (dns_zone_getserial2(zone, &serial) == ISC_R_SUCCESS)
+ TRY0(xmlTextWriterWriteFormatString(writer, "%u", serial));
+ else
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR "-"));
+ TRY0(xmlTextWriterEndElement(writer));
zonestats = dns_zone_getrequeststats(zone);
if (zonestats != NULL) {
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters");
- dump_counters(zonestats, statsformat_xml, writer, NULL,
- nsstats_xmldesc, dns_nsstatscounter_max,
- nsstats_index, nsstat_values,
- ISC_STATSDUMP_VERBOSE);
- xmlTextWriterEndElement(writer); /* counters */
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
+ result = dump_counters(zonestats, statsformat_xml, writer, NULL,
+ nsstats_xmldesc, dns_nsstatscounter_max,
+ nsstats_index, nsstat_values,
+ ISC_STATSDUMP_VERBOSE);
+ if (result != ISC_R_SUCCESS)
+ goto error;
+ TRY0(xmlTextWriterEndElement(writer)); /* counters */
}
- xmlTextWriterEndElement(writer); /* zone */
+ TRY0(xmlTextWriterEndElement(writer)); /* zone */
return (ISC_R_SUCCESS);
+ error:
+ return (ISC_R_FAILURE);
}
-static void
+static isc_result_t
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"];
isc_time_t now;
- xmlTextWriterPtr writer;
- xmlDocPtr doc;
+ xmlTextWriterPtr writer = NULL;
+ xmlDocPtr doc = NULL;
int xmlrc;
dns_view_t *view;
stats_dumparg_t dumparg;
@@ -712,12 +754,15 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
isc_uint64_t resstat_values[dns_resstatscounter_max];
isc_uint64_t zonestat_values[dns_zonestatscounter_max];
isc_uint64_t sockstat_values[isc_sockstatscounter_max];
+ isc_result_t result;
isc_time_now(&now);
isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime);
isc_time_formatISO8601(&now, nowstr, sizeof nowstr);
writer = xmlNewTextWriterDoc(&doc, 0);
+ if (writer == NULL)
+ goto error;
TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL));
TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet",
ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.xsl\""));
@@ -728,7 +773,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "bind"));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
- ISC_XMLCHAR "2.0"));
+ ISC_XMLCHAR "2.2"));
/* Set common fields for statistics dump */
dumparg.type = statsformat_xml;
@@ -741,39 +786,55 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
view = ISC_LIST_HEAD(server->viewlist);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views"));
while (view != NULL) {
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "view");
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "view"));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name));
+ TRY0(xmlTextWriterEndElement(writer));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones");
- dns_zt_apply(view->zonetable, ISC_FALSE, zone_xmlrender,
- writer);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones"));
+ result = dns_zt_apply(view->zonetable, ISC_TRUE, zone_xmlrender,
+ writer);
+ if (result != ISC_R_SUCCESS)
+ goto error;
+ TRY0(xmlTextWriterEndElement(writer));
if (view->resquerystats != NULL) {
+ dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(view->resquerystats,
rdtypestat_dump, &dumparg, 0);
+ if (dumparg.result != ISC_R_SUCCESS)
+ goto error;
}
if (view->resstats != NULL) {
- dump_counters(view->resstats, statsformat_xml, writer,
- "resstat", resstats_xmldesc,
- dns_resstatscounter_max, resstats_index,
- resstat_values, ISC_STATSDUMP_VERBOSE);
+ result = dump_counters(view->resstats, statsformat_xml,
+ writer, "resstat",
+ resstats_xmldesc,
+ dns_resstatscounter_max,
+ resstats_index, resstat_values,
+ ISC_STATSDUMP_VERBOSE);
+ if (result != ISC_R_SUCCESS)
+ goto error;
}
cachestats = dns_db_getrrsetstats(view->cachedb);
if (cachestats != NULL) {
- xmlTextWriterStartElement(writer,
- ISC_XMLCHAR "cache");
+ TRY0(xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR "cache"));
+ TRY0(xmlTextWriterWriteAttribute(writer,
+ ISC_XMLCHAR "name",
+ ISC_XMLCHAR
+ view->name));
+ dumparg.result = ISC_R_SUCCESS;
dns_rdatasetstats_dump(cachestats, rdatasetstats_dump,
&dumparg, 0);
- xmlTextWriterEndElement(writer); /* cache */
+ if (dumparg.result != ISC_R_SUCCESS)
+ goto error;
+ TRY0(xmlTextWriterEndElement(writer)); /* cache */
}
- xmlTextWriterEndElement(writer); /* view */
+ TRY0(xmlTextWriterEndElement(writer)); /* view */
view = ISC_LIST_NEXT(view, link);
}
@@ -788,44 +849,63 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime);
- xmlTextWriterEndElement(writer);
- xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time");
- xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr);
- xmlTextWriterEndElement(writer);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime));
+ TRY0(xmlTextWriterEndElement(writer));
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time"));
+ TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr));
+ TRY0(xmlTextWriterEndElement(writer));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "requests"));
+ dumparg.result = ISC_R_SUCCESS;
dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg,
0);
- xmlTextWriterEndElement(writer); /* requests */
+ if (dumparg.result != ISC_R_SUCCESS)
+ goto error;
+ TRY0(xmlTextWriterEndElement(writer)); /* requests */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "queries-in"));
+ dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
&dumparg, 0);
- xmlTextWriterEndElement(writer); /* queries-in */
-
- dump_counters(server->nsstats, statsformat_xml, writer,
- "nsstat", nsstats_xmldesc, dns_nsstatscounter_max,
- nsstats_index, nsstat_values, ISC_STATSDUMP_VERBOSE);
+ if (dumparg.result != ISC_R_SUCCESS)
+ goto error;
+ TRY0(xmlTextWriterEndElement(writer)); /* queries-in */
+
+ result = dump_counters(server->nsstats, statsformat_xml, writer,
+ "nsstat", nsstats_xmldesc,
+ dns_nsstatscounter_max,
+ nsstats_index, nsstat_values,
+ ISC_STATSDUMP_VERBOSE);
+ if (result != ISC_R_SUCCESS)
+ goto error;
- dump_counters(server->zonestats, statsformat_xml, writer, "zonestat",
- zonestats_xmldesc, dns_zonestatscounter_max,
- zonestats_index, zonestat_values, ISC_STATSDUMP_VERBOSE);
+ result = dump_counters(server->zonestats, statsformat_xml, writer,
+ "zonestat", zonestats_xmldesc,
+ dns_zonestatscounter_max, zonestats_index,
+ zonestat_values, ISC_STATSDUMP_VERBOSE);
+ if (result != ISC_R_SUCCESS)
+ goto error;
/*
* Most of the common resolver statistics entries are 0, so we don't
* use the verbose dump here.
*/
- dump_counters(server->resolverstats, statsformat_xml, writer, "resstat",
- resstats_xmldesc, dns_resstatscounter_max, resstats_index,
- resstat_values, 0);
+ result = dump_counters(server->resolverstats, statsformat_xml, writer,
+ "resstat", resstats_xmldesc,
+ dns_resstatscounter_max, resstats_index,
+ resstat_values, 0);
+ if (result != ISC_R_SUCCESS)
+ goto error;
- dump_counters(server->sockstats, statsformat_xml, writer, "sockstat",
- sockstats_xmldesc, isc_sockstatscounter_max,
- sockstats_index, sockstat_values, ISC_STATSDUMP_VERBOSE);
+ result = dump_counters(server->sockstats, statsformat_xml, writer,
+ "sockstat", sockstats_xmldesc,
+ isc_sockstatscounter_max, sockstats_index,
+ sockstat_values, ISC_STATSDUMP_VERBOSE);
+ if (result != ISC_R_SUCCESS)
+ goto error;
- xmlTextWriterEndElement(writer); /* server */
+ TRY0(xmlTextWriterEndElement(writer)); /* server */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
isc_mem_renderxml(writer);
@@ -841,6 +921,14 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1);
xmlFreeDoc(doc);
+ return (ISC_R_SUCCESS);
+
+ error:
+ if (writer != NULL)
+ xmlFreeTextWriter(writer);
+ if (doc != NULL)
+ xmlFreeDoc(doc);
+ return (ISC_R_FAILURE);
}
static void
@@ -859,21 +947,24 @@ render_index(const char *url, const char *querystring, void *arg,
unsigned char *msg;
int msglen;
ns_server_t *server = arg;
+ isc_result_t result;
UNUSED(url);
UNUSED(querystring);
- generatexml(server, &msglen, &msg);
+ result = generatexml(server, &msglen, &msg);
- *retcode = 200;
- *retmsg = "OK";
- *mimetype = "text/xml";
- isc_buffer_reinit(b, msg, msglen);
- isc_buffer_add(b, msglen);
- *freecb = wrap_xmlfree;
- *freecb_args = NULL;
+ if (result == ISC_R_SUCCESS) {
+ *retcode = 200;
+ *retmsg = "OK";
+ *mimetype = "text/xml";
+ isc_buffer_reinit(b, msg, msglen);
+ isc_buffer_add(b, msglen);
+ *freecb = wrap_xmlfree;
+ *freecb_args = NULL;
+ }
- return (ISC_R_SUCCESS);
+ return (result);
}
#endif /* HAVE_LIBXML2 */
@@ -1274,20 +1365,20 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
}
fprintf(fp, "++ Name Server Statistics ++\n");
- dump_counters(server->nsstats, statsformat_file, fp, NULL,
- nsstats_desc, dns_nsstatscounter_max, nsstats_index,
- nsstat_values, 0);
+ (void) dump_counters(server->nsstats, statsformat_file, fp, NULL,
+ nsstats_desc, dns_nsstatscounter_max,
+ nsstats_index, nsstat_values, 0);
fprintf(fp, "++ Zone Maintenance Statistics ++\n");
- dump_counters(server->zonestats, statsformat_file, fp, NULL,
- zonestats_desc, dns_zonestatscounter_max,
- zonestats_index, zonestat_values, 0);
+ (void) dump_counters(server->zonestats, statsformat_file, fp, NULL,
+ zonestats_desc, dns_zonestatscounter_max,
+ zonestats_index, zonestat_values, 0);
fprintf(fp, "++ Resolver Statistics ++\n");
fprintf(fp, "[Common]\n");
- dump_counters(server->resolverstats, statsformat_file, fp, NULL,
- resstats_desc, dns_resstatscounter_max, resstats_index,
- resstat_values, 0);
+ (void) dump_counters(server->resolverstats, statsformat_file, fp, NULL,
+ resstats_desc, dns_resstatscounter_max,
+ resstats_index, resstat_values, 0);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
@@ -1297,9 +1388,9 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
fprintf(fp, "[View: default]\n");
else
fprintf(fp, "[View: %s]\n", view->name);
- dump_counters(view->resstats, statsformat_file, fp, NULL,
- resstats_desc, dns_resstatscounter_max,
- resstats_index, resstat_values, 0);
+ (void) dump_counters(view->resstats, statsformat_file, fp, NULL,
+ resstats_desc, dns_resstatscounter_max,
+ resstats_index, resstat_values, 0);
}
fprintf(fp, "++ Cache DB RRsets ++\n");
@@ -1320,9 +1411,9 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
}
fprintf(fp, "++ Socket I/O Statistics ++\n");
- dump_counters(server->sockstats, statsformat_file, fp, NULL,
- sockstats_desc, isc_sockstatscounter_max, sockstats_index,
- sockstat_values, 0);
+ (void) dump_counters(server->sockstats, statsformat_file, fp, NULL,
+ sockstats_desc, isc_sockstatscounter_max,
+ sockstats_index, sockstat_values, 0);
fprintf(fp, "++ Per Zone Query Statistics ++\n");
zone = NULL;
@@ -1343,9 +1434,10 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
fprintf(fp, " (view: %s)", view->name);
fprintf(fp, "]\n");
- dump_counters(zonestats, statsformat_file, fp, NULL,
- nsstats_desc, dns_nsstatscounter_max,
- nsstats_index, nsstat_values, 0);
+ (void) dump_counters(zonestats, statsformat_file, fp,
+ NULL, nsstats_desc,
+ dns_nsstatscounter_max,
+ nsstats_index, nsstat_values, 0);
}
}
diff --git a/bin/named/update.c b/bin/named/update.c
index b0a556d5cc41..74a192ad07b0 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */
+/* $Id: update.c,v 1.151.12.9 2009/12/30 04:02:56 marka Exp $ */
#include <config.h>
@@ -3031,7 +3031,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
} else {
CHECK(get_iterations(db, ver, &iterations));
CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max));
- if (iterations > max) {
+ if (max != 0 && iterations > max) {
flag = ISC_TRUE;
update_log(client, zone, ISC_LOG_WARNING,
"too many NSEC3 iterations (%u) for "
@@ -3157,6 +3157,24 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
&newtuple));
CHECK(do_one_tuple(&newtuple, db, ver, diff));
}
+
+ /*
+ * Remove any existing CREATE request to add an
+ * otherwise indentical chain with a reversed
+ * OPTOUT state.
+ */
+ buf[1] ^= DNS_NSEC3FLAG_OPTOUT;
+ CHECK(rr_exists(db, ver, name, &rdata, &flag));
+
+ if (flag) {
+ CHECK(dns_difftuple_create(diff->mctx,
+ DNS_DIFFOP_DEL,
+ name, tuple->ttl,
+ &rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ }
+
/*
* Remove the temporary add record.
*/
@@ -4140,9 +4158,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
goto common;
failure:
- if (result == DNS_R_REFUSED)
- inc_stats(zone, dns_nsstatscounter_updaterej);
-
/*
* The reason for failure should have been logged at this point.
*/
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index b0688a3ac263..83fd7d78da8f 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.1,v 1.3.48.2 2009/03/10 01:54:11 tbox Exp $
+.\" $Id: nsupdate.1,v 1.3.48.3 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index dab7f9029cf9..9f45171a4fea 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.40.48.2 2009/03/10 01:54:11 tbox Exp $ -->
+<!-- $Id: nsupdate.html,v 1.40.48.3 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
index 440870a54eda..d37c00adcd24 100644
--- a/bin/rndc/rndc-confgen.8
+++ b/bin/rndc/rndc-confgen.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc-confgen.8,v 1.20 2007/01/30 00:24:59 marka Exp $
+.\" $Id: rndc-confgen.8,v 1.20.418.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
index 4be87afb9fa7..41debdcc910d 100644
--- a/bin/rndc/rndc-confgen.html
+++ b/bin/rndc/rndc-confgen.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.html,v 1.25 2007/01/30 00:24:59 marka Exp $ -->
+<!-- $Id: rndc-confgen.html,v 1.25.418.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index 7f0dea110c7f..8ab0df2c8f07 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.42 2007/12/14 22:37:22 marka Exp $
+.\" $Id: rndc.8,v 1.42.214.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index 9e9bad41f361..edb3a360a81f 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,7 +1,7 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.conf.5,v 1.38 2007/05/09 13:35:57 marka Exp $
+.\" $Id: rndc.conf.5,v 1.38.366.1 2009/07/11 01:55:21 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index 144cd1c91d84..6fbaaa2f7cc3 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.html,v 1.29 2007/05/09 13:35:57 marka Exp $ -->
+<!-- $Id: rndc.conf.html,v 1.29.366.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index a8d11c47bd15..52c862a9747a 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -2,7 +2,7 @@
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.31 2007/12/14 22:37:22 marka Exp $ -->
+<!-- $Id: rndc.html,v 1.31.214.1 2009/07/11 01:55:21 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/config.h.in b/config.h.in
index 97b13c4a5ad2..28ace46a71b9 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h.in,v 1.106.40.6 2009/03/13 05:35:43 marka Exp $ */
+/* $Id: config.h.in,v 1.106.40.11 2010/01/15 19:38:52 each Exp $ */
/*! \file */
@@ -144,6 +144,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
/* Define if recvmsg() does not meet all of the BSD socket API specifications.
*/
#undef BROKEN_RECVMSG
@@ -163,6 +166,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
+/* Define to 1 if you have the `EVP_sha256' function. */
+#undef HAVE_EVP_SHA256
+
+/* Define to 1 if you have the `EVP_sha512' function. */
+#undef HAVE_EVP_SHA512
+
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
@@ -293,6 +302,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@@ -314,11 +326,15 @@ int sigwait(const unsigned int *set, int *sig);
#undef WITH_IDN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
- significant byte first (like Motorola and SPARC, unlike Intel and VAX). */
-#if defined __BIG_ENDIAN__
-# define WORDS_BIGENDIAN 1
-#elif ! defined __LITTLE_ENDIAN__
-# undef WORDS_BIGENDIAN
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+# undef WORDS_BIGENDIAN
+# endif
#endif
/* Define to empty if `const' does not conform to ANSI C. */
diff --git a/configure.in b/configure.in
index 6ebdfddcca2f..76e1eb33ea45 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
-AC_REVISION($Revision: 1.457.26.9 $)
+AC_REVISION($Revision: 1.457.26.16 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@@ -28,6 +28,18 @@ AC_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
AC_PROG_MAKE_SET
+
+#
+# GNU libtool support
+#
+case $build_os in
+sunos*)
+ # Just set the maximum command line length for sunos as it otherwise
+ # takes a exceptionally long time to work it out. Required for libtool.
+ lt_cv_sys_max_cmd_len=4096;
+ ;;
+esac
+
AC_PROG_LIBTOOL
AC_PROG_INSTALL
AC_PROG_LN_S
@@ -466,7 +478,7 @@ AC_C_BIGENDIAN
OPENSSL_WARNING=
AC_MSG_CHECKING(for OpenSSL library)
AC_ARG_WITH(openssl,
-[ --with-openssl[=PATH] Build with OpenSSL [yes|no|path].
+[ --with-openssl[=PATH] Build with OpenSSL [yes|no|path].
(Required for DNSSEC)],
use_openssl="$withval", use_openssl="auto")
@@ -491,7 +503,9 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
USE_OPENSSL=""
- AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(
+[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
+If you don't want OpenSSL, use --without-openssl])
;;
*)
if test "$use_openssl" = "yes"
@@ -630,8 +644,10 @@ esac
else
AC_MSG_RESULT(no)
fi
+ AC_CHECK_FUNCS(EVP_sha256 EVP_sha512)
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
+
;;
esac
@@ -652,7 +668,7 @@ DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
AC_MSG_CHECKING(for PKCS11 support)
AC_ARG_WITH(pkcs11,
-[ --with-pkcs11 Build with PKCS11 support],
+[ --with-pkcs11 Build with PKCS11 support],
use_pkcs11="yes", use_pkcs11="no")
case "$use_pkcs11" in
@@ -670,7 +686,7 @@ AC_SUBST(USE_PKCS11)
AC_MSG_CHECKING(for GSSAPI library)
AC_ARG_WITH(gssapi,
-[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
+[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
use_gssapi="$withval", use_gssapi="no")
gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
@@ -824,7 +840,7 @@ AC_SUBST(DNS_CRYPTO_LIBS)
#
AC_MSG_CHECKING(for random device)
AC_ARG_WITH(randomdev,
-[ --with-randomdev=PATH Specify path for random device],
+[ --with-randomdev=PATH Specify path for random device],
use_randomdev="$withval", use_randomdev="unspec")
case "$use_randomdev" in
@@ -997,7 +1013,7 @@ AC_SUBST(ISC_THREAD_DIR)
#
AC_MSG_CHECKING(for libxml2 library)
AC_ARG_WITH(libxml2,
-[ --with-libxml2[=PATH] Build with libxml2 library [yes|no|path]],
+[ --with-libxml2[=PATH] Build with libxml2 library [yes|no|path]],
use_libxml2="$withval", use_libxml2="auto")
case "$use_libxml2" in
@@ -1191,7 +1207,7 @@ esac
#
AC_MSG_CHECKING(whether to use purify)
AC_ARG_WITH(purify,
- [ --with-purify[=PATH] use Rational purify],
+ [ --with-purify[=PATH] use Rational purify],
use_purify="$withval", use_purify="no")
case "$use_purify" in
@@ -1228,19 +1244,9 @@ esac
AC_SUBST(PURIFY)
-#
-# GNU libtool support
-#
-case $build_os in
-sunos*)
- # Just set the maximum command line length for sunos as it otherwise
- # takes a exceptionally long time to work it out. Required for libtool.
- lt_cv_sys_max_cmd_len=4096;
- ;;
-esac
AC_ARG_WITH(libtool,
- [ --with-libtool use GNU libtool (following indented options supported)],
+ [ --with-libtool use GNU libtool],
use_libtool="$withval", use_libtool="no")
case $use_libtool in
@@ -1299,7 +1305,7 @@ AC_SUBST(LIBTOOL_IN_MAIN)
# IPv6
#
AC_ARG_ENABLE(ipv6,
- [ --enable-ipv6 use IPv6 [default=autodetect]])
+ [ --enable-ipv6 use IPv6 [default=autodetect]])
case "$enable_ipv6" in
yes|''|autodetect)
@@ -1330,7 +1336,7 @@ AC_TRY_COMPILE([
#
AC_MSG_CHECKING(for Kame IPv6 support)
AC_ARG_WITH(kame,
- [ --with-kame[=PATH] use Kame IPv6 [default path /usr/local/v6]],
+ [ --with-kame[=PATH] use Kame IPv6 [default path /usr/local/v6]],
use_kame="$withval", use_kame="no")
case "$use_kame" in
@@ -1780,7 +1786,7 @@ AC_SUBST(ISC_LWRES_GETADDRINFOPROTO)
AC_SUBST(ISC_LWRES_GETNAMEINFOPROTO)
AC_ARG_ENABLE(getifaddrs,
-[ --enable-getifaddrs Enable the use of getifaddrs() [[yes|no]].],
+[ --enable-getifaddrs Enable the use of getifaddrs() [[yes|no]].],
want_getifaddrs="$enableval", want_getifaddrs="yes")
#
@@ -1902,7 +1908,7 @@ AC_SUBST(ISC_EXTRA_SRCS)
# Use our own SPNEGO implementation?
#
AC_ARG_ENABLE(isc-spnego,
- [ --disable-isc-spnego use SPNEGO from GSSAPI library])
+ [ --disable-isc-spnego use SPNEGO from GSSAPI library])
if test -n "$USE_GSSAPI"
then
@@ -1967,7 +1973,7 @@ AC_SUBST(LWRES_PLATFORM_QUADFORMAT)
# Note it is very recommended to *not* disable chroot(),
# this is only because chroot() was made obsolete by Posix.
AC_ARG_ENABLE(chroot,
- [ --disable-chroot disable chroot])
+ [ --disable-chroot disable chroot])
case "$enable_chroot" in
yes|'')
AC_CHECK_FUNCS(chroot)
@@ -1976,7 +1982,7 @@ case "$enable_chroot" in
;;
esac
AC_ARG_ENABLE(linux-caps,
- [ --disable-linux-caps disable linux capabilities])
+ [ --disable-linux-caps disable linux capabilities])
case "$enable_linux_caps" in
yes|'')
AC_CHECK_HEADERS(linux/capability.h sys/capability.h)
@@ -2215,13 +2221,43 @@ AC_CHECK_FUNCS(nanosleep)
# Machine architecture dependent features
#
AC_ARG_ENABLE(atomic,
- [ --enable-atomic enable machine specific atomic operations
- [[default=autodetect]]],
+ [ --enable-atomic enable machine specific atomic operations
+ [[default=autodetect]]],
enable_atomic="$enableval",
enable_atomic="autodetect")
case "$enable_atomic" in
yes|''|autodetect)
- use_atomic=yes
+ case "$host" in
+ powerpc-ibm-aix*)
+ if test "X$GCC" = "Xyes"; then
+ AC_MSG_CHECKING([if asm("isc"); works])
+ AC_TRY_COMPILE(,[
+ main() { asm("ics"); exit(0); }
+ ],
+ [AC_MSG_RESULT(yes)
+ use_atomic=yes],
+ [
+ saved_cflags="$CFLAGS"
+ CFLAGS="$CFLAGS -Wa,-many"
+ AC_TRY_RUN([
+ main() { asm("ics"); exit(0); }
+ ],
+ [AC_MSG_RESULT([yes, required -Wa,-many])
+ use_atomic=yes],
+ [AC_MSG_RESULT([no, use_atomic disabled])
+ CFLAGS="$saved_cflags"
+ use_atomic=no],
+ [AC_MSG_RESULT([cross compile, assume yes])
+ CFLAGS="$saved_cflags"
+ use_atomic=yes])
+ ]
+ )
+ fi
+ ;;
+ *)
+ use_atomic=yes
+ ;;
+ esac
;;
no)
use_atomic=no
@@ -2248,8 +2284,16 @@ main() {
[arch=x86_32])
;;
x86_64-*|amd64-*)
- have_xaddq=yes
- arch=x86_64
+AC_TRY_RUN([
+main() {
+ exit((sizeof(void *) == 8) ? 0 : 1);
+}
+],
+ [arch=x86_64
+ have_xaddq=yes],
+ [arch=x86_32],
+ [arch=x86_64
+ have_xaddq=yes])
;;
alpha*-*)
arch=alpha
@@ -2354,9 +2398,9 @@ else
fi
if test "$have_xaddq" = "yes"; then
- ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1"
+ ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1"
else
- ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
+ ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
fi
AC_SUBST(ISC_PLATFORM_HAVEXADD)
@@ -2376,14 +2420,14 @@ AC_SUBST(ISC_ARCH_DIR)
# Activate "rrset-order fixed" or not?
#
AC_ARG_ENABLE(fixed-rrset,
- [ --enable-fixed-rrset enable fixed rrset ordering
- [[default=no]]],
+ [ --enable-fixed-rrset enable fixed rrset ordering
+ [[default=no]]],
enable_fixed="$enableval",
enable_fixed="no")
case "$enable_fixed" in
yes)
AC_DEFINE(DNS_RDATASET_FIXED, 1,
- [Define to enable "rrset-order fixed" syntax.])
+ [Define to enable "rrset-order fixed" syntax.])
;;
no)
;;
@@ -2503,7 +2547,7 @@ AC_SUBST($1)
#
AC_MSG_CHECKING(for Docbook-XSL path)
AC_ARG_WITH(docbook-xsl,
-[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
+[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
docbook_path="$withval", docbook_path="auto")
case "$docbook_path" in
auto)
@@ -2571,7 +2615,7 @@ AC_SUBST(XSLT_DB2LATEX_ADMONITIONS)
# IDN support
#
AC_ARG_WITH(idn,
- [ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]],
+ [ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]],
use_idn="$withval", use_idn="no")
case "$use_idn" in
yes)
@@ -2591,7 +2635,7 @@ esac
iconvinc=
iconvlib=
AC_ARG_WITH(libiconv,
- [ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]],
+ [ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]],
use_libiconv="$withval", use_libiconv="no")
case "$use_libiconv" in
yes)
@@ -2610,7 +2654,7 @@ no)
esac
AC_ARG_WITH(iconv,
- [ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]],
+ [ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]],
iconvlib="$withval")
case "$iconvlib" in
no)
@@ -2622,7 +2666,7 @@ yes)
esac
AC_ARG_WITH(idnlib,
- [ --with-idnlib=ARG specify libidnkit],
+ [ --with-idnlib=ARG specify libidnkit],
idnlib="$withval", idnlib="no")
if test "$idnlib" = yes; then
AC_MSG_ERROR([You must specify ARG for --with-idnlib.])
@@ -2678,7 +2722,7 @@ AC_SUBST_FILE(BIND9_MAKE_RULES)
BIND9_MAKE_RULES=$BIND9_TOP_BUILDDIR/make/rules
. $srcdir/version
-BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
+BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}"
AC_SUBST(BIND9_VERSION)
if test -z "$ac_configure_args"; then
@@ -2964,6 +3008,12 @@ AC_CONFIG_FILES([
AC_OUTPUT
+if test "X$USE_OPENSSL" = "X"; then
+cat << \EOF
+BIND is being built without OpenSSL. This means it will not have DNSSEC support.
+EOF
+fi
+
if test "X$OPENSSL_WARNING" != "X"; then
cat << \EOF
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 0875e57ff09b..44e30b16da96 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.15 2009/06/02 05:56:27 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.24 2010/01/23 23:47:52 tbox Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@@ -30,6 +30,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -1679,6 +1680,11 @@ controls {
each dynamic update, because that would be too slow when a large
zone is updated frequently. Instead, the dump is delayed by
up to 15 minutes, allowing additional updates to take place.
+ During the dump process, transient files will be created
+ with the extensions <filename>.jnw</filename> and
+ <filename>.jbk</filename>; under ordinary circumstances, these
+ will be removed when the dump is complete, and can be safely
+ ignored.
</para>
<para>
@@ -2053,17 +2059,16 @@ nameserver 172.16.72.4
<sect3>
<title>Automatic Generation</title>
<para>
- The following command will generate a 128-bit (16 byte) HMAC-MD5
+ The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
- are easier to read. Note that the maximum key length is 512 bits;
- keys longer than that will be digested with MD5 to produce a
- 128-bit key.
+ are easier to read. Note that the maximum key length is the digest
+ length, here 256 bits.
</para>
<para>
- <userinput>dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.</userinput>
+ <userinput>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</userinput>
</para>
<para>
- The key is in the file <filename>Khost1-host2.+157+00000.private</filename>.
+ The key is in the file <filename>Khost1-host2.+163+00000.private</filename>.
Nothing directly uses this file, but the base-64 encoded string
following "<literal>Key:</literal>"
can be extracted from the file and used as a shared secret:
@@ -2105,18 +2110,16 @@ nameserver 172.16.72.4
<programlisting>
key host1-host2. {
- algorithm hmac-md5;
+ algorithm hmac-sha256;
secret "La/E5CjG9O+os1jq0a2jdA==";
};
</programlisting>
<para>
- The algorithm, <literal>hmac-md5</literal>, is the only one supported by <acronym>BIND</acronym>.
The secret is the one generated above. Since this is a secret, it
- is recommended that either <filename>named.conf</filename> be non-world
- readable, or the key directive be added to a non-world readable
- file that is included by
- <filename>named.conf</filename>.
+ is recommended that either <filename>named.conf</filename> be
+ non-world readable, or the key directive be added to a non-world
+ readable file that is included by <filename>named.conf</filename>.
</para>
<para>
At this point, the key is recognized. This means that if the
@@ -2445,14 +2448,17 @@ allow-update { key host1-host2. ;};
To enable <command>named</command> to respond appropriately
to DNS requests from DNSSEC aware clients,
<command>dnssec-enable</command> must be set to yes.
+ (This is the default setting.)
</para>
<para>
To enable <command>named</command> to validate answers from
- other servers both <command>dnssec-enable</command> and
- <command>dnssec-validation</command> must be set and some
- <command>trusted-keys</command> must be configured
- into <filename>named.conf</filename>.
+ other servers, the <command>dnssec-enable</command> and
+ <command>dnssec-validation</command> options must both be
+ set to yes (the default setting in <acronym>BIND</acronym> 9.5
+ and later), and at least one trust anchor must be configured
+ with a <command>trusted-keys</command> statement in
+ <filename>named.conf</filename>.
</para>
<para>
@@ -2531,6 +2537,41 @@ options {
the root key is not valid.
</note>
+ <para>
+ When DNSSEC validation is enabled and properly configured,
+ the resolver will reject any answers from signed, secure zones
+ which fail to validate, and will return SERVFAIL to the client.
+ </para>
+
+ <para>
+ Responses may fail to validate for any of several reasons,
+ including missing, expired, or invalid signatures, a key which
+ does not match the DS RRset in the parent zone, or an insecure
+ response from a zone which, according to its parent, should have
+ been secure.
+ </para>
+
+ <note>
+ <para>
+ When the validator receives a response from an unsigned zone
+ that has a signed parent, it must confirm with the parent
+ that the zone was intentionally left unsigned. It does
+ this by verifying, via signed and validated NSEC/NSEC3 records,
+ that the parent zone contains no DS records for the child.
+ </para>
+ <para>
+ If the validator <emphasis>can</emphasis> prove that the zone
+ is insecure, then the response is accepted. However, if it
+ cannot, then it must assume an insecure response to be a
+ forgery; it rejects the response and logs an error.
+ </para>
+ <para>
+ The logged error reads "insecurity proof failed" and
+ "got insecure response; parent indicates it should be secure".
+ (Prior to BIND 9.7, the logged error was "not insecure".
+ This referred to the zone, not the response.)
+ </para>
+ </note>
</sect2>
</sect1>
@@ -2539,10 +2580,9 @@ options {
<para>
<acronym>BIND</acronym> 9 fully supports all currently
- defined forms of IPv6
- name to address and address to name lookups. It will also use
- IPv6 addresses to make queries when running on an IPv6 capable
- system.
+ defined forms of IPv6 name to address and address to name
+ lookups. It will also use IPv6 addresses to make queries when
+ running on an IPv6 capable system.
</para>
<para>
@@ -4324,8 +4364,7 @@ category notify { null; };
<para>
Lame servers. These are misconfigurations
in remote servers, discovered by BIND 9 when trying to
- query
- those servers during resolution.
+ query those servers during resolution.
</para>
</entry>
</row>
@@ -4785,7 +4824,7 @@ category notify { null; };
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
- <optional> queryport-pool-interval <replaceable>number</replaceable>; </optional>
+ <optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
<optional> max-transfer-time-in <replaceable>number</replaceable>; </optional>
<optional> max-transfer-time-out <replaceable>number</replaceable>; </optional>
<optional> max-transfer-idle-in <replaceable>number</replaceable>; </optional>
@@ -4826,7 +4865,7 @@ category notify { null; };
<optional> lame-ttl <replaceable>number</replaceable>; </optional>
<optional> max-ncache-ttl <replaceable>number</replaceable>; </optional>
<optional> max-cache-ttl <replaceable>number</replaceable>; </optional>
- <optional> sig-validity-interval <replaceable>number</replaceable> ; </optional>
+ <optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-type <replaceable>number</replaceable> ; </optional>
@@ -4909,11 +4948,12 @@ category notify { null; };
<listitem>
<para>
When performing dynamic update of secure zones, the
- directory where the public and private key files should be
- found,
- if different than the current working directory. The
- directory specified
- must be an absolute path.
+ directory where the public and private DNSSEC key files
+ should be found, if different than the current working
+ directory. The directory specified must be an absolute
+ path. (Note that this option has no effect on the paths
+ for files containing non-DNSSEC keys such as the
+ <filename>rndc.key</filename>.
</para>
</listitem>
</varlistentry>
@@ -5874,13 +5914,15 @@ options {
If <userinput>yes</userinput>, then an
IPv4-mapped IPv6 address will match any address match
list entries that match the corresponding IPv4 address.
- Enabling this option is sometimes useful on IPv6-enabled
- Linux
- systems, to work around a kernel quirk that causes IPv4
- TCP connections such as zone transfers to be accepted
- on an IPv6 socket using mapped addresses, causing
- address match lists designed for IPv4 to fail to match.
- The use of this option for any other purpose is discouraged.
+ </para>
+ <para>
+ This option was introduced to work around a kernel quirk
+ in some operating systems that causes IPv4 TCP
+ connections, such as zone transfers, to be accepted on an
+ IPv6 socket using mapped addresses. This caused address
+ match lists designed for IPv4 to fail to match. However,
+ <command>named</command> now solves this problem
+ internally. The use of this option is discouraged.
</para>
</listitem>
</varlistentry>
@@ -7919,7 +7961,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem>
<para>
The delay, in seconds, between sending sets of notify
- messages for a zone. The default is zero.
+ messages for a zone. The default is five (5) seconds.
</para>
</listitem>
</varlistentry>
@@ -8271,7 +8313,7 @@ XXX: end of RFC1918 addresses #defined out -->
<optional> query-source-v6 <optional> address ( <replaceable>ip_addr</replaceable> | <replaceable>*</replaceable> ) </optional> <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
- <optional> queryport-pool-interval <replaceable>number</replaceable>; </optional>
+ <optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
};
</programlisting>
@@ -8751,7 +8793,7 @@ view "external" {
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
- <optional> sig-validity-interval <replaceable>number</replaceable> ; </optional>
+ <optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-type <replaceable>number</replaceable> ; </optional>
@@ -11206,6 +11248,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
and <command>$TTL.</command>
</para>
<sect3>
+ <title>The <command>@</command> (at-sign)</title>
+ <para>
+ When used in the label (or name) field, the asperand or
+ at-sign (@) symbol represents the current origin.
+ At the start of the zone file, it is the
+ &lt;<varname>zone_name</varname>&gt; (followed by
+ trailing dot).
+ </para>
+ </sect3>
+ <sect3>
<title>The <command>$ORIGIN</command> Directive</title>
<para>
Syntax: <command>$ORIGIN</command>
@@ -11216,7 +11268,8 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
sets the domain name that will be appended to any
unqualified records. When a zone is first read in there
is an implicit <command>$ORIGIN</command>
- &lt;<varname>zone-name</varname>&gt;<command>.</command>
+ &lt;<varname>zone_name</varname>&gt;<command>.</command>
+ (followed by trailing dot).
The current <command>$ORIGIN</command> is appended to
the domain specified in the <command>$ORIGIN</command>
argument if it is not absolute.
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 320a86758374..ea561e6c36a2 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.43.48.2 2009/04/03 01:52:22 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch01.html,v 1.43.48.4 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563412">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564391">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564531">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564712">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564733">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567173">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567250">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567422">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567553">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563409"></a>Scope of Document</h2></div></div></div>
+<a name="id2563412"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564388"></a>Organization of This Document</h2></div></div></div>
+<a name="id2564391"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
@@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564528"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="id2564531"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564641"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="id2564712"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564662"></a>DNS Fundamentals</h3></div></div></div>
+<a name="id2564733"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -275,7 +275,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564696"></a>Domains and Domain Names</h3></div></div></div>
+<a name="id2564768"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -321,7 +321,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567170"></a>Zones</h3></div></div></div>
+<a name="id2567173"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@@ -374,7 +374,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567246"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="id2567250"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@@ -391,7 +391,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567270"></a>The Primary Master</h4></div></div></div>
+<a name="id2567273"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -411,7 +411,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567300"></a>Slave Servers</h4></div></div></div>
+<a name="id2567303"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@@ -427,7 +427,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567389"></a>Stealth Servers</h4></div></div></div>
+<a name="id2567393"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -462,7 +462,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567419"></a>Caching Name Servers</h3></div></div></div>
+<a name="id2567422"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@@ -489,7 +489,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567523"></a>Forwarding</h4></div></div></div>
+<a name="id2567526"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -516,7 +516,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567549"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="id2567553"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 831e7a12407e..b279c6754e71 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch02.html,v 1.38.56.1 2009/01/08 01:50:59 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch02.html,v 1.38.56.3 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567584">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567610">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567623">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567854">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567865">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567587">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567613">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567626">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567721">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567584"></a>Hardware requirements</h2></div></div></div>
+<a name="id2567587"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567610"></a>CPU Requirements</h2></div></div></div>
+<a name="id2567613"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567623"></a>Memory Requirements</h2></div></div></div>
+<a name="id2567626"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567854"></a>Name Server Intensive Environment Issues</h2></div></div></div>
+<a name="id2567721"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -124,7 +124,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567865"></a>Supported Operating Systems</h2></div></div></div>
+<a name="id2567732"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 9964823153fe..59d7e73d60bd 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.71.48.2 2009/04/03 01:52:21 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.71.48.4 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567897">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567913">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568004">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568358">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568363">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570071">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570006">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567897"></a>A Caching-only Name Server</h3></div></div></div>
+<a name="id2567764"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567913"></a>An Authoritative-only Name Server</h3></div></div></div>
+<a name="id2567780"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@@ -137,7 +137,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568004"></a>Load Balancing</h2></div></div></div>
+<a name="id2568007"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@@ -280,10 +280,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568358"></a>Name Server Operations</h2></div></div></div>
+<a name="id2568361"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568363"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<a name="id2568366"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@@ -749,7 +749,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570071"></a>Signals</h3></div></div></div>
+<a name="id2570006"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 123098e1eccc..2be5791f5181 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.87.48.2 2009/04/03 01:52:21 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.87.48.6 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -49,29 +49,29 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570492">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570510">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571214">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571225">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571268">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571325">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571510">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571082">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571156">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571166">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571203">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571260">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571445">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571524">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571709">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571459">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571576">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571925">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572006">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571644">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571792">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571873">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572220">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572110">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572282">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572172">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572194">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -149,6 +149,11 @@
each dynamic update, because that would be too slow when a large
zone is updated frequently. Instead, the dump is delayed by
up to 15 minutes, allowing additional updates to take place.
+ During the dump process, transient files will be created
+ with the extensions <code class="filename">.jnw</code> and
+ <code class="filename">.jbk</code>; under ordinary circumstances, these
+ will be removed when the dump is complete, and can be safely
+ ignored.
</p>
<p>
When a server is restarted after a shutdown or crash, it will replay
@@ -210,7 +215,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564066"></a>Split DNS</h2></div></div></div>
+<a name="id2570492"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -240,7 +245,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564084"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570510"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@@ -486,7 +491,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571141"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2571082"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -494,19 +499,18 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571158"></a>Automatic Generation</h4></div></div></div>
+<a name="id2571099"></a>Automatic Generation</h4></div></div></div>
<p>
- The following command will generate a 128-bit (16 byte) HMAC-MD5
+ The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
- are easier to read. Note that the maximum key length is 512 bits;
- keys longer than that will be digested with MD5 to produce a
- 128-bit key.
+ are easier to read. Note that the maximum key length is the digest
+ length, here 256 bits.
</p>
<p>
- <strong class="userinput"><code>dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.</code></strong>
+ <strong class="userinput"><code>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</code></strong>
</p>
<p>
- The key is in the file <code class="filename">Khost1-host2.+157+00000.private</code>.
+ The key is in the file <code class="filename">Khost1-host2.+163+00000.private</code>.
Nothing directly uses this file, but the base-64 encoded string
following "<code class="literal">Key:</code>"
can be extracted from the file and used as a shared secret:
@@ -519,7 +523,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571196"></a>Manual Generation</h4></div></div></div>
+<a name="id2571138"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -534,7 +538,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571214"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2571156"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -542,7 +546,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571225"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2571166"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@@ -550,17 +554,15 @@ nameserver 172.16.72.4
</p>
<pre class="programlisting">
key host1-host2. {
- algorithm hmac-md5;
+ algorithm hmac-sha256;
secret "La/E5CjG9O+os1jq0a2jdA==";
};
</pre>
<p>
- The algorithm, <code class="literal">hmac-md5</code>, is the only one supported by <acronym class="acronym">BIND</acronym>.
The secret is the one generated above. Since this is a secret, it
- is recommended that either <code class="filename">named.conf</code> be non-world
- readable, or the key directive be added to a non-world readable
- file that is included by
- <code class="filename">named.conf</code>.
+ is recommended that either <code class="filename">named.conf</code> be
+ non-world readable, or the key directive be added to a non-world
+ readable file that is included by <code class="filename">named.conf</code>.
</p>
<p>
At this point, the key is recognized. This means that if the
@@ -571,7 +573,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571268"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2571203"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@@ -603,7 +605,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571325"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2571260"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@@ -631,7 +633,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571510"></a>Errors</h3></div></div></div>
+<a name="id2571445"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -657,7 +659,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571524"></a>TKEY</h2></div></div></div>
+<a name="id2571459"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -693,7 +695,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571709"></a>SIG(0)</h2></div></div></div>
+<a name="id2571576"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -754,7 +756,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571778"></a>Generating Keys</h3></div></div></div>
+<a name="id2571644"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@@ -810,7 +812,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571925"></a>Signing the Zone</h3></div></div></div>
+<a name="id2571792"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@@ -852,18 +854,21 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572006"></a>Configuring Servers</h3></div></div></div>
+<a name="id2571873"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
<span><strong class="command">dnssec-enable</strong></span> must be set to yes.
+ (This is the default setting.)
</p>
<p>
To enable <span><strong class="command">named</strong></span> to validate answers from
- other servers both <span><strong class="command">dnssec-enable</strong></span> and
- <span><strong class="command">dnssec-validation</strong></span> must be set and some
- <span><strong class="command">trusted-keys</strong></span> must be configured
- into <code class="filename">named.conf</code>.
+ other servers, the <span><strong class="command">dnssec-enable</strong></span> and
+ <span><strong class="command">dnssec-validation</strong></span> options must both be
+ set to yes (the default setting in <acronym class="acronym">BIND</acronym> 9.5
+ and later), and at least one trust anchor must be configured
+ with a <span><strong class="command">trusted-keys</strong></span> statement in
+ <code class="filename">named.conf</code>.
</p>
<p>
<span><strong class="command">trusted-keys</strong></span> are copies of DNSKEY RRs
@@ -936,17 +941,50 @@ options {
None of the keys listed in this example are valid. In particular,
the root key is not valid.
</div>
+<p>
+ When DNSSEC validation is enabled and properly configured,
+ the resolver will reject any answers from signed, secure zones
+ which fail to validate, and will return SERVFAIL to the client.
+ </p>
+<p>
+ Responses may fail to validate for any of several reasons,
+ including missing, expired, or invalid signatures, a key which
+ does not match the DS RRset in the parent zone, or an insecure
+ response from a zone which, according to its parent, should have
+ been secure.
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ When the validator receives a response from an unsigned zone
+ that has a signed parent, it must confirm with the parent
+ that the zone was intentionally left unsigned. It does
+ this by verifying, via signed and validated NSEC/NSEC3 records,
+ that the parent zone contains no DS records for the child.
+ </p>
+<p>
+ If the validator <span class="emphasis"><em>can</em></span> prove that the zone
+ is insecure, then the response is accepted. However, if it
+ cannot, then it must assume an insecure response to be a
+ forgery; it rejects the response and logs an error.
+ </p>
+<p>
+ The logged error reads "insecurity proof failed" and
+ "got insecure response; parent indicates it should be secure".
+ (Prior to BIND 9.7, the logged error was "not insecure".
+ This referred to the zone, not the response.)
+ </p>
+</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572220"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2572110"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
- defined forms of IPv6
- name to address and address to name lookups. It will also use
- IPv6 addresses to make queries when running on an IPv6 capable
- system.
+ defined forms of IPv6 name to address and address to name
+ lookups. It will also use IPv6 addresses to make queries when
+ running on an IPv6 capable system.
</p>
<p>
For forward lookups, <acronym class="acronym">BIND</acronym> 9 supports
@@ -979,7 +1017,7 @@ options {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572282"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2572172"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -998,7 +1036,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572304"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2572194"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index addc97ac643d..e84781f89324 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.71.48.2 2009/04/03 01:52:21 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.71.48.6 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572337">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572227">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572337"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2572227"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 46fd0dd1f6a9..9da3432bc865 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.9 2009/06/03 01:54:40 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.18 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,55 +48,55 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573716">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573606">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574346"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574305"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574536"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574494"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574965"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574982"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574923"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574940"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575005"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575029"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575120"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575245"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574964"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574987"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575078"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575204"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577306"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577448"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577512"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577556"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577401"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577475"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577582"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577571"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577597"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586902"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586874"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586988"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587040"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586961"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587122"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587162"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588659"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588567"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591138">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591182">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593300">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593413">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593915">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594042">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594368"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593960">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594155">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594565"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -461,7 +461,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573414"></a>Syntax</h4></div></div></div>
+<a name="id2573372"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -470,7 +470,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573442"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573468"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -554,7 +554,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2573716"></a>Comment Syntax</h3></div></div></div>
+<a name="id2573606"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -564,7 +564,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573731"></a>Syntax</h4></div></div></div>
+<a name="id2573621"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -579,7 +579,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573761"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573651"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -820,7 +820,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574346"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574305"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -902,7 +902,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574536"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574494"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@@ -1024,12 +1024,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574965"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574923"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574982"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2574940"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -1044,7 +1044,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575005"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574964"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@@ -1053,7 +1053,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575029"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2574987"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@@ -1100,7 +1100,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575120"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575078"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@@ -1124,7 +1124,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575245"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2575204"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1158,7 +1158,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575298"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2575256"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1666,8 +1666,7 @@ category notify { null; };
<p>
Lame servers. These are misconfigurations
in remote servers, discovered by BIND 9 when trying to
- query
- those servers during resolution.
+ query those servers during resolution.
</p>
</td>
</tr>
@@ -1724,7 +1723,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2576793"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="id2576820"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@@ -1944,7 +1943,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577306"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577401"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -1959,7 +1958,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577448"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577475"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -2010,14 +2009,14 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577512"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577539"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577556"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2577582"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -2026,7 +2025,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577571"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577597"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2115,7 +2114,7 @@ category notify { null; };
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
- [<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
+ [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
@@ -2156,7 +2155,7 @@ category notify { null; };
[<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
- [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
+ [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
@@ -2228,11 +2227,12 @@ category notify { null; };
<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
<dd><p>
When performing dynamic update of secure zones, the
- directory where the public and private key files should be
- found,
- if different than the current working directory. The
- directory specified
- must be an absolute path.
+ directory where the public and private DNSSEC key files
+ should be found, if different than the current working
+ directory. The directory specified must be an absolute
+ path. (Note that this option has no effect on the paths
+ for files containing non-DNSSEC keys such as the
+ <code class="filename">rndc.key</code>.
</p></dd>
<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
<dd><p>
@@ -2990,18 +2990,22 @@ options {
</p>
</dd>
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
-<dd><p>
+<dd>
+<p>
If <strong class="userinput"><code>yes</code></strong>, then an
IPv4-mapped IPv6 address will match any address match
list entries that match the corresponding IPv4 address.
- Enabling this option is sometimes useful on IPv6-enabled
- Linux
- systems, to work around a kernel quirk that causes IPv4
- TCP connections such as zone transfers to be accepted
- on an IPv6 socket using mapped addresses, causing
- address match lists designed for IPv4 to fail to match.
- The use of this option for any other purpose is discouraged.
- </p></dd>
+ </p>
+<p>
+ This option was introduced to work around a kernel quirk
+ in some operating systems that causes IPv4 TCP
+ connections, such as zone transfers, to be accepted on an
+ IPv6 socket using mapped addresses. This caused address
+ match lists designed for IPv4 to fail to match. However,
+ <span><strong class="command">named</strong></span> now solves this problem
+ internally. The use of this option is discouraged.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<dd>
<p>
@@ -3181,7 +3185,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2581747"></a>Forwarding</h4></div></div></div>
+<a name="id2581856"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -3225,7 +3229,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2581874"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2581914"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -3422,7 +3426,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582379"></a>Interfaces</h4></div></div></div>
+<a name="id2582420"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -3874,7 +3878,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583582"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2583691"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -3916,7 +3920,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583642"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2583751"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -4078,7 +4082,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584065"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2584173"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -4602,7 +4606,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
<dd><p>
The delay, in seconds, between sending sets of notify
- messages for a zone. The default is zero.
+ messages for a zone. The default is five (5) seconds.
</p></dd>
</dl></div>
</div>
@@ -4872,7 +4876,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
- [<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
+ [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
};
</pre>
</div>
@@ -5056,7 +5060,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2586902"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2586874"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@@ -5107,7 +5111,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2586988"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2586961"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@@ -5116,7 +5120,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587040"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2587080"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -5162,7 +5166,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587122"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2587162"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -5315,7 +5319,7 @@ view "external" {
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
- [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
+ [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
@@ -5428,10 +5432,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2588659"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2588567"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588666"></a>Zone Types</h4></div></div></div>
+<a name="id2588574"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -5642,7 +5646,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589094"></a>Class</h4></div></div></div>
+<a name="id2589070"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -5664,7 +5668,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589127"></a>Zone Options</h4></div></div></div>
+<a name="id2589172"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -6243,7 +6247,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2591138"></a>Zone File</h2></div></div></div>
+<a name="id2591182"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -6256,7 +6260,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591156"></a>Resource Records</h4></div></div></div>
+<a name="id2591201"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -6993,7 +6997,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592779"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2592824"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -7196,7 +7200,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2593300"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2593413"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -7452,7 +7456,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2593915"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2593960"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -7513,7 +7517,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2594042"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2594155"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -7528,7 +7532,18 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594201"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2594178"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<p>
+ When used in the label (or name) field, the asperand or
+ at-sign (@) symbol represents the current origin.
+ At the start of the zone file, it is the
+ &lt;<code class="varname">zone_name</code>&gt; (followed by
+ trailing dot).
+ </p>
+</div>
+<div class="sect3" lang="en">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="id2594194"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -7538,7 +7553,8 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
sets the domain name that will be appended to any
unqualified records. When a zone is first read in there
is an implicit <span><strong class="command">$ORIGIN</strong></span>
- &lt;<code class="varname">zone-name</code>&gt;<span><strong class="command">.</strong></span>
+ &lt;<code class="varname">zone_name</code>&gt;<span><strong class="command">.</strong></span>
+ (followed by trailing dot).
The current <span><strong class="command">$ORIGIN</strong></span> is appended to
the domain specified in the <span><strong class="command">$ORIGIN</strong></span>
argument if it is not absolute.
@@ -7556,7 +7572,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594262"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2594391"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -7592,7 +7608,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594331"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2594460"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -7611,7 +7627,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2594368"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2594565"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -8002,7 +8018,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2595364"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2595493"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -8559,7 +8575,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2596905"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2596966"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -8713,7 +8729,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597288"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2597349"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -9089,7 +9105,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598307"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2598368"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@@ -9244,7 +9260,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598817"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2598877"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index ca12cb3c4357..dd6991c50401 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.6 2009/06/03 01:54:39 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.13 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2598990"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599120"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599072">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599201">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599329">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -119,7 +119,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2598990"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2599120"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -145,7 +145,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599072"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2599201"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -173,7 +173,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599268"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2599329"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 5e547eb48e01..8b5ebbed550b 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.6 2009/06/03 01:54:39 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.13 2010/01/24 01:55:24 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599348">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599353">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599365">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599382">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599409">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599414">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599426">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599443">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599348"></a>Common Problems</h2></div></div></div>
+<a name="id2599409"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599353"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2599414"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599365"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2599426"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599382"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2599443"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 87134e05c3d2..72ab6fe248f6 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.6 2009/06/03 01:54:39 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.14 2010/01/24 01:55:24 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599444">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599573">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599684">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599813">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2602896">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603025">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599444"></a>Acknowledgments</h2></div></div></div>
+<a name="id2599573"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@@ -162,7 +162,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599684"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2599813"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@@ -250,17 +250,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2599872"></a>Bibliography</h4></div></div></div>
+<a name="id2599932"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2599882"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2599943"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2599906"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2599966"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2599929"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2599990"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -268,42 +268,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2599965"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2600026"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2599992"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2600053"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600018"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2600078"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600042"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2600103"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600066"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2600126"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600121"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2600182"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600148"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2600209"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600174"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2600235"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600236"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2600297"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600266"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2600327"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600296"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2600357"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600323"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2600384"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -312,19 +312,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2600405"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2600466"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600432"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2600492"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600468"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2600529"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600533"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2600594"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600598"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2600659"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -332,146 +332,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2600672"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2600732"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600697"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2600758"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600765"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2600826"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600801"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2600861"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2600846"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2600907"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600904"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2600965"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600941"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2601002"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600977"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2601037"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601031"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2601092"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601069"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2601130"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601095"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2601156"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601121"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2601181"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601147"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2601208"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601174"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2601235"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601213"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2601274"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601243"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2601304"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601273"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2601334"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601316"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2601377"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601349"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2601410"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601376"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2601436"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601399"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2601460"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601457"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2601586"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2601489"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2601618"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601582"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2601643"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601605"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2601666"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601628"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2601689"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601674"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2601735"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601698"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2601758"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2601755"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2601816"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601779"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2601840"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601805"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2601866"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601832"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2601893"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601868"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2601929"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2601914"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2601975"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601946"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2602007"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601992"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2602121"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602027"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2602156"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -487,47 +487,47 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2602072"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2602201"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602094"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2602224"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602120"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2602249"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602146"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2602275"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602169"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2602298"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602215"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2602344"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602238"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2602368"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602265"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2602394"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602291"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2602420"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2602334"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2602464"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602392"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2602521"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602419"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2602548"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -541,39 +541,39 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2602467"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2602596"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602506"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2602704"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602533"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2602730"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602563"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2602760"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602588"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2602786"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602683"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2602812"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602720"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2602849"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602756"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2602885"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602782"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2602912"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602809"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2602938"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602854"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2602983"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -594,14 +594,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2602896"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2603025"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2602905"></a>Bibliography</h4></div></div></div>
+<a name="id2603034"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2602907"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2603036"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 5fbeb3dede95..452717c68d9e 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch10.html,v 1.11.14.1 2009/01/08 01:51:00 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch10.html,v 1.11.14.3 2010/01/24 01:55:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index ffb7b6242f5f..b31b67ac0fe4 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,8 +1,8 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.193.14.6 2009/06/03 01:54:40 tbox Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.193.14.14 2010/01/24 01:55:25 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -41,7 +41,7 @@
<div>
<div><h1 class="title">
<a name="id2563174"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="copyright">Copyright 2004-2009 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<div><p class="copyright">Copyright 2004-2010 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@@ -51,39 +51,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563412">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564391">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564531">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564712">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564733">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567173">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567250">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567422">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567553">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567584">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567610">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567623">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567854">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567865">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567587">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567613">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567626">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567721">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567897">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567913">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568004">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568358">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568363">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570071">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570006">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@@ -92,34 +92,34 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570492">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570510">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571214">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571225">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571268">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571325">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571510">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571082">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571156">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571166">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571203">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571260">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571445">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571524">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571709">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571459">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571576">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571925">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572006">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571644">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571792">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571873">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572220">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572110">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572282">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572172">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572194">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572337">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572227">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -127,55 +127,55 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573716">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573606">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574346"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574305"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574536"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574494"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574965"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574982"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574923"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574940"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575005"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575029"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575120"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575245"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574964"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574987"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575078"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575204"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577306"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577448"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577512"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577556"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577401"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577475"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577582"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577571"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577597"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586902"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586874"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586988"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587040"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586961"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587122"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587162"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588659"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588567"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591138">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591182">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593300">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593413">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593915">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594042">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594368"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593960">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594155">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594565"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -184,31 +184,31 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2598990"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599120"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599072">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599201">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599329">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599348">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599353">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599365">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599382">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599409">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599414">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599426">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599443">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599444">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599573">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599684">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2599813">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2602896">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603025">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index fbb664f8b275..ca72481035c5 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
@@ -765,323 +765,329 @@ endobj
<< /S /GoTo /D (subsubsection.6.3.5.1) >>
endobj
516 0 obj
-(6.3.5.1 The \044ORIGIN Directive)
+(6.3.5.1 The @ \(at-sign\))
endobj
517 0 obj
<< /S /GoTo /D (subsubsection.6.3.5.2) >>
endobj
520 0 obj
-(6.3.5.2 The \044INCLUDE Directive)
+(6.3.5.2 The \044ORIGIN Directive)
endobj
521 0 obj
<< /S /GoTo /D (subsubsection.6.3.5.3) >>
endobj
524 0 obj
-(6.3.5.3 The \044TTL Directive)
+(6.3.5.3 The \044INCLUDE Directive)
endobj
525 0 obj
-<< /S /GoTo /D (subsection.6.3.6) >>
+<< /S /GoTo /D (subsubsection.6.3.5.4) >>
endobj
528 0 obj
-(6.3.6 BIND Master File Extension: the \044GENERATE Directive)
+(6.3.5.4 The \044TTL Directive)
endobj
529 0 obj
-<< /S /GoTo /D (subsection.6.3.7) >>
+<< /S /GoTo /D (subsection.6.3.6) >>
endobj
532 0 obj
-(6.3.7 Additional File Formats)
+(6.3.6 BIND Master File Extension: the \044GENERATE Directive)
endobj
533 0 obj
-<< /S /GoTo /D (section.6.4) >>
+<< /S /GoTo /D (subsection.6.3.7) >>
endobj
536 0 obj
-(6.4 BIND9 Statistics)
+(6.3.7 Additional File Formats)
endobj
537 0 obj
-<< /S /GoTo /D (subsubsection.6.4.0.1) >>
+<< /S /GoTo /D (section.6.4) >>
endobj
540 0 obj
-(6.4.0.1 The Statistics File)
+(6.4 BIND9 Statistics)
endobj
541 0 obj
-<< /S /GoTo /D (subsection.6.4.1) >>
+<< /S /GoTo /D (subsubsection.6.4.0.1) >>
endobj
544 0 obj
-(6.4.1 Statistics Counters)
+(6.4.0.1 The Statistics File)
endobj
545 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.1) >>
+<< /S /GoTo /D (subsection.6.4.1) >>
endobj
548 0 obj
-(6.4.1.1 Name Server Statistics Counters)
+(6.4.1 Statistics Counters)
endobj
549 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.2) >>
+<< /S /GoTo /D (subsubsection.6.4.1.1) >>
endobj
552 0 obj
-(6.4.1.2 Zone Maintenance Statistics Counters)
+(6.4.1.1 Name Server Statistics Counters)
endobj
553 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.3) >>
+<< /S /GoTo /D (subsubsection.6.4.1.2) >>
endobj
556 0 obj
-(6.4.1.3 Resolver Statistics Counters)
+(6.4.1.2 Zone Maintenance Statistics Counters)
endobj
557 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.4) >>
+<< /S /GoTo /D (subsubsection.6.4.1.3) >>
endobj
560 0 obj
-(6.4.1.4 Socket I/O Statistics Counters)
+(6.4.1.3 Resolver Statistics Counters)
endobj
561 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.5) >>
+<< /S /GoTo /D (subsubsection.6.4.1.4) >>
endobj
564 0 obj
-(6.4.1.5 Compatibility with BIND 8 Counters)
+(6.4.1.4 Socket I/O Statistics Counters)
endobj
565 0 obj
-<< /S /GoTo /D (chapter.7) >>
+<< /S /GoTo /D (subsubsection.6.4.1.5) >>
endobj
568 0 obj
-(7 BIND 9 Security Considerations)
+(6.4.1.5 Compatibility with BIND 8 Counters)
endobj
569 0 obj
-<< /S /GoTo /D (section.7.1) >>
+<< /S /GoTo /D (chapter.7) >>
endobj
572 0 obj
-(7.1 Access Control Lists)
+(7 BIND 9 Security Considerations)
endobj
573 0 obj
-<< /S /GoTo /D (section.7.2) >>
+<< /S /GoTo /D (section.7.1) >>
endobj
576 0 obj
-(7.2 Chroot and Setuid)
+(7.1 Access Control Lists)
endobj
577 0 obj
-<< /S /GoTo /D (subsection.7.2.1) >>
+<< /S /GoTo /D (section.7.2) >>
endobj
580 0 obj
-(7.2.1 The chroot Environment)
+(7.2 Chroot and Setuid)
endobj
581 0 obj
-<< /S /GoTo /D (subsection.7.2.2) >>
+<< /S /GoTo /D (subsection.7.2.1) >>
endobj
584 0 obj
-(7.2.2 Using the setuid Function)
+(7.2.1 The chroot Environment)
endobj
585 0 obj
-<< /S /GoTo /D (section.7.3) >>
+<< /S /GoTo /D (subsection.7.2.2) >>
endobj
588 0 obj
-(7.3 Dynamic Update Security)
+(7.2.2 Using the setuid Function)
endobj
589 0 obj
-<< /S /GoTo /D (chapter.8) >>
+<< /S /GoTo /D (section.7.3) >>
endobj
592 0 obj
-(8 Troubleshooting)
+(7.3 Dynamic Update Security)
endobj
593 0 obj
-<< /S /GoTo /D (section.8.1) >>
+<< /S /GoTo /D (chapter.8) >>
endobj
596 0 obj
-(8.1 Common Problems)
+(8 Troubleshooting)
endobj
597 0 obj
-<< /S /GoTo /D (subsection.8.1.1) >>
+<< /S /GoTo /D (section.8.1) >>
endobj
600 0 obj
-(8.1.1 It's not working; how can I figure out what's wrong?)
+(8.1 Common Problems)
endobj
601 0 obj
-<< /S /GoTo /D (section.8.2) >>
+<< /S /GoTo /D (subsection.8.1.1) >>
endobj
604 0 obj
-(8.2 Incrementing and Changing the Serial Number)
+(8.1.1 It's not working; how can I figure out what's wrong?)
endobj
605 0 obj
-<< /S /GoTo /D (section.8.3) >>
+<< /S /GoTo /D (section.8.2) >>
endobj
608 0 obj
-(8.3 Where Can I Get Help?)
+(8.2 Incrementing and Changing the Serial Number)
endobj
609 0 obj
-<< /S /GoTo /D (appendix.A) >>
+<< /S /GoTo /D (section.8.3) >>
endobj
612 0 obj
-(A Appendices)
+(8.3 Where Can I Get Help?)
endobj
613 0 obj
-<< /S /GoTo /D (section.A.1) >>
+<< /S /GoTo /D (appendix.A) >>
endobj
616 0 obj
-(A.1 Acknowledgments)
+(A Appendices)
endobj
617 0 obj
-<< /S /GoTo /D (subsection.A.1.1) >>
+<< /S /GoTo /D (section.A.1) >>
endobj
620 0 obj
-(A.1.1 A Brief History of the DNS and BIND)
+(A.1 Acknowledgments)
endobj
621 0 obj
-<< /S /GoTo /D (section.A.2) >>
+<< /S /GoTo /D (subsection.A.1.1) >>
endobj
624 0 obj
-(A.2 General DNS Reference Information)
+(A.1.1 A Brief History of the DNS and BIND)
endobj
625 0 obj
-<< /S /GoTo /D (subsection.A.2.1) >>
+<< /S /GoTo /D (section.A.2) >>
endobj
628 0 obj
-(A.2.1 IPv6 addresses \(AAAA\))
+(A.2 General DNS Reference Information)
endobj
629 0 obj
-<< /S /GoTo /D (section.A.3) >>
+<< /S /GoTo /D (subsection.A.2.1) >>
endobj
632 0 obj
-(A.3 Bibliography \(and Suggested Reading\))
+(A.2.1 IPv6 addresses \(AAAA\))
endobj
633 0 obj
-<< /S /GoTo /D (subsection.A.3.1) >>
+<< /S /GoTo /D (section.A.3) >>
endobj
636 0 obj
-(A.3.1 Request for Comments \(RFCs\))
+(A.3 Bibliography \(and Suggested Reading\))
endobj
637 0 obj
-<< /S /GoTo /D (subsection.A.3.2) >>
+<< /S /GoTo /D (subsection.A.3.1) >>
endobj
640 0 obj
-(A.3.2 Internet Drafts)
+(A.3.1 Request for Comments \(RFCs\))
endobj
641 0 obj
-<< /S /GoTo /D (subsection.A.3.3) >>
+<< /S /GoTo /D (subsection.A.3.2) >>
endobj
644 0 obj
-(A.3.3 Other Documents About BIND)
+(A.3.2 Internet Drafts)
endobj
645 0 obj
-<< /S /GoTo /D (appendix.B) >>
+<< /S /GoTo /D (subsection.A.3.3) >>
endobj
648 0 obj
-(B Manual pages)
+(A.3.3 Other Documents About BIND)
endobj
649 0 obj
-<< /S /GoTo /D (section.B.1) >>
+<< /S /GoTo /D (appendix.B) >>
endobj
652 0 obj
-(B.1 dig)
+(B Manual pages)
endobj
653 0 obj
-<< /S /GoTo /D (section.B.2) >>
+<< /S /GoTo /D (section.B.1) >>
endobj
656 0 obj
-(B.2 host)
+(B.1 dig)
endobj
657 0 obj
-<< /S /GoTo /D (section.B.3) >>
+<< /S /GoTo /D (section.B.2) >>
endobj
660 0 obj
-(B.3 dnssec-dsfromkey)
+(B.2 host)
endobj
661 0 obj
-<< /S /GoTo /D (section.B.4) >>
+<< /S /GoTo /D (section.B.3) >>
endobj
664 0 obj
-(B.4 dnssec-keyfromlabel)
+(B.3 dnssec-dsfromkey)
endobj
665 0 obj
-<< /S /GoTo /D (section.B.5) >>
+<< /S /GoTo /D (section.B.4) >>
endobj
668 0 obj
-(B.5 dnssec-keygen)
+(B.4 dnssec-keyfromlabel)
endobj
669 0 obj
-<< /S /GoTo /D (section.B.6) >>
+<< /S /GoTo /D (section.B.5) >>
endobj
672 0 obj
-(B.6 dnssec-signzone)
+(B.5 dnssec-keygen)
endobj
673 0 obj
-<< /S /GoTo /D (section.B.7) >>
+<< /S /GoTo /D (section.B.6) >>
endobj
676 0 obj
-(B.7 named-checkconf)
+(B.6 dnssec-signzone)
endobj
677 0 obj
-<< /S /GoTo /D (section.B.8) >>
+<< /S /GoTo /D (section.B.7) >>
endobj
680 0 obj
-(B.8 named-checkzone)
+(B.7 named-checkconf)
endobj
681 0 obj
-<< /S /GoTo /D (section.B.9) >>
+<< /S /GoTo /D (section.B.8) >>
endobj
684 0 obj
-(B.9 named)
+(B.8 named-checkzone)
endobj
685 0 obj
-<< /S /GoTo /D (section.B.10) >>
+<< /S /GoTo /D (section.B.9) >>
endobj
688 0 obj
-(B.10 nsupdate)
+(B.9 named)
endobj
689 0 obj
-<< /S /GoTo /D (section.B.11) >>
+<< /S /GoTo /D (section.B.10) >>
endobj
692 0 obj
-(B.11 rndc)
+(B.10 nsupdate)
endobj
693 0 obj
-<< /S /GoTo /D (section.B.12) >>
+<< /S /GoTo /D (section.B.11) >>
endobj
696 0 obj
-(B.12 rndc.conf)
+(B.11 rndc)
endobj
697 0 obj
-<< /S /GoTo /D (section.B.13) >>
+<< /S /GoTo /D (section.B.12) >>
endobj
700 0 obj
-(B.13 rndc-confgen)
+(B.12 rndc.conf)
endobj
701 0 obj
-<< /S /GoTo /D [702 0 R /FitH ] >>
+<< /S /GoTo /D (section.B.13) >>
+endobj
+704 0 obj
+(B.13 rndc-confgen)
+endobj
+705 0 obj
+<< /S /GoTo /D [706 0 R /FitH ] >>
endobj
-705 0 obj <<
+709 0 obj <<
/Length 236
/Filter /FlateDecode
>>
stream
xڍJA 9M'd2sTBeoaiRpt*Ar /A}Փºsv B)P+!lQbJwN1P)&>ͮ-AbEMpd[L+V?ct~r~[~N a(˘9M<
endobj
-702 0 obj <<
+706 0 obj <<
/Type /Page
-/Contents 705 0 R
-/Resources 704 0 R
+/Contents 709 0 R
+/Resources 708 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
+/Parent 715 0 R
>> endobj
-703 0 obj <<
+707 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
/PTEX.FileName (./isc-logo.pdf)
/PTEX.PageNumber 1
-/PTEX.InfoDict 712 0 R
+/PTEX.InfoDict 716 0 R
/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
/BBox [0.00000000 0.00000000 255.00000000 149.00000000]
/Resources <<
/ProcSet [ /PDF /Text ]
/ColorSpace <<
-/R15 713 0 R
-/R9 714 0 R
-/R11 715 0 R
-/R13 716 0 R
+/R15 717 0 R
+/R9 718 0 R
+/R11 719 0 R
+/R13 720 0 R
>>/ExtGState <<
-/R17 717 0 R
-/R8 718 0 R
->>/Font << /R19 719 0 R >>
+/R17 721 0 R
+/R8 722 0 R
+>>/Font << /R19 723 0 R >>
>>
-/Length 720 0 R
+/Length 724 0 R
/Filter /FlateDecode
>>
stream
@@ -1097,7 +1103,7 @@ xu;d9+eR lG`Xkz#10gw~6[53}+}tI%Ts*{?'?
FIca0) A+ |-Tua>s:~KV׋OAI ɪr2Qب>.z
eNdd"gK2cɗGoO8GϦ:B ht[
endobj
-712 0 obj
+716 0 obj
<<
/Producer (AFPL Ghostscript 8.51)
/CreationDate (D:20050606145621)
@@ -1107,46 +1113,46 @@ endobj
/Author (Douglas E. Appelt)
>>
endobj
-713 0 obj
-[/Separation/PANTONE#201805#20C/DeviceCMYK 721 0 R]
+717 0 obj
+[/Separation/PANTONE#201805#20C/DeviceCMYK 725 0 R]
endobj
-714 0 obj
-[/Separation/PANTONE#207506#20C/DeviceCMYK 722 0 R]
+718 0 obj
+[/Separation/PANTONE#207506#20C/DeviceCMYK 726 0 R]
endobj
-715 0 obj
-[/Separation/PANTONE#20301#20C/DeviceCMYK 723 0 R]
+719 0 obj
+[/Separation/PANTONE#20301#20C/DeviceCMYK 727 0 R]
endobj
-716 0 obj
-[/Separation/PANTONE#20871#20C/DeviceCMYK 724 0 R]
+720 0 obj
+[/Separation/PANTONE#20871#20C/DeviceCMYK 728 0 R]
endobj
-717 0 obj
+721 0 obj
<<
/Type /ExtGState
/SA true
>>
endobj
-718 0 obj
+722 0 obj
<<
/Type /ExtGState
/OPM 1
>>
endobj
-719 0 obj
+723 0 obj
<<
/BaseFont /NVXWCK#2BTrajanPro-Bold
-/FontDescriptor 725 0 R
+/FontDescriptor 729 0 R
/Type /Font
/FirstChar 67
/LastChar 136
/Widths [ 800 0 0 0 0 0 452 0 0 0 0 0 0 0 0 0 582 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 841 633 576 686 590 540 923 827 407 760]
-/Encoding 726 0 R
+/Encoding 730 0 R
/Subtype /Type1
>>
endobj
-720 0 obj
+724 0 obj
2362
endobj
-721 0 obj
+725 0 obj
<<
/Filter /FlateDecode
/FunctionType 4
@@ -1157,7 +1163,7 @@ endobj
stream
xN)-P0P-QHHP
endobj
-722 0 obj
+726 0 obj
<<
/Filter /FlateDecode
/FunctionType 4
@@ -1168,7 +1174,7 @@ endobj
stream
xN)-P0P-QHHP
endobj
-723 0 obj
+727 0 obj
<<
/Filter /FlateDecode
/FunctionType 4
@@ -1179,7 +1185,7 @@ endobj
stream
xN)-P0T-QHHP
endobj
-724 0 obj
+728 0 obj
<<
/Filter /FlateDecode
/FunctionType 4
@@ -1190,7 +1196,7 @@ endobj
stream
xN)-P0365T-QHHPX# -,Z
endobj
-725 0 obj
+729 0 obj
<<
/Type /FontDescriptor
/FontName /NVXWCK#2BTrajanPro-Bold
@@ -1203,17 +1209,17 @@ endobj
/StemV 138
/MissingWidth 500
/CharSet (/Msmall/C/Ysmall/Nsmall/Osmall/Esmall/Rsmall/S/Ssmall/I/Tsmall/Ismall/Usmall)
-/FontFile3 727 0 R
+/FontFile3 731 0 R
>>
endobj
-726 0 obj
+730 0 obj
<<
/Type /Encoding
/BaseEncoding /WinAnsiEncoding
/Differences [ 127/Nsmall/Tsmall/Esmall/Rsmall/Ysmall/Ssmall/Msmall/Osmall/Ismall/Usmall]
>>
endobj
-727 0 obj
+731 0 obj
<<
/Filter /FlateDecode
/Subtype /Type1C
@@ -1236,40 +1242,41 @@ x \3gA34IT-R8-ǵ2Wu~!"(0*FÂ͢ĨSoQP0iFݸVN^_!Ԃb
ȼL<; *XG_Y1ET4-U_>آ}v d#r۟@\5lh<8s
Ov61B5*<6,bh\]##1OϤ5o]ц4}h0$,6A,?/;Rcy6UJYX^ɟ2K|oؔ/Ȩ/( 2#NMKr rf9yZ}$ ) h`iGAH+&*X$VhA10Hi w~I(2;]Lx4[O,QQFdQ%\:Ó;єEb1=$?IC3C=V'>+~8 #;_*qň+ 8p_YRd%a H\eDfR[kφG/WTA5HVoo8hn)Dnqzfh&cQbX߂L;{uن-[S-ۼyub܁hm4^˙ LQendstream
endobj
-706 0 obj <<
-/D [702 0 R /XYZ 85.0394 794.5015 null]
+710 0 obj <<
+/D [706 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-707 0 obj <<
-/D [702 0 R /XYZ 85.0394 769.5949 null]
+711 0 obj <<
+/D [706 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-704 0 obj <<
-/Font << /F21 710 0 R >>
-/XObject << /Im1 703 0 R >>
+708 0 obj <<
+/Font << /F21 714 0 R >>
+/XObject << /Im1 707 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-730 0 obj <<
+734 0 obj <<
/Length 1001
/Filter /FlateDecode
>>
stream
-xڵVM:+XjU_Y҈8]S3j'8]߅$"+Isr Ïh,Nfsz7 MDbcĸn3k
-z{ku!57R .mh\3X#FQd3_Y<ɞFDI=c1kn*D3բ'1D% C*e/7l&ğX\Ix2җ5;#/\hzU</@i$q' 6F1t0~tBvc+ve7 OS81|>g#ףc(I| lj6YmLyO/RARӝӳ{O3)1hK˰]=?I +xuWD |)A𡑓,,q{6E4 ~Jq}X:\4d2b6eMMET+@-/(wW|W6>z&.gvz&ݚ7c&j~z1ja#8:ƲٙT^!}NE0h~endstream
+xڵV]8}WUM:|FTښ[V\/[[>$9{ @4 ?8 dbbj
+ Xx8A%%A!QNM\CV:-$X`_}^YyILr*Uq=(tF04/J V=O(2-474e[ mE7i?,%dw-8"0]M)v42i9_ڧ%=ASŬY]q:^hJ1Og !C9ߕb[Y7QMq˹5VolM[Sx(OrRz<K?A AAo
+K˰Ym$\ɵ$xuW@GC'}]5zYGy03MZ+|P[4c2b6/˔2ikEJ+ՠ,/wעOX雸蜹3ܾJ3QtLeʦ6bCᅧY+y&̢wjendstream
endobj
-729 0 obj <<
+733 0 obj <<
/Type /Page
-/Contents 730 0 R
-/Resources 728 0 R
+/Contents 734 0 R
+/Resources 732 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
+/Parent 715 0 R
>> endobj
-731 0 obj <<
-/D [729 0 R /XYZ 56.6929 794.5015 null]
+735 0 obj <<
+/D [733 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-728 0 obj <<
-/Font << /F23 734 0 R /F14 737 0 R >>
+732 0 obj <<
+/Font << /F23 738 0 R /F14 741 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-740 0 obj <<
+744 0 obj <<
/Length 2891
/Filter /FlateDecode
>>
@@ -1289,1334 +1296,1337 @@ W*ox]Δܫ!$j2Ȑ
M:hnokh#lklMfR,`5("qP,b~]=מ,z%hg
Gm2RE7XD\@p,tD'/ս@_'Hd!EB*Ҍ@aadz:uնHA!;23X$15$LCK[drgľڀL% a "APr=|?SRxRWywqqv:7'*SVZ<`w2ci Ε[~&3Sp%?Bendstream
endobj
-739 0 obj <<
+743 0 obj <<
/Type /Page
-/Contents 740 0 R
-/Resources 738 0 R
+/Contents 744 0 R
+/Resources 742 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
-/Annots [ 743 0 R 744 0 R 745 0 R 746 0 R 747 0 R 748 0 R 749 0 R 750 0 R 751 0 R 752 0 R 753 0 R 754 0 R 755 0 R 756 0 R 757 0 R 758 0 R 759 0 R 760 0 R 761 0 R 762 0 R 763 0 R 764 0 R 765 0 R 766 0 R 767 0 R 768 0 R 769 0 R 770 0 R 771 0 R 772 0 R 773 0 R 774 0 R 775 0 R 776 0 R 777 0 R 778 0 R 779 0 R 780 0 R 781 0 R 782 0 R 783 0 R 784 0 R 785 0 R 786 0 R 787 0 R 788 0 R 789 0 R 790 0 R 791 0 R 792 0 R ]
+/Parent 715 0 R
+/Annots [ 747 0 R 748 0 R 749 0 R 750 0 R 751 0 R 752 0 R 753 0 R 754 0 R 755 0 R 756 0 R 757 0 R 758 0 R 759 0 R 760 0 R 761 0 R 762 0 R 763 0 R 764 0 R 765 0 R 766 0 R 767 0 R 768 0 R 769 0 R 770 0 R 771 0 R 772 0 R 773 0 R 774 0 R 775 0 R 776 0 R 777 0 R 778 0 R 779 0 R 780 0 R 781 0 R 782 0 R 783 0 R 784 0 R 785 0 R 786 0 R 787 0 R 788 0 R 789 0 R 790 0 R 791 0 R 792 0 R 793 0 R 794 0 R 795 0 R 796 0 R ]
>> endobj
-743 0 obj <<
+747 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 688.709 539.579 697.2967]
/Subtype /Link
/A << /S /GoTo /D (chapter.1) >>
>> endobj
-744 0 obj <<
+748 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 676.5858 539.579 685.4425]
/Subtype /Link
/A << /S /GoTo /D (section.1.1) >>
>> endobj
-745 0 obj <<
+749 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 664.4876 539.579 673.3442]
/Subtype /Link
/A << /S /GoTo /D (section.1.2) >>
>> endobj
-746 0 obj <<
+750 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 652.3894 539.579 661.246]
/Subtype /Link
/A << /S /GoTo /D (section.1.3) >>
>> endobj
-747 0 obj <<
+751 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 640.1914 539.579 649.1477]
/Subtype /Link
/A << /S /GoTo /D (section.1.4) >>
>> endobj
-748 0 obj <<
+752 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 628.0932 539.579 637.0495]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.1) >>
>> endobj
-749 0 obj <<
+753 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 615.995 539.579 624.9512]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.2) >>
>> endobj
-750 0 obj <<
+754 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 603.8967 539.579 612.853]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.3) >>
>> endobj
-751 0 obj <<
+755 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 591.7985 539.579 600.7547]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.4) >>
>> endobj
-752 0 obj <<
+756 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 579.7002 539.579 588.6565]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.1.4.4.1) >>
>> endobj
-753 0 obj <<
+757 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 567.6019 539.579 576.5582]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.1.4.4.2) >>
>> endobj
-754 0 obj <<
+758 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [532.6051 555.5037 539.579 564.46]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.1.4.4.3) >>
>> endobj
-755 0 obj <<
+759 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 543.4055 539.579 552.5112]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.5) >>
>> endobj
-756 0 obj <<
+760 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 531.3072 539.579 540.413]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.1.4.5.1) >>
>> endobj
-757 0 obj <<
+761 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 519.209 539.579 528.3147]
/Subtype /Link
/A << /S /GoTo /D (subsection.1.4.6) >>
>> endobj
-758 0 obj <<
+762 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 496.7003 539.579 505.4125]
/Subtype /Link
/A << /S /GoTo /D (chapter.2) >>
>> endobj
-759 0 obj <<
+763 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 484.5772 539.579 493.5832]
/Subtype /Link
/A << /S /GoTo /D (section.2.1) >>
>> endobj
-760 0 obj <<
+764 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 472.4789 539.579 481.485]
/Subtype /Link
/A << /S /GoTo /D (section.2.2) >>
>> endobj
-761 0 obj <<
+765 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 460.3806 539.579 469.3867]
/Subtype /Link
/A << /S /GoTo /D (section.2.3) >>
>> endobj
-762 0 obj <<
+766 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 448.2824 539.579 457.2885]
/Subtype /Link
/A << /S /GoTo /D (section.2.4) >>
>> endobj
-763 0 obj <<
+767 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 436.1841 539.579 445.1902]
/Subtype /Link
/A << /S /GoTo /D (section.2.5) >>
>> endobj
-764 0 obj <<
+768 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 413.4314 539.579 422.288]
/Subtype /Link
/A << /S /GoTo /D (chapter.3) >>
>> endobj
-765 0 obj <<
+769 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 401.353 539.579 410.4588]
/Subtype /Link
/A << /S /GoTo /D (section.3.1) >>
>> endobj
-766 0 obj <<
+770 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 389.2548 539.579 398.3605]
/Subtype /Link
/A << /S /GoTo /D (subsection.3.1.1) >>
>> endobj
-767 0 obj <<
+771 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 377.1565 539.579 386.2623]
/Subtype /Link
/A << /S /GoTo /D (subsection.3.1.2) >>
>> endobj
-768 0 obj <<
+772 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 365.1579 539.579 374.164]
/Subtype /Link
/A << /S /GoTo /D (section.3.2) >>
>> endobj
-769 0 obj <<
+773 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 353.0597 539.579 362.0658]
/Subtype /Link
/A << /S /GoTo /D (section.3.3) >>
>> endobj
-770 0 obj <<
+774 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 340.9614 539.579 349.9675]
/Subtype /Link
/A << /S /GoTo /D (subsection.3.3.1) >>
>> endobj
-771 0 obj <<
+775 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 328.7635 539.579 337.8693]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.3.3.1.1) >>
>> endobj
-772 0 obj <<
+776 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 316.6653 539.579 325.771]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.3.3.1.2) >>
>> endobj
-773 0 obj <<
+777 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 304.567 539.579 313.6728]
/Subtype /Link
/A << /S /GoTo /D (subsection.3.3.2) >>
>> endobj
-774 0 obj <<
+778 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 281.9139 539.579 290.7706]
/Subtype /Link
/A << /S /GoTo /D (chapter.4) >>
>> endobj
-775 0 obj <<
+779 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 269.8356 539.579 278.9413]
/Subtype /Link
/A << /S /GoTo /D (section.4.1) >>
>> endobj
-776 0 obj <<
+780 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 257.7373 539.579 266.8431]
/Subtype /Link
/A << /S /GoTo /D (section.4.2) >>
>> endobj
-777 0 obj <<
+781 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 245.6391 539.579 254.7448]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.2.1) >>
>> endobj
-778 0 obj <<
+782 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 233.5408 539.579 242.4971]
/Subtype /Link
/A << /S /GoTo /D (section.4.3) >>
>> endobj
-779 0 obj <<
+783 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 221.4426 539.579 230.3988]
/Subtype /Link
/A << /S /GoTo /D (section.4.4) >>
>> endobj
-780 0 obj <<
+784 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 209.3443 539.579 218.3006]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.4.1) >>
>> endobj
-781 0 obj <<
+785 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 197.2461 539.579 206.2023]
/Subtype /Link
/A << /S /GoTo /D (section.4.5) >>
>> endobj
-782 0 obj <<
+786 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 185.1478 539.579 194.1041]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.1) >>
>> endobj
-783 0 obj <<
+787 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 173.0496 539.579 182.0058]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.4.5.1.1) >>
>> endobj
-784 0 obj <<
+788 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 161.051 539.579 170.0571]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.4.5.1.2) >>
>> endobj
-785 0 obj <<
+789 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 148.9527 539.579 157.9588]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.2) >>
>> endobj
-786 0 obj <<
+790 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 136.8545 539.579 145.8606]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.3) >>
>> endobj
-787 0 obj <<
+791 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 124.7562 539.579 133.7623]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.4) >>
>> endobj
-788 0 obj <<
+792 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 112.5583 539.579 121.5146]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.5) >>
>> endobj
-789 0 obj <<
+793 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 100.4601 539.579 109.4163]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.5.6) >>
>> endobj
-790 0 obj <<
+794 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 88.3618 539.579 97.3181]
/Subtype /Link
/A << /S /GoTo /D (section.4.6) >>
>> endobj
-791 0 obj <<
+795 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 76.2636 539.579 85.2199]
/Subtype /Link
/A << /S /GoTo /D (section.4.7) >>
>> endobj
-792 0 obj <<
+796 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 64.1653 539.579 73.1216]
/Subtype /Link
/A << /S /GoTo /D (section.4.8) >>
>> endobj
-741 0 obj <<
-/D [739 0 R /XYZ 85.0394 794.5015 null]
+745 0 obj <<
+/D [743 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-742 0 obj <<
-/D [739 0 R /XYZ 85.0394 711.9273 null]
+746 0 obj <<
+/D [743 0 R /XYZ 85.0394 711.9273 null]
>> endobj
-738 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R >>
+742 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-795 0 obj <<
-/Length 3159
+799 0 obj <<
+/Length 3161
/Filter /FlateDecode
>>
stream
-x[w۸)h?ɶM}`d։$z%9 8iliډ9`@d#e#v܍DQF ]9a1p/94ף#js2Kltq.^8?◓W3>'AG>_N(Ϊ7Js|4?J%3;9?5tcM%\hU
-0Hba$Hs%Sݎ[Cmi|.bRg.|`- ZጁaL1KiWuoy= sWr^.~9~eO0>YP2D/0iUeQ{\Qц{{tf 1T\Cθ&R09Rä`"źX8u\Z\P!JO*T(ˉPx ˲CiWe{zugUl!
-0Pra$PAwÅD3g:Xu%2`@Iāz@(57c]f d)`1
- ߯},^=2%d4`pIāzΉ2Txl#RGY{LoR3ncź1.9 b<AM)=NDC഻YǞ0Ԧ61 %F:K'b'2j^VUeuOrB'8h'=cܗg)ANB.9'P+11 =pbd;bvb2]LfeMc&;' ga
-Έ4T4O+8stY,V7
-el,!F oBIŁazﰠz6XCCŇ<J.s\
-(e" uGWD~KT,7}>g'M
-0P5@T,&:v:[pV_.>o^_wHZkƸGs&f![c`id*Lc{1eD2ݓؤ$~5YuV/nDKPۂ9
- oI[G'mvyTUI~QL7uitdȕ!2r=Ĝu^PeP|w?ΡRs'
-oj«{yvۮ0@,swK0Ci+k+-D~yi/,17 ";=[J\.篢s%fs?Tendstream
+x[w۸)h?ɶM}`d։$z%9 8iliډ9`@d#e#v܍DQF ]9a1p/94ף#js2Kltq.^8?◓W3>'AG>_N(Ϊ7Js|4?J%3;9?5tcM%\hU
+
+0@Ra$@AwHMʱl3
+ͦàal!pωa2n'2I(TyNZQvg 1v<80zP&NwKcelN!
+$ =^eN#mmyM}W-ìwr],ejrR)zY< ZÚՄf 1x|Ób@;U ?\ULGR*TLo.<'@wKFշ ϟn\.2,q҆ſ4/ r2 08Ju80NPL1o28 M|}<;%`PJāz()IeC?JgĒ'TBZ2P69 + = #9ҩW4j]&kRGIwf9!
endobj
-794 0 obj <<
+798 0 obj <<
/Type /Page
-/Contents 795 0 R
-/Resources 793 0 R
+/Contents 799 0 R
+/Resources 797 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
-/Annots [ 800 0 R 801 0 R 802 0 R 803 0 R 804 0 R 805 0 R 806 0 R 807 0 R 808 0 R 809 0 R 810 0 R 811 0 R 812 0 R 813 0 R 814 0 R 815 0 R 816 0 R 817 0 R 818 0 R 819 0 R 820 0 R 821 0 R 822 0 R 823 0 R 824 0 R 825 0 R 826 0 R 827 0 R 828 0 R 829 0 R 830 0 R 831 0 R 832 0 R 833 0 R 834 0 R 835 0 R 836 0 R 837 0 R 838 0 R 839 0 R 840 0 R 841 0 R 842 0 R 843 0 R 844 0 R 845 0 R 846 0 R 847 0 R 848 0 R 849 0 R 850 0 R 851 0 R 852 0 R 853 0 R 854 0 R 855 0 R 856 0 R ]
+/Parent 715 0 R
+/Annots [ 804 0 R 805 0 R 806 0 R 807 0 R 808 0 R 809 0 R 810 0 R 811 0 R 812 0 R 813 0 R 814 0 R 815 0 R 816 0 R 817 0 R 818 0 R 819 0 R 820 0 R 821 0 R 822 0 R 823 0 R 824 0 R 825 0 R 826 0 R 827 0 R 828 0 R 829 0 R 830 0 R 831 0 R 832 0 R 833 0 R 834 0 R 835 0 R 836 0 R 837 0 R 838 0 R 839 0 R 840 0 R 841 0 R 842 0 R 843 0 R 844 0 R 845 0 R 846 0 R 847 0 R 848 0 R 849 0 R 850 0 R 851 0 R 852 0 R 853 0 R 854 0 R 855 0 R 856 0 R 857 0 R 858 0 R 859 0 R 860 0 R ]
>> endobj
-800 0 obj <<
+804 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 758.4766 511.2325 767.4329]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.8.1) >>
>> endobj
-801 0 obj <<
+805 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 746.445 511.2325 755.4012]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.8.2) >>
>> endobj
-802 0 obj <<
+806 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 734.5129 511.2325 743.3696]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.8.3) >>
>> endobj
-803 0 obj <<
+807 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 722.3816 511.2325 731.3379]
/Subtype /Link
/A << /S /GoTo /D (section.4.9) >>
>> endobj
-804 0 obj <<
+808 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 710.3499 511.2325 719.3062]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.9.1) >>
>> endobj
-805 0 obj <<
+809 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 698.3182 511.2325 707.2745]
/Subtype /Link
/A << /S /GoTo /D (subsection.4.9.2) >>
>> endobj
-806 0 obj <<
+810 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 675.998 511.2325 684.7301]
+/Rect [499.2773 675.998 511.2325 684.8547]
/Subtype /Link
/A << /S /GoTo /D (chapter.5) >>
>> endobj
-807 0 obj <<
+811 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 663.9862 511.2325 672.9425]
+/Rect [499.2773 663.9862 511.2325 673.0919]
/Subtype /Link
/A << /S /GoTo /D (section.5.1) >>
>> endobj
-808 0 obj <<
+812 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 651.9545 511.2325 660.9108]
+/Rect [499.2773 651.9545 511.2325 661.0603]
/Subtype /Link
/A << /S /GoTo /D (section.5.2) >>
>> endobj
-809 0 obj <<
+813 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 629.6343 511.2325 638.4909]
+/Rect [499.2773 629.6343 511.2325 638.3664]
/Subtype /Link
/A << /S /GoTo /D (chapter.6) >>
>> endobj
-810 0 obj <<
+814 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 617.6225 511.2325 626.7282]
+/Rect [499.2773 617.6225 511.2325 626.5788]
/Subtype /Link
/A << /S /GoTo /D (section.6.1) >>
>> endobj
-811 0 obj <<
+815 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 605.5908 511.2325 614.5471]
+/Rect [499.2773 605.5908 511.2325 614.6966]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.1.1) >>
>> endobj
-812 0 obj <<
+816 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 593.5591 511.2325 602.5154]
+/Rect [499.2773 593.5591 511.2325 602.6649]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.1.1.1) >>
>> endobj
-813 0 obj <<
+817 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 581.5275 511.2325 590.4837]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.1.1.2) >>
>> endobj
-814 0 obj <<
+818 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 569.4958 511.2325 578.4521]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.1.2) >>
>> endobj
-815 0 obj <<
+819 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 557.4641 511.2325 566.4204]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.1.2.1) >>
>> endobj
-816 0 obj <<
+820 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 545.4324 511.2325 554.5382]
+/Rect [499.2773 545.4324 511.2325 554.3887]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.1.2.2) >>
>> endobj
-817 0 obj <<
+821 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 533.4007 511.2325 542.5065]
+/Rect [499.2773 533.4007 511.2325 542.357]
/Subtype /Link
/A << /S /GoTo /D (section.6.2) >>
>> endobj
-818 0 obj <<
+822 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 521.3691 511.2325 530.3254]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.1) >>
>> endobj
-819 0 obj <<
+823 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 509.3374 511.2325 518.2937]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.2) >>
>> endobj
-820 0 obj <<
+824 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 497.3057 511.2325 506.262]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.3) >>
>> endobj
-821 0 obj <<
+825 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 485.274 511.2325 494.2303]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.4) >>
>> endobj
-822 0 obj <<
+826 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 473.2424 511.2325 482.1986]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.5) >>
>> endobj
-823 0 obj <<
+827 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 461.2107 511.2325 470.167]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.6) >>
>> endobj
-824 0 obj <<
+828 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 449.179 511.2325 458.1353]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.7) >>
>> endobj
-825 0 obj <<
+829 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 437.1473 511.2325 446.1036]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.8) >>
>> endobj
-826 0 obj <<
+830 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 425.1157 511.2325 434.0719]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.9) >>
>> endobj
-827 0 obj <<
+831 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 413.084 511.2325 422.0403]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.10) >>
>> endobj
-828 0 obj <<
+832 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 401.0523 511.2325 410.0086]
+/Rect [499.2773 401.0523 511.2325 410.158]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.10.1) >>
>> endobj
-829 0 obj <<
+833 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 389.0206 511.2325 398.1264]
+/Rect [499.2773 389.1203 511.2325 398.1264]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.10.2) >>
>> endobj
-830 0 obj <<
+834 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 377.0886 511.2325 386.0947]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.10.3) >>
>> endobj
-831 0 obj <<
+835 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 365.0569 511.2325 374.063]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.11) >>
>> endobj
-832 0 obj <<
+836 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 352.9256 511.2325 362.0313]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.12) >>
>> endobj
-833 0 obj <<
+837 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 340.8939 511.2325 349.9997]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.13) >>
>> endobj
-834 0 obj <<
+838 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 328.8622 511.2325 337.968]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.14) >>
>> endobj
-835 0 obj <<
+839 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 316.8305 511.2325 325.9363]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.15) >>
>> endobj
-836 0 obj <<
+840 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 304.7989 511.2325 313.9046]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.16) >>
>> endobj
-837 0 obj <<
+841 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 292.7672 511.2325 301.873]
+/Rect [499.2773 292.7672 511.2325 301.7235]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.1) >>
>> endobj
-838 0 obj <<
+842 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 280.7355 511.2325 289.6918]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.2) >>
>> endobj
-839 0 obj <<
+843 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 268.7038 511.2325 277.6601]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.3) >>
>> endobj
-840 0 obj <<
+844 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 256.6722 511.2325 265.6285]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.4) >>
>> endobj
-841 0 obj <<
+845 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 244.6405 511.2325 253.5968]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.5) >>
>> endobj
-842 0 obj <<
+846 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 232.6088 511.2325 241.5651]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.6) >>
>> endobj
-843 0 obj <<
+847 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 220.5771 511.2325 229.5334]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.7) >>
>> endobj
-844 0 obj <<
+848 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 208.5455 511.2325 217.5017]
+/Rect [499.2773 208.5455 511.2325 217.6512]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.8) >>
>> endobj
-845 0 obj <<
+849 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 196.5138 511.2325 205.4701]
+/Rect [499.2773 196.5138 511.2325 205.6195]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.9) >>
>> endobj
-846 0 obj <<
+850 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 184.4821 511.2325 193.4384]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.10) >>
>> endobj
-847 0 obj <<
+851 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 172.4504 511.2325 181.5562]
+/Rect [499.2773 172.4504 511.2325 181.4067]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.11) >>
>> endobj
-848 0 obj <<
+852 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 160.4187 511.2325 169.5245]
+/Rect [499.2773 160.4187 511.2325 169.375]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.12) >>
>> endobj
-849 0 obj <<
+853 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 148.3871 511.2325 157.3433]
+/Rect [499.2773 148.3871 511.2325 157.4928]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.13) >>
>> endobj
-850 0 obj <<
+854 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 136.3554 511.2325 145.3117]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.14) >>
>> endobj
-851 0 obj <<
+855 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 124.3237 511.2325 133.4295]
+/Rect [499.2773 124.3237 511.2325 133.28]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.15) >>
>> endobj
-852 0 obj <<
+856 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 112.292 511.2325 121.2483]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.16) >>
>> endobj
-853 0 obj <<
+857 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 100.2604 511.2325 109.2166]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.17) >>
>> endobj
-854 0 obj <<
+858 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 88.2287 511.2325 97.185]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.18) >>
>> endobj
-855 0 obj <<
+859 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 76.197 511.2325 85.1533]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.17) >>
>> endobj
-856 0 obj <<
+860 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [499.2773 64.1653 511.2325 73.1216]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.18) >>
>> endobj
-796 0 obj <<
-/D [794 0 R /XYZ 56.6929 794.5015 null]
+800 0 obj <<
+/D [798 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-793 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R >>
+797 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-859 0 obj <<
-/Length 3451
+863 0 obj <<
+/Length 3456
/Filter /FlateDecode
>>
stream
-xKSG|
-X8PgWaqXH 8t
- P" D - WCBP5!9لOh6.
-U?.80\Pg`[Eܭ'ﮛA\6*~.q`\#]p![.?׃q5z#h?UH>1ٲCLvxmeOāɎzwk.JUwѕJj&ϕ[G݅2d3 1Ơ̦%={('P8]6M>_Od1efgX 'fw4?]g>C),n㛤 bzÌcz'FDYJE{,9,Brq+ 8@pG!2pp% l&/BY8]e<eS
-FS
-w[&b7N$v u+HYŞꞵl\!  % =BB\x.'?xxں-D/\<S
-0@Ra$@AP]("M(0y )"
-9v~Vj~NԮHQSb>R&5XcS 0Ā80 ּKiD*.7GteO4Pq0gըڣyv/_`=.տ7ӚTp ͻˎl3?Prs͹we^% ~!AA1q`4M,K=MW[eur:EVHB]? ηD(-rF[9o_f 1b!4L*X{LNM@6nO.!)4a/n<-eGMx43̢ϧ r30ĸb\%BGC"pw8 ҫpw`z%׋z؞94PgC 1T80PyuUgzO/V4u\`!̊f08`ֽFAh܏T]tpU.]Քt7P\t`X ]'G)ҽɄAd<g2޷ɸK2$g?H {1k` ~C3Υ wF1RrotS'0mp_W\G:=Y;\mo?]f!'JCLksLDިP)T^pՊz*tC.=+:
-XJ'fA tC
-ʞ
->Y(
-#utto"qȿtÿףwYx1`auB1IaDU1Oh ȫU5/?G0B+q(2Q^ˌl.!T">. cݙ]M8-[8[]wC%;^1l"!F%"F>HfWdžk>fC 1hj/AhvFu%w4̀nN P;?yv03)>U
-5ߩ-@o׃ԔOvgi"^Yg^؟0UEoWi^-QawFœ_1NNܧ,!P#k=5r$7e,<~Fƿnټ.A6Is*dK"\,endstream
+x[SFU t&u.쐊Hek<gAeF"sx?F3L Ι]@g
+#HQ F:؟a5}xիo^ 50<\|҄jvߝ^^r)t̨hOnat6 I!wvwo~2}Lhi" IDe ɅYQr­\05Gs|1\E9.UU\;,iٜ[bZT}7t:Kv~F%ߕw$θ&9,dqCd~qUrvpS7Tl#z,{`D*e{F839*~W墬;j~|8)(ee+`
+B*ُFA
+ P" H
+bLAU1"q`LS4#O`/NޜFȒv8[+S{ Mb@0\"q`=.b
+
+4D@Y
+%
+=Q2Ph*$'ZH,<Xا8 `%~80PC,sC\0Pu_|ơG|ۢY0(nL˛㳃f"VrA(2^'R 0@R` D@@2e X
++alYW^J\21'P, H)P3!<
+&ѧ;tͻmR#Ym` mCFsJ PS^[i?Wsml'|Y *;fxj)2,
+{p)Kb@@I0 "q`@lxg {P;W"yby*j^ٰ=nқ7wk 6#޼*_<mxM|]Vf.`4*Vg͹}ogeb%s O~!AA1"q`4=MLN);6L|^z)Bjcet!"S;.r}˞X'j2#Bc`EA9a<p$1˥v̍zcŦW7Q]E.OAe>+`qŸāqz\biI+_Tso[(Qԯ^V R=ƶ*T!՚T8pyJ57G [/sq`\N0P3 H0c e{@{YpU/mTˑa/[aI/HAޗ
+C B`D@ 3"xia(x= =}g{\Q^ q.1_~e6[56b*mvk/07endstream
endobj
-858 0 obj <<
+862 0 obj <<
/Type /Page
-/Contents 859 0 R
-/Resources 857 0 R
+/Contents 863 0 R
+/Resources 861 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
-/Annots [ 861 0 R 862 0 R 863 0 R 864 0 R 865 0 R 866 0 R 867 0 R 868 0 R 869 0 R 870 0 R 871 0 R 872 0 R 873 0 R 874 0 R 875 0 R 876 0 R 877 0 R 878 0 R 879 0 R 880 0 R 881 0 R 882 0 R 883 0 R 884 0 R 885 0 R 886 0 R 887 0 R 888 0 R 889 0 R 890 0 R 891 0 R 892 0 R 896 0 R 897 0 R 898 0 R 899 0 R 900 0 R 901 0 R 902 0 R 903 0 R 904 0 R 905 0 R 906 0 R 907 0 R 908 0 R 909 0 R 910 0 R 911 0 R 912 0 R 913 0 R 914 0 R 915 0 R 916 0 R 917 0 R 918 0 R ]
+/Parent 715 0 R
+/Annots [ 865 0 R 866 0 R 867 0 R 868 0 R 869 0 R 870 0 R 871 0 R 872 0 R 873 0 R 874 0 R 875 0 R 876 0 R 877 0 R 878 0 R 879 0 R 880 0 R 881 0 R 882 0 R 883 0 R 884 0 R 885 0 R 886 0 R 887 0 R 888 0 R 889 0 R 890 0 R 891 0 R 892 0 R 893 0 R 894 0 R 895 0 R 896 0 R 897 0 R 901 0 R 902 0 R 903 0 R 904 0 R 905 0 R 906 0 R 907 0 R 908 0 R 909 0 R 910 0 R 911 0 R 912 0 R 913 0 R 914 0 R 915 0 R 916 0 R 917 0 R 918 0 R 919 0 R 920 0 R 921 0 R 922 0 R ]
>> endobj
-861 0 obj <<
+865 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 758.4766 539.579 767.4329]
+/Rect [527.6238 758.5763 539.579 767.5824]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.19) >>
>> endobj
-862 0 obj <<
+866 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 746.3946 539.579 755.3509]
+/Rect [527.6238 746.4943 539.579 755.3509]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.20) >>
>> endobj
-863 0 obj <<
+867 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 734.3125 539.579 743.2688]
+/Rect [527.6238 734.4122 539.579 743.2688]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.21) >>
>> endobj
-864 0 obj <<
+868 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 722.2305 539.579 731.1868]
+/Rect [527.6238 722.3302 539.579 731.1868]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.22) >>
>> endobj
-865 0 obj <<
+869 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 710.1484 539.579 719.1047]
+/Rect [527.6238 710.2481 539.579 719.1047]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.23) >>
>> endobj
-866 0 obj <<
+870 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 698.1661 539.579 707.1721]
+/Rect [527.6238 698.0664 539.579 707.0227]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.24) >>
>> endobj
-867 0 obj <<
+871 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 686.084 539.579 694.9406]
+/Rect [527.6238 686.084 539.579 695.0901]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.25) >>
>> endobj
-868 0 obj <<
+872 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 674.002 539.579 683.008]
+/Rect [527.6238 673.9023 539.579 682.8586]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.26) >>
>> endobj
-869 0 obj <<
+873 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 661.9199 539.579 670.926]
+/Rect [527.6238 661.8203 539.579 670.7765]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.26.1) >>
>> endobj
-870 0 obj <<
+874 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 649.7382 539.579 658.6945]
+/Rect [527.6238 649.8379 539.579 658.6945]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.26.2) >>
>> endobj
-871 0 obj <<
+875 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 637.6562 539.579 646.6124]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.26.3) >>
>> endobj
-872 0 obj <<
+876 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 625.5741 539.579 634.5304]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.26.4) >>
>> endobj
-873 0 obj <<
+877 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 613.4921 539.579 622.4483]
/Subtype /Link
/A << /S /GoTo /D (section.6.3) >>
>> endobj
-874 0 obj <<
+878 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 601.41 539.579 610.3663]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.1) >>
>> endobj
-875 0 obj <<
+879 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 589.328 539.579 598.2842]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.1.1) >>
>> endobj
-876 0 obj <<
+880 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 577.2459 539.579 586.2022]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.1.2) >>
>> endobj
-877 0 obj <<
+881 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 565.1639 539.579 574.1201]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.2) >>
>> endobj
-878 0 obj <<
+882 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 553.0818 539.579 562.1876]
+/Rect [527.6238 553.0818 539.579 562.0381]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.3) >>
>> endobj
-879 0 obj <<
+883 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 540.9998 539.579 550.1055]
+/Rect [527.6238 540.9998 539.579 549.956]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.4) >>
>> endobj
-880 0 obj <<
+884 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 528.9177 539.579 537.874]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.5) >>
>> endobj
-881 0 obj <<
+885 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 516.8357 539.579 525.792]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.5.1) >>
>> endobj
-882 0 obj <<
+886 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 504.7536 539.579 513.7099]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.5.2) >>
>> endobj
-883 0 obj <<
+887 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 492.6716 539.579 501.6279]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.5.3) >>
>> endobj
-884 0 obj <<
+888 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 480.5895 539.579 489.5458]
/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.6) >>
+/A << /S /GoTo /D (subsubsection.6.3.5.4) >>
>> endobj
-885 0 obj <<
+889 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 468.5075 539.579 477.4638]
/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.7) >>
+/A << /S /GoTo /D (subsection.6.3.6) >>
>> endobj
-886 0 obj <<
+890 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 456.4254 539.579 465.3817]
/Subtype /Link
-/A << /S /GoTo /D (section.6.4) >>
+/A << /S /GoTo /D (subsection.6.3.7) >>
>> endobj
-887 0 obj <<
+891 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 444.3434 539.579 453.2997]
/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.0.1) >>
+/A << /S /GoTo /D (section.6.4) >>
>> endobj
-888 0 obj <<
+892 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 432.2613 539.579 441.2176]
/Subtype /Link
-/A << /S /GoTo /D (subsection.6.4.1) >>
+/A << /S /GoTo /D (subsubsection.6.4.0.1) >>
>> endobj
-889 0 obj <<
+893 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 420.1793 539.579 429.1356]
/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.1) >>
+/A << /S /GoTo /D (subsection.6.4.1) >>
>> endobj
-890 0 obj <<
+894 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [527.6238 408.0972 539.579 417.0535]
/Subtype /Link
+/A << /S /GoTo /D (subsubsection.6.4.1.1) >>
+>> endobj
+895 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [527.6238 396.0152 539.579 405.1209]
+/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.2) >>
>> endobj
-891 0 obj <<
+896 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 396.0152 539.579 404.9715]
+/Rect [527.6238 383.9331 539.579 392.8894]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.3) >>
>> endobj
-892 0 obj <<
+897 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 383.9331 539.579 392.8894]
+/Rect [527.6238 371.8511 539.579 380.8074]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.4) >>
>> endobj
-896 0 obj <<
+901 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 371.8511 539.579 380.9568]
+/Rect [527.6238 359.769 539.579 368.7253]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.5) >>
>> endobj
-897 0 obj <<
+902 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 349.279 539.579 358.0111]
+/Rect [527.6238 337.1969 539.579 345.9291]
/Subtype /Link
/A << /S /GoTo /D (chapter.7) >>
>> endobj
-898 0 obj <<
+903 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 337.2168 539.579 346.1731]
+/Rect [527.6238 325.1348 539.579 334.091]
/Subtype /Link
/A << /S /GoTo /D (section.7.1) >>
>> endobj
-899 0 obj <<
+904 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 325.1348 539.579 334.2405]
+/Rect [527.6238 313.0527 539.579 322.009]
/Subtype /Link
/A << /S /GoTo /D (section.7.2) >>
>> endobj
-900 0 obj <<
+905 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 313.0527 539.579 322.1585]
+/Rect [527.6238 300.9707 539.579 309.9269]
/Subtype /Link
/A << /S /GoTo /D (subsection.7.2.1) >>
>> endobj
-901 0 obj <<
+906 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 300.9707 539.579 310.0764]
+/Rect [527.6238 288.8886 539.579 297.8449]
/Subtype /Link
/A << /S /GoTo /D (subsection.7.2.2) >>
>> endobj
-902 0 obj <<
+907 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 288.8886 539.579 297.9944]
+/Rect [527.6238 276.8066 539.579 285.7628]
/Subtype /Link
/A << /S /GoTo /D (section.7.3) >>
>> endobj
-903 0 obj <<
+908 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 266.3165 539.579 275.0487]
+/Rect [527.6238 254.2345 539.579 262.9666]
/Subtype /Link
/A << /S /GoTo /D (chapter.8) >>
>> endobj
-904 0 obj <<
+909 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 254.2544 539.579 263.2106]
+/Rect [527.6238 242.1723 539.579 251.1286]
/Subtype /Link
/A << /S /GoTo /D (section.8.1) >>
>> endobj
-905 0 obj <<
+910 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 242.1723 539.579 251.1286]
+/Rect [527.6238 230.0903 539.579 239.0465]
/Subtype /Link
/A << /S /GoTo /D (subsection.8.1.1) >>
>> endobj
-906 0 obj <<
+911 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 230.0903 539.579 239.0465]
+/Rect [527.6238 218.0082 539.579 226.9645]
/Subtype /Link
/A << /S /GoTo /D (section.8.2) >>
>> endobj
-907 0 obj <<
+912 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 218.0082 539.579 226.9645]
+/Rect [527.6238 205.9262 539.579 214.8824]
/Subtype /Link
/A << /S /GoTo /D (section.8.3) >>
>> endobj
-908 0 obj <<
+913 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 195.4361 539.579 204.1683]
+/Rect [522.6425 183.3541 539.579 192.2107]
/Subtype /Link
/A << /S /GoTo /D (appendix.A) >>
>> endobj
-909 0 obj <<
+914 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 183.3739 539.579 192.3302]
+/Rect [522.6425 171.2919 539.579 180.3976]
/Subtype /Link
/A << /S /GoTo /D (section.A.1) >>
>> endobj
-910 0 obj <<
+915 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 171.2919 539.579 180.2482]
+/Rect [522.6425 159.2098 539.579 168.3156]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.1.1) >>
>> endobj
-911 0 obj <<
+916 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 159.2098 539.579 168.3156]
+/Rect [522.6425 147.1278 539.579 156.2335]
/Subtype /Link
/A << /S /GoTo /D (section.A.2) >>
>> endobj
-912 0 obj <<
+917 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 147.1278 539.579 156.2335]
+/Rect [522.6425 135.0457 539.579 144.1515]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.2.1) >>
>> endobj
-913 0 obj <<
+918 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 135.0457 539.579 144.1515]
+/Rect [522.6425 122.9637 539.579 132.0694]
/Subtype /Link
/A << /S /GoTo /D (section.A.3) >>
>> endobj
-914 0 obj <<
+919 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 122.9637 539.579 132.0694]
+/Rect [522.6425 110.8816 539.579 119.9874]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.3.1) >>
>> endobj
-915 0 obj <<
+920 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 110.8816 539.579 119.9874]
+/Rect [522.6425 98.7996 539.579 107.9053]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.3.2) >>
>> endobj
-916 0 obj <<
+921 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 98.7996 539.579 107.9053]
+/Rect [522.6425 86.7175 539.579 95.8233]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.3.3) >>
>> endobj
-917 0 obj <<
+922 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 76.2275 539.579 85.0841]
+/Rect [522.6425 64.1455 539.579 73.0021]
/Subtype /Link
/A << /S /GoTo /D (appendix.B) >>
>> endobj
-918 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 64.1653 539.579 73.2711]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.1) >>
->> endobj
-860 0 obj <<
-/D [858 0 R /XYZ 85.0394 794.5015 null]
+864 0 obj <<
+/D [862 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-857 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F39 895 0 R >>
+861 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-921 0 obj <<
-/Length 844
+925 0 obj <<
+/Length 881
/Filter /FlateDecode
>>
stream
-xOO0
-B~FD(F
-#(n5q?`'`;( d';B2kv*ڑ4 Rp=tL"&r 9
- R~HD(H9mT nM]|VFQk5*jz!'A2!n܁Rk5,Rp AV'AV3Lܝy$(D{=j0X
-P2P0#<n܀Emm~oy'XP DMT.9|Rǽ㪞3ps-Vd7Hy83>ySqoÙVACZl{+m׫viѣ:Rč[&!9|r(\ujmiI5F)T {L"J{ѾT7Z}kUetN+gJ_JھɚީvP
+xOO0
+NB ~)(yRfi.
+^ùmب­'ѩgSNnK5zәc9('їo瓓jrVLRxdWqyYHLz?{Q.
+%J:Dg7+΄4"s)BK4!9A8\1qWc?Xg(dPT>TWrC'm2c-Vj>[,Hon(  e'nR3+d{s[oFCw\IMof'7#H1…P݌2P#!5Ƶ':zǕ~NvP eW@w$B!Ov
+^V'AF2yܝy$(,O5- RpAnaD(aIK7nä6ֿή晓x}$X޼P $B"OgzZΦӽŊ)o %W&9|&o4Tj+!F EYoZjy|aۖу:R->9P晖9*N{oT(B
+XeC^VWqfv%L:'+B6J_JB_۽OV(Aendstream
endobj
-920 0 obj <<
+924 0 obj <<
/Type /Page
-/Contents 921 0 R
-/Resources 919 0 R
+/Contents 925 0 R
+/Resources 923 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 711 0 R
-/Annots [ 923 0 R 924 0 R 925 0 R 926 0 R 927 0 R 928 0 R 929 0 R 930 0 R 931 0 R 932 0 R 936 0 R 937 0 R ]
+/Parent 715 0 R
+/Annots [ 927 0 R 928 0 R 929 0 R 930 0 R 931 0 R 932 0 R 933 0 R 934 0 R 935 0 R 936 0 R 937 0 R 941 0 R 942 0 R ]
>> endobj
-923 0 obj <<
+927 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [494.296 758.4766 511.2325 767.5824]
/Subtype /Link
-/A << /S /GoTo /D (section.B.2) >>
+/A << /S /GoTo /D (section.B.1) >>
>> endobj
-924 0 obj <<
+928 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [494.296 746.6211 511.2325 755.6272]
/Subtype /Link
+/A << /S /GoTo /D (section.B.2) >>
+>> endobj
+929 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [494.296 734.666 511.2325 743.672]
+/Subtype /Link
/A << /S /GoTo /D (section.B.3) >>
>> endobj
-925 0 obj <<
+930 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 734.5663 511.2325 743.672]
+/Rect [494.296 722.6111 511.2325 731.7169]
/Subtype /Link
/A << /S /GoTo /D (section.B.4) >>
>> endobj
-926 0 obj <<
+931 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 722.6111 511.2325 731.7169]
+/Rect [494.296 710.7556 511.2325 719.7617]
/Subtype /Link
/A << /S /GoTo /D (section.B.5) >>
>> endobj
-927 0 obj <<
+932 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 710.7556 511.2325 719.7617]
+/Rect [494.296 698.7008 511.2325 707.8065]
/Subtype /Link
/A << /S /GoTo /D (section.B.6) >>
>> endobj
-928 0 obj <<
+933 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 698.8005 511.2325 707.8065]
+/Rect [494.296 686.7456 511.2325 695.8514]
/Subtype /Link
/A << /S /GoTo /D (section.B.7) >>
>> endobj
-929 0 obj <<
+934 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 686.8453 511.2325 695.8514]
+/Rect [494.296 674.8901 511.2325 683.8962]
/Subtype /Link
/A << /S /GoTo /D (section.B.8) >>
>> endobj
-930 0 obj <<
+935 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 674.8901 511.2325 683.8962]
+/Rect [494.296 662.8353 511.2325 671.941]
/Subtype /Link
/A << /S /GoTo /D (section.B.9) >>
>> endobj
-931 0 obj <<
+936 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 662.935 511.2325 671.941]
+/Rect [494.296 650.8801 511.2325 659.9859]
/Subtype /Link
/A << /S /GoTo /D (section.B.10) >>
>> endobj
-932 0 obj <<
+937 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 650.8801 511.2325 659.9859]
+/Rect [494.296 638.925 511.2325 648.0307]
/Subtype /Link
/A << /S /GoTo /D (section.B.11) >>
>> endobj
-936 0 obj <<
+941 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 638.925 511.2325 648.0307]
+/Rect [494.296 626.9698 511.2325 636.0755]
/Subtype /Link
/A << /S /GoTo /D (section.B.12) >>
>> endobj
-937 0 obj <<
+942 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 626.9698 511.2325 636.0755]
+/Rect [494.296 615.0146 511.2325 624.1204]
/Subtype /Link
/A << /S /GoTo /D (section.B.13) >>
>> endobj
-922 0 obj <<
-/D [920 0 R /XYZ 56.6929 794.5015 null]
+926 0 obj <<
+/D [924 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-919 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F41 935 0 R >>
+923 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-940 0 obj <<
+945 0 obj <<
/Length 2175
/Filter /FlateDecode
>>
@@ -2632,51 +2642,51 @@ xYo6_GX%>(c kK> 9C[6Ep7|/M2iR
(xkX)B:96&'ȉj\@4@a&
MӎxC pgbN"?Am#IP|>wI>܂_'kWT^G_g[3徫~>UeW/WBeʤiX90|?^+,~ʏ
endobj
-939 0 obj <<
+944 0 obj <<
/Type /Page
-/Contents 940 0 R
-/Resources 938 0 R
+/Contents 945 0 R
+/Resources 943 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
+/Parent 956 0 R
>> endobj
-941 0 obj <<
-/D [939 0 R /XYZ 85.0394 794.5015 null]
+946 0 obj <<
+/D [944 0 R /XYZ 85.0394 794.5015 null]
>> endobj
6 0 obj <<
-/D [939 0 R /XYZ 85.0394 769.5949 null]
+/D [944 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-942 0 obj <<
-/D [939 0 R /XYZ 85.0394 582.8476 null]
+947 0 obj <<
+/D [944 0 R /XYZ 85.0394 582.8476 null]
>> endobj
10 0 obj <<
-/D [939 0 R /XYZ 85.0394 512.9824 null]
+/D [944 0 R /XYZ 85.0394 512.9824 null]
>> endobj
-943 0 obj <<
-/D [939 0 R /XYZ 85.0394 474.7837 null]
+948 0 obj <<
+/D [944 0 R /XYZ 85.0394 474.7837 null]
>> endobj
14 0 obj <<
-/D [939 0 R /XYZ 85.0394 399.5462 null]
+/D [944 0 R /XYZ 85.0394 399.5462 null]
>> endobj
-944 0 obj <<
-/D [939 0 R /XYZ 85.0394 363.8828 null]
+949 0 obj <<
+/D [944 0 R /XYZ 85.0394 363.8828 null]
>> endobj
18 0 obj <<
-/D [939 0 R /XYZ 85.0394 223.0066 null]
+/D [944 0 R /XYZ 85.0394 223.0066 null]
>> endobj
-945 0 obj <<
-/D [939 0 R /XYZ 85.0394 190.9009 null]
+950 0 obj <<
+/D [944 0 R /XYZ 85.0394 190.9009 null]
>> endobj
-946 0 obj <<
-/D [939 0 R /XYZ 85.0394 170.4169 null]
+951 0 obj <<
+/D [944 0 R /XYZ 85.0394 170.4169 null]
>> endobj
-947 0 obj <<
-/D [939 0 R /XYZ 85.0394 158.4617 null]
+952 0 obj <<
+/D [944 0 R /XYZ 85.0394 158.4617 null]
>> endobj
-938 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R /F39 895 0 R /F41 935 0 R /F48 950 0 R >>
+943 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R /F39 900 0 R /F41 940 0 R /F48 955 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-954 0 obj <<
+959 0 obj <<
/Length 3187
/Filter /FlateDecode
>>
@@ -2703,66 +2713,66 @@ W;SQ3;W4{kc7>Ji [~5g@
`J9dV!ȨB?ecΗ`X-zX-@f:\aG7ߕ=ȧv)@2wl(kz+0hzx6qSS> uQIC-f¡oMoqڵ|2VDW|k=_bP*4/[Df@
!yendstream
endobj
-953 0 obj <<
+958 0 obj <<
/Type /Page
-/Contents 954 0 R
-/Resources 952 0 R
+/Contents 959 0 R
+/Resources 957 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
-/Annots [ 961 0 R 962 0 R ]
+/Parent 956 0 R
+/Annots [ 966 0 R 967 0 R ]
>> endobj
-961 0 obj <<
+966 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [272.8897 207.1951 329.1084 219.2548]
/Subtype /Link
/A << /S /GoTo /D (types_of_resource_records_and_when_to_use_them) >>
>> endobj
-962 0 obj <<
+967 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [190.6691 179.6723 249.6573 189.0819]
/Subtype /Link
/A << /S /GoTo /D (rfcs) >>
>> endobj
-955 0 obj <<
-/D [953 0 R /XYZ 56.6929 794.5015 null]
+960 0 obj <<
+/D [958 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-956 0 obj <<
-/D [953 0 R /XYZ 56.6929 756.8229 null]
+961 0 obj <<
+/D [958 0 R /XYZ 56.6929 756.8229 null]
>> endobj
-957 0 obj <<
-/D [953 0 R /XYZ 56.6929 744.8677 null]
+962 0 obj <<
+/D [958 0 R /XYZ 56.6929 744.8677 null]
>> endobj
22 0 obj <<
-/D [953 0 R /XYZ 56.6929 651.295 null]
+/D [958 0 R /XYZ 56.6929 651.295 null]
>> endobj
-958 0 obj <<
-/D [953 0 R /XYZ 56.6929 612.4036 null]
+963 0 obj <<
+/D [958 0 R /XYZ 56.6929 612.4036 null]
>> endobj
26 0 obj <<
-/D [953 0 R /XYZ 56.6929 555.4285 null]
+/D [958 0 R /XYZ 56.6929 555.4285 null]
>> endobj
-959 0 obj <<
-/D [953 0 R /XYZ 56.6929 530.6703 null]
+964 0 obj <<
+/D [958 0 R /XYZ 56.6929 530.6703 null]
>> endobj
30 0 obj <<
-/D [953 0 R /XYZ 56.6929 416.0112 null]
+/D [958 0 R /XYZ 56.6929 416.0112 null]
>> endobj
-960 0 obj <<
-/D [953 0 R /XYZ 56.6929 391.253 null]
+965 0 obj <<
+/D [958 0 R /XYZ 56.6929 391.253 null]
>> endobj
34 0 obj <<
-/D [953 0 R /XYZ 56.6929 164.815 null]
+/D [958 0 R /XYZ 56.6929 164.815 null]
>> endobj
-963 0 obj <<
-/D [953 0 R /XYZ 56.6929 137.4068 null]
+968 0 obj <<
+/D [958 0 R /XYZ 56.6929 137.4068 null]
>> endobj
-952 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F39 895 0 R /F41 935 0 R /F21 710 0 R >>
+957 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F39 900 0 R /F41 940 0 R /F21 714 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-968 0 obj <<
+973 0 obj <<
/Length 3415
/Filter /FlateDecode
>>
@@ -2781,60 +2791,60 @@ J$.\./A* _5A ôoF 6'\d"`X۵D픻@/HhBg©3&+J
?6`<s qqK N@C+s^o."E}0Ŝݦ5F;
%^G8ʋ`%^_'kendstream
endobj
-967 0 obj <<
+972 0 obj <<
/Type /Page
-/Contents 968 0 R
-/Resources 966 0 R
+/Contents 973 0 R
+/Resources 971 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
-/Annots [ 971 0 R 972 0 R ]
+/Parent 956 0 R
+/Annots [ 976 0 R 977 0 R ]
>> endobj
-971 0 obj <<
+976 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [519.8432 463.1122 539.579 475.1718]
/Subtype /Link
/A << /S /GoTo /D (diagnostic_tools) >>
>> endobj
-972 0 obj <<
+977 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [84.0431 451.8246 133.308 463.2167]
/Subtype /Link
/A << /S /GoTo /D (diagnostic_tools) >>
>> endobj
-969 0 obj <<
-/D [967 0 R /XYZ 85.0394 794.5015 null]
+974 0 obj <<
+/D [972 0 R /XYZ 85.0394 794.5015 null]
>> endobj
38 0 obj <<
-/D [967 0 R /XYZ 85.0394 570.5252 null]
+/D [972 0 R /XYZ 85.0394 570.5252 null]
>> endobj
-970 0 obj <<
-/D [967 0 R /XYZ 85.0394 541.3751 null]
+975 0 obj <<
+/D [972 0 R /XYZ 85.0394 541.3751 null]
>> endobj
42 0 obj <<
-/D [967 0 R /XYZ 85.0394 434.1868 null]
+/D [972 0 R /XYZ 85.0394 434.1868 null]
>> endobj
-973 0 obj <<
-/D [967 0 R /XYZ 85.0394 406.5769 null]
+978 0 obj <<
+/D [972 0 R /XYZ 85.0394 406.5769 null]
>> endobj
46 0 obj <<
-/D [967 0 R /XYZ 85.0394 301.1559 null]
+/D [972 0 R /XYZ 85.0394 301.1559 null]
>> endobj
-974 0 obj <<
-/D [967 0 R /XYZ 85.0394 276.6843 null]
+979 0 obj <<
+/D [972 0 R /XYZ 85.0394 276.6843 null]
>> endobj
50 0 obj <<
-/D [967 0 R /XYZ 85.0394 200.1512 null]
+/D [972 0 R /XYZ 85.0394 200.1512 null]
>> endobj
-975 0 obj <<
-/D [967 0 R /XYZ 85.0394 175.6796 null]
+980 0 obj <<
+/D [972 0 R /XYZ 85.0394 175.6796 null]
>> endobj
-966 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F39 895 0 R /F41 935 0 R /F21 710 0 R >>
+971 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F39 900 0 R /F41 940 0 R /F21 714 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-979 0 obj <<
+984 0 obj <<
/Length 2458
/Filter /FlateDecode
>>
@@ -2847,39 +2857,39 @@ YU . TūL@\5wQ8RCgn뢤DHQI$8K(wp9e8j[
KZ! U| },-T\i)M)tKBa´S7`\&^&&ڡْ^_= /@$.n 0f{/Qc=tX>)z /{0G1Y C*5H|jAеa0XKƯ,p=F9l|u$1S52*?V8ijC@ 3߂=z۔Ss'NOwi=|5~Ґōtk6 ]N!)=*5$yPrla֯jb5% fX.]pwzc 4v׳]հ2_$O#_pذ4uz.H38Bn'uoV1Jcݽ=m}R/"$4>t[_@I[a{Шk/O \\iܽybm^`8O_j=:9M<uH&)!f E F vY*]b7KFY!4>az \"T2SCNE"Tz[Օ=L A05h1udkM9C/x$ue
3UUPk\;cpӅ8~*DGR
endobj
-978 0 obj <<
+983 0 obj <<
/Type /Page
-/Contents 979 0 R
-/Resources 977 0 R
+/Contents 984 0 R
+/Resources 982 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
+/Parent 956 0 R
>> endobj
-980 0 obj <<
-/D [978 0 R /XYZ 56.6929 794.5015 null]
+985 0 obj <<
+/D [983 0 R /XYZ 56.6929 794.5015 null]
>> endobj
54 0 obj <<
-/D [978 0 R /XYZ 56.6929 717.7272 null]
+/D [983 0 R /XYZ 56.6929 717.7272 null]
>> endobj
-981 0 obj <<
-/D [978 0 R /XYZ 56.6929 690.4227 null]
+986 0 obj <<
+/D [983 0 R /XYZ 56.6929 690.4227 null]
>> endobj
58 0 obj <<
-/D [978 0 R /XYZ 56.6929 550.0786 null]
+/D [983 0 R /XYZ 56.6929 550.0786 null]
>> endobj
-982 0 obj <<
-/D [978 0 R /XYZ 56.6929 525.2967 null]
+987 0 obj <<
+/D [983 0 R /XYZ 56.6929 525.2967 null]
>> endobj
62 0 obj <<
-/D [978 0 R /XYZ 56.6929 393.0502 null]
+/D [983 0 R /XYZ 56.6929 393.0502 null]
>> endobj
-983 0 obj <<
-/D [978 0 R /XYZ 56.6929 363.1913 null]
+988 0 obj <<
+/D [983 0 R /XYZ 56.6929 363.1913 null]
>> endobj
-977 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F39 895 0 R >>
+982 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-986 0 obj <<
+991 0 obj <<
/Length 2095
/Filter /FlateDecode
>>
@@ -2897,66 +2907,66 @@ D49vDn~/>P_MZ繗
mQz
~ f"9Ltj mK(b
endobj
-985 0 obj <<
+990 0 obj <<
/Type /Page
-/Contents 986 0 R
-/Resources 984 0 R
+/Contents 991 0 R
+/Resources 989 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
-/Annots [ 992 0 R 993 0 R ]
+/Parent 956 0 R
+/Annots [ 997 0 R 998 0 R ]
>> endobj
-992 0 obj <<
+997 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [519.8432 268.1131 539.579 280.1727]
/Subtype /Link
/A << /S /GoTo /D (acache) >>
>> endobj
-993 0 obj <<
+998 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [84.0431 256.1579 143.5361 268.2175]
/Subtype /Link
/A << /S /GoTo /D (acache) >>
>> endobj
-987 0 obj <<
-/D [985 0 R /XYZ 85.0394 794.5015 null]
+992 0 obj <<
+/D [990 0 R /XYZ 85.0394 794.5015 null]
>> endobj
66 0 obj <<
-/D [985 0 R /XYZ 85.0394 769.5949 null]
+/D [990 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-988 0 obj <<
-/D [985 0 R /XYZ 85.0394 574.3444 null]
+993 0 obj <<
+/D [990 0 R /XYZ 85.0394 574.3444 null]
>> endobj
70 0 obj <<
-/D [985 0 R /XYZ 85.0394 574.3444 null]
+/D [990 0 R /XYZ 85.0394 574.3444 null]
>> endobj
-989 0 obj <<
-/D [985 0 R /XYZ 85.0394 540.5052 null]
+994 0 obj <<
+/D [990 0 R /XYZ 85.0394 540.5052 null]
>> endobj
74 0 obj <<
-/D [985 0 R /XYZ 85.0394 447.7637 null]
+/D [990 0 R /XYZ 85.0394 447.7637 null]
>> endobj
-990 0 obj <<
-/D [985 0 R /XYZ 85.0394 410.3389 null]
+995 0 obj <<
+/D [990 0 R /XYZ 85.0394 410.3389 null]
>> endobj
78 0 obj <<
-/D [985 0 R /XYZ 85.0394 348.7624 null]
+/D [990 0 R /XYZ 85.0394 348.7624 null]
>> endobj
-991 0 obj <<
-/D [985 0 R /XYZ 85.0394 311.223 null]
+996 0 obj <<
+/D [990 0 R /XYZ 85.0394 311.223 null]
>> endobj
82 0 obj <<
-/D [985 0 R /XYZ 85.0394 189.9853 null]
+/D [990 0 R /XYZ 85.0394 189.9853 null]
>> endobj
-994 0 obj <<
-/D [985 0 R /XYZ 85.0394 156.0037 null]
+999 0 obj <<
+/D [990 0 R /XYZ 85.0394 156.0037 null]
>> endobj
-984 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R >>
+989 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-998 0 obj <<
+1003 0 obj <<
/Length 605
/Filter /FlateDecode
>>
@@ -2965,27 +2975,27 @@ xڥTr0Zꁌ̃i;iQQIH$qWAut.`gh& DŽ.
4$
}*! ]UAl*ky 54<mgvdgT,}T?9_cZ8^KluezR]fڵ~۴0lqPS#H]ך@;Q?+GļP{$0BLzTHPGH/@endstream
endobj
-997 0 obj <<
+1002 0 obj <<
/Type /Page
-/Contents 998 0 R
-/Resources 996 0 R
+/Contents 1003 0 R
+/Resources 1001 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 951 0 R
+/Parent 956 0 R
>> endobj
-999 0 obj <<
-/D [997 0 R /XYZ 56.6929 794.5015 null]
+1004 0 obj <<
+/D [1002 0 R /XYZ 56.6929 794.5015 null]
>> endobj
86 0 obj <<
-/D [997 0 R /XYZ 56.6929 769.5949 null]
+/D [1002 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1000 0 obj <<
-/D [997 0 R /XYZ 56.6929 744.7247 null]
+1005 0 obj <<
+/D [1002 0 R /XYZ 56.6929 744.7247 null]
>> endobj
-996 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R >>
+1001 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1003 0 obj <<
+1008 0 obj <<
/Length 1215
/Filter /FlateDecode
>>
@@ -3000,45 +3010,45 @@ NT2 vW<!$VDBT
.S깔X'o|u=-Lw v;d˪!=ZOl_|ɕo
ωj'94F%}gc)KƠ,u7t)M:~~=}܄O4D ~\w)xC6.&z ?endstream
endobj
-1002 0 obj <<
+1007 0 obj <<
/Type /Page
-/Contents 1003 0 R
-/Resources 1001 0 R
+/Contents 1008 0 R
+/Resources 1006 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
+/Parent 1014 0 R
>> endobj
-1004 0 obj <<
-/D [1002 0 R /XYZ 85.0394 794.5015 null]
+1009 0 obj <<
+/D [1007 0 R /XYZ 85.0394 794.5015 null]
>> endobj
90 0 obj <<
-/D [1002 0 R /XYZ 85.0394 769.5949 null]
+/D [1007 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1005 0 obj <<
-/D [1002 0 R /XYZ 85.0394 575.896 null]
+1010 0 obj <<
+/D [1007 0 R /XYZ 85.0394 575.896 null]
>> endobj
94 0 obj <<
-/D [1002 0 R /XYZ 85.0394 529.2011 null]
+/D [1007 0 R /XYZ 85.0394 529.2011 null]
>> endobj
-1006 0 obj <<
-/D [1002 0 R /XYZ 85.0394 492.9468 null]
+1011 0 obj <<
+/D [1007 0 R /XYZ 85.0394 492.9468 null]
>> endobj
98 0 obj <<
-/D [1002 0 R /XYZ 85.0394 492.9468 null]
+/D [1007 0 R /XYZ 85.0394 492.9468 null]
>> endobj
-1007 0 obj <<
-/D [1002 0 R /XYZ 85.0394 466.0581 null]
+1012 0 obj <<
+/D [1007 0 R /XYZ 85.0394 466.0581 null]
>> endobj
102 0 obj <<
-/D [1002 0 R /XYZ 85.0394 237.1121 null]
+/D [1007 0 R /XYZ 85.0394 237.1121 null]
>> endobj
-1008 0 obj <<
-/D [1002 0 R /XYZ 85.0394 206.4074 null]
+1013 0 obj <<
+/D [1007 0 R /XYZ 85.0394 206.4074 null]
>> endobj
-1001 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1006 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1012 0 obj <<
+1017 0 obj <<
/Length 1860
/Filter /FlateDecode
>>
@@ -3054,53 +3064,53 @@ g:+`nW|_*UiXMtՠ
n9BWQEB| Nu`:kn}8Xtm=^8̃<>%+'Й>E@߈4Ehh!VO@bM1w$%7Bܲ>sD7c10^yl.$ f:ҹX2+Y\
=n i<UZi(]Y$
endobj
-1011 0 obj <<
+1016 0 obj <<
/Type /Page
-/Contents 1012 0 R
-/Resources 1010 0 R
+/Contents 1017 0 R
+/Resources 1015 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
-/Annots [ 1017 0 R ]
+/Parent 1014 0 R
+/Annots [ 1022 0 R ]
>> endobj
-1017 0 obj <<
+1022 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 190.8043 126.3509 202.8639]
/Subtype /Link
/A << /S /GoTo /D (rrset_ordering) >>
>> endobj
-1013 0 obj <<
-/D [1011 0 R /XYZ 56.6929 794.5015 null]
+1018 0 obj <<
+/D [1016 0 R /XYZ 56.6929 794.5015 null]
>> endobj
106 0 obj <<
-/D [1011 0 R /XYZ 56.6929 480.2651 null]
+/D [1016 0 R /XYZ 56.6929 480.2651 null]
>> endobj
-1014 0 obj <<
-/D [1011 0 R /XYZ 56.6929 441.7923 null]
+1019 0 obj <<
+/D [1016 0 R /XYZ 56.6929 441.7923 null]
>> endobj
-1015 0 obj <<
-/D [1011 0 R /XYZ 56.6929 373.7178 null]
+1020 0 obj <<
+/D [1016 0 R /XYZ 56.6929 373.7178 null]
>> endobj
-1016 0 obj <<
-/D [1011 0 R /XYZ 56.6929 361.7627 null]
+1021 0 obj <<
+/D [1016 0 R /XYZ 56.6929 361.7627 null]
>> endobj
110 0 obj <<
-/D [1011 0 R /XYZ 56.6929 167.4388 null]
+/D [1016 0 R /XYZ 56.6929 167.4388 null]
>> endobj
-1018 0 obj <<
-/D [1011 0 R /XYZ 56.6929 126.8733 null]
+1023 0 obj <<
+/D [1016 0 R /XYZ 56.6929 126.8733 null]
>> endobj
114 0 obj <<
-/D [1011 0 R /XYZ 56.6929 126.8733 null]
+/D [1016 0 R /XYZ 56.6929 126.8733 null]
>> endobj
-1019 0 obj <<
-/D [1011 0 R /XYZ 56.6929 98.4089 null]
+1024 0 obj <<
+/D [1016 0 R /XYZ 56.6929 98.4089 null]
>> endobj
-1010 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F21 710 0 R /F23 734 0 R >>
+1015 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F21 714 0 R /F23 738 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1023 0 obj <<
+1028 0 obj <<
/Length 2720
/Filter /FlateDecode
>>
@@ -3123,33 +3133,33 @@ NS)#Ɉ"04(%y)O'if,KuT
Z,-
?4`ÀqI[4ڴb+޳s ܔΞuU9E0-RbhD wsWZq'TYP*ҡ?NU^mendstream
endobj
-1022 0 obj <<
+1027 0 obj <<
/Type /Page
-/Contents 1023 0 R
-/Resources 1021 0 R
+/Contents 1028 0 R
+/Resources 1026 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
+/Parent 1014 0 R
>> endobj
-1024 0 obj <<
-/D [1022 0 R /XYZ 85.0394 794.5015 null]
+1029 0 obj <<
+/D [1027 0 R /XYZ 85.0394 794.5015 null]
>> endobj
118 0 obj <<
-/D [1022 0 R /XYZ 85.0394 769.5949 null]
+/D [1027 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-976 0 obj <<
-/D [1022 0 R /XYZ 85.0394 749.3395 null]
+981 0 obj <<
+/D [1027 0 R /XYZ 85.0394 749.3395 null]
>> endobj
122 0 obj <<
-/D [1022 0 R /XYZ 85.0394 221.8894 null]
+/D [1027 0 R /XYZ 85.0394 221.8894 null]
>> endobj
-1028 0 obj <<
-/D [1022 0 R /XYZ 85.0394 197.4323 null]
+1033 0 obj <<
+/D [1027 0 R /XYZ 85.0394 197.4323 null]
>> endobj
-1021 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R /F53 1027 0 R >>
+1026 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R /F53 1032 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1031 0 obj <<
+1036 0 obj <<
/Length 3424
/Filter /FlateDecode
>>
@@ -3172,21 +3182,21 @@ x[ݓ۶BoX>HlNډҴ'Rw)R;˓?I:N:@
.i"|̴D9W>k:9Rػda}3~!1UR-?=GLS%/,gbo7ҿ2X/9txjPa
Xp*LNzF$3*endstream
endobj
-1030 0 obj <<
+1035 0 obj <<
/Type /Page
-/Contents 1031 0 R
-/Resources 1029 0 R
+/Contents 1036 0 R
+/Resources 1034 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
+/Parent 1014 0 R
>> endobj
-1032 0 obj <<
-/D [1030 0 R /XYZ 56.6929 794.5015 null]
+1037 0 obj <<
+/D [1035 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1029 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F53 1027 0 R /F14 737 0 R /F21 710 0 R /F23 734 0 R /F48 950 0 R /F55 1035 0 R >>
+1034 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F53 1032 0 R /F14 741 0 R /F21 714 0 R /F23 738 0 R /F48 955 0 R /F55 1040 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1038 0 obj <<
+1043 0 obj <<
/Length 3965
/Filter /FlateDecode
>>
@@ -3212,29 +3222,29 @@ wɰPQR~H2"GbW`y!~M<0`M痚peRG-¢􌌿
e4?sZj ¦ ʀ'tY8(5ng wL+x^9Pk{:wcb+gj|`_MU|`ic#&.
,g8<n~HZgh)
endobj
-1037 0 obj <<
+1042 0 obj <<
/Type /Page
-/Contents 1038 0 R
-/Resources 1036 0 R
+/Contents 1043 0 R
+/Resources 1041 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
-/Annots [ 1040 0 R ]
+/Parent 1014 0 R
+/Annots [ 1045 0 R ]
>> endobj
-1040 0 obj <<
+1045 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [120.1376 318.9001 176.3563 328.1154]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1039 0 obj <<
-/D [1037 0 R /XYZ 85.0394 794.5015 null]
+1044 0 obj <<
+/D [1042 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1036 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F48 950 0 R /F41 935 0 R /F55 1035 0 R >>
+1041 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R /F48 955 0 R /F41 940 0 R /F55 1040 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1044 0 obj <<
+1049 0 obj <<
/Length 1676
/Filter /FlateDecode
>>
@@ -3249,33 +3259,33 @@ xXmo6_!`Q$OiдKlmW BYr`Q$eٖ۠ axsgÏx<D
#@1!TەmLp8BZϏ\p6S[eHh"
i85!lK-X*+k~VU?$!E4 htmuA" M51Gఛćal^Fh C('骉6d|u>v?,hg'ZuJ2;{LL06(n| gun̐]ܱ"<EC xHkzPqoް;̇PtQ3
endobj
-1043 0 obj <<
+1048 0 obj <<
/Type /Page
-/Contents 1044 0 R
-/Resources 1042 0 R
+/Contents 1049 0 R
+/Resources 1047 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1009 0 R
+/Parent 1014 0 R
>> endobj
-1045 0 obj <<
-/D [1043 0 R /XYZ 56.6929 794.5015 null]
+1050 0 obj <<
+/D [1048 0 R /XYZ 56.6929 794.5015 null]
>> endobj
126 0 obj <<
-/D [1043 0 R /XYZ 56.6929 424.8255 null]
+/D [1048 0 R /XYZ 56.6929 424.8255 null]
>> endobj
-1046 0 obj <<
-/D [1043 0 R /XYZ 56.6929 397.5211 null]
+1051 0 obj <<
+/D [1048 0 R /XYZ 56.6929 397.5211 null]
>> endobj
-1047 0 obj <<
-/D [1043 0 R /XYZ 56.6929 368.0037 null]
+1052 0 obj <<
+/D [1048 0 R /XYZ 56.6929 368.0037 null]
>> endobj
-1048 0 obj <<
-/D [1043 0 R /XYZ 56.6929 356.0485 null]
+1053 0 obj <<
+/D [1048 0 R /XYZ 56.6929 356.0485 null]
>> endobj
-1042 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F41 935 0 R /F48 950 0 R /F21 710 0 R >>
+1047 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F41 940 0 R /F48 955 0 R /F21 714 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1052 0 obj <<
+1057 0 obj <<
/Length 2367
/Filter /FlateDecode
>>
@@ -3299,29 +3309,29 @@ GZJ
.`\?hT
D4W(puendstream
endobj
-1051 0 obj <<
+1056 0 obj <<
/Type /Page
-/Contents 1052 0 R
-/Resources 1050 0 R
+/Contents 1057 0 R
+/Resources 1055 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
-/Annots [ 1056 0 R 1057 0 R ]
+/Parent 1071 0 R
+/Annots [ 1061 0 R 1062 0 R ]
>> endobj
-1049 0 obj <<
+1054 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf)
/PTEX.PageNumber 1
-/PTEX.InfoDict 1067 0 R
+/PTEX.InfoDict 1072 0 R
/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
/BBox [0.00000000 0.00000000 27.00000000 27.00000000]
/Resources <<
/ProcSet [ /PDF ]
/ExtGState <<
-/R4 1068 0 R
+/R4 1073 0 R
>>>>
-/Length 1069 0 R
+/Length 1074 0 R
/Filter /FlateDecode
>>
stream
@@ -3334,12 +3344,12 @@ qѫ^>> .13ׅӃ!3SAՔihŨ^(<m䦽lL7
n*1xƈp&XîÜ\D0}#X>#^V|2i9΁r)`Xh&hbHe"
rGX58ժOt$yBқ5/vpo`kAr 4N.4
endobj
-1067 0 obj
+1072 0 obj
<<
/Producer (AFPL Ghostscript 6.50)
>>
endobj
-1068 0 obj
+1073 0 obj
<<
/Type /ExtGState
/Name /R4
@@ -3349,287 +3359,298 @@ endobj
/SA true
>>
endobj
-1069 0 obj
+1074 0 obj
1049
endobj
-1056 0 obj <<
+1061 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [470.3398 477.3512 539.579 489.4108]
/Subtype /Link
/A << /S /GoTo /D (boolean_options) >>
>> endobj
-1057 0 obj <<
+1062 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [316.7164 465.396 385.3363 477.4557]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1053 0 obj <<
-/D [1051 0 R /XYZ 85.0394 794.5015 null]
+1058 0 obj <<
+/D [1056 0 R /XYZ 85.0394 794.5015 null]
>> endobj
130 0 obj <<
-/D [1051 0 R /XYZ 85.0394 769.5949 null]
+/D [1056 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1054 0 obj <<
-/D [1051 0 R /XYZ 85.0394 580.0302 null]
+1059 0 obj <<
+/D [1056 0 R /XYZ 85.0394 580.0302 null]
>> endobj
134 0 obj <<
-/D [1051 0 R /XYZ 85.0394 580.0302 null]
+/D [1056 0 R /XYZ 85.0394 580.0302 null]
>> endobj
-1055 0 obj <<
-/D [1051 0 R /XYZ 85.0394 539.9341 null]
+1060 0 obj <<
+/D [1056 0 R /XYZ 85.0394 539.9341 null]
>> endobj
138 0 obj <<
-/D [1051 0 R /XYZ 85.0394 315.9171 null]
+/D [1056 0 R /XYZ 85.0394 315.9171 null]
>> endobj
-1064 0 obj <<
-/D [1051 0 R /XYZ 85.0394 282.0038 null]
+1069 0 obj <<
+/D [1056 0 R /XYZ 85.0394 282.0038 null]
>> endobj
142 0 obj <<
-/D [1051 0 R /XYZ 85.0394 146.7217 null]
+/D [1056 0 R /XYZ 85.0394 146.7217 null]
>> endobj
-1065 0 obj <<
-/D [1051 0 R /XYZ 85.0394 117.3479 null]
+1070 0 obj <<
+/D [1056 0 R /XYZ 85.0394 117.3479 null]
>> endobj
-1050 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R /F62 1060 0 R /F63 1063 0 R /F41 935 0 R >>
-/XObject << /Im2 1049 0 R >>
+1055 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R /F62 1065 0 R /F63 1068 0 R /F41 940 0 R >>
+/XObject << /Im2 1054 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1074 0 obj <<
-/Length 3348
-/Filter /FlateDecode
->>
-stream
-xڥZ[wF~[9#4Mþ9393k{/'6 k4~Ha{W嫋 W2,V*}rﮂ+*5kh=]շwB2?KdAW/ '۟nUxd-on[ =7^ Go>>>|̧|u4ϸxtW㣦/߃U*E:fY]R2WOWڭ ?IH,qRf~"`
-9-YLٽU]SKצVTmȫߢ(._ye?lzgoBeA/mcSgZ*N 03)#߂ Kf,$<Yo(hʢKӛ޲Joyѻ*(2׃ Ptl[j=mPK/uzx@9~@˾'vAgc_x O47/uG"ffGBW>^Z!7UЗƞ*@aUUJs(*]dD!W*u2tS̕įH#6^w̚d(==imGN}P
-0B
-cG.'`d›' O0:hN_qhKeH3Z+kܧ
-'9,#&Mv+j<Nqz2{<GzܵC $: {z0r08;N! Ds\.$򴉯W!8^ıJܶ 7\~w2auHز* k16!rC@dؕ4oabQ7bڃN %BH94/Le P--1il;*ab<P/q
-cK|*,rtBq/QA\*w3SFXԼ)8;ь\a11k;ǁ[xF-U@!(Ӄ`C; 8 $ [X`QlL 68*p.E έW){Zov.
-d5w-Gzjyf6hƔ%5HpmiڟαW,TA9tX1jʥ̜˿E*"q xa(CŘKgQ̱Ȥ?T2y*{%@ L{+8kq*(VvT/9f9"b E
-TTg5EFv+Ca B 1#,&J 9`{$XX8SaAٻN5TҊVm0y MlF]t_FTV 3L>)SJKgg J`yg RSi Le8j R6.q|׎
-%8LV *
-& NM|8iKm79K(H~ꊊiA-j~+v(98VӴ;)
-##bVXom|זp5qfz*x_
-AOH6DS0PcZDߝ-b ËЯU:%$| 0UĄň_*'" mI [F&p^:'dUCH*{tUh_H3GZQ6[?J`PBy߷V ʃ-9QCJ.]V<gXǑ aoŮ$N7j)lBlB \YNcʾpA@8F}B#,&,qPV !r) Sȷ-Ŋ\n@!/4٦Ok=ƀ@J4՞{1M"f~,77mWxӰ`:"Hs" .NƇ 6V@⎺.jC:DCՂ`V -c«Fg/jדߝR8hSwD0 S:v*
-^0d~,Ĉ5F(,|ȭ]|BI@qH7o*QA4a0WWvb6C~Ùi w:WSNѽFxBi
-!G\@_x [5&~(7,ol
-m(AAM@rgJ'ϢP
-񺫾8W=OPھ
+1079 0 obj <<
+/Length 3492
+/Filter /FlateDecode
+>>
+stream
+xڥvF.Hܒg=fy^(n
+@'dBa^%2222,҃#7J$=__f q P>]S2q(.\ű℮r
+_\ᩛ{qw{{=귧/nCM{
+O/y9 UI/\?IECHuxd.2@E'I)ӦcEh}([i5j,ʦN(PmbA_-zu_}'']EΝMMñ -]HSpﻉW .3TX"x8[7=7rFSm).t;`Ht[fa"߁y\dd& ;᳝lntUsMQs+]:MW~ #&=b2/(T(b/m//h=&K-}_tU</{X쎩`M?]UiVʹٷ4љr] ,`
+4^h+ 5kϟM0߁[ruβ; ,/=e% emקuF7+ JAh?敤b"pcgVe<&5p7hO0]fmvRID)v/Ѵ?LNA XN݊Dp9F&66$]@NsV" "{[
+xΚv״i_ɂ=
+aOzjqgv)0 rE`| ylNdJ|SN_0:r #`SbHY5ζkNfl ?l 熇M"fi GGLWl'Հ0{h1b<JРibregUꎀbN L{<܁]tu.u}[0a*%ҳm^~ij96{nlW$/
+#[cS!-$,醴 kv~xմ?M٥=
+sAp: fz
+X-56U*tvEvCq=**F&H^‰ ŗKD@0,Vւ NHݥ
+cx0/=m]:@T CHP N*09Ob%g+D:L|&`C*qEʖau2V`nfYF
+zPhE8ơ7١y~eWY1 $ǷyLsXڼ㙮(EnCN *^؛i++:WU_.y6*9z幾v= 9c"p> /QFFp'Xep'fU"K`%0]#tqkYr%Ǻ=,G _]Alt;(),X
+K;Ì5Ȉw߱M\0^GڹP] VN%NE&3
+0##|7tR y~"o%Dsl`RD@G][*0و0h0Bȅ|%BmPL[zXq)OU v˚,pIJ8Ζk2FF̰rp7/93
+@"mO. GEdO)sM2 -I#@_˔;$ PU Kly7VyDN%5luf\N
+ VE购@c~B92|M?*5?o `Vqk6@K2٣4Zu G&{/%9ȽAc
+5\$迡,
+@E:[(*Wj܌):g7= ΰ3yYDzbW%d
+$NӞ2ܑ͠r3<S6%6Î'Amul©߉S1?m1OLxڛ(_kZ ?x9Uq,a H(xQnsN
endobj
-1073 0 obj <<
+1078 0 obj <<
/Type /Page
-/Contents 1074 0 R
-/Resources 1072 0 R
+/Contents 1079 0 R
+/Resources 1077 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
-/Annots [ 1077 0 R 1078 0 R ]
+/Parent 1071 0 R
+/Annots [ 1082 0 R 1083 0 R ]
>> endobj
-1077 0 obj <<
+1082 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [464.1993 488.466 511.2325 500.5257]
+/Rect [464.1993 469.2511 511.2325 481.3107]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-1078 0 obj <<
+1083 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 477.5271 105.4 488.5705]
+/Rect [55.6967 458.3121 105.4 469.3555]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-1075 0 obj <<
-/D [1073 0 R /XYZ 56.6929 794.5015 null]
+1080 0 obj <<
+/D [1078 0 R /XYZ 56.6929 794.5015 null]
>> endobj
146 0 obj <<
-/D [1073 0 R /XYZ 56.6929 556.0057 null]
+/D [1078 0 R /XYZ 56.6929 535.4755 null]
>> endobj
-1076 0 obj <<
-/D [1073 0 R /XYZ 56.6929 521.4772 null]
+1081 0 obj <<
+/D [1078 0 R /XYZ 56.6929 501.7295 null]
>> endobj
150 0 obj <<
-/D [1073 0 R /XYZ 56.6929 361.9951 null]
+/D [1078 0 R /XYZ 56.6929 345.0948 null]
>> endobj
-1079 0 obj <<
-/D [1073 0 R /XYZ 56.6929 325.2573 null]
+1084 0 obj <<
+/D [1078 0 R /XYZ 56.6929 309.1395 null]
>> endobj
154 0 obj <<
-/D [1073 0 R /XYZ 56.6929 133.2872 null]
+/D [1078 0 R /XYZ 56.6929 120.0167 null]
>> endobj
-1080 0 obj <<
-/D [1073 0 R /XYZ 56.6929 104.8892 null]
+1085 0 obj <<
+/D [1078 0 R /XYZ 56.6929 92.4013 null]
>> endobj
-1072 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F55 1035 0 R /F41 935 0 R /F48 950 0 R /F39 895 0 R >>
+1077 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F41 940 0 R /F21 714 0 R /F55 1040 0 R /F48 955 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1084 0 obj <<
-/Length 3001
+1089 0 obj <<
+/Length 3046
/Filter /FlateDecode
>>
stream
-x]s]o2>CJL&fd )! jwI>u<2c߻q'f02=K3 f+ahC곯T:Xdv.eVn?Ͽ7?^/sͮ&r-|+z- yya^x߾ێ6+$󷫟5\+Tf
-7T8_9U
-GźÔ{2x-_ߔ *4^s^8H!.7EKK;#p\A oQ YmboHϤ<ln8Hm`Xi4ujݫ5Me޴eGBJ ʺ)WF0EJs G /K!+*RG5=5IPʀʳEЭoEfi3/a NX^zU]¹|O_ӪGxb˚}Y8Nk;ZDL$ .)BckKl"= m~Y>)PJ  ,qi: # ?c>'a!Gqihpq5(Mz "8hR"=:8!]l9UE
-ޯbЇ™1J5mˆH)qxIw(NEG.u珐|ܖ+N#.ZqBy
-9S$K2/lr,GW\0d}Hotq0=%0b7e2+v7E]
-vNRuƌ:3A7&P?Vʳw&!W&Eh6dHH0quWJrv|Ox$w\t=($ԩ˚=Or)] a|8C1B_#_ޗC2]`𘪢XE
-c"DdbTnbB8i@Tub3TyB97
-/}X N=4!a)wِsȳ'Gk:f,ʐysH8aƧ :qtp7`J_Өxvv~ċ#8w~?A]ȥYYuB6ߕIz>-gEbRC]>ij݊gd?]~pߩo.Mc[gؐԠ@ qQKGD?˼u߭Bg$r8GӌiX
-<GP0Q UQ%>dxw{y~2<;pcVM] },XjChp瑞]72 3X(,xbSz(
-|_];N]Whs*!DڌS0Wk7;0], JXQ;͖RlخPS wl52N<+ `vEkqO?
-I!ND/e=mE$
-Ĩ SgyTy32>xUP2mU[>xHÄ&U v
-7`gNwbA&ePLN|&
-PnK0:#
+x]۶~ޢD>L8I|m3M2SJ-:Ry'_; HQ]3}xb߻q'fF3d \YxE ۫ϿV,gy*a1]<xv)xk!śn^7oi͋,&omonnmWHoW?gkԷW^8y.gwWVL'J۫hnVi# H5Te~2iZ8ɶ\uUSK=;4[):U{(mܖnbwV+1|˳DZ
+o>wm _~n`ih؋[EJf^]-MU`6|.K%0mc4mWwWx;B6E!f OBkM=T
+:)VMjP
+@źP mnjQv€P!8ݖMރC
++-M!8wQ ?[j I18>x/\b " k{=bUAVq=lm`wH-.8P5,yDBJʺVwF C>jg'KM\"+تpN+i٠YoLjTyTCoW#e{o#"b,I_'L/\˯i#<5eM
+r_V9MNu<(AJSB۪+ d{\XjR?H`\c`"Y>PJK ,qiE#|O>BJdJ:BYԠh55d
+bPAZ
+l"j RH
+D\ W%xٚIPb&Wp4C` *^Whh*'ؔbHy3>פ ؤ Iw&UEΎ_DGrISH:Z+9BmRj֫5{FxJ+Saň$|9D+.˵K\6
+NOH}
+vu9GagifI85M}4݆\zO ]"xqn,S&h!?V<' #nzIwߐ.Ƕΰ!A@ qQKGDؕ?.ͼ[5nOu Ӱx"5=a-Q?\iBo`n̨\ ]m{ <3${C}.s> q‚#f1%O/<X}|0/yd{UB(_BrLNThwm *a1G- oQSl g
+H82(-'g&U>)$މcc>I1jZU*iގ̲ĶwU*q[ 7[ e 0]wY_%;l0E zz'|3jDg" ɨC?ӫQz30ũ e ٳ5c(LQ.D6>s<McG;txw9ҥ)m>9O$J3ruWO(g$ptX某%3JNK0@]S{ ;)K ^ BiQA?(a 3De\duF ϝ r| c.#NJ̠<ϫ <e^;5i^mQ?р4| #4@OaM%IEJBH</ꌌ<e;5i.Y.#3P%xHc%{@M]>IZ2'I1}vT/9<je s$K(6q_]q73l
+~'sd_c\gbe8ڤ*;O
+~D0cJՖZ~>/8Seq0OKS%8@k,,]x,6<2fǩRL3!T)fN9( MGBiTa1vendstream
endobj
-1083 0 obj <<
+1088 0 obj <<
/Type /Page
-/Contents 1084 0 R
-/Resources 1082 0 R
+/Contents 1089 0 R
+/Resources 1087 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
-/Annots [ 1086 0 R ]
+/Parent 1071 0 R
+/Annots [ 1091 0 R ]
>> endobj
-1086 0 obj <<
+1091 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [417.8476 181.7231 466.5943 193.7827]
+/Rect [417.8476 169.1947 466.5943 181.2543]
/Subtype /Link
/A << /S /GoTo /D (sample_configuration) >>
>> endobj
-1085 0 obj <<
-/D [1083 0 R /XYZ 85.0394 794.5015 null]
+1090 0 obj <<
+/D [1088 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1082 0 obj <<
-/Font << /F37 799 0 R /F39 895 0 R /F23 734 0 R /F41 935 0 R /F14 737 0 R >>
+1087 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F39 900 0 R /F41 940 0 R /F14 741 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1089 0 obj <<
-/Length 853
+1094 0 obj <<
+/Length 828
/Filter /FlateDecode
>>
stream
-xWMs0Wxr՜hBf:4$9F$X& WPtY^]}+VȆl^C)p!rdjAN`S9AaώV
-L'[BeK]q]P8ۚ?e@ WxEeuG> A;HK
+xW]o0}W>%f}t[5U]D kl4&m)1su ٞvRA܂|BK6rV#="Ǿ]!;(`(`rK4t'4ttcNƇ%jp4 :'GM HT%rS$d  @aE=<JH=Z[z[-5 z(j
+
+x
+.b' wBH7Wob-EU'STj{bVrc\JP|n;˧EgYxoڥ(3:k&".g:pPY,:he(O&J+̲S<hW
+XsUas*m5"o'jK
+z8Fz@l_]gUj&01bM
+W^eN-%lV]tEdGeglMWzOu/=q:=8ɳ >s'D@eg''@IH;:#2nbt{ P-ׇwY.U4
endobj
-1088 0 obj <<
+1093 0 obj <<
/Type /Page
-/Contents 1089 0 R
-/Resources 1087 0 R
+/Contents 1094 0 R
+/Resources 1092 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
+/Parent 1071 0 R
>> endobj
-1090 0 obj <<
-/D [1088 0 R /XYZ 56.6929 794.5015 null]
+1095 0 obj <<
+/D [1093 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1087 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F23 734 0 R >>
+1092 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F23 738 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1093 0 obj <<
-/Length 1946
+1098 0 obj <<
+/Length 1945
/Filter /FlateDecode
>>
stream
-xڥr_Ye0{d[XL^[!0$Q!I= ڍ7*LOO(.eKe"peL˅ۅdg@rX?nWoh$Trъr~Y~wasq]bZJ~n:W|ET OYP/_~u^G8B&Z ?D{
-6WWhL5yiDPi[H) P# MwW/Dg
-!`9G(O$bXm)W] #Һ|qVHzcK~%,xnɳk+˫9]vgVOJ0^՟LNULy w?u}.ik3Z %'Źh؄<}5?G YR`j7C8}ɸm.LT6nH?@U7YMz |dJ5`e)!C՜GK "
--VҼ; ]7g̴io'Uz~8vuuվo41F B
-FAw3,4iLC&#c7YC8-^WLog.{9Yy}F~>mףDњ5]L ̉*M>{wڑ!eXP
-eS &ڷftKn`v:qtg&DS$7]PEUG!b<?̏b(G( J(S_w>`Ff"^-Uǂ`0&!@t}e^>ɐP3lOpge돦kVȊ3tQb Բm-~ bDRR#T\f~|@6Ibdf8@D8cZΌ!}L4CƁ>g'7֓s1,l}83cJ^] T?ʹ wQD(,!9MCQ82 
-KKUd $oMe(A7˹nuΛ&`j <TA{9/ φP|1YX S2[=S^2J繃q"3*_$n4z9G!(Nށ
-^EbfCG7?rS+a~'|cex j3nʾ88͓=# }[}yb&fq Ƣc(&:$!BYãf2JE8<8ng8iZ8p! gzk盀Nd3$:SohƽنC6a j70*xcm_^
-M>1:CS:nJ5/̃6En憥Ry߈*Q$LC-KEaNE\, 2,q=c>嗚c9q@iPj8>MԩSfCb0o(% |6{t%t?MsCj,CyO%? endstream
+xڭks6~&&
+\N<M.gƗc ϊ>zvKeD|SIldU*ZCU}meOuf6ݑB?(
+8Z!C
+)ɀq;ѥM:UkkޏC&ݨĶw*Œ<1e@L"PRzP
+xbb~y<) J7b|ć\Dx68r4z/kc6pC~8I#
+dj%l=m
+F@lĨ!< x1CҾ-pbf֪z* ibmZfSYT>gEW 2=e`kCmT/P4cn>y{Uqg<j)NjAOi@Gp@)'}8Cް4[u$"7n;x'9H^m4wh^Oi$_&% ݀ODK͇T膟endstream
endobj
-1092 0 obj <<
+1097 0 obj <<
/Type /Page
-/Contents 1093 0 R
-/Resources 1091 0 R
+/Contents 1098 0 R
+/Resources 1096 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
+/Parent 1071 0 R
>> endobj
-1094 0 obj <<
-/D [1092 0 R /XYZ 85.0394 794.5015 null]
+1099 0 obj <<
+/D [1097 0 R /XYZ 85.0394 794.5015 null]
>> endobj
158 0 obj <<
-/D [1092 0 R /XYZ 85.0394 427.2881 null]
+/D [1097 0 R /XYZ 85.0394 418.0047 null]
>> endobj
-1095 0 obj <<
-/D [1092 0 R /XYZ 85.0394 390.6298 null]
+1100 0 obj <<
+/D [1097 0 R /XYZ 85.0394 382.2497 null]
>> endobj
162 0 obj <<
-/D [1092 0 R /XYZ 85.0394 229.0656 null]
+/D [1097 0 R /XYZ 85.0394 223.9723 null]
>> endobj
-1096 0 obj <<
-/D [1092 0 R /XYZ 85.0394 200.0179 null]
+1101 0 obj <<
+/D [1097 0 R /XYZ 85.0394 195.8278 null]
>> endobj
166 0 obj <<
-/D [1092 0 R /XYZ 85.0394 151.3455 null]
+/D [1097 0 R /XYZ 85.0394 149.2124 null]
>> endobj
-1097 0 obj <<
-/D [1092 0 R /XYZ 85.0394 127.291 null]
+1102 0 obj <<
+/D [1097 0 R /XYZ 85.0394 126.0612 null]
>> endobj
-1091 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F23 734 0 R /F21 710 0 R /F39 895 0 R /F48 950 0 R >>
+1096 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F23 738 0 R /F21 714 0 R /F39 900 0 R /F48 955 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1100 0 obj <<
-/Length 2314
+1105 0 obj <<
+/Length 2253
/Filter /FlateDecode
>>
stream
-xڥr6_KB`3}p'uw4}$Jbʋ"RvN}p
-K>_A[ "^8o,,ǎ~-SE,804ciJqLxf HK_ێ}Bsyu? JNNbp'5Cyy7%INf">錁/DW]/&,3.D&1I"!zYZ=1!s,"m׸(|Cwu
-PĬvD&HQ!;e`A(V#xEյ4ioz1s |SZŰrl'"ɔF*hzmXV]ᅛ}^[Z:v-"`,9x1*GDr^]9vw烏kСkИӖZctR;d]اJN]ܵ a on
-\3& _(<n^[><eګ]q.m{VV\f-K=i2Z: . )TQѹ֎*v۶)_WV5WͺtM! w!3=J$N/(ބtU$A; @
-4*_@DW*CHZ5 5@[6IvmA͑2
-4&_ H66_I !cή݊"[7DiPJ)ˈtM~8c4ƒKr}c  &VZ #r Rth+#<AbA!ObΡ"=Hc{+&Gs 2Ti2;GfIo.(-tʱM<Em 'JC#puOԷ 6wqqY"T}XbD,{Xb!TveGϘ5cfHa-Ӝ9"EČ$Rfkw+E
-s9%˿ur`.-JHf[jk;o_k"K\X VmaO4mP`p}n`5ouA
+xڥv6_ӗP'! Ks:N&}i@IĔ"
+d G3zr D,ҊH)ή VQΤRSX` 2p, "(kw3*ȯEG8SLA4m'B_"V/9c}ywv@0jvǦ۔x/TA*+-Z'$|5 
+"N,>`a Z{R_|yeӊ/_y.,a|Hcjdƾ 4T}}y>1f95i@NBA'4 >{_>ʦי=d({"Ѻ ۝ ك2۾-fEyٵC2MB
+v;l plvæ9TKǕ`XhEElĝ>M
+^n+bi΋ni7W~;bbC *TS eۙ,IxPx*EnƊzxi >%1գDR1z1NUc
+\ݯ%]`*XQOu
+uI
+􍨽32Kǥ
+u1y Az :cH2ĥbrl=O$G2jݞR`?A|F
+ \mQ4n`M_MSN?*omGvk*v? R8QhcfQ<*˽XX!JDT!NRe[f,BQ':NhmW`ٰ":cuO 5^k1,KwۥjAjK: #lG[n_*]Z̓҆x˦;#,p.7Wqew,ꎍ{3,]3βj i6z5]TnU$] z]CSA "GXiJ~=Ք^D-EG3 xܖUE]ͬ;q@X:B^I~ %8|%Êi
+A=Z+X;LpJO0_1ocXhp8{8م^)ՄMUÍ
+Noo.E/͒Yendstream
endobj
-1099 0 obj <<
+1104 0 obj <<
/Type /Page
-/Contents 1100 0 R
-/Resources 1098 0 R
+/Contents 1105 0 R
+/Resources 1103 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1066 0 R
+/Parent 1071 0 R
>> endobj
-1101 0 obj <<
-/D [1099 0 R /XYZ 56.6929 794.5015 null]
+1106 0 obj <<
+/D [1104 0 R /XYZ 56.6929 794.5015 null]
>> endobj
170 0 obj <<
-/D [1099 0 R /XYZ 56.6929 691.7741 null]
+/D [1104 0 R /XYZ 56.6929 691.7741 null]
>> endobj
-1102 0 obj <<
-/D [1099 0 R /XYZ 56.6929 668.7722 null]
+1107 0 obj <<
+/D [1104 0 R /XYZ 56.6929 668.7722 null]
>> endobj
174 0 obj <<
-/D [1099 0 R /XYZ 56.6929 579.8329 null]
+/D [1104 0 R /XYZ 56.6929 579.8329 null]
>> endobj
-1103 0 obj <<
-/D [1099 0 R /XYZ 56.6929 549.1878 null]
+1108 0 obj <<
+/D [1104 0 R /XYZ 56.6929 549.1878 null]
>> endobj
178 0 obj <<
-/D [1099 0 R /XYZ 56.6929 502.9124 null]
+/D [1104 0 R /XYZ 56.6929 502.9124 null]
>> endobj
-1104 0 obj <<
-/D [1099 0 R /XYZ 56.6929 474.9173 null]
+1109 0 obj <<
+/D [1104 0 R /XYZ 56.6929 474.9173 null]
>> endobj
182 0 obj <<
-/D [1099 0 R /XYZ 56.6929 277.7919 null]
+/D [1104 0 R /XYZ 56.6929 277.7919 null]
>> endobj
-1105 0 obj <<
-/D [1099 0 R /XYZ 56.6929 249.7968 null]
+1110 0 obj <<
+/D [1104 0 R /XYZ 56.6929 249.7968 null]
>> endobj
-1098 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F41 935 0 R /F21 710 0 R /F39 895 0 R >>
+1103 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F41 940 0 R /F21 714 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1108 0 obj <<
+1113 0 obj <<
/Length 3203
/Filter /FlateDecode
>>
@@ -3646,53 +3667,53 @@ gUBQgsdπ18Ic7fq4(&OX<X Idy.Te
-;1xkCN.9W;hYq  c> ҟe.
f_zG}q0!3J9H15
endobj
-1107 0 obj <<
+1112 0 obj <<
/Type /Page
-/Contents 1108 0 R
-/Resources 1106 0 R
+/Contents 1113 0 R
+/Resources 1111 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
-/Annots [ 1111 0 R ]
+/Parent 1120 0 R
+/Annots [ 1116 0 R ]
>> endobj
-1111 0 obj <<
+1116 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [418.3461 611.3335 487.0181 623.3932]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1109 0 obj <<
-/D [1107 0 R /XYZ 85.0394 794.5015 null]
+1114 0 obj <<
+/D [1112 0 R /XYZ 85.0394 794.5015 null]
>> endobj
186 0 obj <<
-/D [1107 0 R /XYZ 85.0394 769.5949 null]
+/D [1112 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1110 0 obj <<
-/D [1107 0 R /XYZ 85.0394 749.4437 null]
+1115 0 obj <<
+/D [1112 0 R /XYZ 85.0394 749.4437 null]
>> endobj
190 0 obj <<
-/D [1107 0 R /XYZ 85.0394 597.4103 null]
+/D [1112 0 R /XYZ 85.0394 597.4103 null]
>> endobj
-1112 0 obj <<
-/D [1107 0 R /XYZ 85.0394 573.0707 null]
+1117 0 obj <<
+/D [1112 0 R /XYZ 85.0394 573.0707 null]
>> endobj
194 0 obj <<
-/D [1107 0 R /XYZ 85.0394 410.9267 null]
+/D [1112 0 R /XYZ 85.0394 410.9267 null]
>> endobj
-1113 0 obj <<
-/D [1107 0 R /XYZ 85.0394 378.8211 null]
+1118 0 obj <<
+/D [1112 0 R /XYZ 85.0394 378.8211 null]
>> endobj
198 0 obj <<
-/D [1107 0 R /XYZ 85.0394 204.765 null]
+/D [1112 0 R /XYZ 85.0394 204.765 null]
>> endobj
-1114 0 obj <<
-/D [1107 0 R /XYZ 85.0394 171.4256 null]
+1119 0 obj <<
+/D [1112 0 R /XYZ 85.0394 171.4256 null]
>> endobj
-1106 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F14 737 0 R /F41 935 0 R >>
+1111 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F14 741 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1119 0 obj <<
+1124 0 obj <<
/Length 3252
/Filter /FlateDecode
>>
@@ -3713,133 +3734,185 @@ RVAdßÀXх}ɭT%JhCowʱ.%!_޽nz!0o|Z
UuV)e /> |}[CMT4F IT;?PVU7piKOD"V،668uR(L0lu]s$uJA .j2dJU>ϕPK'O1ta #~ 9sq۳p0e['|e~(!A`x0zDM8kO&.βhBe
+~;(>wğoDvQ֦< I)v_pt
endobj
-1118 0 obj <<
+1123 0 obj <<
/Type /Page
-/Contents 1119 0 R
-/Resources 1117 0 R
+/Contents 1124 0 R
+/Resources 1122 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
+/Parent 1120 0 R
>> endobj
-1120 0 obj <<
-/D [1118 0 R /XYZ 56.6929 794.5015 null]
+1125 0 obj <<
+/D [1123 0 R /XYZ 56.6929 794.5015 null]
>> endobj
202 0 obj <<
-/D [1118 0 R /XYZ 56.6929 769.5949 null]
+/D [1123 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1121 0 obj <<
-/D [1118 0 R /XYZ 56.6929 748.4014 null]
+1126 0 obj <<
+/D [1123 0 R /XYZ 56.6929 748.4014 null]
>> endobj
206 0 obj <<
-/D [1118 0 R /XYZ 56.6929 549.4516 null]
+/D [1123 0 R /XYZ 56.6929 549.4516 null]
>> endobj
-1122 0 obj <<
-/D [1118 0 R /XYZ 56.6929 521.7105 null]
+1127 0 obj <<
+/D [1123 0 R /XYZ 56.6929 521.7105 null]
>> endobj
210 0 obj <<
-/D [1118 0 R /XYZ 56.6929 231.5025 null]
+/D [1123 0 R /XYZ 56.6929 231.5025 null]
>> endobj
-1123 0 obj <<
-/D [1118 0 R /XYZ 56.6929 201.1114 null]
+1128 0 obj <<
+/D [1123 0 R /XYZ 56.6929 201.1114 null]
>> endobj
-1117 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F39 895 0 R /F41 935 0 R /F48 950 0 R >>
+1122 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F39 900 0 R /F41 940 0 R /F48 955 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1126 0 obj <<
-/Length 2922
+1131 0 obj <<
+/Length 3056
/Filter /FlateDecode
>>
stream
-xڵYI8ׯxqMua$F=;^6 x>Z1cJe~
-W"r<RWY86^k##xj/H~U9Uҫ}pWTkUFZcE$poė*
-P0'u@!I@&OqjMn/Y1#Ȝ8R
-P=Xb%3_5 3 NNyP#D8%s(HF0m*'㺕rj|)
-PBK:(ё
-8%*$59%fc%KVgr/el4uu/ڌuJq<P yɕ<J;f{qY1Q;J[i-|*Y~*rpz6TgCL+6"wD{X8q&34N>.6\'Yg cqgBj>J*[0C LN&I'iI ÀynliwXFS9d'sJ1Y5C6E*CdWȓ2\_A=3SLO'jVPzRɶXo a$\ر(
-xHn$rB&$$9Z |˙"'B=;7 E [u.Ѣڶ^[|4_V~IvM6M]L;רv$ѽsbG㻺
-Ups+1ʥQQߘ+ڌZWQ_G/ݍX땉?r5 V|^l4{g}?ż7;${׼8)E:fSC+ wk A{)0ζe&˪UZ6Zgxt;0>T˻v=HkEPl6ݫq_ ,ų6k AKm%:ݵT;~zyܫAψeo4r]8vj7ZB-aٯCbО~9-&JuQv}xT4km]yV}C0ƼZoƁ̹Y @*eYMȑOӐk>*dT g~>Spv:hqˠq
-W/i9M-4.ƽYލ:5 -.MگC q Ƿ5v~y$W7˖bڜՇ/2mؖ([vy mnocYm\$Ы^MևAܿʚɣ=^v3nTXj:M7jR'Ao^G[UTu'n:םUnUtx]oON^tƱ,3󥆳ߒ
-=8݂#T_+',R/SJ>KB& 6?, endstream
+xڵYI8ׯ˸0Xcޞ}N-@ybbD*T
+W"r<RWY86k#cxj/oH~U9Uҫ}pWTkUFZcE$poė*
+PEuJM?KC5|w|Ot^xz/<T/8Q@(x/ӗq.a.-NT\" n18ص{X =,eNUE/a(rI␍PJy2t=-d8г'7 tϻ= 38%ͱl_6:ŖInI-
+$?2&&O3[lc=aD!QQ]v6}dauz~nlx]T~YF̥|-Ve$KK0 Oq3ˁn}Lho*,% *7 p1g"!\I*!P
+8B.bMcHNP}KhTr,d%<| |X)nO,n2i$BR
+(q$GPsXmp\@B2T{gȖƓI[r.RS=`I&=)/VϖL$NQ0> L@gDCڑ~p\>3 PpDJa:y.qg{>AEIC #,/فM^?bZF~ZWB^M3Z —S>׹x&uC= Ym5
+n0:
+q;*fIJf˜4A)ى蕍G}~$W'L[{!RC6N߼(nv)/(x4EN"}"Ƹ23s[hr0a= Kz 3݋S+Y
+HCvGŧ'zzzY`?na}s$D' ,ự1)*=[7&FpL/xnr˧iErxKg+r 3lHO Wzx2HϤrDIH*&۵'қ*X}3EN3~a(zzRK胠ז&͗n9n4]dxMS.5jE>Imytֲ<==\P0{]!WѫlLޜL0rb^p_" opybXkZS@jO'rحlg.m^~/kA6Q\&T<7Vu;B[.NoTѐ=֏y9A"l6l ڣ5.Zjiwʂ8힌\f$ %*ܒOk=읣w;x ocU306P 3_Fb܅긮شռ_TM׵nl_~˿[4#L )hq$ j8^oO%$?{
+3DL3riT*u7&ʷ6㹰U)lԗ?Kbwhhze⏜zp"/}Ѣn({s=3YO15/l
+DQimNwc}pYz;.QX6w vo_2fٶy{YU fP+BAs
+S|K_6Gnijy@p1nԙݶohqh~J_$l8=){7 RYԧ]}hN0߆mjjm޽U_ow[/v68EJ*d}۪jə<oay|?K\UQZ{In_{&</zyuYY:Ne]{:?念xiYXEڊEp=o:3_j8- tJ^ٕݶnrF_eY2]U.o~BY?5onƐZT7dJ$jsvFendstream
endobj
-1125 0 obj <<
+1130 0 obj <<
/Type /Page
-/Contents 1126 0 R
-/Resources 1124 0 R
+/Contents 1131 0 R
+/Resources 1129 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
+/Parent 1120 0 R
>> endobj
-1127 0 obj <<
-/D [1125 0 R /XYZ 85.0394 794.5015 null]
+1132 0 obj <<
+/D [1130 0 R /XYZ 85.0394 794.5015 null]
>> endobj
214 0 obj <<
-/D [1125 0 R /XYZ 85.0394 717.5894 null]
+/D [1130 0 R /XYZ 85.0394 717.5894 null]
>> endobj
-1128 0 obj <<
-/D [1125 0 R /XYZ 85.0394 690.1986 null]
+1133 0 obj <<
+/D [1130 0 R /XYZ 85.0394 690.1986 null]
>> endobj
-1124 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1129 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1131 0 obj <<
-/Length 2380
-/Filter /FlateDecode
->>
-stream
-xڥYKs6WB"H:'gƓ8xmMɁ1w(RCRzo7(vj*4~|h"+04S".`=Lxeϴs:჊F`JO?BR
-"X'S:S]A`8 I= C[*9U^4bζTxIO XJGuE㻬Y,5b/<(uGC#u^
-8fzڀS4 A}q5 *F3c
--Q:Ҷe%OCDbqmGM[Rj&O((y&2{s39Dg|_PIXaԮA
-A,sB}G#`z2U<Nc{]cAYh
-MQs&ň3ɇ.=f]Y]`b#kVb_qot dp"m'ܛcwo*<[Nl-!;v _
-7&Cۉ@ )n
-wyvm(FJT؃m<>o=njqQ`_gӵTA~ӊ[EL<=i7wW/icE uV5%Lx~ſx{\Ki'Jw8uGG`Q`AFΧxQi{p X zz2DH5^4Di̽E >lp/#xIJuŅ2OjOUC7;.0l;GCCXy6OGAU
-r$4ǻ~e=;cBXVӇ/c".BG)[)߲dMN@zt0[gpM
-7^5t\.<7SQKS^Gf/q[::-v޿o a>))I2/.F'~QNvtyxJ2Ų3ÇyCO7#'!_B?݃UqzD:QI@'*'C}1>_$DI5.vv=!ļ"x߽trZp㺛,HHD Opt8?E# St 9ئ.0PKfb*rf1"Ճ1_aC@͙Jx[m`2#'o2耵_EQNrhIv)
-K` 5¯=Hls!|8/ )fxazx
+1136 0 obj <<
+/Length 2753
+/Filter /FlateDecode
+>>
+stream
+xڵ]s۸ݿBԌɓ/{i{EbC
+IYw Lg]2c,~c|Pe"%Yƌdz͞aog,§ݵLfY)f+W4
+pXpsI"fïww2  qsKO7ewW,Osypq.} bDW9z4L_~
+P3,g{`!21ۜE HJ90fIq
+Ą"3R͒8 / CXA,AuBS XpUY}'( SoO%iW,&4bm^/ ǬU`d0`LP& RoQWCw FJW, ,L댇,2IDltm`n6bvـF3O)xs6JA8T@6:55HY" 49t4U] -kG^vsɂ?Ͷ4\$&6o狈}U
+#8֘?ǡ@^.qAAZk4H=\} m6CAym
+6
+r>`ȤAm͒
+MUugj54Tg2!R>T~.ve4FyobZԥ fbSXjMJ0j4mqa}S Jq,%,$霳`י/>JSb_k5Z"89dnY ӣH/ʺp2UuJ,]=YH#l)
+nPx7r \
+ʸ<AMĦIG{1d(6DOC%ٶn30Wԋrk2#t *?Ep] Yo{m^<8ԭو6zB[cO#( GxcWum]sGTv54>54X>ctx?Pe{$
+#&9RA3U~i!8!&JD9k"D>pW
+MEBvV[焾9P6u荰
+Z<F0|u'XO{{[%4/SM[1@~Jw|_() ω JcRnZӔ*JN687^D
+SLJ8E}ieoͽ&buTzaS"ȷ
+{GkbP,&V…}'Y
+c)-,)4Q]b&8~G۠l_ PFUlbL݃G!@۰BTi 1*J@/ۯɋBe־ oߖ1 43hP%Tlߨ_ H7Sdk.B[_u,UPF֯~h)' [ϚP#)'c;^$i*%zA*]dw?N_&endstream
endobj
-1130 0 obj <<
+1135 0 obj <<
/Type /Page
-/Contents 1131 0 R
-/Resources 1129 0 R
+/Contents 1136 0 R
+/Resources 1134 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
-/Annots [ 1134 0 R ]
+/Parent 1120 0 R
+/Annots [ 1142 0 R ]
>> endobj
-1134 0 obj <<
+1142 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [349.4919 384.4828 408.4801 395.2672]
+/Rect [349.4919 62.7905 408.4801 73.5749]
/Subtype /Link
/A << /S /GoTo /D (ipv6addresses) >>
>> endobj
-1132 0 obj <<
-/D [1130 0 R /XYZ 56.6929 794.5015 null]
+1137 0 obj <<
+/D [1135 0 R /XYZ 56.6929 794.5015 null]
>> endobj
218 0 obj <<
-/D [1130 0 R /XYZ 56.6929 594.1106 null]
+/D [1135 0 R /XYZ 56.6929 285.3652 null]
>> endobj
-1133 0 obj <<
-/D [1130 0 R /XYZ 56.6929 562.6395 null]
+1141 0 obj <<
+/D [1135 0 R /XYZ 56.6929 250.4165 null]
+>> endobj
+1134 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F23 738 0 R /F62 1065 0 R /F65 1140 0 R /F21 714 0 R /F39 900 0 R >>
+/XObject << /Im2 1054 0 R >>
+/ProcSet [ /PDF /Text ]
+>> endobj
+1146 0 obj <<
+/Length 1018
+/Filter /FlateDecode
+>>
+stream
+xڥVKH W
+ӏP[!; Uƙ1~I-}jR+BE"(DQܻڡg{0{&S/S"r<tVLh37?xZn$~B-1oy­5^~$fB*@/]lv/k3?oU:F2Q9֡D$r`B K֎T()İR9?ɮQCOG3q2F~*!Cg
+|c
+̘ x(`hRr qrǴ`>CpRp~N"Jq3{@u'[_.?u2""G{AC$2z8O]ʃXendstream
+endobj
+1145 0 obj <<
+/Type /Page
+/Contents 1146 0 R
+/Resources 1144 0 R
+/MediaBox [0 0 595.2756 841.8898]
+/Parent 1120 0 R
+>> endobj
+1147 0 obj <<
+/D [1145 0 R /XYZ 85.0394 794.5015 null]
>> endobj
222 0 obj <<
-/D [1130 0 R /XYZ 56.6929 370.2937 null]
+/D [1145 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1135 0 obj <<
-/D [1130 0 R /XYZ 56.6929 341.714 null]
+1148 0 obj <<
+/D [1145 0 R /XYZ 85.0394 749.4437 null]
>> endobj
226 0 obj <<
-/D [1130 0 R /XYZ 56.6929 214.6004 null]
+/D [1145 0 R /XYZ 85.0394 622.33 null]
>> endobj
-1136 0 obj <<
-/D [1130 0 R /XYZ 56.6929 186.0207 null]
+1149 0 obj <<
+/D [1145 0 R /XYZ 85.0394 593.7503 null]
>> endobj
-1129 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F23 734 0 R /F62 1060 0 R /F21 710 0 R /F39 895 0 R >>
-/XObject << /Im2 1049 0 R >>
+1144 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1140 0 obj <<
+1152 0 obj <<
+/Length 69
+/Filter /FlateDecode
+>>
+stream
+x3T0
+endobj
+1151 0 obj <<
+/Type /Page
+/Contents 1152 0 R
+/Resources 1150 0 R
+/MediaBox [0 0 595.2756 841.8898]
+/Parent 1120 0 R
+>> endobj
+1153 0 obj <<
+/D [1151 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+1150 0 obj <<
+/ProcSet [ /PDF ]
+>> endobj
+1156 0 obj <<
/Length 1913
/Filter /FlateDecode
>>
@@ -3851,61 +3924,61 @@ M&Pqi7jӎ4Yy"A͠ìd,"kk;)R^:&J9*,JןIW؃!6
qD"mX jm@CH2#Ȳ&Rؚ8"u
:&īۆ5B}Yedɠ]B楖x@izT(xe訳vTn3o-a^18H=6{ӑhWPjvwЮZ[hM 5 s?+
p,'+)jjQk﯑YաEI-;$b֬݉Q㩺{J4;,f` W$71[/nX E Q S;WP{DN)j=uC;]۠_;`F
-q7GbN0bKNJ $ȳB"gO  G^=Ys{}JE6l`Tȋ}%JƋImS:_ Р*(Wy-1~!E׾6FE>5.NFb]mpvƝ}endstream
+q7GbN0bKNJ $ȳB"gO  G^=Ys{}JE6l`Tȋ}%JƋImS:_ Р*(Wy-1~!E׾6FE>5.NFbݮ6|ϓvendstream
endobj
-1139 0 obj <<
+1155 0 obj <<
/Type /Page
-/Contents 1140 0 R
-/Resources 1138 0 R
+/Contents 1156 0 R
+/Resources 1154 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
+/Parent 1161 0 R
>> endobj
-1141 0 obj <<
-/D [1139 0 R /XYZ 85.0394 794.5015 null]
+1157 0 obj <<
+/D [1155 0 R /XYZ 85.0394 794.5015 null]
>> endobj
230 0 obj <<
-/D [1139 0 R /XYZ 85.0394 769.5949 null]
+/D [1155 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1142 0 obj <<
-/D [1139 0 R /XYZ 85.0394 576.7004 null]
+1158 0 obj <<
+/D [1155 0 R /XYZ 85.0394 576.7004 null]
>> endobj
234 0 obj <<
-/D [1139 0 R /XYZ 85.0394 576.7004 null]
+/D [1155 0 R /XYZ 85.0394 576.7004 null]
>> endobj
-1143 0 obj <<
-/D [1139 0 R /XYZ 85.0394 544.8207 null]
+1159 0 obj <<
+/D [1155 0 R /XYZ 85.0394 544.8207 null]
>> endobj
238 0 obj <<
-/D [1139 0 R /XYZ 85.0394 403.9445 null]
+/D [1155 0 R /XYZ 85.0394 403.9445 null]
>> endobj
-1144 0 obj <<
-/D [1139 0 R /XYZ 85.0394 368.2811 null]
+1160 0 obj <<
+/D [1155 0 R /XYZ 85.0394 368.2811 null]
>> endobj
-1138 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1154 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1147 0 obj <<
+1164 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
x3T0
endobj
-1146 0 obj <<
+1163 0 obj <<
/Type /Page
-/Contents 1147 0 R
-/Resources 1145 0 R
+/Contents 1164 0 R
+/Resources 1162 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1115 0 R
+/Parent 1161 0 R
>> endobj
-1148 0 obj <<
-/D [1146 0 R /XYZ 56.6929 794.5015 null]
+1165 0 obj <<
+/D [1163 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1145 0 obj <<
+1162 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-1151 0 obj <<
+1168 0 obj <<
/Length 3113
/Filter /FlateDecode
>>
@@ -3924,49 +3997,49 @@ h4:[q=`µ3p ^ViWEi|3]8~XQDzLe=HF}7Pq6F
'u8Z CHUá|AshQPcoY~~ }/-uÊo<ӎw]DP;N-xZLv%4h<,zut
6f&@d !{AI1O!&
>2G9)rԙ7~;'UB4n2'N;3*?ڪYZr\E^
-^f"|-ԗ0zp=?3ҊI^fSi ӿX9\+G:Z0)-ؠ"{K$6_r i;ur-;<IߣJ~endstream
+^f"|-ԗ0zp=?3ҊI^fSi ӿX9\+G:Z0)-ؠ"{K$6_r i;NXHOr$endstream
endobj
-1150 0 obj <<
+1167 0 obj <<
/Type /Page
-/Contents 1151 0 R
-/Resources 1149 0 R
+/Contents 1168 0 R
+/Resources 1166 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
-/Annots [ 1157 0 R ]
+/Parent 1161 0 R
+/Annots [ 1174 0 R ]
>> endobj
-1157 0 obj <<
+1174 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [356.2946 363.7923 412.5133 376.6291]
/Subtype /Link
/A << /S /GoTo /D (address_match_lists) >>
>> endobj
-1152 0 obj <<
-/D [1150 0 R /XYZ 85.0394 794.5015 null]
+1169 0 obj <<
+/D [1167 0 R /XYZ 85.0394 794.5015 null]
>> endobj
242 0 obj <<
-/D [1150 0 R /XYZ 85.0394 769.5949 null]
+/D [1167 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1153 0 obj <<
-/D [1150 0 R /XYZ 85.0394 576.7004 null]
+1170 0 obj <<
+/D [1167 0 R /XYZ 85.0394 576.7004 null]
>> endobj
246 0 obj <<
-/D [1150 0 R /XYZ 85.0394 479.565 null]
+/D [1167 0 R /XYZ 85.0394 479.565 null]
>> endobj
-1154 0 obj <<
-/D [1150 0 R /XYZ 85.0394 441.8891 null]
+1171 0 obj <<
+/D [1167 0 R /XYZ 85.0394 441.8891 null]
>> endobj
-1155 0 obj <<
-/D [1150 0 R /XYZ 85.0394 424.9629 null]
+1172 0 obj <<
+/D [1167 0 R /XYZ 85.0394 424.9629 null]
>> endobj
-1156 0 obj <<
-/D [1150 0 R /XYZ 85.0394 413.0077 null]
+1173 0 obj <<
+/D [1167 0 R /XYZ 85.0394 413.0077 null]
>> endobj
-1149 0 obj <<
-/Font << /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1166 0 obj <<
+/Font << /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1162 0 obj <<
+1178 0 obj <<
/Length 4061
/Filter /FlateDecode
>>
@@ -3989,35 +4062,35 @@ KeQʩ>3KFȗl7ycܠ ĖR"$|%Cjxˏ zMg^
@ĊBbWJCq]#!`o]˳K%]˨ޖ9]|ln.۵tlFUՋT
SsX2w(0 
ͶK-?^EװN;,)J0; 3&/蛻_A%Tk]߭Atۅe(C|Ln?cX/J
-jLxqI=\%oCucUJw7U'ag;-JZE3
+jLxqI=\%oCucUJw7U'ag;-JZEȽ3
endobj
-1161 0 obj <<
+1177 0 obj <<
/Type /Page
-/Contents 1162 0 R
-/Resources 1160 0 R
+/Contents 1178 0 R
+/Resources 1176 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
+/Parent 1161 0 R
>> endobj
-1163 0 obj <<
-/D [1161 0 R /XYZ 56.6929 794.5015 null]
+1179 0 obj <<
+/D [1177 0 R /XYZ 56.6929 794.5015 null]
>> endobj
250 0 obj <<
-/D [1161 0 R /XYZ 56.6929 165.9801 null]
+/D [1177 0 R /XYZ 56.6929 165.9801 null]
>> endobj
-1159 0 obj <<
-/D [1161 0 R /XYZ 56.6929 136.242 null]
+1175 0 obj <<
+/D [1177 0 R /XYZ 56.6929 136.242 null]
>> endobj
254 0 obj <<
-/D [1161 0 R /XYZ 56.6929 136.242 null]
+/D [1177 0 R /XYZ 56.6929 136.242 null]
>> endobj
-1164 0 obj <<
-/D [1161 0 R /XYZ 56.6929 106.2766 null]
+1180 0 obj <<
+/D [1177 0 R /XYZ 56.6929 106.2766 null]
>> endobj
-1160 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F23 734 0 R /F21 710 0 R /F48 950 0 R >>
+1176 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F23 738 0 R /F21 714 0 R /F48 955 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1167 0 obj <<
+1183 0 obj <<
/Length 3096
/Filter /FlateDecode
>>
@@ -4030,41 +4103,41 @@ e$Ed՚>hO+6#E pы2/UƈL[Q߾zY c[G֠|Qo~QBmHG
Y_̛HvU`vguw/23z42s7W&+-/TK F(
bAm$FcςPU_xV(M`Xw
1C.}~mt>}?
-0{ b>*P_FsAt$W)?MPH5<qn T7Dt}CuB_}ۥnۃnw
+0{ b>*P_FsAt$W)?MPH5<qn T7Dt}CuB_}ۥnۃnw
endobj
-1166 0 obj <<
+1182 0 obj <<
/Type /Page
-/Contents 1167 0 R
-/Resources 1165 0 R
+/Contents 1183 0 R
+/Resources 1181 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
+/Parent 1161 0 R
>> endobj
-1168 0 obj <<
-/D [1166 0 R /XYZ 85.0394 794.5015 null]
+1184 0 obj <<
+/D [1182 0 R /XYZ 85.0394 794.5015 null]
>> endobj
258 0 obj <<
-/D [1166 0 R /XYZ 85.0394 731.767 null]
+/D [1182 0 R /XYZ 85.0394 731.767 null]
>> endobj
-1169 0 obj <<
-/D [1166 0 R /XYZ 85.0394 703.7216 null]
+1185 0 obj <<
+/D [1182 0 R /XYZ 85.0394 703.7216 null]
>> endobj
262 0 obj <<
-/D [1166 0 R /XYZ 85.0394 229.6467 null]
+/D [1182 0 R /XYZ 85.0394 229.6467 null]
>> endobj
-1170 0 obj <<
-/D [1166 0 R /XYZ 85.0394 201.8883 null]
+1186 0 obj <<
+/D [1182 0 R /XYZ 85.0394 201.8883 null]
>> endobj
266 0 obj <<
-/D [1166 0 R /XYZ 85.0394 144.1965 null]
+/D [1182 0 R /XYZ 85.0394 144.1965 null]
>> endobj
-1171 0 obj <<
-/D [1166 0 R /XYZ 85.0394 118.9605 null]
+1187 0 obj <<
+/D [1182 0 R /XYZ 85.0394 118.9605 null]
>> endobj
-1165 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F21 710 0 R /F23 734 0 R /F14 737 0 R /F39 895 0 R >>
+1181 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F21 714 0 R /F23 738 0 R /F14 741 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1175 0 obj <<
+1191 0 obj <<
/Length 2474
/Filter /FlateDecode
>>
@@ -4081,16 +4154,17 @@ xڽko6{~~8{fHԣM^68BeɕM_3R&W󞱘q38Y)
zA@xD3i
(uc&ad#82DZo3Qp-8ȶ^1M#
yU SS㰈x65=ܞ;P"*pOi햀eIT
-Hf 9"՝ΒAAC9 endstream
+Hf 9";%
+HC endstream
endobj
-1174 0 obj <<
+1190 0 obj <<
/Type /Page
-/Contents 1175 0 R
-/Resources 1173 0 R
+/Contents 1191 0 R
+/Resources 1189 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
+/Parent 1161 0 R
>> endobj
-1172 0 obj <<
+1188 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
@@ -4110,33 +4184,33 @@ xmIn1 EOPwu$Ig0ľ6V5 oʯsO #h8:5?
6\>RgbWj[
WϢ{6;F])/ԬMu;pk;̩dh<EAw𬱱NtD²](;厰rL T͡誋tw_ =]=uS"yl-kHsreOڳvg<7t,e;Э/IB&(󻉨Yٹ,kRԚ'^ m" ^hW9AVy©/f"Fy-Sng \dƥ}B$w1.&COVX9gE{< P)!ZşLު~'UXLcXsЖӒ~BLƹONZ_[.*]3Q!-endstream
endobj
-1176 0 obj <<
-/D [1174 0 R /XYZ 56.6929 794.5015 null]
+1192 0 obj <<
+/D [1190 0 R /XYZ 56.6929 794.5015 null]
>> endobj
270 0 obj <<
-/D [1174 0 R /XYZ 56.6929 769.5949 null]
+/D [1190 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1177 0 obj <<
-/D [1174 0 R /XYZ 56.6929 749.9737 null]
+1193 0 obj <<
+/D [1190 0 R /XYZ 56.6929 749.9737 null]
>> endobj
274 0 obj <<
-/D [1174 0 R /XYZ 56.6929 282.0726 null]
+/D [1190 0 R /XYZ 56.6929 282.0726 null]
>> endobj
-1178 0 obj <<
-/D [1174 0 R /XYZ 56.6929 250.2286 null]
+1194 0 obj <<
+/D [1190 0 R /XYZ 56.6929 250.2286 null]
>> endobj
-1179 0 obj <<
-/D [1174 0 R /XYZ 56.6929 191.4593 null]
+1195 0 obj <<
+/D [1190 0 R /XYZ 56.6929 191.4593 null]
>> endobj
-1180 0 obj <<
-/D [1174 0 R /XYZ 56.6929 179.5041 null]
+1196 0 obj <<
+/D [1190 0 R /XYZ 56.6929 179.5041 null]
>> endobj
-1173 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R /F62 1060 0 R >>
-/XObject << /Im3 1172 0 R >>
+1189 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R /F62 1065 0 R >>
+/XObject << /Im3 1188 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1183 0 obj <<
+1199 0 obj <<
/Length 2134
/Filter /FlateDecode
>>
@@ -4148,47 +4222,47 @@ xYMs6WVx<fvN)Z$f(+RVۍ$ʦ,;Tm 4״p4a\x
TiJo 1beuxIcvL,_'!hnr:ڨdF$ftêB-ŊHvZ;: (:eYq/xܤI0s.:GͲ(ۨ{ 3c, HFPkc^
v/HN!UPhsiu4V}O#xߗYV wy-PLk*X+3H)7U?z~fc5f;aO܌7/w1 %M
|Jqs 5}qg:W(.BnU % M$D \_ʑhh0׍sf^T)d앺OyJ bZ[AHW4,d%FY%0 \r]vuuC6ü'Mo6_˛oH#Aؾ^ũLU%f+/)sO,<  NYJ;OHN즦Sr ;v&ll@.GW2v/uK*b12ĩ"$r[/ڵM瓯A#!96i/b!'5{P]
-c޾Pam-(.O jAVzUfW<]hi˃tJXL^Znm .Viyr<R*eI*MUU?endstream
+c޾Pam-(.O jAVzUfW<]hi˃tJXL^Znm .Viyree)$V4UAendstream
endobj
-1182 0 obj <<
+1198 0 obj <<
/Type /Page
-/Contents 1183 0 R
-/Resources 1181 0 R
+/Contents 1199 0 R
+/Resources 1197 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
+/Parent 1206 0 R
>> endobj
-1184 0 obj <<
-/D [1182 0 R /XYZ 85.0394 794.5015 null]
+1200 0 obj <<
+/D [1198 0 R /XYZ 85.0394 794.5015 null]
>> endobj
278 0 obj <<
-/D [1182 0 R /XYZ 85.0394 585.0446 null]
+/D [1198 0 R /XYZ 85.0394 585.0446 null]
>> endobj
-1185 0 obj <<
-/D [1182 0 R /XYZ 85.0394 560.705 null]
+1201 0 obj <<
+/D [1198 0 R /XYZ 85.0394 560.705 null]
>> endobj
282 0 obj <<
-/D [1182 0 R /XYZ 85.0394 491.9365 null]
+/D [1198 0 R /XYZ 85.0394 491.9365 null]
>> endobj
-1186 0 obj <<
-/D [1182 0 R /XYZ 85.0394 461.8226 null]
+1202 0 obj <<
+/D [1198 0 R /XYZ 85.0394 461.8226 null]
>> endobj
-1187 0 obj <<
-/D [1182 0 R /XYZ 85.0394 384.4846 null]
+1203 0 obj <<
+/D [1198 0 R /XYZ 85.0394 384.4846 null]
>> endobj
-1188 0 obj <<
-/D [1182 0 R /XYZ 85.0394 372.5294 null]
+1204 0 obj <<
+/D [1198 0 R /XYZ 85.0394 372.5294 null]
>> endobj
286 0 obj <<
-/D [1182 0 R /XYZ 85.0394 206.4979 null]
+/D [1198 0 R /XYZ 85.0394 206.4979 null]
>> endobj
-1189 0 obj <<
-/D [1182 0 R /XYZ 85.0394 171.8379 null]
+1205 0 obj <<
+/D [1198 0 R /XYZ 85.0394 171.8379 null]
>> endobj
-1181 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1197 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1192 0 obj <<
+1209 0 obj <<
/Length 4496
/Filter /FlateDecode
>>
@@ -4214,56 +4288,56 @@ mtf;Ku q
kO%A\uj>?8b8) <s %$*^}.CF/]NY '&G(3FurpXh^a3vYTkt
Ϯ $5HN^6
tj`䣍L=tJɹ[?4C[C[Pac~595_3f Vx
-]`Yڑa)Âww9n0N-3Ch {
+]`Yڑa)Âww9n0N-3Ch {
endobj
-1191 0 obj <<
+1208 0 obj <<
/Type /Page
-/Contents 1192 0 R
-/Resources 1190 0 R
+/Contents 1209 0 R
+/Resources 1207 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1158 0 R
-/Annots [ 1194 0 R 1195 0 R ]
+/Parent 1206 0 R
+/Annots [ 1211 0 R 1212 0 R ]
>> endobj
-1194 0 obj <<
+1211 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 480.2482 256.3816 492.3078]
/Subtype /Link
/A << /S /GoTo /D (rndc) >>
>> endobj
-1195 0 obj <<
+1212 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [268.5158 480.2482 332.4306 492.3078]
/Subtype /Link
/A << /S /GoTo /D (admin_tools) >>
>> endobj
-1193 0 obj <<
-/D [1191 0 R /XYZ 56.6929 794.5015 null]
+1210 0 obj <<
+/D [1208 0 R /XYZ 56.6929 794.5015 null]
>> endobj
290 0 obj <<
-/D [1191 0 R /XYZ 56.6929 769.5949 null]
+/D [1208 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1041 0 obj <<
-/D [1191 0 R /XYZ 56.6929 749.0409 null]
+1046 0 obj <<
+/D [1208 0 R /XYZ 56.6929 749.0409 null]
>> endobj
294 0 obj <<
-/D [1191 0 R /XYZ 56.6929 209.5509 null]
+/D [1208 0 R /XYZ 56.6929 209.5509 null]
>> endobj
-1196 0 obj <<
-/D [1191 0 R /XYZ 56.6929 183.9497 null]
+1213 0 obj <<
+/D [1208 0 R /XYZ 56.6929 183.9497 null]
>> endobj
298 0 obj <<
-/D [1191 0 R /XYZ 56.6929 147.0778 null]
+/D [1208 0 R /XYZ 56.6929 147.0778 null]
>> endobj
-1197 0 obj <<
-/D [1191 0 R /XYZ 56.6929 116.7981 null]
+1214 0 obj <<
+/D [1208 0 R /XYZ 56.6929 116.7981 null]
>> endobj
-1190 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R /F48 950 0 R /F14 737 0 R >>
+1207 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R /F48 955 0 R /F14 741 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1201 0 obj <<
+1218 0 obj <<
/Length 2349
/Filter /FlateDecode
>>
@@ -4277,69 +4351,69 @@ xڵ]s8ݿLCSwKONG[d|$HY:΍ 
J[%R )Σ bѷe|Vb" =R''*'$gH5F}/0-DsNUJ!n@X<fe Kj!8mai
1BÄNh[1 AogV XܽPد8 Y$9Cwq`^2eIw,>6LJ&ZZS6h)؅][wI~bV3uw {<o uf0pQ,<"H@PƢKgK' >c)VM/'ZLzܾNRDz*}+=ycs!h 48:j?妴pBo/\g8);94>)5<SmB-n7ן^(u6-6IX{8**!@Ipj=TK:CװS)s 3Yl+r\>rz/}iC:q/=R*ՔؘR[zwDeڢzC'~|=널Pþ+B%N`}"emqz9,vDž)xL;@ٮ&#Nn[fr
owh\"Hejf'S9O}"R%'hlW k[5u^
-}ݷ.7Xk̭t2яkfdCy1U\k ̷l ,ٱ+pbt eJ1w.9Q@xv.)1 ^~A\~w9Dmj7(1ӌc r?!nF;?B5&L]jTy:p\5endstream
+}ݷ.7Xk̭t2яkfdCy1U\k ̷l ,ٱ+pbt eJ1w.9Q@xv.)1 ^~A\~w9Dmj7(1ӌc r?!nF;?B5&L]jTyDzy0\7endstream
endobj
-1200 0 obj <<
+1217 0 obj <<
/Type /Page
-/Contents 1201 0 R
-/Resources 1199 0 R
+/Contents 1218 0 R
+/Resources 1216 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1210 0 R
-/Annots [ 1205 0 R 1206 0 R 1207 0 R ]
+/Parent 1206 0 R
+/Annots [ 1222 0 R 1223 0 R 1224 0 R ]
>> endobj
-1205 0 obj <<
+1222 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [406.6264 617.3695 456.8481 629.4292]
/Subtype /Link
/A << /S /GoTo /D (tsig) >>
>> endobj
-1206 0 obj <<
+1223 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [140.5805 606.0819 196.7992 617.474]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1207 0 obj <<
+1224 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [103.6195 562.6731 159.8382 574.7328]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1202 0 obj <<
-/D [1200 0 R /XYZ 85.0394 794.5015 null]
+1219 0 obj <<
+/D [1217 0 R /XYZ 85.0394 794.5015 null]
>> endobj
302 0 obj <<
-/D [1200 0 R /XYZ 85.0394 769.5949 null]
+/D [1217 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1203 0 obj <<
-/D [1200 0 R /XYZ 85.0394 749.0225 null]
+1220 0 obj <<
+/D [1217 0 R /XYZ 85.0394 749.0225 null]
>> endobj
306 0 obj <<
-/D [1200 0 R /XYZ 85.0394 668.2594 null]
+/D [1217 0 R /XYZ 85.0394 668.2594 null]
>> endobj
-1204 0 obj <<
-/D [1200 0 R /XYZ 85.0394 636.8261 null]
+1221 0 obj <<
+/D [1217 0 R /XYZ 85.0394 636.8261 null]
>> endobj
310 0 obj <<
-/D [1200 0 R /XYZ 85.0394 425.0299 null]
+/D [1217 0 R /XYZ 85.0394 425.0299 null]
>> endobj
-1208 0 obj <<
-/D [1200 0 R /XYZ 85.0394 396.4061 null]
+1225 0 obj <<
+/D [1217 0 R /XYZ 85.0394 396.4061 null]
>> endobj
314 0 obj <<
-/D [1200 0 R /XYZ 85.0394 136.3155 null]
+/D [1217 0 R /XYZ 85.0394 136.3155 null]
>> endobj
-1209 0 obj <<
-/D [1200 0 R /XYZ 85.0394 104.8822 null]
+1226 0 obj <<
+/D [1217 0 R /XYZ 85.0394 104.8822 null]
>> endobj
-1199 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F41 935 0 R /F23 734 0 R /F53 1027 0 R >>
+1216 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F41 940 0 R /F23 738 0 R /F53 1032 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1213 0 obj <<
+1229 0 obj <<
/Length 3704
/Filter /FlateDecode
>>
@@ -4360,29 +4434,29 @@ B+ \R
\އs=K19>R$u,P-AM,c<3ѣ>3K&zL^|$1*J/ i.v?Hb%%oOo'|n f\ +0p @}*g|= bj&o|W$]_sRq
a֜2Mn23|PZM-fj7bb3` W CI
$qdAlǷc6|qcqJ@މe(UX PRq{4n,NZ=5Q=4\Rrkp/H77ՔO#g]=@W&
-=~[G^ ;ji/_ay"/lQ'WH)sL=pr$Qf/ .sxQ@k\ ߨMS,Y+۹Q#so27l\P~eVU
+=~[G^ ;ji/_ay"/lQ'WH)sL=pr$Qf/ .sxQ@k\ ߨMS,Y+۹Q#so27l\P~eVU
endobj
-1212 0 obj <<
+1228 0 obj <<
/Type /Page
-/Contents 1213 0 R
-/Resources 1211 0 R
+/Contents 1229 0 R
+/Resources 1227 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1210 0 R
+/Parent 1206 0 R
>> endobj
-1214 0 obj <<
-/D [1212 0 R /XYZ 56.6929 794.5015 null]
+1230 0 obj <<
+/D [1228 0 R /XYZ 56.6929 794.5015 null]
>> endobj
318 0 obj <<
-/D [1212 0 R /XYZ 56.6929 607.7662 null]
+/D [1228 0 R /XYZ 56.6929 607.7662 null]
>> endobj
-1215 0 obj <<
-/D [1212 0 R /XYZ 56.6929 584.6557 null]
+1231 0 obj <<
+/D [1228 0 R /XYZ 56.6929 584.6557 null]
>> endobj
-1211 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F41 935 0 R /F39 895 0 R >>
+1227 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R /F41 940 0 R /F39 900 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1218 0 obj <<
+1234 0 obj <<
/Length 2891
/Filter /FlateDecode
>>
@@ -4401,31 +4475,31 @@ nB1<%)sb
DמtԳIy9<!se`_=;#Wn_5E4MI"st >k̼0R΁1H4nVB%,Uvٴ1BM2F}:aZB*&W/c^ Nb3`jN{h:~duvb^#(H7VC̈́LLJKf@r8{
n1߼KƋ +@cHΒg]2dg<>S1kwX8uE-LDBKzL St]*^j!?4 c/u
VWSEi{ѻ܂I(;L=|;> =5.N*4YhtEQ
-=˹Ձtvt>:0tynz'_&: W2sTᗮgԇzfJ{,+W/Co],o<M+2jgE2fQ;B|QMžf)cz&J| 220 ^~^{r
+=˹Ձtvt>:0tynz'_&: W2sTᗮgԇzfJ{,+W/Co],o<M+2jgE2fQ;B|QMžf)cz&J| 220 ^~^{r
endobj
-1217 0 obj <<
+1233 0 obj <<
/Type /Page
-/Contents 1218 0 R
-/Resources 1216 0 R
+/Contents 1234 0 R
+/Resources 1232 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1210 0 R
-/Annots [ 1220 0 R ]
+/Parent 1206 0 R
+/Annots [ 1236 0 R ]
>> endobj
-1220 0 obj <<
+1236 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [173.6261 333.9221 242.2981 343.3317]
/Subtype /Link
/A << /S /GoTo /D (the_category_phrase) >>
>> endobj
-1219 0 obj <<
-/D [1217 0 R /XYZ 85.0394 794.5015 null]
+1235 0 obj <<
+/D [1233 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1216 0 obj <<
-/Font << /F37 799 0 R /F23 734 0 R /F21 710 0 R /F41 935 0 R >>
+1232 0 obj <<
+/Font << /F37 803 0 R /F23 738 0 R /F21 714 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1224 0 obj <<
+1240 0 obj <<
/Length 2569
/Filter /FlateDecode
>>
@@ -4442,35 +4516,35 @@ XKpp&BIsp&:i"<!Xh{$@9AC>VG.|wĢo؊t1
yZru(O<?>h١q.a| PCF3LP=S#d|͔I3Ր]귦iC[>M tƆ&+ƽ!:7ѹlmeM[YD S݄T>4@F,EujCQHnӖp%32D/nV|ܼTkwe*HC Oh !Єi˨qg[kMsB}&|SrŤ̳*i>r]t\
:0M)](݄8-6uUc.p|?f4, }div ?tB}+5񴚽I<eg*Vmi/>ɏE&w9VM}B=_'co)UD(3)2V jMBRɳB}{sR쓪ڥNV)x,>-Jy,O#񪐉УS'Ov(7mezF4W`_[,& t*F7_=$3jÇI:?
r[~Ji~( JN~fF~# WZHA
-i'yub X/LN+8endstream
+i蓼:nL+:endstream
endobj
-1223 0 obj <<
+1239 0 obj <<
/Type /Page
-/Contents 1224 0 R
-/Resources 1222 0 R
+/Contents 1240 0 R
+/Resources 1238 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1210 0 R
+/Parent 1206 0 R
>> endobj
-1225 0 obj <<
-/D [1223 0 R /XYZ 56.6929 794.5015 null]
+1241 0 obj <<
+/D [1239 0 R /XYZ 56.6929 794.5015 null]
>> endobj
322 0 obj <<
-/D [1223 0 R /XYZ 56.6929 556.3324 null]
+/D [1239 0 R /XYZ 56.6929 556.3324 null]
>> endobj
-1221 0 obj <<
-/D [1223 0 R /XYZ 56.6929 531.5504 null]
+1237 0 obj <<
+/D [1239 0 R /XYZ 56.6929 531.5504 null]
>> endobj
-1226 0 obj <<
-/D [1223 0 R /XYZ 56.6929 214.5791 null]
+1242 0 obj <<
+/D [1239 0 R /XYZ 56.6929 214.5791 null]
>> endobj
-1227 0 obj <<
-/D [1223 0 R /XYZ 56.6929 202.6239 null]
+1243 0 obj <<
+/D [1239 0 R /XYZ 56.6929 202.6239 null]
>> endobj
-1222 0 obj <<
-/Font << /F37 799 0 R /F41 935 0 R /F23 734 0 R /F21 710 0 R >>
+1238 0 obj <<
+/Font << /F37 803 0 R /F41 940 0 R /F23 738 0 R /F21 714 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1230 0 obj <<
+1246 0 obj <<
/Length 2985
/Filter /FlateDecode
>>
@@ -4483,23 +4557,23 @@ e6M2x&Xc,]OILfjb2''M>ioL8BOn{Ҙ)D?
޹WTw_KE!iABFUTdjgL GL, u@`_e=(vxE]]474` Cc6Qw3eRS$
"E :~SP9Cщijtn0Pg
e=X.a=:}jih%e>#;h 2L\q3RR: |Ïy^#GQf)AAH" 6[K){&{TL5_Tu%Uዊ1
-m4uOyU@7=n92ĄP m~p4q}e8h ?5c57*, _n~ɯ
+m4uOyU@7=n92ĄP m~p4q}e8h ?5c57*, _n~ɯ
endobj
-1229 0 obj <<
+1245 0 obj <<
/Type /Page
-/Contents 1230 0 R
-/Resources 1228 0 R
+/Contents 1246 0 R
+/Resources 1244 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1210 0 R
+/Parent 1248 0 R
>> endobj
-1231 0 obj <<
-/D [1229 0 R /XYZ 85.0394 794.5015 null]
+1247 0 obj <<
+/D [1245 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1228 0 obj <<
-/Font << /F37 799 0 R /F21 710 0 R /F23 734 0 R /F41 935 0 R >>
+1244 0 obj <<
+/Font << /F37 803 0 R /F21 714 0 R /F23 738 0 R /F41 940 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1234 0 obj <<
+1251 0 obj <<